this post was submitted on 02 Aug 2024
1275 points (95.2% liked)

Memes

45746 readers
1480 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] davel@lemmy.ml 126 points 3 months ago (6 children)

I don’t know why people keep attributing privacy to Lemmy when ActivityPub is anything but.

[–] OsrsNeedsF2P@lemmy.ml 44 points 3 months ago (2 children)

Is ActivityPub logging which IP I post from? Is ActivityPub monitoring which communities I view? Is ActivityPub blocking me from browsing with my VPN on?

[–] davel@lemmy.ml 44 points 3 months ago (2 children)

Is ActivityPub logging which IP I post from?

That depends on the implementation.

Is ActivityPub monitoring which communities I view?

That depends on the implementation.

Is ActivityPub blocking me from browsing with my VPN on?

That—believe it or not—depends on the implementation.

[–] puppy@lemmy.world 41 points 3 months ago* (last edited 3 months ago) (2 children)

We already have an implementation. You me and OP are all on Lemmy. So can you answer these in the context of Lemmy again?

[–] davel@lemmy.ml 27 points 3 months ago* (last edited 3 months ago) (2 children)

I actually can’t answer them, because I only admin this instance, I don’t run it.

While I’m sure this is not the case, it’s entirely possible that the people who do run this instance are running a fork of it that does all of those things. It couldn’t log your IP address or block your VPN, but it could mine, and your instance could yours. And I haven’t read the Lemmy source code, so I don’t know what even an unmodified Lemmy logs.

(Actually this instance is running a fork right now, or rather a branch: 0.19.6-beta1, because lemmy.ml is the core Lemmy developers’ instance for testing beta code before releasing production versions.)

[–] GoodEye8@lemm.ee 18 points 3 months ago

But you can read the source code and get an understanding of whether it is collecting private information or not. You can theoretically also fork the code and make your own version of Lemmy where you're ripped out the parts that collect private information. Can you do any of those things with Reddit? Absolutely not. You have no idea what exactly Reddit collects and even if you did you have no control over that collection.

What you're doing is questioning the privacy aspect without putting in the effort to check if your questioning is valid. Nobody is preventing you from reading the source code. And if you don't trust anyone else running the instance you can fork Lemmy, make whatever privacy changes you need and host your own instance. That goes beyond the capabilities of the average user but that's the catch with privacy, if you can't trust others then you have to learn more to get by without others.

[–] TechNerdWizard42@lemmy.world 8 points 3 months ago

Many Lemmy instances block VPN posting. You can view, but not vote or post. I have a secondary private VPN I use sometimes for that. But honestly the whole thing just sucks.

[–] JackbyDev@programming.dev 3 points 3 months ago

ActivityPub does not share your IP with other instances, but of course, like all websites, your home instance can see your IP.

[–] growingentropy@lemmy.dbzer0.com 15 points 3 months ago (3 children)

I got off lemmy.world because they block VPN connections. Not happening, under any circumstances. I don't trust anyone that much.

[–] jaybone@lemmy.world 5 points 3 months ago (3 children)

Is your IP passed on to other instances along with your post/comment?

[–] JackbyDev@programming.dev 5 points 3 months ago

No. ActivityPub does not share your IP with other instances.

[–] mp3@lemmy.ca 2 points 3 months ago

Nope, that info stays on the home instance.

[–] growingentropy@lemmy.dbzer0.com 0 points 3 months ago

No idea. I installed a VPN on my router to get privacy. That's all I ask.

[–] uis@lemm.ee 4 points 3 months ago

Meanwhile I know lemmy instance that blocks most clearnet connections and can be accessed from tor and i2p

[–] Mango@lemmy.world 1 points 3 months ago (2 children)

Trust them with what though? What are you posting?

[–] growingentropy@lemmy.dbzer0.com 1 points 3 months ago (1 children)

Did you just do the "if you don't have anything to hide, what's the big deal" move?

I want privacy. That's all.

[–] Mango@lemmy.world 1 points 3 months ago (1 children)

I'm just saying that you're literally making posts and comments specifically to be heard. What's getting obscured here?

[–] growingentropy@lemmy.dbzer0.com 1 points 3 months ago (1 children)

Well, my ISP doesn't need to know anything about my posts. And the fediverse doesn't need to know who I am beyond "growingentropy," so...

[–] Mango@lemmy.world 3 points 3 months ago

Ah yeah that makes sense.

[–] growingentropy@lemmy.dbzer0.com 0 points 3 months ago

I have a router with a VPN. I'm not disabling that just to post on lemmy.world.

[–] Serinus@lemmy.world 41 points 3 months ago (1 children)

And generally that's fine. If you're posting stuff publicly, expect it to be public.

Lemmy gives away for free what Reddit is desperately trying to put up walls on so they can sell it, but I wouldn't call it "private" because it's monetized.

Lemmy is the opposite of privacy, and that just makes sense if you 🤔.

[–] JackbyDev@programming.dev 4 points 3 months ago

I desperately want all my posts on all forum like sites to be easily indexable by search engines. That Reddit blocked other search engines besides Google from indexing is crazy.

[–] Phegan@lemmy.world 12 points 3 months ago (2 children)

Privacy in the sense that no one is selling your information for profit

[–] Un4@lemm.ee 11 points 3 months ago

In terms of privacy reddit has it better(still bad but better than Lemmy) because your content is locked behind a paywall only few companies can access. On the other hand, any one can train their AI on Lemmy posts and access all history of all users freely. The difference is that on lemmy only the companies that collect your data profit, while on reddit also the owners of the platform (reddit itself) profit.

[–] wizardbeard@lemmy.dbzer0.com 9 points 3 months ago (1 children)

No, it's just open free for the taking by anyone who decides to spin up their own instance, or to anyone who decides to scrape from an instance frederated with yours without robots.txt set against web scrapers. Hosters could even intentionally break federation to prevent deletions from syncing.

I love lemmy, but privacy is not one of its features.

[–] davel@lemmy.ml 4 points 3 months ago

Any script kiddie can scrape the entirety of Lemmy, with the exception of direct/private messages. robots.txt is merely a request, with no enforcement capability.

[–] Salvo@aussie.zone 7 points 3 months ago (2 children)

That was what I was going to say.

That said, if someone detects some sort of data-mining plagiarism bot sucking down everything on an instance, it can be defederated very quickly.

[–] Serinus@lemmy.world 11 points 3 months ago (1 children)

New instances basically suck down everything as the most normal use case. That's what activitypub is for.

[–] uis@lemm.ee 1 points 3 months ago

There is script that marks entire fediverse for backfilling

[–] jaybone@lemmy.world 1 points 3 months ago

Why would such a bot need to be on a new instance?

[–] mexicancartel@lemmy.dbzer0.com 4 points 3 months ago

See, the app won't track your clicks, views, interests. Only public thing is the thinh you post. Which is great for public communities. Theese are meant to be public. But things facebook or reddit or google does is enough to call lemmy private

[–] vonxylofon@lemmy.world 4 points 3 months ago

The amount of magical thinking around federated protocols both on Lemmy and Mastodon is astounding. Sure, design decisions make a difference, but federations gonna federate.