this post was submitted on 11 Nov 2023
82 points (100.0% liked)

Privacy Guides

16826 readers
1 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
 

I've created this post: https://sh.itjust.works/post/8898162

And some admin showed they can see how the upvotes\downvotes go.

If you are concerned about privacy, you should know, that this data on Lemmy can be easily mined and tracked.

all 44 comments
sorted by: hot top controversial new old
[–] pe1uca@lemmy.pe1uca.dev 37 points 1 year ago* (last edited 1 year ago) (2 children)

Well, not only this data, all activity on lemmy is public since it needs to be federated (sent to all instances subscribed to the community will receive all activity).
Which means any person can track anyone if they subscribe to the same communities the user's instance has.

AFAIK the only activity not sent is saved content, and downvotes from content hosted in instances which disabled them.

EDIT: for more example, here's my upvote to this post

"actor":"https://lemmy.pe1uca.dev/u/pe1uca","object":"https://sh.itjust.works/post/8931097","type":"Like","id":"https://lemmy.pe1uca.dev/activities/like/f6b0cced-4e1c-41d7-bf11-349b680c4d84","audience":"https://lemmy.one/c/privacyguides"  

And here's the original comment

actor":"https://lemmy.pe1uca.dev/u/pe1uca","to":["https://www.w3.org/ns/activitystreams#Public"],"object":{"type":"Note","id":"https://lemmy.pe1uca.dev/comment/1434121","attributedTo":"https://lemmy.pe1uca.dev/u/pe1uca","to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://lemmy.one/c/privacyguides","https://sh.itjust.works/u/andrew_bidlaw"],"content":"","mediaType":"text/markdown"},"published":"2023-11-11T04:07:31.962497+00:00","tag":[{"href":"https://sh.itjust.works/u/andrew_bidlaw","name":"@andrew_bidlaw@sh.itjust.works","type":"Mention"}],"distinguished":false,"language":{"identifier":"en","name":"English"},"audience":"https://lemmy.one/c/privacyguides"},"cc":["https://lemmy.one/c/privacyguides","https://sh.itjust.works/u/andrew_bidlaw"],"tag":[{"href":"https://sh.itjust.works/u/andrew_bidlaw","name":"@andrew_bidlaw@sh.itjust.works","type":"Mention"}],"type":"Create","id":"https://lemmy.pe1uca.dev/activities/create/7a1c726e-0191-4a71-8980-a565727ac52d","audience":"https://lemmy.one/c/privacyguides"   

And all instances which are subscribed to this community need to receive this information to keep it updated.

[–] db2@sopuli.xyz 4 points 1 year ago (1 children)
[–] lalo@discuss.tchncs.de 10 points 1 year ago (1 children)

All federated data (thus public) should be easily available to the end user. Otherwise we create a false sense of security.

[–] FutileRecipe@lemmy.world 11 points 1 year ago

Privacy is not the same as security....not to say Lemmy is either, but it's definitely not "private."

[–] otter@lemmy.ca 1 points 1 year ago

IP addresses of accounts are also private?

[–] Fitik@fedia.io 13 points 1 year ago* (last edited 1 year ago) (2 children)

I can already see all upvotes and downvotes on mbin(kbin fork) so it's not really that private

There are all upvotes of your post for example - https://fedia.io/m/privacyguides@lemmy.one/t/395044/If-you-can-create-a-Lemmy-instance-and-federate-you/favourites

[–] andrew_bidlaw@sh.itjust.works 3 points 1 year ago

Link lead me to main page, but after finding my post, yeah, I can see it.

[–] sj_zero@lotide.fbxl.net 1 points 1 year ago

On lotide I click likes on a post and it lists who posted. If you make a post or comment with mastodon you get notified every time someone upvotes.

[–] jimmydoreisalefty@lemmus.org 9 points 1 year ago (1 children)

Oh, I remember seeing this a while back on the lemmy threads, thanks for the reminder!

Burner accounts for all! You get a burner and you get a burner and you as well!

[–] andrew_bidlaw@sh.itjust.works 6 points 1 year ago* (last edited 1 year ago) (1 children)

Haha. If all of us would do so, we'd sure up this usercount to combat Meta's Threads and dying Twitter.

[–] otter@lemmy.ca 9 points 1 year ago (2 children)

From when I was asking about it, I think it's only the instance admins that can see the details. It would be nice to have this information clearly outlined somewhere, so people know and aren't surprised.

Maybe a table like



What can each person see


Lemmy

Other users Community Moderators Instance Admins
info A1 info B1 info C1 (all)
info A2 info B2 info C2 (home instance)
info A3 info B3 info C3 (community's instance)

Reddit

Other users Community Moderators Instance Admins
info A1 info B1 info C1 (all)
info A2 info B2 info C2 (all)
info A3 info B3 info C3 (all)
info A4 info B4 info C4 (all)


[–] e0qdk@kbin.social 4 points 1 year ago (1 children)

Anyone can see any upvote from federated users via kbin -- for example, the upvotes on the comment this is a reply to can be seen here: https://kbin.social/m/privacyguides@lemmy.one/t/616970/If-you-can-create-a-Lemmy-instance-and-federate-you/comment/3491191/favourites

That may not be complete or consistent though given the way federation works.

Downvotes from lemmy do not show up. (Not sure why not; haven't dug into it.) Only downvotes from kbin members are shown on kbin. Also unclear to me if downvotes between different kbin/mbin instances show up or if it's the local instance only. (I've only noticed local downvotes, but haven't really been looking.)

