Privacy Concerns on Lemmy: A Call for More User Control

I’ve been grappling with a concern that I believe many of us share: the lack of privacy controls on Lemmy. As it stands, our profiles are public, and all our posts and comments are visible to anyone who cares to look. I don’t even care about privacy all that much, but this level of transparency feels to me akin to sharing my browser history with the world, a discomforting thought to say the least.

While the open nature of Lemmy can foster community and transparency, it also opens the door to potential misuse. Our post history can be scrutinized by creeps or stalkers, our opinions can be nitpicked based on past statements, and we can even become targets for mass downvoting. This lack of privacy control can deter users from actively participating in discussions and sharing their thoughts freely.

Even platforms like Twitter and Facebook, often criticized for their handling of user data, provide some level of access control. Users can choose who sees their timeline: friends/followers, the public or nobody. This flexibility allows users to control their online presence and decide who gets to see their content.

The current state of affairs on Lemmy forces us into a cycle of creating new accounts or deleting old posts to maintain some semblance of privacy. This is not only time-consuming but also detracts from the user experience. It’s high time we address this issue and discuss potential solutions.

One possible solution could be the introduction of profile privacy settings, similar to those found on other social media platforms. This would give users the flexibility to choose their level of privacy and control over their content without having to resort to manual deletion or account purging.

I believe that privacy is a fundamental right, and we should have the ability to control who sees our content. I’m interested in hearing your thoughts on this matter. How do you feel about the current privacy settings on Lemmy? What changes would you like to see? Let’s start a conversation and work towards making Lemmy a platform that respects and upholds our privacy.

TexMexBazooka,

Bruh what? If you’re repeatedly making new accounts because you don’t want people reading your post history you’re doing something wrong.

csm10495,
@csm10495@sh.itjust.works avatar

Technical question: How would posts federate if private?

MajorHavoc, (edited )

It gets weird fast, because before privacy controls in the Lemmy source code mean anything, we need trusted third party verification of a server’s patch level, and security controls.

That can be done, and I think Lemmy has a shot at getting to that point, but it’ll be awhile.

In the meantime, I suspect the Lemmy developers are hesitant to add and advertise features that you can’t be sure are actually correctly enabled on your instance.

But yeah, let’s not let perfect be the enemy of moving toward better.

Edit: Assuming you completely trust your instance admin, we could start adding some basic privacy to actions taken on your home instance.

But as soon as the user starts interacting via federation, all bets are off - because the federated instance may he malicious.

I think we might see one or more “trusted fediverse” groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.

So, in theory, the lemmy software could start implementing privacy controls that allow users to limit their visibility to whichever part of the fediverse their instance admin has marked as highly trusted.

But even then, there’s risks from bad actors on highly trusted instances that still allow open signups.

Anyway, I totally agree with you. It’s just a genuinely complex problem.

SnotFlickerman, (edited )
@SnotFlickerman@lemmy.blahaj.zone avatar

If all the people complaining would just contribute to the codebase this wouldn’t even be an issue.

Often, you even see the devs coming into threads like this and making suggestions, like “make a pull request.” They want more people contributing.

It’s tons of people whining, very few people contributing. Guess what? While at a certain point, adding developers stops increasing productivity, there’s a small window where adding developers does increase productivity.

If I am correct, Lemmy only has four main developers. That’s well within the range to add more developers and increase the productivity, making new features and security come faster.

So I get it, but things take time, and are complicated, which you thankfully can see.

People whinging about it in threads does nothing to change it. Donating to Lemmy’s development costs or contributing code does.

So much of it sounds like it sounds like its from less-technically-inclined people (some of its valid critique from experts, but they generally… write bug reports and do pull requests…) who just want it to be better but the only way they know how is to “bring awareness.” Well, all that “awareness-bringing” just amounts to spreading FUD.

Sal,
@Sal@mander.xyz avatar

I think we might see one or more “trusted fediverse” groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.

There is now at least one system in place for admins to vouch for other instances being non-malicious, and to report suspected instances. It is called the fediseer: gui.fediseer.com

MajorHavoc,

Very cool.

risencode,

The only privacy setting I can encourage on any social media site is don’t share private stuff about yourself and never link to your account from other accounts

LemmyHead,

That is part of the problem though. Proper privacy allows you to express what you want to, without self censorship. The issue is not: don’t speak about x, but rather: speak about it and feel comfortable that you can do it in a safe environment. I fully agree with the account linking though

turkalino,
@turkalino@lemmy.yachts avatar

Idk, doesn’t quite seem appropriate for a federated reddit clone. I think you’re better off on a chan board

solrize, (edited )

Lemmy has many privacy problems that have nothing to do with public comments you make. For example, the “hide posts that you have already read” option requires that the server track what posts you have read. There is no public activity involved in reading a post. So the Lemmy server should not track that info. If that feature is to exist at all, it should be implemented purely on the client. The same can be said about subscriptions, and for that matter about voting (server should discard voting info after a brief interval for abuse detection). The Lemmy software in many ways naive about this stuff.

