I wonder if Lemmy will be included. On the one hand we are tiny, but there are also a lot of extremists here so it’s enriched in precisely the types that they would most want to know about.
How much though? I mean we have usernames yes there’s that, but can the federal agencies simply request that an instance turn over all signup data for all users and accounts? That might be an argument to avoid using US-based instances (though those mostly use Mbin or PieFed rather than Lemmy).
Or Lemmy is notoriously leaky itself - couldn’t someone simply put a thumbnail that pings a server owned by those agencies, and thereby get IP data directly? (or if not a thumbnail then a link to some website, like maybe supposedly a wordpress software or something, which functions yet also feeds IPs too) They could even spin up their own instance and watch all voting and posting traffic coming in as well, which in correlation to the IP addresses could tie down a user account. I guess a proxy would solve this particular issue. iirc there is all kinds of traffic from all kinds of servers whenever you visit every single Lemmy page, so simply putting out a post seems like it would be enough to get data from anyone that even so much as views it in their feed?
Another one relates to that time that Lemmy.World put out a user survey based on Google - anyone that responded would thereby tie a Google account to using Lemmy.
Sorry, I am all questions here and no answers, but this is going to be life & death & livelihood to so many people - splitting families apart all over again (I am referring to the previous border incidents, where e.g. babies were ripped from their mothers’ arms, some of which never did get reconnected even multiple years later).
Oh I thought that was blocked, but I guess maybe that’s just Lemmy.World that did that, while other instances can do otherwise (I thought I recalled that lemmy.cafe could - not from an onion b/c Lemmy itself somehow precludes that, but over Tor perhaps?).
Not a public one no, but instance admins can see it.
And what is to stop someone from hosting content - like an image - onto their personal server, then collect the IP addresses of everyone who visits? e.g. couldn’t you receive a message in your DM, and without being asked, merely viewing the (auto-loading!) image could reveal that it was your account (that the DM was sent to) that came from the IP address that the image hosting server recorded in the incoming traffic?
Yeah, that’s certainly possible, and AFAIK Lemmy doesn’t really do anything to protect against it (they’d have to intercept any outgoing content fetches).
However, in order to do that, they’d need to make a honeypot account that posts to get that data. That’s a lot of effort for a border patrol agent to go through on a quick stop, so they’re probably only going to bother for specific targets. So unless you’re targeted, they’re probably not going to bother making an effort to gather that type of information. The big tech companies will just hand that data over (for a fee, of course), whereas the federated nature of Lemmy means your admin would need to do that, and I just don’t think that’s very likely.
That said, if you’re worried about it, practice good OPSec. Use a VPN, burner email addresses, and don’t post personal info (or if you do, post conflicting personal info as often as you post accurate info).
I wonder if Lemmy will be included. On the one hand we are tiny, but there are also a lot of extremists here so it’s enriched in precisely the types that they would most want to know about.
true, but Lemmy is at least pseudo-anonymous.
How much though? I mean we have usernames yes there’s that, but can the federal agencies simply request that an instance turn over all signup data for all users and accounts? That might be an argument to avoid using US-based instances (though those mostly use Mbin or PieFed rather than Lemmy).
Or Lemmy is notoriously leaky itself - couldn’t someone simply put a thumbnail that pings a server owned by those agencies, and thereby get IP data directly? (or if not a thumbnail then a link to some website, like maybe supposedly a wordpress software or something, which functions yet also feeds IPs too) They could even spin up their own instance and watch all voting and posting traffic coming in as well, which in correlation to the IP addresses could tie down a user account. I guess a proxy would solve this particular issue. iirc there is all kinds of traffic from all kinds of servers whenever you visit every single Lemmy page, so simply putting out a post seems like it would be enough to get data from anyone that even so much as views it in their feed?
Another one relates to that time that Lemmy.World put out a user survey based on Google - anyone that responded would thereby tie a Google account to using Lemmy.
Sorry, I am all questions here and no answers, but this is going to be life & death & livelihood to so many people - splitting families apart all over again (I am referring to the previous border incidents, where e.g. babies were ripped from their mothers’ arms, some of which never did get reconnected even multiple years later).
Well my approach is to sign up and use Lemmy over Tor with throwaway email (Onionmail)
Oh I thought that was blocked, but I guess maybe that’s just Lemmy.World that did that, while other instances can do otherwise (I thought I recalled that lemmy.cafe could - not from an onion b/c Lemmy itself somehow precludes that, but over Tor perhaps?).
Lemmy world uses cloudflare, privacy respecting instances would never block tor
Mander.xyz even has an .onion hidden service
I signed up w/o an email address, though I think my instance now requires one.
Everything posted on Lemmy is public though.
The content is, but the IP addresses used to interact are not.
They are for your instance admin but not the whole fediverse.
And they’re more interested in matching up user accounts to people, and there’s no public link there unless you provide it.
Not a public one no, but instance admins can see it.
And what is to stop someone from hosting content - like an image - onto their personal server, then collect the IP addresses of everyone who visits? e.g. couldn’t you receive a message in your DM, and without being asked, merely viewing the (auto-loading!) image could reveal that it was your account (that the DM was sent to) that came from the IP address that the image hosting server recorded in the incoming traffic?
Maybe I’m wrong? But that’s what I fear.
Yeah, that’s certainly possible, and AFAIK Lemmy doesn’t really do anything to protect against it (they’d have to intercept any outgoing content fetches).
However, in order to do that, they’d need to make a honeypot account that posts to get that data. That’s a lot of effort for a border patrol agent to go through on a quick stop, so they’re probably only going to bother for specific targets. So unless you’re targeted, they’re probably not going to bother making an effort to gather that type of information. The big tech companies will just hand that data over (for a fee, of course), whereas the federated nature of Lemmy means your admin would need to do that, and I just don’t think that’s very likely.
That said, if you’re worried about it, practice good OPSec. Use a VPN, burner email addresses, and don’t post personal info (or if you do, post conflicting personal info as often as you post accurate info).
THIS is indeed the way:-).