So I was going through /all and this admin is snooping at vote counts for posts in his instance and then posting it publicly.
Just a reminder that these kind of petty people exist. Pick a trustworthy instance or better yet, host your own.
Archive: https://archive.md/oybyL
Guys. The person running the website you use always can do and see everything
This has nothing to do with lemmy
deleted by creator
No. A simple website won’t help, it needs to be a Lemmy instance. Moreover, it needs to be a federated one.
And then, that “invisible” data being available to other admins, is a problem with federation, not with Lemmy.
Now, there could very well be efforts made to make the cleartext data of each instance users available only to the admins of that instance (and only share aggregated data with other instances), but that would also require a lot more consideration wrt mutual instance trust in the network.
Right now, since votes and other actions are public (to the federated instances admins anyway), it is doable to detect and assert foul play. The downside of this is that it allows abusers to malevolently collect data and do the same bad things that you are so certain the alternatives to Lemmy don’t do (yeah, as if).
If the instances shared only aggregated data with one another, it would be much harder for abusive small instance owners to spy on any user on the network (still possible, but it would essentially would be as hard as for anyone else, as it would involve heuristics and lots of intelligence, to interpolate the missing information); but it would also be much harder for legit admins trying to enforce moderation to inspect what happened on federated instances. They would have to take those instance’s admins at their words.
As an additional note: that “invisible” data that other platforms allegedly don’t share, is for sale. That’s what surveillance capitalism is all about… At least with Lemmy, the barrier of entry to get our data is “federation”, not “money”.
Edit:
WTF bro, a day and a half before writing this wrong comment I’m answering to, you wrote a properly worded, technically correct (top level) comment… Were you half asleep on this one??Edit 2: nah, the reason why your other comment was technically correct and properly worded is that you stole it. SMH. 😮💨
Off day 😉
I should have been more specific when I said website, as… If you scan my other comments, you might have the hint that I have access to one such Lemmy instance. And they federate with minimal effort. I don’t know how to automate it yet, but it wasn’t hard to do so manually.
I’m actually curious to know if federated instances share the data of their federated instances… if so, there is a proper reason to be actually alarmed, as ACLs would essentially be cosmetic only.
Can you be more specific? I might be able to hunt down answers.
Recently, federation vulnerabilities got exploited by an ex-Truth Social employee who apparently believes consent is only when someone shouts “no” at him, so pretty much anything is possible (without even going through the effort of spinning some kind of proxy server, if I’m reading this correctly).
Well, as in let’s say instance A is federated to B, B federated to C, A blacklisted C.
So, clearly, A isn’t getting data about C. It will drop it on ingress (I expect).
But, will C have access to the exact same data about A, through B, that it would have access to from A if not blocked by A?
“Indirect federation” (what I ended up eventually trying to find info on" appears non-existent.
That answered the question, I think, but it caused me to ask a few more, like this one:
What happens if a community is on Server A and Person C wants to check out how Person B is interacting on it. I think, in that case, that Person C can check out Person B’s profile and see comments left on a Server A community, but they cannot navigate to the post itself because Server A would not send the content to their server.
It’s relatively easy to switch servers, by clicking the little rainbow icon next to a particular comment to see the server where it would have been viewed in Person B’s context, but servers on their own are not running around scraping missing data… At least, not as they are currently designed.
ETA: More background on the major defederation in question (mostly political, not technical)
Thanks for digging and reporting on this, but I’m gonna take a break with my phone (the main way I interact with Lemmy), since it is such a steaming pile of shit.
I’ll try to find a way to use Lemmy on a proper OS without using the horrendous web interface (hopefully there are cool clients out there), and then I’ll see. 👋