this post was submitted on 02 Aug 2024
1275 points (95.3% liked)
Memes
45522 readers
1296 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don’t know why people keep attributing privacy to Lemmy when ActivityPub is anything but.
Is ActivityPub logging which IP I post from? Is ActivityPub monitoring which communities I view? Is ActivityPub blocking me from browsing with my VPN on?
That depends on the implementation.
That depends on the implementation.
That—believe it or not—depends on the implementation.
We already have an implementation. You me and OP are all on Lemmy. So can you answer these in the context of Lemmy again?
I actually can’t answer them, because I only admin this instance, I don’t run it.
While I’m sure this is not the case, it’s entirely possible that the people who do run this instance are running a fork of it that does all of those things. It couldn’t log your IP address or block your VPN, but it could mine, and your instance could yours. And I haven’t read the Lemmy source code, so I don’t know what even an unmodified Lemmy logs.
(Actually this instance is running a fork right now, or rather a branch: 0.19.6-beta1, because lemmy.ml is the core Lemmy developers’ instance for testing beta code before releasing production versions.)
But you can read the source code and get an understanding of whether it is collecting private information or not. You can theoretically also fork the code and make your own version of Lemmy where you're ripped out the parts that collect private information. Can you do any of those things with Reddit? Absolutely not. You have no idea what exactly Reddit collects and even if you did you have no control over that collection.
What you're doing is questioning the privacy aspect without putting in the effort to check if your questioning is valid. Nobody is preventing you from reading the source code. And if you don't trust anyone else running the instance you can fork Lemmy, make whatever privacy changes you need and host your own instance. That goes beyond the capabilities of the average user but that's the catch with privacy, if you can't trust others then you have to learn more to get by without others.
Many Lemmy instances block VPN posting. You can view, but not vote or post. I have a secondary private VPN I use sometimes for that. But honestly the whole thing just sucks.
ActivityPub does not share your IP with other instances, but of course, like all websites, your home instance can see your IP.
I got off lemmy.world because they block VPN connections. Not happening, under any circumstances. I don't trust anyone that much.
Is your IP passed on to other instances along with your post/comment?
No. ActivityPub does not share your IP with other instances.
Nope, that info stays on the home instance.
No idea. I installed a VPN on my router to get privacy. That's all I ask.
Meanwhile I know lemmy instance that blocks most clearnet connections and can be accessed from tor and i2p
Trust them with what though? What are you posting?
Did you just do the "if you don't have anything to hide, what's the big deal" move?
I want privacy. That's all.
I'm just saying that you're literally making posts and comments specifically to be heard. What's getting obscured here?
Well, my ISP doesn't need to know anything about my posts. And the fediverse doesn't need to know who I am beyond "growingentropy," so...
Ah yeah that makes sense.
I have a router with a VPN. I'm not disabling that just to post on lemmy.world.
And generally that's fine. If you're posting stuff publicly, expect it to be public.
Lemmy gives away for free what Reddit is desperately trying to put up walls on so they can sell it, but I wouldn't call it "private" because it's monetized.
Lemmy is the opposite of privacy, and that just makes sense if you 🤔.
I desperately want all my posts on all forum like sites to be easily indexable by search engines. That Reddit blocked other search engines besides Google from indexing is crazy.
Privacy in the sense that no one is selling your information for profit
In terms of privacy reddit has it better(still bad but better than Lemmy) because your content is locked behind a paywall only few companies can access. On the other hand, any one can train their AI on Lemmy posts and access all history of all users freely. The difference is that on lemmy only the companies that collect your data profit, while on reddit also the owners of the platform (reddit itself) profit.
No, it's just open free for the taking by anyone who decides to spin up their own instance, or to anyone who decides to scrape from an instance frederated with yours without robots.txt set against web scrapers. Hosters could even intentionally break federation to prevent deletions from syncing.
I love lemmy, but privacy is not one of its features.
Any script kiddie can scrape the entirety of Lemmy, with the exception of direct/private messages. robots.txt is merely a request, with no enforcement capability.
That was what I was going to say.
That said, if someone detects some sort of data-mining plagiarism bot sucking down everything on an instance, it can be defederated very quickly.
New instances basically suck down everything as the most normal use case. That's what activitypub is for.
There is script that marks entire fediverse for backfilling
Why would such a bot need to be on a new instance?
See, the app won't track your clicks, views, interests. Only public thing is the thinh you post. Which is great for public communities. Theese are meant to be public. But things facebook or reddit or google does is enough to call lemmy private
The amount of magical thinking around federated protocols both on Lemmy and Mastodon is astounding. Sure, design decisions make a difference, but federations gonna federate.