• sugar_in_your_tea
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 month ago

    And they’re more interested in matching up user accounts to people, and there’s no public link there unless you provide it.

    • OpenStars@piefed.social
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 month ago

      Not a public one no, but instance admins can see it.

      And what is to stop someone from hosting content - like an image - onto their personal server, then collect the IP addresses of everyone who visits? e.g. couldn’t you receive a message in your DM, and without being asked, merely viewing the (auto-loading!) image could reveal that it was your account (that the DM was sent to) that came from the IP address that the image hosting server recorded in the incoming traffic?

      Maybe I’m wrong? But that’s what I fear.

      • sugar_in_your_tea
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 month ago

        Yeah, that’s certainly possible, and AFAIK Lemmy doesn’t really do anything to protect against it (they’d have to intercept any outgoing content fetches).

        However, in order to do that, they’d need to make a honeypot account that posts to get that data. That’s a lot of effort for a border patrol agent to go through on a quick stop, so they’re probably only going to bother for specific targets. So unless you’re targeted, they’re probably not going to bother making an effort to gather that type of information. The big tech companies will just hand that data over (for a fee, of course), whereas the federated nature of Lemmy means your admin would need to do that, and I just don’t think that’s very likely.

        That said, if you’re worried about it, practice good OPSec. Use a VPN, burner email addresses, and don’t post personal info (or if you do, post conflicting personal info as often as you post accurate info).