Edit: obligatory explanation (thanks mods for squaring me away)…
What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
To anyone surprised at this: welcome to the fediverse, please treat everyhing you do or say as public.
The way to achieve privacy around here is by following the long forgotten arts of the old internet before Facebook was a thing:
use a Nick name and don't tell strangers on the internet your real identity.Your home instance will act as a proxy and only they have access to your email and IP address. That does stay private.
So, as long as you trust your home instance to not leak or disclose your connection or sign up data (which would be illegal in EU countries), just sign up with an alias.
A very positive aspects of this is that it should allow us to detect voting manipulation by correlating the activity of certain potentially malicious actors. If Lemmy instances take vote manipulation seriously and do their best to block bots this has the chance to make Lemmy / Kbin much more transparent and credible than Reddit ever was.
Lol. kids these days would post their bank info online if the banks didn’t prevent them from doing so.
I don’t want to shame anyone, but I’ve had people sign up give me their full DoB and offering to show me their ID. I know of people who disclose their id to get access to nsfw discord communities.
so would my grandpa
You say that like A/S/L wasn’t a thing back in the day.
Wasn’t there a twitter account that retweeted people posting photos of their credit cards?
No, an alias will only give you pseudo-anonymity. Even trivial analysis like counting which words occur together frequently in your writings can reveal with very good accuracy any other alt of you, so the available information of you is basically everything you have shared online with enough accompanying self-written text.
I whole heartedly agree with this perspective.
Additionally, and this is an unpopular opinion, but trying to maintain a Nick or online identity over many years is folly. You end up with a huge repository of personal information, increasing the risk that it can be connected to you personally.
This has come up as part of those requests to migrate accounts between instances. “I want a persona that stays with me for years”… Is that actually a good idea though!?
or: pgp :)
Your home instance will act as a proxy and only they have access to your email and IP address.
Your home image typically doesn’t proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.
Edit: Obligatory RIP my inbox.
Can we leave this kinda stuff behind? It is NOT obligatory.
I’m going to start throwing “edit: thanks for the gold kind stranger!” on the end of my comments just to induce some nostalgic cringe.
edit: my most upvoted comment is about beans.
Redditisms are cringe and always have been. Yes I agree we should leave them behind.
The narwhal bacons at midnight!
Yes all the bad Reddit jokes and unoriginal lame attempts at garnering upvotes eg making a stupid joke out of a typo (generally unfunny, rare exceptions), I also choose this guy’s wife, take my upvote you bastard, anything along the lines of wow I hate you for making a pun, I’m not crying you are, I feel personally attacked and god knows the list goes on and on
Hopefully these things aren’t just replaced but one can hope
Of those ‘jokes’ you listed, “I also choose this guy’s wife” will never be not funny
*dead wife
I also choose this joke’s wife.
I’ll just use my short username then
To illustrate op’s point I’m going to spin up an instance, federate with everyone, and not tell anyone what that instance is.
Then I’m going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.
Additionally, I’ll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user’s political affiliations and display the results.
Worst of all, I’m not going to out my instance for everyone to know it as the one to defederate. In fact I’m spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.
I’ll also have a store where anyone can buy my collected fediverse data for a handsome sum.
Just kidding I’m not doing any of this. But someone absolutely will or already is.
They will know the user but not the person in real life. Even if you know that my user is more conservative on some points or more liberal on others, how can you use that for nefarious action ? Unless you know where I live and who I am, the data is useless.
People need to be aware that sharing your personal information on the internet is never a good idea.
It’s very difficult to both A) have meaningful conversations in a public space, and B) conceal your identity from a dedicated adversary. Once a person has a long post history, it’s likely that an observer could narrow down their identity to a very small group, if not a single person. Every post you make reveals something.
Even if you don’t ever explicitly state it, your age range and gender can likely be guessed with high probability by your writing style and/or little tidbits of info you leak without thinking about it. Same for political leanings. You might casually mention the brand of car you drive, or your favorite foods, or just reference something you experienced as a child that is not universal. All of these things leak information, and while each one seems insignificant, in aggregate they can tell a detailed story. Just knowing that you’re a Canadian who speaks both French and English eliminates about 99.8% of the world’s population as possibilities.
Back on Reddit I used to create fresh accounts all the time, but then I’d go and join the same subs, post with the same writing style, and generally express the same worldview. If anybody cared, had a good grasp of statistics, bothered to collect the data, and put in a stupid amount of time to it, they could likely match all of my accounts together. I was never too worried about this because…well I just didn’t care. But I did have a cyberstalker at one point and it made me think.
