this post was submitted on 01 Jul 2023
6 points (87.5% liked)

Privacy

32165 readers
191 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

So. I thought about the potential of bad actors sniffing on lemmy data. In theory, you'ld have to trust your lemmy-instance hosted to not be a bad actor and every single server they federated with. That means, it should be really - REALLY - easy for a bad actor of even a nation state actor to set up an instance and just wait for the data of users to pour in.

Theoretically they could see all the posts you ever made, and, every post you upvoted. Which also gives clues on: When are you active, what region are you from, what you like and dislike (obviously), political views, etc.

I mean - Maybe I'm too suspicious but tbh the more I read into this, the more I get a bad feeling about this...

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago (1 children)

Yes, posts you make to public forums are public.

[–] [email protected] 2 points 1 year ago (3 children)

Yes - Indeed.

But: Not what I liked or disliked. Every federated server can see that in their logs. Normally this would at least need you to talk to reddit/meta/some other company in order to get a hold of this data, but here literally everyone with basic Linux knowledge can get everyone's data very easy, very quick, and very reliable.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (2 children)

So you're saying you can get my lemmy data easily?

[–] [email protected] 4 points 1 year ago

You can literally go and setup your own lemmy instance in less than 10 minutes. Its so well documented that even the least tech savy person should be able to do that with a bit of research.

When you've done that just wait for the data to flow in. And thats it.

[–] [email protected] 4 points 1 year ago

Yes. When you like or dislike something it gets synchronized with different federated servers. Which means, federated servers have a database of all your likes and dislikes, and even your posts. The server admins of that server have, by nature, the password for the database and can therefore track every move you make. Just one "Bad guy" that has a server that is federated with your accounts server and they will know a lot about you. And since its open source theoretically everyone can do this. Criminals, Stalkers, Governments, Companies, everyone.

[–] [email protected] 1 points 1 year ago

So you're saying you can get my lemmy data easily?

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Before the recent API purge, you could access public data from sites like Reddit and Twitter pretty easily too. I mean it's still easy now, just not free. The same thing used to be true for Facebook, but their API purge was several years ago and their data model made less data straightforwardly public.

Personally I'd rather have my public posts be straightforwardly public than the illusion of privacy provided by sites like Facebook. Maybe a lot of people can get away with treating messages to a private Facebook group as private a lot of the time, but it's simply a wrong mental model that will lead to wrong decisions. A message can either be private or be broadcast to an open-ended set of people - not both.