this post was submitted on 05 Jul 2023
62 points (93.1% liked)

Comradeship // Freechat

2166 readers
51 users here now

Talk about whatever, respecting the rules established by Lemmygrad. Failing to comply with the rules will grant you a few warnings, insisting on breaking them will grant you a beautiful shiny banwall.

A community for comrades to chat and talk about whatever doesn't fit other communities

founded 3 years ago
MODERATORS
 

I was unsure where to cross-post this. But maybe we should discuss this to make sure Lemmygrad users are staying safe? Similar to the unspoken rule that we strongly discourage people using their real names or giving away too many personal details.

cross-posted from: https://mylemmy.win/post/89871

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 30 points 1 year ago (1 children)

It logs the timing as well, which could be sensitive data. For example if an employer were to gain access to this information and tie it to an account that someone thinks is anonymous, they'll know when you weren't working but getting paid to be at work. Or it could be used to determine when some is at home or out. Or be used as evidence for holding certain views.

It's unlikely for a single employer to get that data. But I wouldn't put it past the five eyes to set up an instance, mine data, and use analysts/AI to cross-reference it with other user metadata.

It's like J Sakai says in his security pamphlet. It's bad practice to give any information to feds, even 'benign' data because it helps them to build profiles on you and others. To offer a rather extreme example, if they know you were upvoting a comment at 16.07 EST, they can guess it wasn't you at a protest at the same time. This means they can narrow down the suspect list to the other handful of people with your build, etc, who go to protests. Being lax with data means the feds have an easier time undermining the efforts of people who are tight with their data.

It's a privacy issue that I hadn't considered. I knew our admins could see this data. I didn't realise it was visible to other instances.

[โ€“] [email protected] 7 points 1 year ago

Good points, I didn't consider all of that either.