I wouldn’t be shocked if someone could match me to one or more of my Reddit accounts just from this one comment, tbh. I’m leaking information here like a sieve! Not many people have the skills to do that, and the few who do are unlikely to give a rat’s ass about me. HOWEVER, as AI becomes more advanced, anyone with computer literacy will be able to do analysis in minutes that might currently take an expert days or weeks.
How often are we going to see this postage? I think this is the third time I’ve seen it at least
You’re following up to a post made almost 3 months ago so it’s not surprising you’ve seen similar since.
what? oh wow, that is so weird. I’m sorry. I was browsing by Top 6 hour, guess there was a glitch.
No worries. The sorting and filtering algorithms definitely need some love.
Reading these comments, seeing so many excuses, sarcastic responses, and handwaving, makes me realize a great deal of users really need to develop some imagination.
This is not about privacy. It’s about data that can easily be used for targeting and profiling users, and how that creates countless avenues for targeted harassment and wide scale retaliation. It’s about all of the innumerable ways public vote information can and will be abused to manipulate scoring across the site with targeted/automated shadow banning and shared blocklists. Raise your hand if you trust every single admin to never abuse such a tool to curate the outward appearance of an instance to fit a narrative.
For a different example: I could say something about how great Nazis are right now, and have a bot programmed to read every single person that downvoted me, add those names to a shared blocklist, and viola, I’ve made myself and all my alts invisible to the people that would challenge me on a massive scale.
I promise you this is going to be a big issue as tools for this site get more sophisticated over time.
For me, it makes so much sense. Likes and dislikes, besides serving as a means of sorting posts and comments, also serve as a shortcut for leaving a comment saying, “This^” or “I disagree.”
Well of course. The instance stores all data in a postgres database. How else will it be able to remember anything?
Maybe this is not obvious to non-programmers but you never see everything in the user interface for any system. There are tons of records needed for the system to track everything that goes on.
Since posts are federated, they will exist in the local db as well as on each instance.
Isn’t that kind of the point? You don’t get very far hiding in a social setting. You’re on a public website talking to other people. Your posts should be public, comments, etc. At least people should treat all websites or apps they didn’t develop personally like they’re public. I mean you don’t really have a right to privacy in public.
And I’m not trying to say this with some malicious tone or anything but it’s just my view on it.
Just commenting so this stays one of the most commented posts. Feel free to keep scrolling
Oh no, so my upvotes on c/spacedicks aren’t private?
/s
There is a fundamental misunderstanding here.
Our data has never been ‘invisible’… We’ve just trusted that places like Reddit and their staff will do the right thing. That’s literally how it already works.
If you sign up for Reddit, Reddit staff can see your posts and votes if they want to.
If you sign up for a private forum the admin there can also see database contents.
One way encryption is not possible without stopping functionality… If data about you was encrypted then posts you make couldn’t be displayed. If you include a means to decrypt then there was no point encrypting anyway.
This is how it’s always been, and Lemmy doesn’t change this status quo much.
A faceless corporation that has had access to your data is just replaced by a variety of admins distributed across instances.
This isn’t a good or bad thing, the potential for abuse does exist, but when we have literally made agreements with places like Reddit that they can use and sell our data… then what difference does it make it an admin takes a peek?
It wouldn’t be great… but nothing is perfect.
It’s still worth working on however, to see if a better solution can be found, but at this time I’d say just be aware that it is possible that your data can be seen and understand the only safeguard against that if you need to communicate something private would be to use direct messaging with end to end encryption.
Couldn’t we just use a hash for the usernames instead?
Nothing too over the top, but just a simple hash and match that instead?
Also, there’s way too much trust in instances. Like, one person could easily make a post on lemmy.world, go on their personal instance, and just give themselves, say, 2000 upvotes.
Instances should have their own settings on what instances are allowed to keep a local copy. (Default behavior should be to get the post itself from the instance “hosting” it).
If that is a solution you’d need to change the ActivityPub specification. You are more than welcome to submit your idea.
Also, there’s way too much trust in instances. Like, one person could easily make a post on lemmy.world, go on their personal instance, and just give themselves, say, 2000 upvotes.
I’d first have to create 2000 users, then I’d have to send 2000 upvotes. And then I’d get blocked by all instances.
Instances should have their own settings on what instances are allowed to keep a local copy.
This is also not compatible with the ActivityPub spec but even if it were you’d win nothing because as soon as you fetch the post it is still on the server.
Hey, just curious: how would all the instances discover this type of fraud?
I have actually been really surprised by the amount of anti free speech and anti privacy attitudes that I have seen since joining Lemmy. It seems that a lot of the people that made Reddit the shit hole that it was, are the ones who have been early adopters of Lemmy.
God I miss Voat, that was true free speech with a heavy emphasis on privacy.
