this post was submitted on 20 Jan 2024
0 points (NaN% liked)

Privacy

32004 readers
659 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been grappling with a concern that I believe many of us share: the lack of privacy controls on Lemmy. As it stands, our profiles are public, and all our posts and comments are visible to anyone who cares to look. I don't even care about privacy all that much, but this level of transparency feels to me akin to sharing my browser history with the world, a discomforting thought to say the least.

While the open nature of Lemmy can foster community and transparency, it also opens the door to potential misuse. Our post history can be scrutinized by creeps or stalkers, our opinions can be nitpicked based on past statements, and we can even become targets for mass downvoting. This lack of privacy control can deter users from actively participating in discussions and sharing their thoughts freely.

Even platforms like Twitter and Facebook, often criticized for their handling of user data, provide some level of access control. Users can choose who sees their timeline: friends/followers, the public or nobody. This flexibility allows users to control their online presence and decide who gets to see their content.

The current state of affairs on Lemmy forces us into a cycle of creating new accounts or deleting old posts to maintain some semblance of privacy. This is not only time-consuming but also detracts from the user experience. It's high time we address this issue and discuss potential solutions.

One possible solution could be the introduction of profile privacy settings, similar to those found on other social media platforms. This would give users the flexibility to choose their level of privacy and control over their content without having to resort to manual deletion or account purging.

I believe that privacy is a fundamental right, and we should have the ability to control who sees our content. I'm interested in hearing your thoughts on this matter. How do you feel about the current privacy settings on Lemmy? What changes would you like to see? Let's start a conversation and work towards making Lemmy a platform that respects and upholds our privacy.

all 46 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 10 months ago (1 children)

The only privacy setting I can encourage on any social media site is don't share private stuff about yourself and never link to your account from other accounts

[–] [email protected] 0 points 10 months ago

That is part of the problem though. Proper privacy allows you to express what you want to, without self censorship. The issue is not: don't speak about x, but rather: speak about it and feel comfortable that you can do it in a safe environment. I fully agree with the account linking though

[–] [email protected] 0 points 10 months ago

Technical question: How would posts federate if private?

[–] [email protected] 0 points 10 months ago (1 children)

The admin of Blahaj is openly interested in exposing trans people's alt accounts and outing them on their mains. And somehow it's the biggest trans instance. We need a community and admin reaction in favour of defederating people who do that.

[–] [email protected] 0 points 10 months ago (1 children)

Wait what? Do you have a source for this?

[–] [email protected] 0 points 10 months ago (1 children)
[–] [email protected] 0 points 10 months ago (1 children)

I don't see much proof. Did anyone corroborate?

[–] [email protected] 0 points 10 months ago (1 children)

In order to show you proof I would have to help Ada in her attempts at doxxing, but I asked a friend who saw the whole thing to confirm.

[–] [email protected] 0 points 10 months ago

I was there and I was randomly claimed to be DroneRights’ alternative account without any sort of proof to back it up. I could have doxxed myself just to prove that I am not that user in any way whatsoever.

[–] [email protected] 0 points 10 months ago (1 children)

There's a grim tragedy in how many people in this comment section have either succumbed to defeat or actively seek to advocate against privacy.

The comments can mostly be boiled down to:

  • My data is online already, and I give up
  • Your data is online already, and you don't deserve control over it
  • I have nothing to hide and nothing to fear (and you should too)

You will find Fediverse types are far more cynical and antagonistic to privacy than people on other platforms.

[–] [email protected] 0 points 10 months ago (1 children)

I've not seen any of these arguments. Though it may be all downvoted to hell and back.

My main gripe with adding privacy features to Lemmy is that the whole point of Lemmy is that all data is already publicly available and for Lemmy to continue working the way it does it'll need to remain that way. And because of that there's nothing that can be done to stop bad actors setting up an instance and selling all the data they collect.

At least in the EU (and UK to a lesser extent) no major corporation would be able to get away with selling that data, so the spent man hours on allowing privacy settings would be wasted time.

