this post was submitted on 28 Jun 2023
25 points (90.3% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54008 readers
363 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

💰 Please help cover server costs.

Ko-FiLiberapay

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
25
When I sign up under an instance, what information am I sharing to the host? (geddit.social)
submitted 1 year ago by [email protected] to c/[email protected]
5 comments fedilink hide all child comments
 

I want to sign up under this instance and host communites, but privacy is important to me.

Privacy drove me off reddit, I looked around for these answers but not sure where to come across them.

1)Am I sharing my IP address/ location with my host instance? 2)is there a log of my view history 3)i know that this instance has a heavy Piracy base, what is the risk of joining this? 4) are there general privacy concerns that I am not thinking of?

I know these may be dumb questions but as a user and not necessarily the most tech savvy, any education would help!

I do not want to be in a position where a Government creates an instance, and allows them to monitor.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 23 points 1 year ago

Check out my comment here: https://lemmy.one/comment/325139

The relevant parts for you are:

  • The default configuration for Lemmy does log IP addresses through nginx's access log.
  • The default configuration doesn't rotate or prune the logs; they are maintained indefinitely.
  • The default configuration doesn't encrypt the logs (file-level encryption) or disk (block-level encryption.)

The requests and IPs are therefore vulnerable to:

  • The server admin can check the logs (who can SSH into the server itself, not just an admin on Lemmy)
  • The hosting provider can check the logs (the file is not encrypted and they own the disk they're stored on)
  • A government can subpoena the server admin or the hosting provider for these logs.

A Lemmy instance that is concerned about its user's privacy should either disable access logging, or log to RAM, and ideally encrypt it too.

However, this raises the issue that you don't know what software the server is actually running. The above analysis is based on looking at the default configuration of the open source code. But if they were to change the logging to be more secure, you would need to trust them when they say that's actually the code they are running.

Have you considered using a VPN like Mullvad or even Tor? Lemmy doesn't have the same issues with blocking VPNs as reddit does. (Although some fediverse instances, such as Kbin, use Cloudflare, which does its best to block VPNs/Tor.)

Let me know if you have any other questions.