YSK: Your Lemmy activities (e.g. downvotes) are far from private

Muddybulldog@mylemmy.win to You Should Know@lemmy.world – 2749 points –
i.imgur.com

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

1102

You are viewing a single comment
View all commentsShow the parent comment

On encrypting messages, this is a solved e2e problem if users home instances generate public private key pairs for its users on sign-up ( or users can provide their own )

Then the instance admin holds the private key and can still decrypt.

If you cared that much about privacy in DMs, we should have a “profile page”. Post a PGP public key there. Then you can send PGP encrypted messages to anyone who you have a public key for.

Aye, my proposal was a trade off between privacy and convenience for non technical users ( it's only as bad as a non federated social media site).

The best balance here would be a client on the user device that manages the keys for you, and an API in lemmy for accepting and sending encrypted messages.

As a side note, I thing PGP is more or less superseded by AGE