this post was submitted on 04 Jul 2023
370 points (97.7% liked)

You Should Know

39596 readers
77 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.

Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.

Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.

Rule 11- Posts must actually be true: Disiniformation, trolling, and being misleading will not be tolerated. Repeated or egregious attempts will earn you a ban. This also applies to filing reports: If you continually file false reports YOU WILL BE BANNED! We can see who reports what, and shenanigans will not be tolerated.

If you file a report, include what specific rule is being violated and how.

Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 2 years ago
MODERATORS
_MoveSwiftly@lemmy.world
Thekingoflorda@lemmy.world
ja2@lemmy.world
Rooki@lemmy.world
FartsWithAnAccent@lemmy.world
FartsWithAnAccent@fedia.io
370
YSK: Your Lemmy activities (e.g. downvotes) are far from private (i.imgur.com)
submitted 2 years ago* (last edited 2 years ago) by muddybulldog@mylemmy.win to c/youshouldknow@lemmy.world
176 comments fedilink hide all child comments
 

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

top 50 comments
sorted by: hot top controversial new old
[–] Wander@yiffit.net 183 points 2 years ago* (last edited 2 years ago) (8 children)

To anyone surprised at this: welcome to the fediverse, please treat everyhing you do or say as public.

The way to achieve privacy around here is by following the long forgotten arts of the old internet before Facebook was a thing: use a Nick name and don't tell strangers on the internet your real identity.

Your home instance will act as a proxy and only they have access to your email and IP address. That does stay private.

So, as long as you trust your home instance to not leak or disclose your connection or sign up data (which would be illegal in EU countries), just sign up with an alias.

A very positive aspects of this is that it should allow us to detect voting manipulation by correlating the activity of certain potentially malicious actors. If Lemmy instances take vote manipulation seriously and do their best to block bots this has the chance to make Lemmy / Kbin much more transparent and credible than Reddit ever was.

[–] abbadon420@lemm.ee 53 points 2 years ago* (last edited 2 years ago) (5 children)

Lol. kids these days would post their bank info online if the banks didn't prevent them from doing so.

[–] T156@lemmy.world 23 points 2 years ago (7 children)

You say that like A/S/L wasn't a thing back in the day.

[–] sauerkraus@lemmy.world 5 points 2 years ago

Yall remember those “your stripper name is the street you grew up on and your pet’s name” challenges? Literally phishing for password recovery keys.

[–] time_lord@lemmy.world 4 points 2 years ago (3 children)

Even back then we were told never to reveal that sort of stuff online. How many of us do you think were telling the truth?

load more comments (3 replies)
load more comments (4 replies)
[–] Wander@yiffit.net 9 points 2 years ago (1 children)

I don't want to shame anyone, but I've had people sign up give me their full DoB and offering to show me their ID. I know of people who disclose their id to get access to nsfw discord communities.

[–] RivenRise@lemmy.world 4 points 2 years ago

DUDE MY GIRLFRIEND FUCKING DID THAT AND I JUST LOOKED AT HER AND ASKED HER IF SHE THOUGHT THAT WAS A GOOD IDEA. In hindsight no, thankfully she's gonna be moving soonish. This was from before we were together, otherwise I would have warned her not to do that. It was the same discord she got a cyberstalker from, thankfully the stalker wasn't a friend of the owner because otherwise he totally could have gotten her address and irl info.

[–] Dave@lemmy.nz 4 points 2 years ago

Wasn't there a twitter account that retweeted people posting photos of their credit cards?

[–] cats@lemm.ee 3 points 2 years ago

so would my grandpa

load more comments (1 replies)
[–] DogMuffins@discuss.tchncs.de 6 points 2 years ago (1 children)

I whole heartedly agree with this perspective.

Additionally, and this is an unpopular opinion, but trying to maintain a Nick or online identity over many years is folly. You end up with a huge repository of personal information, increasing the risk that it can be connected to you personally.

[–] NorwegianBlues@sh.itjust.works 3 points 2 years ago

This has come up as part of those requests to migrate accounts between instances. "I want a persona that stays with me for years"... Is that actually a good idea though!?

[–] BitOneZero@lemmy.world 5 points 2 years ago (4 children)

Your home instance will act as a proxy and only they have access to your email and IP address.

Your home image typically doesn't proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.

load more comments (4 replies)
[–] kaba0@programming.dev 5 points 2 years ago (1 children)

No, an alias will only give you pseudo-anonymity. Even trivial analysis like counting which words occur together frequently in your writings can reveal with very good accuracy any other alt of you, so the available information of you is basically everything you have shared online with enough accompanying self-written text.

load more comments (1 replies)
load more comments (4 replies)
[–] booty_flexx@lemmy.world 77 points 2 years ago* (last edited 2 years ago) (14 children)

To illustrate op's point I'm going to spin up an instance, federate with everyone, and not tell anyone what that instance is.