[–] [email protected] 0 points 10 months ago

It doesn't necessarily need to remain that way. For example,we should have the option to make our profiles private. We should also be able to create pseudonyms for content we submit. The content will still be federated, but not necessarily linked to one user ID

[–] [email protected] 0 points 10 months ago

Bruh what? If you’re repeatedly making new accounts because you don’t want people reading your post history you’re doing something wrong.

[–] [email protected] 0 points 10 months ago (1 children)

What you're describing is an issue with all of social media. While your concerns are valid, I don't see your arguments as privacy issue. I honestly prefer post and comment history being transparent and accessible. It's much like Reddit and this format fits much better with an open forum style of platform.

Don't post private information and it's a non-issue.

Also, can't you just delete posts and comments like on Reddit?

[–] [email protected] 0 points 10 months ago

Would still be nice to hide that information

[–] [email protected] 0 points 10 months ago

What irritates me many times when I enter Lemmy is that instead of my Nick at the top right, someone else's Nickname appears for a moment, before changing it to mine. This is a sign of an open account sharing channel, which is quite serious and should be fixed quickly. Security at Lemmy is apparently non-existent.

[–] [email protected] 0 points 10 months ago

To me, it's an issue of personal responsibility.

Lemmy is, like a lot of Fediverse platforms, about as private as it can be. There's no trackers, you're not forced to use real names or any other identifying information, no adverts follow you from site to site, no browser fingerprinting and no instance owners are trying to sell your data.

Beyond that, what you choose to say on Lemmy is your responsibility and yours alone.

[–] [email protected] 0 points 10 months ago (1 children)

I remember a little while ago a thread with someone from kbin gloating that they could see what everyone was voting, and accusing the people upvoting comments they disagreed with of being bigots in a vaguely threatening way obviously intended to produce a chilling effect, and people found this surprising because that information is not public on most instances.

I basically agree with the people saying open info is just the nature of posting on a public forum and of federation, but there could be improvements, even just in awareness of what is and isn't private.

[–] [email protected] 0 points 10 months ago (1 children)

This is a great point because in the Lemmy UI, this information isn't shown, and you can't even list out all posts you've upvoted. As most of us coming from Reddit, we're used to upvotes being private, and probably assume it's the same. I understand the technical reasons for having the information public, but it is not clear from a user perspective that it's public.

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago)

What's extra confusing is that I've seen people asking about how to get this information from the API, with the answer being that you can't (I guess to protect privacy?). It's only accessible to federated servers, but then those can do what they want with it including publishing it to everyone.

[–] [email protected] 0 points 10 months ago

If you don't want to share information on a public forum, then don't.

[–] [email protected] 0 points 10 months ago

While I think most of us forum users are, I get the impression that the biggest proponents of activity pub and the fediverse as a whole aren’t even seeing privacy as even relevant. It’s a lot of talk of businesses having their very own instances to interface with the public rather than needing to rely everything on the whims of Facebook, twitter, LinkedIn, etc. Nothing with regards to the implications for surveillance, identity theft, spam, privacy or security.

Right now, we’re relatively under the radar because the fediverse hasn't really hit the mainstream yet. But I think it will, and once it does, everything we’ve ever posted will just get slurped up by data trawlers and the flood of spam will be inevitable. We’ll be juggling social media accounts just like we do with emails.

I don’t know if this is relevant, but I’d like to someday have my own kbin instance hosted on my own personal server exclusively for family. I imagine the instance being able to federate content from bigger instances, allowing members to follow people they like on microblogs or participate in federated forums from this privately maintained instance. But if anyone wanted a thread or magazine to be available to users from outside the instance, they would have to specifically opt-in to that option when creating it, and it would only apply to that one thread or magazine. Any other instance would just see our humble little family instance with only that one thing to federate. The rest of the instance would be an ecrypted enclave specifically for family accounts, and completely invisible to the fediverse.

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago) (1 children)

On Lemmy any comment you post gets federated out to other servers, so it's available to anyone who sets up a server. So by design it is not possible to control who gets to see or archive your comments. I could set up a server to permanently archive every comment it sees, and if your server sends me your comment it goes into my archive. Probably people are already doing this for data mining. It's not clear that you could bolt some kind of privacy control on to this architecture, which is fundamentally designed for sharing.