[–] otter@lemmy.ca 5 points 1 year ago (1 children)

Oh huh

Well that might discourage people from voting...

[–] e0qdk@kbin.social 5 points 1 year ago (2 children)

Yeah, I had a mixed reaction to finding that out a while ago, but I'm kind of just rolling with it for now. Votes are just simply NOT private on here, for better or worse. My feeling right now is that it's sort of positive from a community feel perspective, but I'm also avoiding interacting with a lot of subjects I consider more controversial.

Probably we'll end up developing a culture of either lots of alts used simultaneously, short lived accounts with regular name changes, or both as people become more aware of this. Either that or people will just say "Fuck it. You really want to see all the weird porn I like and my political preferences and what not? Don't blame me if you regret looking!" :p

[–] otter@lemmy.ca 2 points 1 year ago (1 children)

Appreciate the thoughts, it gives me more to think about. I've also been avoiding controversial subject matter and I think I'll avoid it even more now.

I do think the Fediverse needs to improve privacy and ease of use for alts. I've seen a lot of stuff over the years on Reddit that an authoritarian government would love to get their hands on. I guess the fediverse, by design, can't be private? I worry that someone who doesn't know better will get hurt because they don't understand the risks.

All the more reason to join trusted instances with solid admins, and to keep your Lemmy profile separate from your real identity.


A possible workflow right now might be to browse on one account, and post comments from another. Boost on Reddit made that easier, but I don't think the Lemmy one does that yet

[–] PoisonedPrisonPanda@discuss.tchncs.de 3 points 1 year ago* (last edited 1 year ago) (2 children)

The table rendering does not work, at least for me on mobile (jerboa android)

[–] andrew_bidlaw@sh.itjust.works 1 points 1 year ago (1 children)

Connect app makes it work. Some are slow to implement the uniformal markdown.

[–] Cheradenine@sh.itjust.works 2 points 1 year ago

Works in Voyager Android

[–] otter@lemmy.ca 1 points 1 year ago* (last edited 1 year ago) (2 children)

I think the table should be off site on a guide website

As for the rendering, which app are you using? I've found that too (Boost misses most rendering for me)

[–] PoisonedPrisonPanda@discuss.tchncs.de 1 points 1 year ago (1 children)

Jerboa.

i have seen tables with this app in other communitites therefore I thought its a typo.

[–] otter@lemmy.ca 1 points 1 year ago

Odd, I wonder what the difference is

Rendering broken in Memmy for me.

[–] petrescatraian@libranet.de 8 points 1 year ago

@andrew_bidlaw You can simply see this data on any Friendica instance if you have an account. Just hover your mouse over the like/dislike numbers, and you can see who upvoted/downvoted shit. You can even receive notifications about this on your own posts, just as on Facebook.

To me, it was funny back in the day to see all tankies brigading to downvote me on any single post or comment I made, the moment I started showing my political stances 😆 (yes, even stuff posted before that had no political stuff in them, lol). But yea. To some people, this might be a drawback.

The good thing, however, is that neither Kbin nor Friendica show you a centralized place in your profile to see what did you downvote. You just have to search every post you can find to see this info.

[–] PoisonedPrisonPanda@discuss.tchncs.de 5 points 1 year ago (1 children)

Makes me think...

Is there a plugin for like firefox, available which tracks what you write? Something which analyzes your output stream, or lets say, fetch all lemmy posts of a user and analyze how "easy" the writing patterns are and how easily the user is traceable via shadow linking multiple accounts etc.

I know in order to compare this data privacy violations are necessary, but I am genuinely interested in how ad companies are tracking myself and how easy I am to follow through patterns in my texts.

[–] andrew_bidlaw@sh.itjust.works 3 points 1 year ago (1 children)

As far as I know, LLMs are not that clever yet, and it would require a lot of work to automate tracking of so many targets. But a dedicated person tracking one user can see these. Unknowingly, we leave a lot of cues to know who we are. Not only patterns, but exact word-markers, like calling something by a regional-accepted name. Like how my english teachers insisted London's metro is called Tube.

[–] PoisonedPrisonPanda@discuss.tchncs.de 2 points 1 year ago (1 children)

Yeah I am not interested in criminal behaviour or personal threats. i know a human would be capable to extract much information if on purpose.

I am more interested in like temperature mapping of my text. From a statistical point of view If my patterns are behavioral and forecastable?

[–] andrew_bidlaw@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago)

It's mainly keywords at that point. This process is sure to have steps. To step into a suspected category, to be elevated into those who are to be studied closer, you should ring some alerts.

[–] kreynen@kbin.melroy.org 5 points 1 year ago (1 children)

@andrew_bidlaw this feature request for KBin to change voting so it is NOT public from 5 months ago has a lot of examples of why public voting can be dangerous, but there doesn't appear to be much interest in changing how this works in KBin or MBin.

https://codeberg.org/Kbin/kbin-core/issues/455

[–] andrew_bidlaw@sh.itjust.works 1 points 1 year ago

Thank you for the link.

I can imagine a couple of ways it can be obfuscated, but here in your link I've been reminded ActivityPub also serves Mastodon, where interactions are way less impersonal by design.

[–] CJOtheReal@ani.social 4 points 1 year ago

Since there isn't a Karma system i don't think its a problem unless advertisers federate.

[–] capital@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

I assumed as much seeing as it’s a public site ran by many different entities.

Similarly, I think Google can read my gmails.