I’ve been sent this article about privacy on Lemmy and I would like to have more opinions about it.

I come from the Matrix world where there is no history deletion neither but at least everything is encrypted.

Can we hope anything about privacy on Lemmy ?
Especially with all the attention it’s getting right now.

  • 3migo@lemmy.world
    link
    fedilink
    arrow-up
    14
    ·
    1 year ago

    “Arguably worse for privacy than Reddit”

    This poster clearly has some sort of vendetta against Lemmy and/or its creators with the comments on politics, etc.

    Reddit takes your activity and packages/sells your data to advertisers. Lemmy does not. To say Lemmy is worse than Reddit for privacy is just not true.

    I’d take that post with a hefty grain of salt.

    • MuchPineapples@lemmy.world
      link
      fedilink
      arrow-up
      0
      arrow-down
      2
      ·
      1 year ago

      On lemmy (and mastodon, kbin, etc) it seems like it’s extremely easy for a third party company to datamine everyone’s data, even deleted ones. Federated software is terrible for privacy because it creates hundreds of backups to the federated instances. Any one of those instances can decide not to actually delete anything when requested.

  • GlitzyArmrest@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    Just like on reddit, treat everything here as public. Do not post things that you want to be private to either site; this goes for literally any website you don’t own.

  • butter@lemmy.jamestrey.com
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    Privacy is tricky. I’ve seen complaints that anything you post stays forever. But honestly, is that what you consider private?

    Do you think it’s more private to make and delete posts than to just use a VPN and an anonymous account? Having the ability to delete posts doesn’t help your privacy at all. At least there’s no advertisers being sold all our data.

    And the chat thing really needs fixed. But for quick one-off messages, it’s fine. Maybe just too exchange secured accounts

  • MentalEdge@sopuli.xyz
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    1 year ago

    Everything you post on lemmy is intended to be public, so there really isn’t a point to it having privacy features like encryption. There is the one sticking point of dms being readable by the relevant instance admins, perhaps that will change at some point, but for now lemmy supports attaching a matrix handle to your account for secure messaging.

    That said, something the underlying protocol (ActivityPub) does have, are standards for both editing and deleting your own posts. It will be quite possible to have everything or anything you’ve put out there changed or removed, much like on reddit. The action will propagate to all federated instances.

    Also I’m not sure what you mean by there being no history deletion in matrix? I run a node, and purging a room, or an entire account, is absolutely possible. You can even set a node up to only retain data for a certain amount of time. Or are you referring to the fact that you can’t make another node that has the history for people you’ve talked to on it, delete it?

    There ActivityPub has matrix beat, if you delete your comment, any instances it was visible on (unless they defederated since) will also delete it.

    • CookieJarObserver@feddit.de
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      So for the start.

      1. Lemmy isn’t own by anyone its open source and open development

      2. Even though the original dev might or might not be politically questionable, instances like exploding heads (literally nazis) and instances like lemmygrad (literally stalinists and genocide deniers) are here, polar opposites, if the devs would have had political intentions they could hard code it into the system, they didn’t.

      3. This is a forum, you post and write to the world, the world listens and doesn’t forget, lemmy offers dms but also offers a matrix link directly next to it for safer communication. (there is no encryption so far because it would be completely useless for most things here)

      4. The deletion of content is currently not sufficient, but they apparently work on that, but at the moment other things are more important for it to function properly (mod tools, script efficiency…)

      • brad_long_armsOP
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        This puts the words on what I was feeling but could not express. Thank you !

        • CookieJarObserver@feddit.de
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Forgot to add that there is actually no tracking stuff at all, just Session keeping cookies.

          And those people that spread this misinformation about lemmy on reddit are even worse than idiots, reddit app has more tracking Software than fucking Facebook and same when we compare the browser versions.

  • underisk@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Any claims made about privacy on a social media site, especially ones run by private companies or individuals, should be met with extreme skepticism. The reality of privacy on the internet is that it is not something you can get by picking a different service, it is something you must constantly maintain with vigilance and an up to date understanding of infosec practices.

  • TwilightKiddy@programming.dev
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Sites like these cannot be private by design. Their whole purpose is making data publicly avaliable.

    If you want none of data here linked to you, register on an instance that does not require email and don’t use your nickname, that’s all there is to it.

  • cstine@lemmy.uncomfortable.business
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    It reads like someone has just discovered that if you toss out public data on the public internet via federation it becomes public and out of your direct control.

    That’s how all federated services basically work: once it is relayed to someone else’s server, there’s essentially nothing you can do to force deletion.

    Easy example: if you send me an email, but delete it from your sent messages, did you delete the message I got?

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Lemmy is meant to be a public website with public content. And in general, that post is either very uninformed or in bad-faith as most of these things are unavoidable in federation or even protect former users from impersonation.

  • ProfessorFlaw@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Might sound dumb, but why privacy? All you do here is post publicly random cat photos, it isnt a messenger where you have private conversations.

    • sneakyninjapants
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Not that I know of. Should be relatively (to reddit) simple to build one though, as lemmy’s API is pretty decently documented.

