So. I thought about the potential of bad actors sniffing on lemmy data. In theory, you’ld have to trust your lemmy-instance hosted to not be a bad actor and every single server they federated with. That means, it should be really - REALLY - easy for a bad actor of even a nation state actor to set up an instance and just wait for the data of users to pour in.

Theoretically they could see all the posts you ever made, and, every post you upvoted. Which also gives clues on: When are you active, what region are you from, etc.

I mean - Maybe I’m too suspicious but tbh the more I read into this, the more I get a bad feeling about this…

  • Gush
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    So you’re saying you can get my lemmy data easily?

    • NicestDicerest@lemmy.worldOP
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Yes. When you like or dislike something it gets synchronized with different federated servers. Which means, federated servers have a database of all your likes and dislikes, and even your posts. The server admins of that server have, by nature, the password for the database and can therefore track every move you make. Just one “Bad guy” that has a server that is federated with your accounts server and they will know a lot about you. And since its open source theoretically everyone can do this. Criminals, Stalkers, Governments, Companies, everyone.

    • NicestDicerest@lemmy.worldOP
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      You can literally go and setup your own lemmy instance in less than 10 minutes. Its so well documented that even the least tech savy person should be able to do that with a bit of research.

      When you’ve done that just wait for the data to flow in. And thats it.