If you’re not running your own server privacy policies are not even worth the pixels they’re presented on.
Literally, you’re just taking a random person’s word for it (whoever the admin is). A website is a black box, you have no idea what’s going on on the back-end.
The only way to be in complete control of your user data is to run your own server and be literally the only user on it.
Even then, any public comments you make are, you know… public.
Ask me no questions and I’ll tell you no lies. It asks much less of my instance admins if it’s understood that my information was never private to begin with.
All your data will pass over other hardware owned by other people. The only real online privacy is not connecting to the internet to begin with.
And now we’re entering into the realm of encryption, especially end-to-end. Generally speaking, just because you’re sending information that touches other people’s hardware, doesn’t mean it’s public and readable.
Even then, AMD, Intel and now Apple CPU chips are suspected to be backdored. NIST has been slow to adapt a standard post-quantun E2EE algorithm, with some rumours of self-sabotage mandated by NSA (like they have already done in the past). The Tor network is extremely vulnerable to traffic correlation by big parties.
Encryption theoretically gives you what you describe, but in reality you still need to put a lot of thrust in things like your own hardware.
I think that’s worth considering: an open-source volunteer project requires and leaks way more data than a private corporation it’s mimicking.
It couldn’t be that one has had loads of VC funding for *checks notes… 15 years. Whereas one has been barely funded for five years and has more people complaining than adding code.
Actually, it makes perfect sense that an open source project that doesn’t have a big organization behind it isn’t going to have the same capability anywhere near as quickly. Reddit also makes money from advertising. The money for Lemmy is from donations and an abysmally small set of grants.
Hell, Matrix, an actual open source communications protocol is 9 years old and they still haven’t gotten encrypted video group chats working properly and if I recall correctly still offload a lot of that to JitsiMeet. I was using Matrix/Riot.IM (now Element) in 2016 and it was garbage that barely worked, and updates constantly broke what previously worked, etc. It took time to become better and Matrix does have a whole ass organization backing it.
For comparison, Lemmy has been around for about five years and they’ve had far less financial backing and developers contributing to the project. Matrix has governments like France and Germany lining up for services for private communications, which means they’ve literally got people paying them for the service of helping manage their Matrix servers. Lemmy doesn’t have the same advantages. They don’t have a service or ads to sell (no ads is part of the appeal.).
For what its worth, Veilid exists, if you’re looking for a better framework to start with than ActivityPub.
I have a feeling that you might be misunderstanding what the actual purpose of lemmy is. lemmy has taken quite a few design decisions from Reddit which is exactly the same way. Both platforms are public places where all content is shared. Anyone using them needs to be aware of that fact. Mastodon might be a better fit for you as it is more focused on individuals rather than public communities.
The way I see it, community-based social media is a public forum, where every post / comment is public (Obviously less applicable on an individualized platform like Instagram). Everyone has an inherent right to privacy, but not when they’re using a platform like Lemmy. Twitter and Facebook are fundamentally different platforms. You can’t expect privacy while using lemmy, so use a different platform to post private content.
These people should be looking into spinning up Matrix servers if they want a private club with real privacy so bad.
It’s definitely a weird thing to constantly be upset about: “People can see what I posted in public when I post them publicly!”
It’s like complaining about people being able to take photos with you in the background in public. It’s a public space, there is no expectation of privacy.
If you want a private internet experience, you have to put some work in.
When you have privacy settings, what you really have is a lie.
It starts out with good intentions, like those in this post, but eventually everyone forgets that the platform still sees your posts and does not give a shit about selling them.
I would rather acknowledge from the very beginning that this entire system is not private, so there is never such a misunderstanding.
Everyone should post and comment with caution, just like you use caution with what you say in public places.
The way you use caution saying something in a public place that you don’t want everyone to hear is by keeping your voice down so that only certain people can hear it. Without privacy settings there is no equivalent to that.
Sup. And all this data would still be federating, it has to be. That just means that some data-collecting company could make a fake instance and get everything together. Or someone could just fork it back.
It gets weird fast, because before privacy controls in the Lemmy source code mean anything, we need trusted third party verification of a server’s patch level, and security controls.
That can be done, and I think Lemmy has a shot at getting to that point, but it’ll be awhile.
In the meantime, I suspect the Lemmy developers are hesitant to add and advertise features that you can’t be sure are actually correctly enabled on your instance.
But yeah, let’s not let perfect be the enemy of moving toward better.
Edit: Assuming you completely trust your instance admin, we could start adding some basic privacy to actions taken on your home instance.
But as soon as the user starts interacting via federation, all bets are off - because the federated instance may he malicious.
I think we might see one or more “trusted fediverse” groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.
So, in theory, the lemmy software could start implementing privacy controls that allow users to limit their visibility to whichever part of the fediverse their instance admin has marked as highly trusted.
But even then, there’s risks from bad actors on highly trusted instances that still allow open signups.
Anyway, I totally agree with you. It’s just a genuinely complex problem.
If all the people complaining would just contribute to the codebase this wouldn’t even be an issue.
Often, you even see the devs coming into threads like this and making suggestions, like “make a pull request.” They want more people contributing.
It’s tons of people whining, very few people contributing. Guess what? While at a certain point, adding developers stops increasing productivity, there’s a small window where adding developers does increase productivity.
If I am correct, Lemmy only has four main developers. That’s well within the range to add more developers and increase the productivity, making new features and security come faster.
So I get it, but things take time, and are complicated, which you thankfully can see.
People whinging about it in threads does nothing to change it. Donating to Lemmy’s development costs or contributing code does.
So much of it sounds like it sounds like its from less-technically-inclined people (some of its valid critique from experts, but they generally… write bug reports and do pull requests…) who just want it to be better but the only way they know how is to “bring awareness.” Well, all that “awareness-bringing” just amounts to spreading FUD.
I think we might see one or more “trusted fediverse” groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.
There is now at least one system in place for admins to vouch for other instances being non-malicious, and to report suspected instances. It is called the fediseer: gui.fediseer.com
This is a security feature to let you know that the sender may be an imposter, right? Like matrix’s verified sessions, if my friend gets a new phone or pc it’s unverified and I have to verify the new session through another means, like in person or phone.
It’s similar. I made it to solve my spam problem, but it’s also really good for staying organized. When you sign up for something, you can use yourname-whatever@port87.com, then if you don’t want it anymore, you can block that address. Each address has its own label in your account, and blocking the address is just one click.
When it comes to location tracking and many other things, data retention and use policies are just a useful distraction from the real problem which is that they're able to collect the data at all.
privacy
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.