  • Cambionn@feddit.nl
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Lemmy is not worse than the rest of the internet. But understanding hów it works is important. Lemmy isn’t 1 place, it’s hostibg software. There a bunch of different servers ran by different people.

    I’m gonna write a bunch here, but no worry. I’ll get to the part mentioned in that article. It’s just all a bit more complex than “Lemmy does X”.

    Lemmy, as software, doesn’t track shit. It’s open source and anyone can check this.

    Lemmy instances, are bound to whatever law is applicable to them. A US server aimed to US people is not GDPR restricted. A EU server is. An international server aimed at everyone incl. Europe also is.

    If a server tracks you, depends on the server. They cóuld run an altered version of Lemmy software. It’s up to you to choose a server who you trust and falls under a juristriction you want. If not, you can always host your own.

    Also know that even the GDPR’s often qouted “right to be forgotten” only covers the place you have your account at + the places that they share data with themselves. This is an important nuance. Furthermore being forgotten means it has to be anonymised, but any non-personal things can stay online. You have no right to ask to have your every word deleted by these laws, just to have any informatjon tracable to you or your account removed.

    As I said, they are responsible for deleting data from places théy send data to. But federation works the other way around. Other places grab from each other. They can only grab stuff you put in public. This is comparable to say:

    • You post something on Reddit.
    • Someone reposts it on 4chan.
    • you remove the Reddit post.
    • your post is still on 4chan.

    You can try to ask 4chan to remove it, but they likely won’t. They just took some public stuff and screenshotted it. It wasn’t supplied by Reddit (which requires Reddit sending it to them), but taken by 4chan from a public place. Therefor Reddit is not responsible. Since 4chan isn’t in Europe and doesn’t actively market themselves to Europeans, they aren’t bound hy GDPR. At best, you can try to make a copyright claim, which turns it into a whole other issue.

    Lemmy instances are like that. They are all different websites grabbing data from each other, not sending them actively to each other. They just run the same software. But that doesn’t mean shit. Most websites run on Linux servers, but that doesn’t make Linux responsible. Most servers run Apache or Nginx, but neither of those are responsible. NextCloud also isn’t responsible to what files people upload yo their self hosted cloud on their NAS.

    In that, Lemmy isn’t less private than the rest of the internet. You should, at all times, be careful what you post online. Assuming that whatever you post will be public forever isn’t a bad habbit, as you cannot block people from copying it and reposting it elsewhere. Even stuff with “friends only” settings can appear otherside like this, let alobe public posted stuff like Lemmy posts.

    With that, as far as removing content goes and what admins can see, I dunno. But the way federation works, posting on a federated server already means purposefully posting something to be copied. It’s fully compliant with privacy laws, but indeed hard to delete forever. But that can be the casr for anything on the interbet, especially public stuff.

    So, td;dr. Lemmy isn’t less safe than the rest of the web. Best advice is don’t be too stupid and think before you do shit in public.

  • ono@lemmy.ca
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Privacy enthusiast and software developer here. I would not consider that post an “article”. It is an alarmist mess.

    Point 3 is so vague as to be useless, and its link doesn’t clarify at all, so I won’t try to address it.

    To points 1, 2, & 4:

    As far as I can tell, Lemmy does in fact federate deletes. If those deletes are not being honored, then the problem lies not in the Lemmy network, but in one implementation of it, which can be fixed.

    If Lemmy’s code is hiding posts instead of deleting them, you could submit a change request to address it. Chances are there’s another way to accomplish whatever goal is behind the current behavior.

    You could also write (if you’re a developer) or sponsor (if you aren’t) an alternative implementation. Make yours fully and immediately delete, and make it otherwise good, and it could become the dominant software for running Lemmy instances.

    If your concern is with the Lemmy developers’ ethical positions, you wouldn’t be the first, but distancing yourself from them doesn’t require abandoning the network. You can simply use an alternative implementation (e.g. Kbin) or join communities that aren’t hosted on lemmy.ml. That’s one of the great benefits of the network: no single person or server controls it.

    I strongly believe that public discourse is healthier on decentralized communication services. For link sharing and conversation, I don’t know of another platform that comes close to Lemmy’s chances of success. It has flaws, but nothing that can’t be fixed over time. And we need one now. The important thing is to get people using it; build the communities. That will make the time investment required to improve it worthwhile.

    Regarding privacy:

    Let’s try to remember that it is not possible to revoke something that has been made public, on any platform. Bots exist. Caches exist. Web crawlers. Intelligence agencies. Archives. Screen shots. Backups. The closest we can come is to encourage people on the network to honor deletes, and hope the remaining copies don’t turn up at an embarrassing moment.

    And as always (even before the internet), it’s probably a good idea to think about our words before publishing them to the public.

  • makos@programming.dev
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    Since Lemmy is free software, can someone just fork it and change it to be more privacy-focused?

    • sneakyninjapants
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Someone definitely could, but what privacy-oriented features would even be useful on a social media site, aside from encrypted DM’s?

    • BombOmOm@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      6
      ·
      1 year ago

      They can; but remember you are posting public information on a public forum. The privacy features are all about what you type or don’t type. Never type private information into a public forum.