I wrote this because of a previous post. I decided to dig deep into this privacy problem that LBRY has.

if you don’t wanna waste your time just scroll down to the conclusion

read this post with LBRY’s Privacy Policy for context.

How does LBRY handle privacy? What data does LBRY collect? is useful to read too.

First mistake: It’s a company based on the US. I don’t really mind if it’s only used for enforcing laws. However the US is included in the 5 eyes and has a PRISM program** If you want to avoid mass surveillance from the government the only way you can deal with these regions is to “trust but verify”. the lbry/odysee website is centralized and you can’t tell if the server is safe or not.

They have almost a good privacy policy. but the US government is notorious for mass surveillance. based on the knowledge available, the US is one of the worst offenders of privacy.


When do we collect information?

We collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form, open a support ticket or enter information on our site, or provide us with feedback on our products or services.

This is obvious to some people. they can’t collect information for people who is solely using the LBRY protocol with lbry-desktop client.


How do we use your information?
  • To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.

this point doesn’t matter because in this privacy policy it’s illegal for them to sell data. as far as I’m concerned this is just tracking with using their services for video recommendations. although the US government including the 5 eyes still may spy on it but other companies or third parties cannot access their information by law. see California Online Privacy Protection Act section on https://lbry.com/privacypolicy


How do we protect your information?

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

they claim to have good security practice here. data leaks are always dangerous in centralized systems; all it takes is for one failure. they didn’t state how many data-centers they’re using or if It uses some kind of encryption(SSL is for encrypting data during transfer and transmission. It’s not for encrypting stored files in my knowledge). the worst thing is to put your data somewhere you don’t have control over. I don’t recommend trusting them to protect your data (or any other type of cloud service).


Do we use “cookies”?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

In short: they use it for tracking logged sessions and also personalization. Again, It’s illegal for them to sell data so It’s not a problem. if you want, you can disable cookies in your browser.


Third-party disclosure

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

that just means they don’t use intrusive ways for advertizing. See Non-PII Data


Third-party links

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

We don’t know what third party services are used. It’s also cumbersome to read all other privacy policies and most likely It’s not a good one. there is a possibility of a privacy policy loophole. because of this, you should avoid the Odysee.com and lbry.tv website at all cost.


Google

We use Google AdSense Advertising on our website.

The NSA have direct access to Google’s serverssource with the PRISM program.

for me personally I’m skeptical of installing google’s opt-out DART cookie. though It’s good that they have that option. even though It’s really un-intuitive. I don’t expect anything from google.


California Online Privacy Protection Act and COPPA (Children Online Privacy Protection Act)

These only protects data-selling to third-parties and also privacy and safety from the mass public. the government isn’t affected by these laws.


Does our site allow third-party behavioral tracking?

Nothing wrong here. the website doesn’t allow third party behavioral tracking.


Fair Information Practices

They will inform users whenever there is a security breach within 7 days. Let’s hope a data breach never happens.


Conclusion

Most of the privacy problems comes from LBRY inc. and the websites which are lbry.tv and odysee.com . the blockchain itself doesn’t have privacy problems.

It’s heavily unsafe and unprivate to use lbry.tv / odysee.com and LBRY inc. 's services. these websites are centralized which makes it insecure. the security of lbry inc’s server is also vague. has possible privacy policy loopholes from third party services. and based on the US which is notorious for It’s mass surveillance.

things to do and avoid while using lbry for privacy;

  • Use only the lbry client with a VPN. (since It’s p2p it’ll leak your ip address)
  • Do not use the odysee app and Android’s lbry client from the playstore.
  • Do not use lbry.tv and odysee.com
  • Do not use LBRY inc. services. (registering with email, syncing wallets, sending analytics and data to LBRY inc.)

How to become anonymous on lbry.

we’ll only use the lbry clients. with p2p our IP address is visible so we have to use a VPN/TOR.

  • prepare your VPN
    • one way is to self-host the vpn on an anonymously bought server
    • alternatively you can use TOR instead of the VPN but it can be really slow. you can use an os like whonix or tails.

whenever you use lbry, don’t forget to use the VPN or else your ip will be leaked.

  • Install the lbry clients from https://lbry.com/get?showall=1

    • disable sharing data and analytics to LBRY Inc. - Go to settings (on desktop, click the gear icon then click settings,), scroll down to “Share usage and diagnostic data”. then disable both of them;
    • disable autostart - (so you don’t accidentally connect without using VPN/TOR) Go to settings again, scroll down to "Advanced settings, then under that click on ‘Manage’. On startup preferences, disable “start minimized”;
  • Do not use/register with an email. (It’s part of LBRY Inc. service, which also means no rewards and wallet/account syncing.)

  • If you want to use an account, register using LBC. I suggest buying it with no KYC exchange service with XMR/monero.


feel free to correct things. I don’t know all things in the world.

Those points aside Im glad someone is doing deep dives on policies, even if I don’t think this particular site tried to be a bastion of privacy in the first place it’s nice to have a plain language look at things. I’ll consider looking at Peertube when sharing links when possible but am still glad that LBRY is a thing in the meantime.

  • EvelynOP
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    4 years ago

    bad thing is most people will use their website and services instead of the LBRY blockchain. if they made a website that utilizes p2p connection with the blockchain instead of using centralized servers, it can actually be a private alternative.

    • Vostronix
      link
      fedilink
      arrow-up
      1
      ·
      4 years ago

      Yes we should start to provide servers for federation :)