this post was submitted on 28 Jun 2023
25 points (90.3% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54476 readers
476 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

I want to sign up under this instance and host communites, but privacy is important to me.

Privacy drove me off reddit, I looked around for these answers but not sure where to come across them.

1)Am I sharing my IP address/ location with my host instance? 2)is there a log of my view history 3)i know that this instance has a heavy Piracy base, what is the risk of joining this? 4) are there general privacy concerns that I am not thinking of?

I know these may be dumb questions but as a user and not necessarily the most tech savvy, any education would help!

I do not want to be in a position where a Government creates an instance, and allows them to monitor.

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 23 points 1 year ago

Check out my comment here: https://lemmy.one/comment/325139

The relevant parts for you are:

  • The default configuration for Lemmy does log IP addresses through nginx's access log.
  • The default configuration doesn't rotate or prune the logs; they are maintained indefinitely.
  • The default configuration doesn't encrypt the logs (file-level encryption) or disk (block-level encryption.)

The requests and IPs are therefore vulnerable to:

  • The server admin can check the logs (who can SSH into the server itself, not just an admin on Lemmy)
  • The hosting provider can check the logs (the file is not encrypted and they own the disk they're stored on)
  • A government can subpoena the server admin or the hosting provider for these logs.

A Lemmy instance that is concerned about its user's privacy should either disable access logging, or log to RAM, and ideally encrypt it too.

However, this raises the issue that you don't know what software the server is actually running. The above analysis is based on looking at the default configuration of the open source code. But if they were to change the logging to be more secure, you would need to trust them when they say that's actually the code they are running.

Have you considered using a VPN like Mullvad or even Tor? Lemmy doesn't have the same issues with blocking VPNs as reddit does. (Although some fediverse instances, such as Kbin, use Cloudflare, which does its best to block VPNs/Tor.)

Let me know if you have any other questions.

[–] [email protected] 5 points 1 year ago

Thanks for the question and for bringing it to our attention. We are (mostly) all quite new to the Lemmy platform and haven't yet put together a specific privacy policy for the instance, or looked into customizing the default behaviors regarding logging. For the time being I would suggest you take the usual precautions of using a VPN and following privacy minded practices when creating your account. We will post a sticky about it once we have had time to consider all the ins and outs.

[–] [email protected] 2 points 1 year ago

Use the search to find a privacy community.

[–] [email protected] -4 points 1 year ago (1 children)

I am in no position to ask your question because I dont have the technical knowledge about how Lemmy works within, but I can share my perception of what happens in all internet medias: You are only going to see how truthful the platform is when the owners get a court demand or law enforcement at their doors.

Until this point you can hear a lot of sweet speech of defending freedom, protecting privacy or piracy advocacy, but when the police is involved is where things get problematic.

[–] [email protected] 6 points 1 year ago

You are only going to see how truthful the platform is when the owners get a court demand or law enforcement at their doors.

Wait, so you expect a site admin to openly resist a court order and/or law enforcement when illegal activity takes place? And what does that have to do with "honesty"? There is a reason why servers like this have rules such as "don't request or link to specific pirated titles". It's because they don't want to get in trouble with the law.. And for good reason, they aren't superman after all, they cannot fight the law..

And surely we can agree that there are cases where providing law enforcement with information on illegal activity is not only the legal thing to do, but also the moral thing to do.