How big would be the backlash and consequences if one of the instances for eg: .world or .ml turned out to be selling data ?
Is there any laws against it ? Will the admins walk scot free ? This question just popped into my head its not serious but do feel free to answer .
You are viewing a single comment
They couldn't sell the data - someone who wanted the data would just start their own benign looking federated instance and get the data for free
I think only the instance that the person reads from gets that person's click trail. The sending and receiving instances get the private messages between users A and B, but I don't know if other instances get those. I do think it's an anti-privacy design in Lemmy that the person's read actions are logged. I would change the architecture to avoid that among other things. Alternatively I think of running my own instance just to avoid leaking this info.
There are some other privacy concerns I have with lemmy design choices -- like, it's not going to be hard for a random user out there to get a given Lemmy user's IP address, which is kind of asking for trouble. Like, even aside from doxing potential, let's say that someone gets pissed in a discussion and decides to DDoS the other user's connection or something like that.
IRC had issues with that.
I get the impression that lemmy's designers wanted to build a meme propagation system rather than a discussion forum. Well they got what they wanted.
Ehhh. As much as I have annoyances with the devs on some issues, I think that it's more that it's just hard to design a distributed system like this without thinking of all the tradeoffs and security and privacy issues.
Like, there were some cross-site scripting issues in the past in lemmy. I didn't spend a lot of time looking into them, but there were some web dev types who were kinda scathing, said that this is something that an experienced Web dev should know about. But I don't think that the lemmy devs thought "oh, let's add cross-site scripting security holes". I think that it was probably just that they didn't have someone with a lot of Web security experience -- which is its own little unique field -- looking at what they were doing.
If you want to permit for inline images -- which may or may not be a good idea, agree that they aren't essential -- then there are going to be tradeoffs. If you have a user's home instance fetch and serve all the images, which is what they do with comment text, then that avoids exposing a user's IP on comment view to random other people...but then it also increases bandwidth costs to run a lemmy instance. Maybe by a lot. And if instances are mutating comments to redirect images to be versions that they host, then if you want to do pubkey/privkey signing of comments, which might be a good idea down the road, then you're gonna introduce more complexity, because that'd invalidate a comment's signature. Lemmy would have to do something like expose both the original comment and the mutated comment and let a client validate the signature. Maybe have a signature on images to ensure that another instance isn't just replacing the images with something else. But then that maybe breaks if a remote site generates an image dynamically and its content changes every time it's served. Lot of tradeoffs and unintended side effects. And it's a distributed system with different people who may or may not trust various other people to do various things and may not all agree on what acceptable risks are.
I use a VPN. Good luck whoever decides to DDoS the CIA, FBI and/or NSA.
FBI/NSA/CIA man: don't pay attention to me, as you can see all I do is torrent shit movies and watch porn.