this post was submitted on 13 Jul 2023

20 points (95.5% liked)

Privacy

31775 readers

388 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Why just blocking Meta's Threads won't be enough to protect your privacy once they join the fediverse (privacy.thenexus.today)

submitted 1 year ago by [email protected] to c/[email protected]

15 comments fedilink hide all child comments

top 15 comments

sorted by: hot top controversial new old

[–] [email protected] 7 points 1 year ago

This isn't how any of this works at all. Defederation does not increase your privacy from them. That's not how federation works. They still will see your posts. Blocked or defederated. You just won't see theirs. Blocked means you filter out their content. But they could theoretically show up in comments. Defederated means it won't populate. But it doesn't mean your content won't get populated there. They simply can't comment on content from or direct message folks on a server that defederated them.

Privacy through obscurity is as bad as security through obscurity.

Any real danger Meta presents is looming regardless of federation. I'm not against defederation. I'm just against defederating without purpose. And to be honest, what I've heard so far leads me to believe defederation will be my likely call if and when Threads goes live with ActivityPub (well, defederate with their primary instances at least, not sure of the details of how one can defederate with every Threads based instance, though it may be simple). But I don't even know if they'll federate with Lemmy/Kbin to begin with and I do not want to start some trend of instances needing to act on hypotheticals.

Tl;Dr - defederation does not increase your privacy at all. Not saying you shouldn't defederate for other reasons, but your exposure is absolutely unchanged one way or the other. This article has federation entirely wrong.

[–] [email protected] 6 points 1 year ago (1 children)

To be fair I do not expect any privacy protections from lemmy/mastodon in general, or from blocking/defederation in particular.

Lemmy/Mastodon protocols are not really private, as soon you place your data in one instance your data is accessible by others in the same instance. If that instance is federated this extends to other instances too. In other words the system can be seen as mostly public data since most instances are public.

The purpose of blocking or defederation (which is blocking at instance level) is to fight spam content, not to provide privacy.

[–] [email protected] 3 points 1 year ago (1 children)

I do sort of expect the Lemmy instance to protect my IP address, email associated with my account and whatever fingerprinting can be done in the browser as well as protect any Javascript they use from injections of third party Javascript, but only when accessing the instance, not when following external links or otherwise loading external content (e.g. images hosted elsewhere).

[–] [email protected] 2 points 1 year ago

Fair point (IP, email, browser session data). Those should not be exposed via the federation in any way. And the existence of the federated network means we could switch instances if we are concerned our instance is a bad actor about this.

I did not mean to suggest the ecosystem is not valuable for privacy. I just really don't want people to associate federation with privacy protections about data that is basically public (posts, profile data, etc). Wrong expectations about privacy are harmful.

[–] [email protected] 6 points 1 year ago (1 children)

Lemmy isnt't meant to be private, it's a public forum. One should fully expect everything one posts to be seen by anyone. Assume Meta is using all your Lemmy posts to try and build a profile on you - be careful how much personal info you post.

[–] [email protected] 1 points 1 year ago (1 children)

Also periodically delete your account and start a new one with a new name. Harder to build a profile on you if the data is spread between unrelated accounts that don't reference each other.

Or has AI made this untenable?

[–] [email protected] 3 points 1 year ago (1 children)

Depends what your trying to hide and from who. Someone trying to stay anonymous from creepy dudes is fine (ops sec best practices should be used if one wants to stay anonymous). If someone with resources (say some agency) wants to figure out who you are, they can de-anonymized instantly due to all the tracking that's out there, plus any subpoena power they might have, it's a wrap. "AI" doesn't even need to come into play (not that I even know what you mean by AI)

[–] [email protected] 1 points 1 year ago (1 children)

Is that it then? The best privacy we can expect to have is to never be looked upon by Sauron's Eye?

There must be atleast one community out there who specialises in privacy that even the acronym boys can't see.

[–] [email protected] 3 points 1 year ago

Honestly I think the answer is a depressing no. Your face is already on some facial recognition software somewhere (most likely). If you pay for an internet connection, your IP will be able to get traced back to your real world identity. If you have a cell phone or use a modern computer, there is so much finger printing and tracking going on that its basically a lost cause.

Now there are steps you can take to fight for your privacy, but if you take part in the modern world, I don't think there are any easy steps. The acronym boys have access to all the identifying systems and much more.

Now if you are serious about guarding your privacy, there are steps to take and a more privacy focused forum/board/community can give better pointers than me, but if you are looking to not be identifiable or untraceable by a state actors, that's some real spy level shit. Remember "they" can find and identify the serious cyber criminal players, but most of the time these guys are in countries that dont have extraditions to the US. An anonymous cyber criminal only has to fuck up once to be uncovered

[–] [email protected] 4 points 1 year ago (1 children)

All content on Lemmy are public by design, you can collect any data by just connecting to any instance, they don't need a full on federated instance. Threads changes nothing as far as privacy is concerning. Don't post anything you don't want to be spread all over the internet, with no way to remove it.

[–] [email protected] 0 points 1 year ago

You should read the article first

[–] [email protected] 2 points 1 year ago (1 children)

The case with Matisse is absolutely horrifying.

[–] [email protected] 1 points 1 year ago

Sort of reminds me of that Google thing, I think it was when they started Google Plus when they had this braindead idea of adding everyone in your phone book without your consent.

[–] [email protected] 1 points 1 year ago

Here is a major red pill that no one from this community will ever shallow:

You will never be 100% anonymous.