The very nature of Lemmy and most social media, is that what you put out there is public. If you don’t want everyone in the world to read something you wrote, then social media may not be your kind of thing.
Because it seems that, to exist in society, is to give up some form of privacy by dint of existing in it.
You cannot stop yourself from being observed by other people, if they can see you. That’s just basic reality.
To be completely private, you would have to live in the woods and not interact with anyone or speak with anyone.
Is it defeatist to be realistic about the limitations of the idea of privacy?
As someone who has spent a lot of time seeking internet privacy, I’ve learned that more often than not I’m making myself more conspicuous. That doesn’t mean I’m going to give up on privacy, but it does mean that I’m going to consider its limitations.
EDIT: I’m reminded of an interview with Mark Hossler from Negativland. The interview is long gone from the internet (it was on an obscure website pre-youtube) but the center of it always stuck with me.
“If you really want full control of your art, don’t show it to anybody, keep it in your home.” His argument was Richard Dawkins’ argument for memes. The human mind functions by copying and mimicking. When someone else has viewed your artwork, they’ve already created an internal image of it in their memory. That memory is inconsistent with reality, but if they have a good memory, they can recreate it relatively easily (if they have similar artistic skills). You can’t really stop that kind of copying from happening, so the only way to fight it and keep “complete control” is to not share it at all.
Similarly, the only way to have complete control over your privacy is by not interacting with anyone at all.
You can control who sees it by how and where you post it. If you don’t want people to see it, just don’t put it on the Internet at all. Even sites with fine-grained privacy controls can have flaws that result in information leaks.
From the previous issue it sounds like the developer has proper legal representation, but in his place I wouldn’t even begin talking with Haier until they formally revoke the C&D, and provide enforceable assurances that they won’t sue in the future.
Also I don’t know what their margins are like, but even if this cost them an extra $1000 in AWS fees on top of what their official app would have cost them (I seriously doubt it would be that much unless their infrastructure is absolute bananas), then it would probably only be a single-digit number of sales that they would have needed to loose to come out worse off from this.
Lemmy has many privacy problems that have nothing to do with public comments you make. For example, the “hide posts that you have already read” option requires that the server track what posts you have read. There is no public activity involved in reading a post. So the Lemmy server should not track that info. If that feature is to exist at all, it should be implemented purely on the client. The same can be said about subscriptions, and for that matter about voting (server should discard voting info after a brief interval for abuse detection). The Lemmy software in many ways naive about this stuff.
I don’t disagree on those points, but I think it’s the nature of Lemmy being decentralized that makes all those things necessary.
server should discard voting info after a brief interval for abuse detection
What if the server has not federated out the votes yet? Some of that stuff can get backed up in a queue. There’s definitely a possibility that votes could get “lost” on the way. Hell, that already happens, and that’s with a system that tracks them.
Servers have to keep a lot of this info to pass to other servers. If I upvote something on Lemmy.blahaj.zone, it doesn’t mean that upvote has been federated outward to hundreds of other servers yet. I would assume this is part of how Lemmy is able to keep things “organized” between all servers.
In other words, a lot of the privacy complaints come from technical limitations of how Lemmy works. Lemmy, by it’s decentralized nature, has to transfer tons of data back and forth between all Lemmy instances.
However, there are technologies that are trying to work around this kind of technical limitation. You might be interested in something like Veilid. I’m not sure about the details of putting together a Veilid-based social-network, but I’m willing to believe it’s possible.
I don’t see anything in your post that indicates any reason to track what posts a person has read. That should not be tracked at all. Reading posts should be completely anonymous.
I don’t see why voting necessarily has to track who casts the votes. But, because untracked voting can be abused so easily, I can understand deciding to retain the info for let’s say 24 hours. Hopefully that is also enough to handle those propagation issues.
Really, imho, server instances shouldn’t have a web interface at all, just an API. Web apps would make API calls to the server and reformat the response for use by the browser. The API call to read a post should not require any identifying info or require the user to be logged in. Read tracking and subscriptions should be handled by the client, and in the case of a public client (web app shared by many users), the private user info should be encrypted in case of a server breakin or seizure. The encryption key would be based on the user password and transformed to a browser cookie when the user logs in, so it is never stored by the web app. With most people using mobile clients these days, alternatively, the info can be kept completely on the client device and maintained by the mobile app.
I prefer the complete lack of privacy settings because it is open and honest about the reality of what Lemmy is able to provide.
Even if you’re running your own instance, you are necessarily submitting your data to another party. I don’t have to trust the platform as much when my data isn’t private. It’s much easier to engineer a system around that assumption.
