Lemmy

12438 readers

2 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago

MODERATORS

[email protected]

Can instance admins see users' history of visited post? (reddthat.com)

submitted 1 year ago by [email protected] to c/[email protected]

16 comments fedilink hide all child comments

As we are concerned about privacy, I am curious just to understand if lemmy can be at some point exploited by someone to profile its users.

top 16 comments

sorted by: hot top controversial new old

[–] [email protected] 18 points 1 year ago (2 children)

Being an admin of an instance, I can't even see my own history of visited posts. I can't verify this, but I doubt this information is being stored in the database currently.

This being said, each instance has full control over their API server and the web-based application being served, so they could add monitoring to either to gather this data. If they did this on the API end it would be undetectable. Running your own instance is the only fool proof method, otherwise you need to trust the instance operator.

[–] [email protected] 4 points 1 year ago

Thanks for the clarification!

[–] [email protected] 2 points 1 year ago (1 children)

What if I view a thing from another instance? Would it not also be able to log that?

[–] [email protected] 4 points 1 year ago

Each instance serves the content from that instance, so from my understanding the only thing other instances can see are subscribed communities to be able to federate posts. Upvotes/Downvotes can possibly be tracked per user as they are federated on a per-vote basis currently, though this is just something I read and don't have sources at the present.

[–] [email protected] 10 points 1 year ago (1 children)

Technically? Sure, they can retain and read their web server logs; or even put additional logging into the server code they're running.

[–] [email protected] 3 points 1 year ago (1 children)

Thanks. It would be interesting to understand if some anonymization technique could technically be created, and eventually implemented in the future.

Because it looks a pretty dangerous situation, given what people discuss on social media nowadays...

[–] [email protected] 6 points 1 year ago (1 children)

That may not be possible with web technology.

Browsers send URLs to web servers. The web server has to have the URL the user wants in order to serve a response; and it has to know who the user is in order to check permissions (e.g. don't accept a moderation action from a user who is not a moderator).

This inherently creates an opportunity for the web server to record any details about that exchange.

[–] [email protected] 2 points 1 year ago (4 children)

What if database entries are encrypted, so that a person cannot match email and username with the requests in the urls?

Users' client create encryption key on client side. Would it make sense?

[–] [email protected] 3 points 1 year ago (1 children)

This all happens before the database even gets asked for information. The web server will make a log of the requests as they come in before responding.

At minimum the web server needs to know where to send the data back to.

[–] [email protected] 1 points 1 year ago

Thanks, makes sense

[–] [email protected] 2 points 1 year ago (1 children)

If you consider the server to be malicious, why would you trust any claim that the data is encrypted?

[–] [email protected] 1 points 1 year ago

I am thinking more of a Meta "threads" -like situation. Not necessarily malicious, just a different privacy expectations between user and provider

[–] [email protected] 1 points 1 year ago (1 children)

Somehow the server has to be able to look up the user's subscriptions so it knows what posts to show them.

[–] [email protected] 1 points 1 year ago

I am mainly thinking about matching navigation history with identifiable information... You are right, It's a tricky thing...

I also wonder, if lemmy becomes a thing, with numbers in the same order of magnitude of reddit, if and how gdpr will affect server admins... Having a privacy anonymization tool built in by design might avoid headaches on the long term

[–] [email protected] 1 points 1 year ago (1 children)

It's still a fingerprint, the most vague information correlated with other data points can make a useful fingerprint. This is how a lot of the companies can track you even if you aren't logged in, you using any service creates a pattern that with enough aggregate data can be used to approximate who you are.

[–] [email protected] 2 points 1 year ago

Thanks, it looks like privacy on internet is really a mirage