Edit: obligatory explanation (thanks mods for squaring me away)…
What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
To anyone surprised at this: welcome to the fediverse, please treat everyhing you do or say as public.
The way to achieve privacy around here is by following the long forgotten arts of the old internet before Facebook was a thing:
use a Nick name and don't tell strangers on the internet your real identity.Your home instance will act as a proxy and only they have access to your email and IP address. That does stay private.
So, as long as you trust your home instance to not leak or disclose your connection or sign up data (which would be illegal in EU countries), just sign up with an alias.
A very positive aspects of this is that it should allow us to detect voting manipulation by correlating the activity of certain potentially malicious actors. If Lemmy instances take vote manipulation seriously and do their best to block bots this has the chance to make Lemmy / Kbin much more transparent and credible than Reddit ever was.
Lol. kids these days would post their bank info online if the banks didn’t prevent them from doing so.
You say that like A/S/L wasn’t a thing back in the day.
19/f/Cali was the only acceptable response
I think we cybered
Depends, could I have talked some vanilla WoW gold out of you?
As I put on my robe and wizard hat…
666/D/Hell
puts on wizard’s hat
Yall remember those “your stripper name is the street you grew up on and your pet’s name” challenges? Literally phishing for password recovery keys.
I got a virus.
Flagrant System Error
Computer Over.
Virus = Very Yes
I don’t want to shame anyone, but I’ve had people sign up give me their full DoB and offering to show me their ID. I know of people who disclose their id to get access to nsfw discord communities.
DUDE MY GIRLFRIEND FUCKING DID THAT AND I JUST LOOKED AT HER AND ASKED HER IF SHE THOUGHT THAT WAS A GOOD IDEA. In hindsight no, thankfully she’s gonna be moving soonish. This was from before we were together, otherwise I would have warned her not to do that. It was the same discord she got a cyberstalker from, thankfully the stalker wasn’t a friend of the owner because otherwise he totally could have gotten her address and irl info.
so would my grandpa
Wasn’t there a twitter account that retweeted people posting photos of their credit cards?
Well lemmy has some protections u cant post ur password see: *******************
No, an alias will only give you pseudo-anonymity. Even trivial analysis like counting which words occur together frequently in your writings can reveal with very good accuracy any other alt of you, so the available information of you is basically everything you have shared online with enough accompanying self-written text.
Also, it’s not just about privacy, it’s about retaliation. It will be the easiest thing in the world for people to put together bots that will track the downvotes on every post they make and automate adding those people to block lists. Suddenly a whole fleet of alts is invisible to the people that would disagree with them.
Your home instance will act as a proxy and only they have access to your email and IP address.
Your home image typically doesn’t proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.
The posts just contain a URL which doesn’t include the uploader’s ip address or their browser string.
When the browser loads that URL, hotlinked image, that server has to have your IP address to return the results. Just browsing posts those images are being loaded.
Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.
Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.
I whole heartedly agree with this perspective.
Additionally, and this is an unpopular opinion, but trying to maintain a Nick or online identity over many years is folly. You end up with a huge repository of personal information, increasing the risk that it can be connected to you personally.
This has come up as part of those requests to migrate accounts between instances. “I want a persona that stays with me for years”… Is that actually a good idea though!?
That is why I am as my username states: intentionally anonymous
The thing is, there is really no way to know is trustworthy as a home instance…?
or: pgp :)
This person internets. 👏
To illustrate op’s point I’m going to spin up an instance, federate with everyone, and not tell anyone what that instance is.
Then I’m going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.
Additionally, I’ll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user’s political affiliations and display the results.
Worst of all, I’m not going to out my instance for everyone to know it as the one to defederate. In fact I’m spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.
I’ll also have a store where anyone can buy my collected fediverse data for a handsome sum.
Just kidding I’m not doing any of this. But someone absolutely will or already is.
You know, I came in here with the mindset that the topic of discussion here isn’t a bad thing; I’m largely pro information-should-be-open-and-available. But you’ve argued a very solid point, and I’ve changed my mind on the issue. I appreciate you sharing this perspective!
With all due respect, figuring out who you are based off what you say in a public setting is already what people do irl
I think your comment clearly illustrates what might go wrong with it. If they need this data for sorting or something else absolutely, then I would be happy if they just hashed the usernames/instances or used some other form of UID.
Honestly, why not? The data is already being recorded. At least this way it’s public and the rest of us get to interact with it. It might even scare a few people into paying attention to the information that they disclose about themselves and increase their digital hygiene.
