Privacy drove me off reddit, I looked around for these answers but not sure where to come across them.

Am I sharing my IP address/ location with my host instance?
is there a log of my view history
are there general privacy concerns that I am not thinking of?

I do not want to be in a position where a Government creates an instance, and allows them to monitor.

  • marsara9@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    The project is open source so you can see what they are logging, if you can read the code.

    But simply some things that are logged:

    • IPs are logged but I don’t see them being associated with a user account. This looks to mainly be for rate limiting.
    • What posts/comments you’ve looked at are logged. This is so the UI can gray out posts you’ve already seen or mark replies to you own comments as read.

    From what I can tell neither of these data points are federated so only the instance your logged into has that information.

    ** Don’t use this as an exhaustive list. These are just the two items you specifically asked about and what I’ve seen looking through the code so far. **

    • Cayenne05dingos@geddit.socialOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I cannot read code so this is much appreciated. i guess the hard part me, and maybe for people who also want to join lemmy but are intimidated, is building trust with a host. IMO I think this will hold Lemmy back. thank you for answering

      • aski3252@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        building trust with a host.

        This is indeed one of the risks with lemmy and other federated, decentralized and self-hosted services. Those services are generally hosted by hobbyists, not by companies, which seemingly makes it a bit harder to evaluate if you can trust a given server or not.

        But it’s worth it to keep in mind that even though companies generally have a lot more resources to take care of security, there are still a lot of examples where they simply don’t do that, for example to cut cost. You also have no idea who works as an admin at “socialmediacompany x”. For example, there are a lot of admins working at twitter or reddit who you have never heard about (and never will hear about) who probably have access to your data.

        And companies often just sell your data, an issue that you probably don’t have to worry with lemmy anytime soon (hopefully).

        The way I deal with that and why I don’t worry very much about lemmy is to take care about what information I share. I don’t care that a server admin could theoretically find out which country I’m from through my IP. I don’t post sensitive information and I don’t send sensitive direct messages. I use throw away e-mail addresses. I also don’t plan on reading illegal content. And I don’t feel attached to a specific server/lemmy instance, I don’t care if my account is lost.

      • johntash@eviltoast.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Try thinking about it more in the terms that everything you do will be public. Don’t assume posts, comments, dms, etc will be private to you only. Some admins will for sure respect privacy better than others, but there could always be data breaches, etc.

        I’m hoping there will be some sort of e2e encrypted messaging in the future for DMs, but I don’t think something similar makes since for posts and comments.