this post was submitted on 11 Nov 2024
235 points (97.6% liked)

Technology

59415 readers
3102 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] sugar_in_your_tea@sh.itjust.works 2 points 6 days ago (1 children)

And they're more interested in matching up user accounts to people, and there's no public link there unless you provide it.

[–] OpenStars@piefed.social 3 points 6 days ago (1 children)

Not a public one no, but instance admins can see it.

And what is to stop someone from hosting content - like an image - onto their personal server, then collect the IP addresses of everyone who visits? e.g. couldn't you receive a message in your DM, and without being asked, merely viewing the (auto-loading!) image could reveal that it was your account (that the DM was sent to) that came from the IP address that the image hosting server recorded in the incoming traffic?

Maybe I'm wrong? But that's what I fear.

[–] sugar_in_your_tea@sh.itjust.works 3 points 6 days ago (1 children)

Yeah, that's certainly possible, and AFAIK Lemmy doesn't really do anything to protect against it (they'd have to intercept any outgoing content fetches).

However, in order to do that, they'd need to make a honeypot account that posts to get that data. That's a lot of effort for a border patrol agent to go through on a quick stop, so they're probably only going to bother for specific targets. So unless you're targeted, they're probably not going to bother making an effort to gather that type of information. The big tech companies will just hand that data over (for a fee, of course), whereas the federated nature of Lemmy means your admin would need to do that, and I just don't think that's very likely.

That said, if you're worried about it, practice good OPSec. Use a VPN, burner email addresses, and don't post personal info (or if you do, post conflicting personal info as often as you post accurate info).

[–] OpenStars@piefed.social 2 points 6 days ago

THIS is indeed the way:-).