They will know the user but not the person in real life. Even if you know that my user is more conservative on some points or more liberal on others, how can you use that for nefarious action ? Unless you know where I live and who I am, the data is useless.
People need to be aware that sharing your personal information on the internet is never a good idea.
It’s very difficult to both A) have meaningful conversations in a public space, and B) conceal your identity from a dedicated adversary. Once a person has a long post history, it’s likely that an observer could narrow down their identity to a very small group, if not a single person. Every post you make reveals something.
Even if you don’t ever explicitly state it, your age range and gender can likely be guessed with high probability by your writing style and/or little tidbits of info you leak without thinking about it. Same for political leanings. You might casually mention the brand of car you drive, or your favorite foods, or just reference something you experienced as a child that is not universal. All of these things leak information, and while each one seems insignificant, in aggregate they can tell a detailed story. Just knowing that you’re a Canadian who speaks both French and English eliminates about 99.8% of the world’s population as possibilities.
Back on Reddit I used to create fresh accounts all the time, but then I’d go and join the same subs, post with the same writing style, and generally express the same worldview. If anybody cared, had a good grasp of statistics, bothered to collect the data, and put in a stupid amount of time to it, they could likely match all of my accounts together. I was never too worried about this because…well I just didn’t care. But I did have a cyberstalker at one point and it made me think.
I wouldn’t be shocked if someone could match me to one or more of my Reddit accounts just from this one comment, tbh. I’m leaking information here like a sieve! Not many people have the skills to do that, and the few who do are unlikely to give a rat’s ass about me. HOWEVER, as AI becomes more advanced, anyone with computer literacy will be able to do analysis in minutes that might currently take an expert days or weeks.
I get what you’re saying. I’m not sure if it’s something that is fixable giving that we participate in a public forum. Maybe the federation isn’t a great idea after all, or maybe we overthink it. I don’t know.
Jesus Fucking Christ !
And just think how much data you can gather by sending out puppet accounts on various instances, accounts that will serve only to publicly state an opinion, such as “I support this candidate”, so the data on the people who upvote it can be harvested and categorized more easily. There is so much data harvesting potential here with a little imagination, and with a little more, a lot of ways to use that data to influence the way average users engage with the fediverse.
That site would also be a great advertisement for Lemmy. Come here to our decentralized platform, where you can vote…but you better not, lest you end up on the site. What social network wouldn’t grow when users are peer pressured into not using one of it’s basic underlying mechanics that makes the whole thing work?
That was pretty interesting. I want to see graphs.
Gpt has to small of a context window to get someone’s entire post history in. U have to embed everythibg they have said then u can make queries against their knowledge base or grouping user content embeddings and comparing to known data points. Not that i have the compute to do this at any kind of scale.
I’m almost willing to bet that big tech companies are already doing this. They got the motive and the means. No doubt Meta or Google have dedicated some of their servers to mining our Lemmy data in this way.
With only around 100k users and most people using anonymous usernames that cannot be connected to their identity it would hardly be worth the effort, time or money.
Edit: Obligatory RIP my inbox.
Can we leave this kinda stuff behind? It is NOT obligatory.
I’m going to start throwing “edit: thanks for the gold kind stranger!” on the end of my comments just to induce some nostalgic cringe.
You are a gentleman and a scholar. /s
edit: my most upvoted comment is about beans.
Redditisms are cringe and always have been. Yes I agree we should leave them behind.
Well, I disagree. Redditsms, or whatever you call them, among other things helped to make reddit as popular as it is (was) right now.
I get you don’t like it personally, but your personal opinion about them being cringe, while respectable, is not a fact.
I agree with both of you. We should leave redditisms behind and create lemmyisms. And yes, they get cringe if overused
Possibly relatedly, is this a good place to mention beans? I have not figured out where that meme actually came from, but apparently it’s a thing the cool kids are saying.
The narwhal bacons at midnight!
Yes all the bad Reddit jokes and unoriginal lame attempts at garnering upvotes eg making a stupid joke out of a typo (generally unfunny, rare exceptions), I also choose this guy’s wife, take my upvote you bastard, anything along the lines of wow I hate you for making a pun, I’m not crying you are, I feel personally attacked and god knows the list goes on and on
Hopefully these things aren’t just replaced but one can hope
Of those ‘jokes’ you listed, “I also choose this guy’s wife” will never be not funny
*dead wife
I also choose this joke’s wife.
c/angryupvote
This.
EDIT: Thanks for the awards kind stranger!