If we suppose that anything I submit to Lemmy is submitted to the public, I can’t be misled. My data cannot be leaked because I’m presenting it to the world already. Lemmy is a young social project with many problems to solve, still trying to gain traction and hold on to users and with an uncertain future. In brief: bigger fish to fry.
Maybe privacy controls could be on the list, but I don’t think it addresses the main problems or applications of the platform and creates its own set of issues. Keep it simple and stupid.
If you’re not running your own server privacy policies are not even worth the pixels they’re presented on.
Literally, you’re just taking a random person’s word for it (whoever the admin is). A website is a black box, you have no idea what’s going on on the back-end.
The only way to be in complete control of your user data is to run your own server and be literally the only user on it.
Even then, any public comments you make are, you know… public.
Ask me no questions and I’ll tell you no lies. It asks much less of my instance admins if it’s understood that my information was never private to begin with.
All your data will pass over other hardware owned by other people. The only real online privacy is not connecting to the internet to begin with.
And now we’re entering into the realm of encryption, especially end-to-end. Generally speaking, just because you’re sending information that touches other people’s hardware, doesn’t mean it’s public and readable.
Even then, AMD, Intel and now Apple CPU chips are suspected to be backdored. NIST has been slow to adapt a standard post-quantun E2EE algorithm, with some rumours of self-sabotage mandated by NSA (like they have already done in the past). The Tor network is extremely vulnerable to traffic correlation by big parties.
Encryption theoretically gives you what you describe, but in reality you still need to put a lot of thrust in things like your own hardware.
I think that’s worth considering: an open-source volunteer project requires and leaks way more data than a private corporation it’s mimicking.
It couldn’t be that one has had loads of VC funding for *checks notes… 15 years. Whereas one has been barely funded for five years and has more people complaining than adding code.
Actually, it makes perfect sense that an open source project that doesn’t have a big organization behind it isn’t going to have the same capability anywhere near as quickly. Reddit also makes money from advertising. The money for Lemmy is from donations and an abysmally small set of grants.
Hell, Matrix, an actual open source communications protocol is 9 years old and they still haven’t gotten encrypted video group chats working properly and if I recall correctly still offload a lot of that to JitsiMeet. I was using Matrix/Riot.IM (now Element) in 2016 and it was garbage that barely worked, and updates constantly broke what previously worked, etc. It took time to become better and Matrix does have a whole ass organization backing it.
For comparison, Lemmy has been around for about five years and they’ve had far less financial backing and developers contributing to the project. Matrix has governments like France and Germany lining up for services for private communications, which means they’ve literally got people paying them for the service of helping manage their Matrix servers. Lemmy doesn’t have the same advantages. They don’t have a service or ads to sell (no ads is part of the appeal.).
For what its worth, Veilid exists, if you’re looking for a better framework to start with than ActivityPub.
I have a feeling that you might be misunderstanding what the actual purpose of lemmy is. lemmy has taken quite a few design decisions from Reddit which is exactly the same way. Both platforms are public places where all content is shared. Anyone using them needs to be aware of that fact. Mastodon might be a better fit for you as it is more focused on individuals rather than public communities.
The way I see it, community-based social media is a public forum, where every post / comment is public (Obviously less applicable on an individualized platform like Instagram). Everyone has an inherent right to privacy, but not when they’re using a platform like Lemmy. Twitter and Facebook are fundamentally different platforms. You can’t expect privacy while using lemmy, so use a different platform to post private content.
These people should be looking into spinning up Matrix servers if they want a private club with real privacy so bad.
It’s definitely a weird thing to constantly be upset about: “People can see what I posted in public when I post them publicly!”
It’s like complaining about people being able to take photos with you in the background in public. It’s a public space, there is no expectation of privacy.
If you want a private internet experience, you have to put some work in.
When you have privacy settings, what you really have is a lie.
It starts out with good intentions, like those in this post, but eventually everyone forgets that the platform still sees your posts and does not give a shit about selling them.
I would rather acknowledge from the very beginning that this entire system is not private, so there is never such a misunderstanding.
Everyone should post and comment with caution, just like you use caution with what you say in public places.
The way you use caution saying something in a public place that you don’t want everyone to hear is by keeping your voice down so that only certain people can hear it. Without privacy settings there is no equivalent to that.
Sup. And all this data would still be federating, it has to be. That just means that some data-collecting company could make a fake instance and get everything together. Or someone could just fork it back.
It gets weird fast, because before privacy controls in the Lemmy source code mean anything, we need trusted third party verification of a server’s patch level, and security controls.
That can be done, and I think Lemmy has a shot at getting to that point, but it’ll be awhile.
In the meantime, I suspect the Lemmy developers are hesitant to add and advertise features that you can’t be sure are actually correctly enabled on your instance.
But yeah, let’s not let perfect be the enemy of moving toward better.
