So. I thought about the potential of bad actors sniffing on lemmy data. In theory, you’ld have to trust your lemmy-instance hosted to not be a bad actor and every single server they federated with. That means, it should be really - REALLY - easy for a bad actor of even a nation state actor to set up an instance and just wait for the data of users to pour in.

Theoretically they could see all the posts you ever made, and, every post you upvoted. Which also gives clues on: When are you active, what region are you from, etc.

I mean - Maybe I’m too suspicious but tbh the more I read into this, the more I get a bad feeling about this…

  • beigegull@lemmy.world
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Before the recent API purge, you could access public data from sites like Reddit and Twitter pretty easily too. I mean it’s still easy now, just not free. The same thing used to be true for Facebook, but their API purge was several years ago and their data model made less data straightforwardly public.

    Personally I’d rather have my public posts be straightforwardly public than the illusion of privacy provided by sites like Facebook. Maybe a lot of people can get away with treating messages to a private Facebook group as private a lot of the time, but it’s simply a wrong mental model that will lead to wrong decisions. A message can either be private or be broadcast to an open-ended set of people - not both.