this post was submitted on 12 Mar 2024
12 points (87.5% liked)

Lemmy

12557 readers
3 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

Is there a setting page on the lemmy instance where I can download all my data?

top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 9 points 8 months ago

You can download your account settings as a JSON file. That includes the lists of followed communities, saved posts and comments, and blocked instances, communities and users. I'm not aware of any other way to download additional data.

[–] freamon 5 points 8 months ago (1 children)

No settings page (as far as I'm aware), but you can use the API to get everything (posts, comments, etc):

step 1: get login token -

curl --request POST \
     --url https://lemmy.ml/api/v3/user/login \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "username_or_email": "2br02b",
  "password": "YOUR-PASSWORD"
}
'

step 2: use login token (big long string starting with 'ey') to get data -

curl --request GET \
     --url 'https://lemmy.ml/api/v3/user?username=2br02b&page=1' \
     --header 'accept: application/json' \
     --header 'authorization: Bearer YOUR-JWT'

Increment page number until you have everything. source: https://lemmy.readme.io/reference/get_user

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago) (1 children)

One thing to be aware of is that there is ~~currently, AFAIK, no~~ now (since 0.19.3) a way to "disable" a JWT.

Before that, once you had created it, if you leaked it, your account was, as far as I can tell, definitely compromised.

Now, it is possible to logout, to mark the JWT as "invalid".

I will add, ~~as a disclaimer, that I have not checked if~~ that as Nutomic highlighted below, there are conditions (password change, etc) under which ~~any or~~ all JWT (user, ~~instance, etc~~) become invalid. ~~So do audit the code if this is something that concerns you. As far as I am concerned, I treat the JWTs as extra-sensitive information, and store them only on machines I own~~.

Edit: correct information in the light of Nutomic's comments.

[–] [email protected] 2 points 8 months ago (1 children)

The jwt is invalidated once you logout. You can also change/reset your password to invalidate all login tokens for your account.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

The jwt is invalidated once you logout.

Invalidated how?

You can also change/reset your password to invalidate all login tokens for your account.

OK. I was afraid this would not be the case. Thanks for confirming.

[–] [email protected] 2 points 8 months ago (1 children)

Invalidated how?

Well it's deleted from the database so you can't authenticate with it anymore.

[–] [email protected] 3 points 8 months ago

OK there now is a LoginToken class. This was not the case last time I checked. Good. Thanks for your answers.

[–] [email protected] 4 points 8 months ago

Is this a GDPR thing?

[–] [email protected] 3 points 8 months ago

Account settings import/export exists, but not a full data export. Part of the reason is that importing and overwriting historical data isn't possible with activitypub.

But at least a full data export would be possible to do. Open up an issue for this in the lemmy back end.