Edit: Assuming you completely trust your instance admin, we could start adding some basic privacy to actions taken on your home instance.
But as soon as the user starts interacting via federation, all bets are off - because the federated instance may he malicious.
I think we might see one or more “trusted fediverse” groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.
So, in theory, the lemmy software could start implementing privacy controls that allow users to limit their visibility to whichever part of the fediverse their instance admin has marked as highly trusted.
But even then, there’s risks from bad actors on highly trusted instances that still allow open signups.
Anyway, I totally agree with you. It’s just a genuinely complex problem.
If all the people complaining would just contribute to the codebase this wouldn’t even be an issue.
Often, you even see the devs coming into threads like this and making suggestions, like “make a pull request.” They want more people contributing.
It’s tons of people whining, very few people contributing. Guess what? While at a certain point, adding developers stops increasing productivity, there’s a small window where adding developers does increase productivity.
If I am correct, Lemmy only has four main developers. That’s well within the range to add more developers and increase the productivity, making new features and security come faster.
So I get it, but things take time, and are complicated, which you thankfully can see.
People whinging about it in threads does nothing to change it. Donating to Lemmy’s development costs or contributing code does.
So much of it sounds like it sounds like its from less-technically-inclined people (some of its valid critique from experts, but they generally… write bug reports and do pull requests…) who just want it to be better but the only way they know how is to “bring awareness.” Well, all that “awareness-bringing” just amounts to spreading FUD.
I think we might see one or more “trusted fediverse” groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.
There is now at least one system in place for admins to vouch for other instances being non-malicious, and to report suspected instances. It is called the fediseer: gui.fediseer.com
Yeah, they can fuck off. When their opening salvo was threats and legal bluster, I don’t see why anyone should trust an alleged olive branch now. The right thing to do was not to send this email second.
I have to work with Haier in my business now as well ever since they bought GE. They’re a shitty company that goes back on their word constantly (at least within the B2B space), and nobody should be giving them one thin dime.
Respectfully, I disagree. Yes, indeed this first message is PR damage control, but there is something to be gained here for the FOSS community.
This backtrack sends the message out, discouraging other companies with legal departments from trying the same trick else they risk sales. If a positive resolution comes out of this (A. Andre’s project becomes officially supported by Haier with more features whilst being more efficient with API calls, or B. Haier develops a local API option) then it shows other companies there is value in working together with the FOSS community rather than viewing them as an adversary or as competition to be eliminated.
Nah, this is Haier trying to save face. They saw how the story went, that the repo was forked a thousand times in a few hours. They know their engineering team can’t win, long term, against dedicated, pissed off geeks.
Would they play nice with you if the tables were reversed? No.
They already played the legal card, engaging with them at this point would be extremely naive.
Fuck them. Now is the time to pummel them even harder. Making them eat their words is what will send a message to the rest of the jackasses designing garbage and tracking us relentlessly for access to what should be trivial to engineer features.
Generally, an engineer wants their product to work well and work efficiently. They put effort into a product, and it feels good to see people benefit from that work. The ones making the decisions have money on their mind. If a FOSS version of their paid platform costs them too much money, they will shut it down. Not because it was the engineers decision, but because the one’s making the decision likely don’t even know what github is and just know it’s taking away that sweet subscription money.
They both represent the company. The company came on strong all ban-hammery, the news flashed around, his repo got forked over a thousand times in a matter of hours.
Haier found themselves on the defensive suddenly, so they got one of their engineers to play nice.
They now know they have 300k users who are pissed at them. People are choosing other products over this already.
Fuck them. With a pineapple. Corporations aren’t people, I owe them no consideration, no courtesy, especially when they act like this.
I’m glad the threat of being on a FOSS Hall of Shame is effective for some companies, and that they can’t just frivolous lawsuit away a hobby developer without consequences to their bottom line, which would have set a bad precedent against small-time FOSS developers everywhere.
Now their status to me is moved from “Shitlist” to “Shitlist Pending”, they’ve talked their talk so now it’s time to see them walk their walk. Best would be to allow users to control their Haier products from their own servers rather than Haier’s. That will reduce their cloud computing bills from 3rd party users but they can still offer “compelling value” in their walled garden ecosystem as a simple one-and-done setup. Win-win right?
Recently, we've observed a substantial increase in AWS calls attributed to your plugin, prompting the communication you previously received as standard protocol for our company, but as mentioned earlier, we are committed to transparency and keenly interested in collaborating with you not only to optimize your plugin in alignment with our cost control objectives,
i get it; their amazon account gets hit hard by some plugin data stream, they trace the source and kill it for monetary reasons. makes total sense. handled terrible, but still, i also completely understand getting some giant bill from amazon and freaking the fuck out.
github.com
Newest