this post was submitted on 11 Nov 2024
236 points (97.6% liked)

Technology

59373 readers
8115 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] OpenStars@piefed.social 26 points 4 days ago (2 children)

I wonder if Lemmy will be included. On the one hand we are tiny, but there are also a lot of extremists here so it's enriched in precisely the types that they would most want to know about.

[–] cmnybo@discuss.tchncs.de 9 points 4 days ago (1 children)

Everything posted on Lemmy is public though.

[–] OpenStars@piefed.social 5 points 4 days ago (2 children)

The content is, but the IP addresses used to interact are not.

[–] Toribor@corndog.social 2 points 4 days ago

They are for your instance admin but not the whole fediverse.

[–] sugar_in_your_tea@sh.itjust.works 2 points 4 days ago (1 children)

And they're more interested in matching up user accounts to people, and there's no public link there unless you provide it.

[–] OpenStars@piefed.social 3 points 4 days ago (1 children)

Not a public one no, but instance admins can see it.

And what is to stop someone from hosting content - like an image - onto their personal server, then collect the IP addresses of everyone who visits? e.g. couldn't you receive a message in your DM, and without being asked, merely viewing the (auto-loading!) image could reveal that it was your account (that the DM was sent to) that came from the IP address that the image hosting server recorded in the incoming traffic?

Maybe I'm wrong? But that's what I fear.

[–] sugar_in_your_tea@sh.itjust.works 3 points 4 days ago (1 children)

Yeah, that's certainly possible, and AFAIK Lemmy doesn't really do anything to protect against it (they'd have to intercept any outgoing content fetches).

However, in order to do that, they'd need to make a honeypot account that posts to get that data. That's a lot of effort for a border patrol agent to go through on a quick stop, so they're probably only going to bother for specific targets. So unless you're targeted, they're probably not going to bother making an effort to gather that type of information. The big tech companies will just hand that data over (for a fee, of course), whereas the federated nature of Lemmy means your admin would need to do that, and I just don't think that's very likely.

That said, if you're worried about it, practice good OPSec. Use a VPN, burner email addresses, and don't post personal info (or if you do, post conflicting personal info as often as you post accurate info).

[–] OpenStars@piefed.social 2 points 4 days ago

THIS is indeed the way:-).

[–] SnotFlickerman@lemmy.blahaj.zone 19 points 4 days ago (1 children)

true, but Lemmy is at least pseudo-anonymous.

[–] OpenStars@piefed.social 9 points 4 days ago (1 children)

How much though? I mean we have usernames yes there's that, but can the federal agencies simply request that an instance turn over all signup data for all users and accounts? That might be an argument to avoid using US-based instances (though those mostly use Mbin or PieFed rather than Lemmy).

Or Lemmy is notoriously leaky itself - couldn't someone simply put a thumbnail that pings a server owned by those agencies, and thereby get IP data directly? (or if not a thumbnail then a link to some website, like maybe supposedly a wordpress software or something, which functions yet also feeds IPs too) They could even spin up their own instance and watch all voting and posting traffic coming in as well, which in correlation to the IP addresses could tie down a user account. I guess a proxy would solve this particular issue. iirc there is all kinds of traffic from all kinds of servers whenever you visit every single Lemmy page, so simply putting out a post seems like it would be enough to get data from anyone that even so much as views it in their feed?

Another one relates to that time that Lemmy.World put out a user survey based on Google - anyone that responded would thereby tie a Google account to using Lemmy.

Sorry, I am all questions here and no answers, but this is going to be life & death & livelihood to so many people - splitting families apart all over again (I am referring to the previous border incidents, where e.g. babies were ripped from their mothers' arms, some of which never did get reconnected even multiple years later).

[–] Wildly_Utilize@infosec.pub 4 points 4 days ago (2 children)

Well my approach is to sign up and use Lemmy over Tor with throwaway email (Onionmail)

[–] OpenStars@piefed.social 3 points 4 days ago (1 children)

Oh I thought that was blocked, but I guess maybe that's just Lemmy.World that did that, while other instances can do otherwise (I thought I recalled that lemmy.cafe could - not from an onion b/c Lemmy itself somehow precludes that, but over Tor perhaps?).

[–] Wildly_Utilize@infosec.pub 4 points 4 days ago* (last edited 4 days ago)

Lemmy world uses cloudflare, privacy respecting instances would never block tor

Mander.xyz even has an .onion hidden service

I signed up w/o an email address, though I think my instance now requires one.