Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: Obligatory RIP my inbox.

  • Wander@yiffit.net
    link
    fedilink
    English
    arrow-up
    500
    arrow-down
    4
    ·
    edit-2
    1 year ago

    To anyone surprised at this: welcome to the fediverse, please treat everyhing you do or say as public.

    The way to achieve privacy around here is by following the long forgotten arts of the old internet before Facebook was a thing: use a Nick name and don't tell strangers on the internet your real identity.

    Your home instance will act as a proxy and only they have access to your email and IP address. That does stay private.

    So, as long as you trust your home instance to not leak or disclose your connection or sign up data (which would be illegal in EU countries), just sign up with an alias.

    A very positive aspects of this is that it should allow us to detect voting manipulation by correlating the activity of certain potentially malicious actors. If Lemmy instances take vote manipulation seriously and do their best to block bots this has the chance to make Lemmy / Kbin much more transparent and credible than Reddit ever was.

    • abbadon420@lemm.ee
      link
      fedilink
      English
      arrow-up
      148
      arrow-down
      11
      ·
      edit-2
      1 year ago

      Lol. kids these days would psot their bank info online if the banks didn’t prevent them from doing so.

    • BitOneZero @ .world@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      1 year ago

      Your home instance will act as a proxy and only they have access to your email and IP address.

      Your home image typically doesn’t proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.

      • themoonisacheese
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        That’s fair enough, but other servers can’t correlate your account with your IP nor do they have your email. User agent strings are public information, and you control what it is. If you’re worried about privacy, simply send a recent chrome user agent and nobody can identify you in the sea of other chrome user agents.

      • azuth@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        The posts just contain a URL which doesn’t include the uploader’s ip address or their browser string.

        • BitOneZero @ .world@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          When the browser loads that URL, hotlinked image, that server has to have your IP address to return the results. Just browsing posts those images are being loaded.

          • azuth@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.

          • azuth@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.

    • DogMuffins@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      I whole heartedly agree with this perspective.

      Additionally, and this is an unpopular opinion, but trying to maintain a Nick or online identity over many years is folly. You end up with a huge repository of personal information, increasing the risk that it can be connected to you personally.

      • NorwegianBlues
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        This has come up as part of those requests to migrate accounts between instances. “I want a persona that stays with me for years”… Is that actually a good idea though!?

      • Wander@yiffit.net
        link
        fedilink
        English
        arrow-up
        18
        ·
        1 year ago

        No, Lemmy currently doesn’t do authorized fetch and thus there’s no way for users to request access to a certain post, which would sort of require to disclose a user wanting to get access to something. So no, they are not stored as part of activitypub.

        They could be logged on your instance’s server and/or the server where are an image is hosted as part of typical logs for web requests. These would contain your ip address and other browser metadata such as the user Agent, but these are typical logs that happen every time you load anything on the internet on any website that exists.

      • sugar_in_your_tea
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        That’s only going to protect you from your instance admin or data breaches knowing your connection location and email.

        Most doxxing happens from user-submitted information. For example, you just mention the following:

        • the city you live in
        • your birthday
        • physical characteristics - hair color, height, etc

        Those can be done across a lot of comments, and someone can easily write a script to distill all of that into a list of details.

        My general strategy is:

        • don’t give someone a reason to dox me - i.e. be polite
        • recreate my account every so often - usually 1-2 years
        • lie frequently to make it harder to sift through
        • assume someone is going to try to dox me
    • kaba0@programming.dev
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      No, an alias will only give you pseudo-anonymity. Even trivial analysis like counting which words occur together frequently in your writings can reveal with very good accuracy any other alt of you, so the available information of you is basically everything you have shared online with enough accompanying self-written text.

      • deweydecibel@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        1 year ago

        Also, it’s not just about privacy, it’s about retaliation. It will be the easiest thing in the world for people to put together bots that will track the downvotes on every post they make and automate adding those people to block lists. Suddenly a whole fleet of alts is invisible to the people that would disagree with them.

    • Yaxoi@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      The thing is, there is really no way to know is trustworthy as a home instance…?