Then I'm going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.

Additionally, I'll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user's political affiliations and display the results.

Worst of all, I'm not going to out my instance for everyone to know it as the one to defederate. In fact I'm spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.

I'll also have a store where anyone can buy my collected fediverse data for a handsome sum.

Just kidding I'm not doing any of this. But someone absolutely will or already is.

[–] agoramachina@lemmy.world 25 points 2 years ago* (last edited 2 years ago) (1 children)

You know, I came in here with the mindset that the topic of discussion here isn't a bad thing; I'm largely pro information-should-be-open-and-available. But you've argued a very solid point, and I've changed my mind on the issue. I appreciate you sharing this perspective!

[–] stevedidWHAT@lemmy.world 3 points 2 years ago

With all due respect, figuring out who you are based off what you say in a public setting is already what people do irl

[–] Reliant1087@lemmy.world 9 points 2 years ago

I think your comment clearly illustrates what might go wrong with it. If they need this data for sorting or something else absolutely, then I would be happy if they just hashed the usernames/instances or used some other form of UID.

[–] stevedidWHAT@lemmy.world 3 points 2 years ago

Lmao the internet finally realizing what companies and the govt have been doing for decades on the internet

load more comments (11 replies)
[–] TimewornTraveler@lemm.ee 51 points 2 years ago* (last edited 2 years ago) (4 children)

Edit: Obligatory RIP my inbox.

Can we leave this kinda stuff behind? It is NOT obligatory.

[–] NotMatt@lemm.ee 25 points 2 years ago (2 children)

I’m going to start throwing “edit: thanks for the gold kind stranger!” on the end of my comments just to induce some nostalgic cringe.

[–] teruma@lemmy.world 9 points 2 years ago (1 children)

You are a gentleman and a scholar. /s

load more comments (1 replies)
load more comments (1 replies)
[–] gsa32@lemmy.world 6 points 2 years ago (9 children)

Redditisms are cringe and always have been. Yes I agree we should leave them behind.

load more comments (9 replies)
[–] Cheems@lemmy.world 4 points 2 years ago

This.

EDIT: Thanks for the awards kind stranger!

EDIT 2: Rip my inbox

This is all examples of reddit shit that is really dumb. We don't need to bring it over here

load more comments (1 replies)
[–] deweydecibel@lemmy.world 21 points 2 years ago* (last edited 2 years ago) (2 children)

Reading these comments, seeing so many excuses, sarcastic responses, and handwaving, makes me realize a great deal of users really need to develop some imagination.

This is not about privacy. It's about data that can easily be used for targeting and profiling users, and how that creates countless avenues for targeted harassment and wide scale retaliation. It's about all of the innumerable ways public vote information can and will be abused to manipulate scoring across the site with targeted/automated shadow banning and shared blocklists. Raise your hand if you trust every single admin to never abuse such a tool to curate the outward appearance of an instance to fit a narrative.

For a different example: I could say something about how great Nazis are right now, and have a bot programmed to read every single person that downvoted me, add those names to a shared blocklist, and viola, I've made myself and all my alts invisible to the people that would challenge me on a massive scale.

I promise you this is going to be a big issue as tools for this site get more sophisticated over time.

[–] Zeus@lemm.ee 3 points 2 years ago* (last edited 2 years ago)

alternatively, if votes were private, you could spin up a bot network to mass upvote your comment; making it far more influential as most people are more inclined to believe statements they think others also feel. thankfully, votes are open, so you can't

as long as there is a system, people will try to game the system; and when there is a new system, people will come up with new games

load more comments (1 replies)
[–] CoolSouthpaw@lemmy.world 13 points 2 years ago

Oh no, so my upvotes on c/spacedicks aren't private?

/s

[–] ScaNtuRd@lemmy.world 10 points 2 years ago* (last edited 2 years ago) (1 children)

Not to sound harsh or anything, but those of you saying that it's okay that all this data is public are insane. This completely goes against the entire philosophy of the Fediverse and FOSS in general. The reason we all are fleeing from Big Tech is because they collect so much data on us. At least, they keep it hidden from public view. This is a major issue in my opinion, and needs to be addressed ASAP before we can claim to have superior platforms on the Fediverse. Why can't this data at least be encrypted?

[–] OmniGlitcher@lemmy.world 2 points 2 years ago* (last edited 2 years ago)

Agreed, I am incredibly confused by what seems to be the majority reaction to this.

I've never been particularly involved with the FOSS community, though I do use a few FOSS apps and generally appreciate their view on what FOSS means. I also strongly appreciate data privacy, and it was my observation that the FOSS community was (generally) relatively the same way. So to see this reaction is very surprising. It's quite literally the same terrible argument of "Why fear it if you have nothing to hide" used against multiple data privacy concerns throughout the years.