EDIT 2: Rip my inbox
This is all examples of reddit shit that is really dumb. We don’t need to bring it over here
Reading these comments, seeing so many excuses, sarcastic responses, and handwaving, makes me realize a great deal of users really need to develop some imagination.
This is not about privacy. It’s about data that can easily be used for targeting and profiling users, and how that creates countless avenues for targeted harassment and wide scale retaliation. It’s about all of the innumerable ways public vote information can and will be abused to manipulate scoring across the site with targeted/automated shadow banning and shared blocklists. Raise your hand if you trust every single admin to never abuse such a tool to curate the outward appearance of an instance to fit a narrative.
For a different example: I could say something about how great Nazis are right now, and have a bot programmed to read every single person that downvoted me, add those names to a shared blocklist, and viola, I’ve made myself and all my alts invisible to the people that would challenge me on a massive scale.
I promise you this is going to be a big issue as tools for this site get more sophisticated over time.
alternatively, if votes were private, you could spin up a bot network to mass upvote your comment; making it far more influential as most people are more inclined to believe statements they think others also feel. thankfully, votes are open, so you can’t
as long as there is a system, people will try to game the system; and when there is a new system, people will come up with new games
While I agree this shouldn’t be so publicly accessible, I’m curious about the possible benefits of limited sharing between instances to give spam/bot detection tool’s more power.
Users on A vote on a post on B. The admins from A and B can see the fine details of who did what, but the admins of C (and all of the general users regardless of instance) just see totals of up/down votes.
Oh no, so my upvotes on c/spacedicks aren’t private?
/s
Not to sound harsh or anything, but those of you saying that it’s okay that all this data is public are insane. This completely goes against the entire philosophy of the Fediverse and FOSS in general. The reason we all are fleeing from Big Tech is because they collect so much data on us. At least, they keep it hidden from public view. This is a major issue in my opinion, and needs to be addressed ASAP before we can claim to have superior platforms on the Fediverse. Why can’t this data at least be encrypted?
Agreed, I am incredibly confused by what seems to be the majority reaction to this.
I’ve never been particularly involved with the FOSS community, though I do use a few FOSS apps and generally appreciate their view on what FOSS means. I also strongly appreciate data privacy, and it was my observation that the FOSS community was (generally) relatively the same way. So to see this reaction is very surprising. It’s quite literally the same terrible argument of “Why fear it if you have nothing to hide” used against multiple data privacy concerns throughout the years.
I think the worst are the bad faith “But Reddit…!” arguments. For one, we’re not on Reddit anymore, this is about Lemmy’s issues that can be corrected. And for two, whilst Reddit potentially outsourcing that data to the highest bidder is far from ideal, at the very least the data wasn’t outright PUBLIC to anyone who wishes to set up a simple server.
I’ll just use my short username then
How often are we going to see this postage? I think this is the third time I’ve seen it at least
You’re following up to a post made almost 3 months ago so it’s not surprising you’ve seen similar since.
what? oh wow, that is so weird. I’m sorry. I was browsing by Top 6 hour, guess there was a glitch.
No worries. The sorting and filtering algorithms definitely need some love.
Just commenting so this stays one of the most commented posts. Feel free to keep scrolling
There is a fundamental misunderstanding here.
Our data has never been ‘invisible’… We’ve just trusted that places like Reddit and their staff will do the right thing. That’s literally how it already works.
If you sign up for Reddit, Reddit staff can see your posts and votes if they want to.
If you sign up for a private forum the admin there can also see database contents.
One way encryption is not possible without stopping functionality… If data about you was encrypted then posts you make couldn’t be displayed. If you include a means to decrypt then there was no point encrypting anyway.
This is how it’s always been, and Lemmy doesn’t change this status quo much.
A faceless corporation that has had access to your data is just replaced by a variety of admins distributed across instances.
This isn’t a good or bad thing, the potential for abuse does exist, but when we have literally made agreements with places like Reddit that they can use and sell our data… then what difference does it make it an admin takes a peek?
It wouldn’t be great… but nothing is perfect.
It’s still worth working on however, to see if a better solution can be found, but at this time I’d say just be aware that it is possible that your data can be seen and understand the only safeguard against that if you need to communicate something private would be to use direct messaging with end to end encryption.
There’s something amusing about people feeling violated by their activity being made public, but not necessarily by corporations hoarding and capitalizing on that activity & data. I mean, one of them is out in the open. The other is pure abuse.
How about both are bad.
Ah, the old
RedditLemmy switcharoo.You are probably seeing two very different vocal minorities, and conflating the two.
