I found it complicated at first (didn’t know which instance “will last”, where to register to not lose anything when instance admin decide to turn it down), but now it’s going good. We are missing mobile apps though.

What’s are your thoughts about Lemmy/kbin?

  • Sirquacksalot@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 years ago

    Also I’m concerned with where and how people’s data is stored. Where are the account usernames, email addresses, and passwords stored? It sounds to me like each instance is a separate physical server, so you’re 100% reliant on the instance ‘host’ to properly secure the data and maintain it. How does that work with GDPR compliance?

    That scares the hell out of me…

    • domsch@feddit.de
      link
      fedilink
      English
      arrow-up
      9
      ·
      2 years ago

      That’s why i chose the opportunity now, early in, to “move” to an instance in Germany. I still have to rely on the instance owner, but at least juristidiction is that same as where i live and GDPR/DSGVO is something i can somewhat count on. But in the end, it also is the question where the server is. Is the instance hosted on a QNAP NAS in someones basement or on an AWS instance in the US. That’s my biggest gripe when everyone in the privacy community recommends federated stuff. The notion that some dude in Iowa or such is more trustworthy than some corporation is pretty questionable if you ask me.

      • Sirquacksalot@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 years ago

        Good call, I actually just did the same and deleted my .world account. I’m still not comfortable with the potential issues associated with having each instance hosted at the whim of whoever runs it.

        • JoeKrogan@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          2 years ago

          lemmy.world is hosted in finland as far as I know and it is covered by gdpr. We know for a fact the corporations are datamining us, and you can see in your browser all of the third party requests and tracking code embedded in the html. I have had 0 blocks from lemmy.world hit my dns blocker. Nor anything blocked by the browser as there is no incentive and we would leave in a heartbeat if that were the case. Also it is a public forum so it comes with the usual don’t put out what you don’t want people to see. You point about the skillset of the admins is valid to properly secure it. Hopefully we can get some community whitehats to have a look at instances and the code itself

    • Ozymati@lemmy.nz
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      2 years ago

      Don’t reuse passwords, 2fa email, etc.

      But really how different is trusting some guy with a server from trusting some corporation with a server farm?

      • Sirquacksalot@lemmy.ca
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        2 years ago

        Very, actually. A large corporation has the resources and staff to properly secure and maintain (both physically and digitally) their servers vs the decentralized nature where you don’t know who is hosting it, or where. A large corporation can be held accountable for any data breeches or security issues, and are more able to report and respond quickly and properly to any security incidents. Individually run/maintained servers can vary greatly in technical support knowledge, hardware capabilities and security, and resources available to maintain the service.

        That’s even assuming the best in people and that those people running the servers are operating in good faith and not actively working to use peoples data for nefarious purposes. At least if a corporation is found to be acting in bad faith, they can be held accountable by some kind of regulatory body.

        • Ozymati@lemmy.nz
          link
          fedilink
          English
          arrow-up
          5
          ·
          2 years ago

          I dunno. I trust corps about as far as I can throw them - they’re not human or sentient and they’ll happily ruin you if it increases their profits by more than the amount they’ll pay in fines.

      • Sirquacksalot@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        2 years ago

        Honestly, very. A large corporation has the resources to properly secure both physically and digitally their servers, keep up-to date in security threats and deal with them in a timely manner. If they don’t, they can be held accountable for any data breeches or improper storage. Plus, ALL the servers of that corporation are secured to the same standard.

        A bunch of dudes running servers in their basements has none of that, and their resources for managing/running/securing those servers vary greatly between them, and may even vary and change often depending on the server.

        So yes, I trust a properly staffed/supported data farm vs individuals anyday in terms of security.

        And that even starts off on the assumption that everyone running a server at all is aware of and concerned with securing the server and data properly, let alone bad actors who might actively try and subvert data integrity laws for their own gain.