I think the worst are the bad faith "But Reddit...!" arguments. For one, we're not on Reddit anymore, this is about Lemmy's issues that can be corrected. And for two, whilst Reddit potentially outsourcing that data to the highest bidder is far from ideal, at the very least the data wasn't outright PUBLIC to anyone who wishes to set up a simple server.

[–] czech@no.faux.moe 9 points 2 years ago (5 children)

Activities are public and easily viewable on kbin. It's been interesting. Seems mostly positive other than people harassing those who down-vote them demanding explanations.

[–] muddybulldog@mylemmy.win 6 points 2 years ago (1 children)

Knowing they're visible on kbin made me realize that most Lemmy users probably weren't aware, as it's non-obvious.

[–] theinspectorst@kbin.social 3 points 2 years ago (2 children)

Yeah, I had a good natured discussion with a Lemmy user on feddit.uk the other day where they were still inexplicably downvoting my responses each time, despite us both being polite and constructive.

It made me realise that a) they use the downvote button quite differently to how I use it and b) they probably didn't know that I, as a kbinaut, could literally see they were the one downvoting.

load more comments (2 replies)
load more comments (4 replies)
[–] icedcoffee@lemm.ee 4 points 2 years ago

Just commenting so this stays one of the most commented posts. Feel free to keep scrolling

[–] v81@lemmy.world 4 points 2 years ago

There is a fundamental misunderstanding here.

Our data has never been 'invisible'... We've just trusted that places like Reddit and their staff will do the right thing. That's literally how it already works.

If you sign up for Reddit, Reddit staff can see your posts and votes if they want to.

If you sign up for a private forum the admin there can also see database contents.

One way encryption is not possible without stopping functionality... If data about you was encrypted then posts you make couldn't be displayed. If you include a means to decrypt then there was no point encrypting anyway.

This is how it's always been, and Lemmy doesn't change this status quo much.

A faceless corporation that has had access to your data is just replaced by a variety of admins distributed across instances.

This isn't a good or bad thing, the potential for abuse does exist, but when we have literally made agreements with places like Reddit that they can use and sell our data... then what difference does it make it an admin takes a peek?

It wouldn't be great... but nothing is perfect.

It's still worth working on however, to see if a better solution can be found, but at this time I'd say just be aware that it is possible that your data can be seen and understand the only safeguard against that if you need to communicate something private would be to use direct messaging with end to end encryption.

[–] intensely_human@lemm.ee 3 points 2 years ago

I’ll just use my short username then

[–] kennydidwhat@lemmy.world 3 points 2 years ago (4 children)

There's something amusing about people feeling violated by their activity being made public, but not necessarily by corporations hoarding and capitalizing on that activity & data. I mean, one of them is out in the open. The other is pure abuse.

[–] DoctorTYVM@lemmy.world 5 points 2 years ago

How about both are bad.

load more comments (3 replies)
[–] Ubermeisters@lemmy.zip 3 points 2 years ago (1 children)

How often are we going to see this postage? I think this is the third time I've seen it at least

[–] muddybulldog@mylemmy.win 3 points 2 years ago (1 children)

You’re following up to a post made almost 3 months ago so it’s not surprising you’ve seen similar since.

load more comments (1 replies)
[–] Bill@lemm.ee 3 points 2 years ago (8 children)

I downvoted the beans and I don't care who knows about it. I'd do it again.

This is useful to know though, thanks. I guess assume everything is public short of your password (unless your admin is particularly nefarious and has altered the code to store passwords in plaintext for some reason).

load more comments (8 replies)
[–] Aceticon@lemmy.world 2 points 2 years ago (3 children)

Well, yeah, it's put on the database.

It's the only way to avoid double voting from the same account or to remove the reverse vote if one changes one's mind and votes the other way.

Did you think that it was any different on Reddit and that no random employee with access to their database could run a similar SQL query with a couple of joins and end up with nicknames, e-mails and IP addresses?!

Do you know who are the Reddit employees with access to their database or a copy of it? Have you had a chance to vet them? I don't think so.

At least here it's a bit more transparent.

The only shocking thing in this is that anybody is shocked by it.

load more comments (3 replies)
[–] MargotRobbie@lemmy.world 2 points 2 years ago* (last edited 2 years ago) (2 children)

Suppose there is someone who wants to maintain their anonymity and privacy on Lemmy so that it couldn't be tied to their real identity, what do you think is the best way to do that?

Hmm, I, famous Hollywood actress Margot Robbie and star of "Barbie", sure am stumped.

load more comments (2 replies)
[–] s4if@lemmy.my.id 2 points 2 years ago (6 children)

Nothing private in fediverse except when you are selfhosting yourself.

load more comments (6 replies)
[–] Sir_Kevin@lemmy.world 2 points 2 years ago

Back in my day everyone knew that once you put something on the internet it's there forever to be seen by all. Has everyone already forgotten this? This is nothing new and in fact the way it's always been! Now get off my lawn!

load more comments
view more: next ›