Also, there’s a very clear difference in expectations between posting/commenting and upvoting. I blame the UI. We naturally expect public actions to be easily visible. The lack of universal accessibilty to the public data makes people unaware that the data is public. Lemmy UIs, including apps, need to make this information (a list of upvoting users) universally publicly accessible before people will change their expectations.
On the contrary, I’m not conflating two specifics. I’m speaking in general terms about the demonstrable public perception (read: billions of social media users who happily hand over their data vs. the palpable unease over data publication in all walks of tech discussion) and how it is innately hypocritical.
It is perfectly normal and useful to discuss societal contradictions. For example: “We hate school shootings, but we do fuck-all to stop them from occurring.” That statement does not conflate two different vocal minorities, it purports to accurately describe the generalized societal contradiction at hand.
The rest of your post is completely off-topic.
Why does the person have no problem sharing their address with the DMV but gets upset when their address is leaked publicly? Curious. They claim to value transparency, but oppose doxxing?
I downvoted the beans and I don’t care who knows about it. I’d do it again.
This is useful to know though, thanks. I guess assume everything is public short of your password (unless your admin is particularly nefarious and has altered the code to store passwords in plaintext for some reason).
Probably safer to assume your password is public to
Nah because if you type in your password it will show as stars.
******* see?
hunter2
Doesn’t look like stars to me.
That’s because it’s your password. It looks like ******* to me
It worked! It might not look like stars to you because it’s your password.
That’s neat. I didn’t know IRC…err… Lemmy did that.
Its not, all passwords are salted and hashed
Isn’t that kind of the point? You don’t get very far hiding in a social setting. You’re on a public website talking to other people. Your posts should be public, comments, etc. At least people should treat all websites or apps they didn’t develop personally like they’re public. I mean you don’t really have a right to privacy in public.
And I’m not trying to say this with some malicious tone or anything but it’s just my view on it.
Well of course. The instance stores all data in a postgres database. How else will it be able to remember anything?
Maybe this is not obvious to non-programmers but you never see everything in the user interface for any system. There are tons of records needed for the system to track everything that goes on.
Since posts are federated, they will exist in the local db as well as on each instance.
Suppose there is someone who wants to maintain their anonymity and privacy on Lemmy so that it couldn’t be tied to their real identity, what do you think is the best way to do that?
Hmm, I, famous Hollywood actress Margot Robbie and star of “Barbie”, sure am stumped.
There are a number of things you can do, depending on how serious you want to get about it (think about who and what you want to protect against - harassment from other users? Admins?).
Create an account using an email alias or an email account not linked with something you can trace back to your real identity.
If you’re concerned about retaliation/harassment from downvoting something, you could create 2 accounts - one for normal use and the other you only use for downvoting, or one for participating in discussions on controversial topics.
You could retire an account and start using a new one after a period of time, so your entire history isn’t linked to a single account.
The above might be able to shield you from other users but not from admins.
If you want to stay anonymous from admins:
An admin would be able to see the IP address the account uses to connect to the service. If 2 accounts connect with the same IP address and the IP is consistently the same, they’d be able to conclude it’s likely the same person (or someone else in their household) is connecting to the service with both accounts.
If you use a VPN or Tor when connecting to the site, that won’t be as easy to see because many people would connect to the service from the same IP address and the account would likely frequently connect using different IP addresses.
Be aware that if you access the site on a mobile device app with a VPN, it’s possible that the app could contact the server when the VPN is down (for example, if the VPN connection is closed when the device is locked). To avoid that, you could try using using something like OpenVPN with its “Kill Switch” enabled).
Note that the admin of the VPN service would be able to see your connections to Lemmy’s servers (but not specially what you’re doing on Lemmy), so you aren’t fully anonymous. Lemmy’s admins would see part of the picture, the VPN’s admins would see another part, and you’re counting on the 2 not talking to each other (and a good VPN service shouldn’t, unless they’re legally required to).
I use a VPN in general for all connections to the Internet but don’t always care to keep my IP address hidden from some services (banking, primary email addresses, etc - services that will have my personal info anyway). It can be very challenging to keep your IP address hidden over the long haul with a frequently used service - you could end up connecting with the VPN down due to a technical reason or carelessness.
With some services I might have multiple accounts - on one I might not really care if my real IP is revealed, but another on the same service that I’m very careful with to keep hidden.
You could use a browser with protections against fingerprinting like Tor or Mullvad Browser.
It’s simple. Just don’t comment or upvote on anything that interests you.
