this post was submitted on 17 Feb 2024
70 points (97.3% liked)

Lemmy

12506 readers
3 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
[email protected]
70
RFC for Private Communities in Lemmy (github.com)
submitted 8 months ago by [email protected] to c/[email protected]
15 comments fedilink hide all child comments
all 16 comments
sorted by: hot top controversial new old
[–] [email protected] 28 points 8 months ago (5 children)

Given that the admin of any instance with a single approved follower can see the contents of the community, this idea feels like placebo privacy. The false sense of privacy could be counterproductive.

The only way I can think to federate with something resembling true privacy would be to use PGP or similar. Encrypt the data with the user's private key, send it to and store it on remote instances encrypted ,and decrypted in JS on the user's computer. That would require users to mange private keys which they would no doubt lose, and be a lot of work for a pretty niche feature.

[–] [email protected] 9 points 8 months ago* (last edited 8 months ago)

And then a user copy-pastes all the content onto pastebin or something lol

I guess the more important part might be only allowing posts/comments/votes from actually approved users, this should be good enough for that purpose

Anything more than that just use a local-only private community

[–] [email protected] 4 points 8 months ago* (last edited 8 months ago) (1 children)

Or maybe let's name the feature restricted community or something similar, instead of private community, to not make that fake sense of privacy

[–] [email protected] 3 points 8 months ago

I think this would likely be the simplest solution and is worth considering especially since similar concerns have been raised with Mastodon over their naming of messaging specific people ("private"/direct/mentioned only/etc.).

Exclusive may be another good term instead of private.

[–] [email protected] 3 points 8 months ago

I like it. can you make a pull request?

[–] [email protected] 0 points 8 months ago

I can think of alternatives. For example, the server could keep the user's private key, encrypted with a passphrase that the user must have. So key loss wouldn't be an issue. (Yes, passphrase loss might, but there are lots of ways to keep those safely already, compared to key material which is difficult to handle.)

[–] [email protected] 9 points 8 months ago (1 children)

Awesome to see!

Can't help but think that there's gotta be a relatively straight forward to hack this over ActivityPub though? I'm not over whatever security there is in the protocol, so that likely does not mean much at all.

But how hard would it be for a server to convince a normal lemmy instance that it is doing all the right things in terms of following/subscribing to a private community when it's actually displaying it publicly?

For that reason I wouldn't be surprised if some would prefer, for the sake of caution, to run a private community in local only mode too. Not that a federated private community isn't useful ... it totally is, even if there is a risk.

[–] [email protected] 12 points 8 months ago* (last edited 8 months ago) (1 children)

That's just the nature of giving someone access to private content though. Even a single user could mirror everything to a public space and completely ruin everyone's day. You just have to take into account that you're giving access to the user AND the instance admin when approving a request, and that you trust them to do the right thing.

[–] [email protected] 3 points 8 months ago

Yea. Hopefully people will be aware of that.

If combined with a local only instance, then you’d have fewer concerns though, which is near as the feature is coming already.

[–] [email protected] 5 points 8 months ago (1 children)

Giving the idea a fair shot, what did people use private communities for on Reddit?

We had one for testing automod, but either that doesn't really need to be private or you could use a closed instance on Lemmy for it.

Other than that, I know of the meme communities that you'd randomly be added to

[–] [email protected] 3 points 8 months ago

Some people share game codes, piracy sites, etc, so stuff they didn't want scraped by bots.

[–] [email protected] 5 points 8 months ago (1 children)

A late pattern in Reddit was personal subreddits - communities named after the account that created them. They were infrequently used, but it provided a smoother pipeline for people who lurked or commented in existing communities to become comfortable making posts and moderating communities themselves.

Ideally these communities would be prevented from appearing in the "Trending Communities" list or local/global feeds unless someone other than the owner was subscribed to them, but wouldn't be private in the sense that no-one could see them. Just they wouldn't get wide distribution.

Another pattern is the "Country Club" post - where individual posts in a community could be limited to people verified to post in restricted threads. This comes from BlackPeopleTwitter. The individual verification method is likely not the only way to achieve this. People who comment or vote could be limited to only those who share the instance, are subscribed to the community before the post is made, or are members of instances whitelisted by the community.

Both of these patterns are interpretations of 'private' to mean 'restricted' and not 'secret'.

[–] [email protected] 2 points 8 months ago (1 children)

Ideally these communities would be prevented from appearing in the “Trending Communities” list or local/global feeds unless someone other than the owner was subscribed to them, but wouldn’t be private in the sense that no-one could see them. Just they wouldn’t get wide distribution.

This raises a distinct but interesting additional feature request that might complement "private" or exclusive communities, as well as others that might like to prepare a community before promoting it: a hidden or unlisted setting for communities.

That would enable what you mention here, preventing their appearance from trending, and perhaps also user profile/data areas (i.e. if one can indirectly view others' subscriptions, this might offer a way to obfuscate/hide that from others besides admins).

[–] [email protected] 2 points 8 months ago

That makes sense.

[–] [email protected] 4 points 8 months ago

I don't really see the point, but it seems to be something people want.