Why do you want them to know all this stuff about you? Also, all this data set on a timescale can be used to triangulate who you are in other data sets they have that are "anonymous". It's trivial to identify you based on a few converging data points.
RedWizard
joined 2 years ago
So I'm unsure yet but, it looks like you can make a POST request to an API endpoint to boost and it'll just, accept it? No authentication? I'm still pokeing around.
Yeah I feel bad for that kid. Sure, his privilege was imeasurable, but he was 19, didn't want to go, and was talked into it by his dad. As a dad, anything that involves tragic shit related to kids just sends me to a sad mournful place. Even this.
Content is effectively "Synced" to Lemmygrad. So if you are reading something from !technology@lemmy.world, you're actually reading it from the Lemmygrad server located at lemmygrad.ml/c/technology@lemmy.world. So no, unless you are connecting to their domain address explicitly, those domains are not getting your TCP/IP connection.
I'll note, this is why you should probably use a VPN to access the internet generally if you are concerned about privacy.
- Your home network provider knows your IP address and what domain address (but not the pages contained within) you visit.
- Your mobile provider knows your phone's IMEI number and its assigned IP address (though I'm not 100% sure about this exactly because you might get a new IP depending on the tower or network you connect to while moving around the world). But your IMEI number uniquely identifies your device, and some website analytic systems capture that data. It should be assumed they have a historical record not unlike the one your ISP has.
Using a VPN means all your ISP/Mobile provider sees is you sending data to a VPN server over HTTPS, and that's it. Services like NordVPN claim they do not keep logs on their system, and so if a government was to request your account's history, they likely can't provide that. They operate a Warrant Canary, here which in principle should give you faith that they have upheld that mission statement.
I use Nord on my phone and via their browser extension, and I have them set to auto-connect so they never turn off, and use their local discovery and bypass features to allow list sites and local services that get angry about my devices being on a VPN. I've been doing this for maybe two years now, and I've never noticed any material impact on the quality and speed of my connection.
This is not an ad for Nord 😅, I just think they're practicing what they preach.
To be clear, if I'm the operator of the Linux server on which Lemmy is deployed, I can use tools like tcpspy to pull information about the TCP/IP connections to my server on a given port. Obviously, this is simply the TCP/IP packets, which is going to be a sea of bots, internet crawlers, and other automated systems attempting to access my box because it's on the internet, which will likely dwarf the legitimate connections to the box.
I guess it's more likely though, you'll be monitoring the box between the outside internet and the actual server (like an Nginx reverse proxy) but I could probably extract which IPs were going to Mylemmy.ml instead of my boxes IP address directly, but that's outside the scope of my knowledge. I simply know that, once you own the box that someone else is connecting to, there is networking data you now have access to that can lead to identifying a person.
The nice thing about these projects is that the community can review what kind of data is collected because it is FOSS. Obviously, things like votes, comments, DMs, posts, and posts marked as read are all logged in the DB and tied to your account. One could extrapolate a lot about a person by extracting and doing data analysis against that data. Because of how federation works, it also means you can't just rely on your instance operators to be trustworthy.
DM's I think operate more like an Email message and likely are not federated in a way other instance hosts, other than the origin and destination hosts, can view. But the Origin host and the Destination host obviously could do a database query and pull your DMs. It should be noted, this is also true of Email unless you are using encrypted mail.
At some point, DMs could be built to be end-to-end encrypted with PGP if the devs/community desire that, but that's not how it works now.
I'm sure that as a Lemmy Instance operator, you can also use your host server to log connections (read, IP addresses), but I'm unsure if Lemmy itself logs that information in its database alongside your account information (probably not?). You would probably want to log the connections as good operators, so you can find patterns and remove bad actors trying to say DDOS your box.
However, if more robust moderation tools were to be implemented, which include an IP-based ban, then that would have to be tied to your account to make it work.
There are platforms like Nostr for example, where everything is encrypted, even the primary content, and you have to provide the system some kind of encryption key to even view the feed.
It never left, your just have to know where to look.
Oh this is very cool
The benefit for you is that you will be in a low traffic instance. All the content you load will be loaded from that instance, not lemmy.world. So for you the content loads faster.
Like, I'm replying to you from lemmygrad.ml, and I'm never actually connecting to lemmy.world, and no content is loaded in real time from Lemmy.world. this comment will be synced back to lemmy.world and then synced out to everyone else that's subscribed.
But if 90% of people are on Lemmy.world then naturally it's going to run like ass.
Shadow Bans are bans that are not announced or visible to the end user. None of the content they post is visible to other users on the site. So to the banned user, everything seems normal except they get not engagement with their posts.