SnotFlickerman, (edited )
@SnotFlickerman@lemmy.blahaj.zone avatar

I don’t disagree on those points, but I think it’s the nature of Lemmy being decentralized that makes all those things necessary.

server should discard voting info after a brief interval for abuse detection

What if the server has not federated out the votes yet? Some of that stuff can get backed up in a queue. There’s definitely a possibility that votes could get “lost” on the way. Hell, that already happens, and that’s with a system that tracks them.

Servers have to keep a lot of this info to pass to other servers. If I upvote something on Lemmy.blahaj.zone, it doesn’t mean that upvote has been federated outward to hundreds of other servers yet. I would assume this is part of how Lemmy is able to keep things “organized” between all servers.

In other words, a lot of the privacy complaints come from technical limitations of how Lemmy works. Lemmy, by it’s decentralized nature, has to transfer tons of data back and forth between all Lemmy instances.

However, there are technologies that are trying to work around this kind of technical limitation. You might be interested in something like Veilid. I’m not sure about the details of putting together a Veilid-based social-network, but I’m willing to believe it’s possible.

solrize,
  1. I don’t see anything in your post that indicates any reason to track what posts a person has read. That should not be tracked at all. Reading posts should be completely anonymous.
  2. I don’t see why voting necessarily has to track who casts the votes. But, because untracked voting can be abused so easily, I can understand deciding to retain the info for let’s say 24 hours. Hopefully that is also enough to handle those propagation issues.

Really, imho, server instances shouldn’t have a web interface at all, just an API. Web apps would make API calls to the server and reformat the response for use by the browser. The API call to read a post should not require any identifying info or require the user to be logged in. Read tracking and subscriptions should be handled by the client, and in the case of a public client (web app shared by many users), the private user info should be encrypted in case of a server breakin or seizure. The encryption key would be based on the user password and transformed to a browser cookie when the user logs in, so it is never stored by the web app. With most people using mobile clients these days, alternatively, the info can be kept completely on the client device and maintained by the mobile app.

loki,

Good features. If you make a fork, people would be interested in trying it out.

SheeEttin,

You can control who sees it by how and where you post it. If you don’t want people to see it, just don’t put it on the Internet at all. Even sites with fine-grained privacy controls can have flaws that result in information leaks.

exocrinous,

The admin of Blahaj is openly interested in exposing trans people’s alt accounts and outing them on their mains. And somehow it’s the biggest trans instance. We need a community and admin reaction in favour of defederating people who do that.

magnor,
@magnor@lemmy.magnor.ovh avatar

Wait what? Do you have a source for this?

exocrinous,

lemm.ee/post/14609313

magnor,
@magnor@lemmy.magnor.ovh avatar

I don’t see much proof. Did anyone corroborate?

exocrinous,

In order to show you proof I would have to help Ada in her attempts at doxxing, but I asked a friend who saw the whole thing to confirm.

magnor,
@magnor@lemmy.magnor.ovh avatar

I understand this is hard to prove without doxxing. This situation is very concerning, and if true absolutely disgusting.

Zerush,
@Zerush@lemmy.ml avatar

What irritates me many times when I enter Lemmy is that instead of my Nick at the top right, someone else’s Nickname appears for a moment, before changing it to mine. This is a sign of an open account sharing channel, which is quite serious and should be fixed quickly. Security at Lemmy is apparently non-existent.

Sal,
@Sal@mander.xyz avatar

Do you see a random nickname from a stranger, or a nickname of an account that was previously logged into using the same computer?

What is an open account sharing channel?

Zerush, (edited )
@Zerush@lemmy.ml avatar

It occurres sometimes, I see a random nick from strangers. It means that my account obviously is públic and even shared. I will be attentive and I will try to take a screenshot, before the nickname changes to mine while Lemmy loads.

Sal,
@Sal@mander.xyz avatar

I will also pay close attention and see if I can catch that happening.

Zerush,
@Zerush@lemmy.ml avatar

It’s not easy to catch, because it’s only a moment when Lemmy loads and just sometimes. For now I always have my eyes to the top right corner when I enter Lemmy.

toastal,

If Lemmy cared about privacy, contributing source code & opening tickets would not require opening accounts with a for-profit, US-based, closed, prorietary service owned by a publicly-traded megacorporation that has shareholders to appease & a history (as well as current) record of EEE (embrace, extend, extinguish).

Omega_Haxors, (edited )

that also uses your code for their AI.

drndramrndra, (edited )

Copilot gets trained on Dessalines’ essays and becomes a Marxist

toastal,

I mean it took the code production of from workers for the Commons, packaged it up, & sold it back to the workers—often in violation of the license if not the spirit of free, ethical, or similar software. All AI generations should be CC0 / 0BSD licensed.

toastal,

Choosing proprietary tools and services for your free software project ultimately sends a message to downstream developers and users of your project that freedom of all users—developers included—is not a priority.

—Matt Lee, www.linuxjournal.com/…/opinion-github-vs-gitlab

morrowind,
@morrowind@lemmy.ml avatar

I strongly agree, I wrote a post on this type of privacy and why it matters, which I’ve dubbed “casual privacy”. coship.bloggi.co/casual-privacy

pop, (edited )

pull requests would work a lot better than blog posts.

morrowind,
@morrowind@lemmy.ml avatar

It’s not smart to make a pull request before getting developers approval

pl_woah,

The lemmy devs would probably take something sensible like that and flat out shoot it down because they think they know better.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #