this post was submitted on 09 Aug 2023
99 points (100.0% liked)
Asklemmy
43803 readers
759 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Password hashing occurs server-side. Even without removing the hashing step an admin can intercept the plaintext password during login. Use unique safe passwords.
An admin can intercept the jwt authentication cookie and use any account that lives in the instance.
Private messages are stored as plaintext in the database
Admins can see who upvotes/downvotes what
These are not things that are unique to Lemmy. This is common.
To avoid having to trust your admin, run an instance.
Quick note,
this is note unique to Lemmy/Fediverse. Reddit admin or twitter admin (and even gmail) can also read your MP, see the hash of your password and remove your comments. Reading your MP is even part of their business model so they can show you personalized ads.
There is definitely a probability to deal with a non reliable instance admin, but not less than with any other social media, and in principle they collect even less data
Technically thatβs true.
To build trust and adhere to law, corporations will usually have processes and regulations in place that determine which employees can access and modify what. That is why spez modifying user comments is such a big deal. It showed that Reddit is not to be trusted. Nevertheless, for corporations that value customers trust, any employee who does not adhere to these procedures risks their employment.
On smallish fediverse instances none of these procedures need to be in place, the admin is bound only by his own moral code.
This is true. However keep in mind that instances survive on reputation. As soon as something like this came out, which is inevitable with time, nobody will trust that instance, or the person running that instance, again. And people are usually quite quick to find this out as already demonstrated by other online services. Hiding is very difficult. Even worse, once your reputation falls, people can move to a more respectful server and continue participating in the network, so in the end it's a losing game for the instance owner. Password safety obviously applies, but if you take a look at big social media privacy and terms, a little password manager in my personal opinion is preferable.