[–] [email protected] 0 points 10 months ago (1 children)

Although I agree that is how things work now, one could imagine a different approach:

For instance, I could maybe control who my content gets federated to. That is, if I decide I don't particularly want my content blasted to certain places that my instance would not call any blocked ones with my data.

If that causes some issues with ActivityPub, you can imagine encrypted blobs that could only be opened by others with a shared key.

We don't need to achieve perfection out of the gate, to me these questions are worth discussing so that we can build out more high quality tech for the fediverse, let's not try to just immediately shut down discussion.

[–] [email protected] 0 points 10 months ago (1 children)

How would you ensure other instances are not sharing your content?

To me this seems to be a question of ideology. I came here from Reddit because this is an open forum with transparent history.

Federetion by design ensures that accessibility (as far as I understand, correct me if I'm wrong). This design principle to me is the core. If that seems like an issue maybe this style of social media is not for you.

[–] [email protected] 0 points 10 months ago (1 children)

Can you elaborate on what being "an open forum" means?

[–] [email protected] 0 points 10 months ago (1 children)

In this context, it's an open public digital space. Noone is obligated share anything.

The part that is discussed as a privacy issue is a design element. It is by design post are visible to everyone, it is by design that comments are visible to everyone.

How is it a privacy issue when the user desides what to post for everyone to see?

If you are looking for a different design ideology then maybe you need a different social media platform.

[–] [email protected] 0 points 10 months ago (1 children)

So regarding an open, public digital space like Twitter, how do you feel about people having the ability to lock their accounts and instantly hide all their tweets from the public?

Mastodon doesn't have that, but it could.

My reaction to adding something like that will always be "that would be rad" regardless of previous assumptions about how public an app should be, or truisms like "the Internet is forever", because I believe strongly that trying to fix issues is better than letting them languish unchecked.

[–] [email protected] 0 points 10 months ago (1 children)

I've never been on Twitter. Besides Reddit I really disliked all other main platforms. So answering your question: I don't care, it's a different platform for different style of social media interactions.

the Internet is forever

My position has nothing to do with this sentiment. Internet forgets, and often.

I like federated nature of Lemmy, I like that there is no "private" accounts. This is a feature not a bug.

I'm not trying to argue against privacy, but what you are describing isn't a privacy issue or an issue at all. It's a design element. And it's this design is why I like it here.

As someone here has said, at some point the responsibility has to fall on the user. You don't need to share anything. As long as the nature of the platform is clear (and it's a separate discussion) the is no issue to be fixed.

If to you that is seems as an issue, well then maybe you are at the wrong place. And if the platform changes in the direction I don't agree, I will leave.

[–] [email protected] 0 points 10 months ago (1 children)

I like that there is no "private" accounts. This is a feature not a bug.

I'm not trying to argue against privacy...

I appreciate your honesty but this seems to conflict

[–] [email protected] 0 points 10 months ago (1 children)

How is this conflicting? You are a private person same as I, I don't know who you are, you don't know who I am.

How is selective hiding of post and comments privacy?

If you don't want it to be seen – don't post it.

[–] [email protected] 0 points 10 months ago (1 children)

Choosing who to share your data with has been considered a privacy setting since the inception of Facebook and the subsequent erosion of those same settings.

For example, privacy settings on Facebook are available to all registered users: they can block certain individuals from seeing their profile, they can choose their "friends", and they can limit who has access to their pictures and videos.

[–] [email protected] 0 points 10 months ago

And that is the different premise for the social network.

You do have the equivalent choice here.

If you want Facebook, go to Facebook. It's not worse or better it's different.

Well Facebook is worse, but the reasons are corporate not design issues (it's more complicated than that, but that's beyond the point).

