this post was submitted on 22 Sep 2023
3 points (61.5% liked)

Lemmy Support

4658 readers
9 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 5 years ago
MODERATORS
3
submitted 1 year ago* (last edited 1 year ago) by canute to c/[email protected]
 

So I was interested in Lemmy, I checked Privacy policies of multiple instances; so far I cannot find any instance which doesn't collect IP address at all; many instances dont even provide any info about what data they are collection (however they are using cookies so I assume they will be logging IPs too). I found some instances that say they delete IP address logs after 12 months, these are :

  1. linux.community
  2. endlesstalk.org
  3. lemmy.one

If anyone knows any other instance with similar or better policy for the user, kindly comment because I took quite a time to read through the "Legal" section of the instances.

Also, I find it odd that lemmy instances are storing 12 months, many firefish instances store IP addresses for 90 days

top 7 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 1 year ago (1 children)

however they are using cookies so I assume they will be logging IPs too

You don't need to log IPs to use cookies nor do cookies imply IP logging

[–] canute -4 points 1 year ago* (last edited 1 year ago) (1 children)

I meant that such instances are collecting cookies for login without informing the user or/and not providing any Privacy Policy. Even if they are not collecting IP addresses (which I think is not the case for many), the fact that those instances are not mentioning what data is being collected makes me think that they aren't concerned about user anonymity.

[–] [email protected] 1 points 1 year ago

Lemmy isn't meant to be an anonymous platform afaik. Any web server is going to collect IP addresses by default. Even if the server admin doesn't keep those logs, it's still possible for the ISP to keep similar logs

If you're worried about that, you'd be better off using tor or a vpn

[–] [email protected] 5 points 1 year ago (1 children)

Private != anonymous. Saying "we don't collect logs" really doesn't mean all that much as there's still many, many ways to track and uniquely identify you. That said, if you want to shield your IP from an instance using a VPN is your best bet rather than relying on someone's pet Lemmy instance to not store logs or delete them after a period of time.

[–] canute 1 points 1 year ago
[–] [email protected] 2 points 1 year ago

I think most don't actually keep the logs for longer than necessary for bot counters, it would be waste of resources.

[–] [email protected] 2 points 1 year ago

If you have an account and a session you have a cookie or some other sort of "tracking" to know you're logged in.
I put it in quotes because the tracking via cookies people is usually worried about is the one used to identify and use your behaviour, but tracking if you're logged in or not is usually fine.

As for the IP logging, I'm not sure but AFAIK IP addresses given by ISPs are dynamic, so every now and then you'll have a new IP anyways.
If you're sill paranoid, why not use a VPN or a proxy?
Still, those services can track your original IP so we end up in the beginning and we need to go into another rabbit hole.
Again the same as with the cookie, usually the problem with IP logging is if it's to identify your behaviour and aggregate it to sell it in some way, but the one done by software like lemmy is to prevent spammers and bad actors, so it's a necessary evil.

You're right tho, 12 months of IP log is a lot, not sure where you read that, I haven't looked at all the code in lemmy to know how easy is to identify the IPs of each user.