YSK: Your Lemmy activities (e.g. downvotes) are far from private
i.imgur.com
Edit: obligatory explanation (thanks mods for squaring me away)...
What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
You are viewing a single comment
What about IP addresses? I see those are logged. Are they available to query?
I would imagine so, right?
If so, ummmmmmmm. That is not ok.
Umm, anything you access on the Internet has to know your IP address, that's how the Internet works. Whether or not they choose to keep the logs is a different matter.
Ok, sure. But the difference is that I can’t make my own Reddit instance and then see all Reddit users IP addresses.
What is the vetting process of getting an instance federated?
Like if I was an authoritarian henchman, could I make an instance with a community about cats, get federated, then see all the IPs of users calling my boss a pooh bear, on all other instances?
There's no difference, you don't get IPs of other instances' users just an id
Or you could just buy it from reddit.
Fix your police.
This sounds a lot like “not my problem.” I am familiar with this type of response, but usually this level of irresponsible indifference comes from those evil VC backed companies. Except they don’t usually say it out loud.
If this is the attitude of the devs, I am deleting all my glowing recommendations of lemmy on other sites.
Is this really the attitude of the devs?
I suppose if you ignore the part where I said the problem doesn't actually exist (IPs are not included in federated content) then It can look like a not my problem response.
I wonder if you will also delete the FUD and misinformation you posted on this thread.
I haven't looked into it at all but I expect IPs are visible to instance admins. That's pretty typical of any online platform.
But if I understand this, anyone that makes a lemmy instance can see the IPs of any commenter or voter, on any other federated instance?
What is the vetting process for federation?
Even if lemmy itself doesn't support it, there are plenty of ways to log visitors ips and correlate that data with lemmy to figure out who the user is.
EX: Using a revese proxy like cloudflare or nginx, which are both very common.
Even if lemmy itself doesn't support it, there are plenty of ways to log visitors ips and correlate that data with lemmy to figure out who the user is.
EX: Using a revese proxy like cloudflare or nginx, which are both very common.
Even if lemmy itself doesn't support it, there are plenty of ways to log visitors ips and correlate that data with lemmy to figure out who the user is.
EX: Using a revese proxy like cloudflare or nginx, which are both very common.
every website logs ip. The question is whether the admin maintains those logs. However a web server needs your IP so they can route traffic back to you. That IP gets logged so that if something is not working the admin can review the logs and figure out what is going on. Many websites that are privacy focused either turn the logging off or dump the logs fairly quickly. Doing something like that means the admin needs to take steps to create other avenues for troubleshooting that don't factor user data into the scenario. With smaller projects like instances hosted on lemmy that might not always be feasible for volunteer admins. This doesn't necessarily mean they are doing anything wrong. Lots of websites maintain logs that include IP addresses.
IP Adresse does not really matter. It changes every day or whenever I restart the router.
Your public IP stays the same for long periods of time, is geographically tied, and also associates you to certain ISPs based on your address space. How long does it stay the same? Months - Years potentially depending on the lease set on the IP.
Well... not in Germany. Here you have to request a static ip
It depends on the ISP, country etc
I'm in France and almost every time our IP changes it's because my parents changed our internet subscription, or because moved to another place
Oh. That's pretty bad
It's probably bad for privacy, but it makes self hosting super easy