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago)

Lemmy has many privacy problems that have nothing to do with public comments you make. For example, the "hide posts that you have already read" option requires that the server track what posts you have read. There is no public activity involved in reading a post. So the Lemmy server should not track that info. If that feature is to exist at all, it should be implemented purely on the client. The same can be said about subscriptions, and for that matter about voting (server should discard voting info after a brief interval for abuse detection). The Lemmy software in many ways naive about this stuff.

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago) (2 children)

If you're not running your own server privacy policies are not even worth the pixels they're presented on.

Literally, you're just taking a random person's word for it (whoever the admin is). A website is a black box, you have no idea what's going on on the back-end.

The only way to be in complete control of your user data is to run your own server and be literally the only user on it.

Even then, any public comments you make are, you know.... public.

[–] [email protected] 0 points 10 months ago

Ask me no questions and I'll tell you no lies. It asks much less of my instance admins if it's understood that my information was never private to begin with.

[–] [email protected] 0 points 10 months ago

Even then, any public comments you make are, you know.... public.

As they should be.

Public comments is how you can find patterns of sketchy user behaviour.

[–] [email protected] 0 points 10 months ago

I have a feeling that you might be misunderstanding what the actual purpose of lemmy is. lemmy has taken quite a few design decisions from Reddit which is exactly the same way. Both platforms are public places where all content is shared. Anyone using them needs to be aware of that fact. Mastodon might be a better fit for you as it is more focused on individuals rather than public communities.

[–] [email protected] 0 points 10 months ago (1 children)

The way I see it, community-based social media is a public forum, where every post / comment is public (Obviously less applicable on an individualized platform like Instagram). Everyone has an inherent right to privacy, but not when they're using a platform like Lemmy. Twitter and Facebook are fundamentally different platforms. You can't expect privacy while using lemmy, so use a different platform to post private content.

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago)

These people should be looking into spinning up Matrix servers if they want a private club with real privacy so bad.

It's definitely a weird thing to constantly be upset about: "People can see what I posted in public when I post them publicly!"

It's like complaining about people being able to take photos with you in the background in public. It's a public space, there is no expectation of privacy.

If you want a private internet experience, you have to put some work in.

[–] [email protected] 0 points 10 months ago (2 children)

When you have privacy settings, what you really have is a lie.

It starts out with good intentions, like those in this post, but eventually everyone forgets that the platform still sees your posts and does not give a shit about selling them.

I would rather acknowledge from the very beginning that this entire system is not private, so there is never such a misunderstanding.

Everyone should post and comment with caution, just like you use caution with what you say in public places.

[–] [email protected] 0 points 10 months ago

Sup. And all this data would still be federating, it has to be. That just means that some data-collecting company could make a fake instance and get everything together. Or someone could just fork it back.

[–] [email protected] 0 points 10 months ago

The way you use caution saying something in a public place that you don't want everyone to hear is by keeping your voice down so that only certain people can hear it. Without privacy settings there is no equivalent to that.

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago) (1 children)

It gets weird fast, because before privacy controls in the Lemmy source code mean anything, we need trusted third party verification of a server's patch level, and security controls.

That can be done, and I think Lemmy has a shot at getting to that point, but it'll be awhile.

In the meantime, I suspect the Lemmy developers are hesitant to add and advertise features that you can't be sure are actually correctly enabled on your instance.

But yeah, let's not let perfect be the enemy of moving toward better.

Edit: Assuming you completely trust your instance admin, we could start adding some basic privacy to actions taken on your home instance.

But as soon as the user starts interacting via federation, all bets are off - because the federated instance may he malicious.

I think we might see one or more "trusted fediverse" groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.

So, in theory, the lemmy software could start implementing privacy controls that allow users to limit their visibility to whichever part of the fediverse their instance admin has marked as highly trusted.

But even then, there's risks from bad actors on highly trusted instances that still allow open signups.

Anyway, I totally agree with you. It's just a genuinely complex problem.

[–] [email protected] 0 points 10 months ago

I think we might see one or more “trusted fediverse” groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.

There is now at least one system in place for admins to vouch for other instances being non-malicious, and to report suspected instances. It is called the fediseer: https://gui.fediseer.com/