this post was submitted on 19 Jun 2023
153 points (100.0% liked)

Technology

37746 readers
333 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it's visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 1 year ago* (last edited 1 year ago) (1 children)

Opposite to Instagram or Facebook, on Lemmy or Mastodon you can create an anonymous account. Yes it will be logged (normal public internet), but you won't be treacable. The UI doesn't have any tracking scripts, and many instances don't require an email even to sign up. Use the Tor browser to spoof your IP.

[–] [email protected] 2 points 1 year ago

There are certainly ways to manage your privacy in how you use this service, and it's different in a lot of ways from other services out there. Users should be educated on the risks against different types of threat models:

  • In what ways can my comments be linked to my real world identity, through correlation to my username, registered email address/phone number/Matrix ID/other identifier, by other users of this service?
  • In what ways can my comments and activity be linked to my real world identity by site administrators or other privileged users of the service (through access to things like server logs, trackers, etc.)?
  • How can I control what activity I consider to be public or private on this service, and who can view that activity I prefer to be considered private?

Even with end to end encryption (which Lemmy does not have for DMs), the most secure protocol is only as secure as the other end you don't control. People can and will screenshot, save, log, or simply remember what you've sent them before.

Lemmy and ActivityPub are new services and protocols to a lot of people. The shortcuts they have internalized on what is or isn't true about privacy of other services (Facebook, Instagram, TikTok, Snapchat, Reddit, plain old email, cell phones, WhatsApp, iMessage/Facetime, etc.) need to be re-learned for these specific services.

New users should understand that the Lemmy/ActivityPub protocols on deletion or privacy of DMs don't necessarily work like other services they're used to. And we should encourage robust discussion around these things until they become common knowledge.