this post was submitted on 05 Apr 2024
-20 points (34.8% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54746 readers
245 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How is it "less" private? Because the API isn't a paywall, sure. But... I don't know what's your perspective, really.
Probably along the lines of federated user activity, so things like upvotes/downvotes etc and subscriptions to a community being federated to the relevant server(s)
So even if you're lurking just voting on content, someone could setup a lemmy server, sub to a bunch of communities, and theoretically look at incoming activitypub updates from those communities for your activity I think
Assuming that is really an issue (depends on who you are, what you're doing, and the motivation of the actor mounting such spying infrastructure), how is it any different on Reddit? First, being closed source and everything, we can't rule out that easier and large scale logging isn't already implemented. Secondly, such actor would probably just pay the API and scrape the same data if not with more details. It would also get extra metadata from brokers, etc.
Ultimately, if you want privacy, I agree that federation is undesired. That's why there are Lemmy instances that block all other instances by default. AFAIK those were from right extremists and pesos, at least judging by the name of their URLs.
The difference here is that on Reddit, only 1 party has access to your info. On Lemmy, it's any party who has an instance that federates with yours.
Well, on Reddit any party can pay the API prices that are needed to scrape data. So, the paywall. I guess it's some measure... But if you are being tracked by such an actor, your threat model can't really include reddit... It's defeating the purpose. All this is discussion on air.
Reddit doesn't provide nearly the same level of granular data that Lemmy does via the API or any publicly available channels. While we can't verify whether stuff like upvote data is sent or sold to data brokers, we do know that Lemmy, by design, gives it to literally anyone who wants it.
On one hand everyone can access it, on the other, 1 party can sell it.
I don't think it sends info about subscriptions and voter identities to other servers, or am I wrong?
You up voted "how did "step" porn become so popular when we did such a good job keeping scat and insest porn out of the mainstream for so long" and "I didn't forget your birthday either."
And down voted "seamless seeking"
I can say you're not subscribed to the like two communities on my instance. Subscription (follows) mostly only go to the instance hosting the community in question. Voting goes everywhere though.
I tried to look more into this and I guess that everything goes out identifiable in some way.
I looked up what that post is, and it ain't downvoted. Might have accidentally hit it, and then un-disliked, without that getting federated.
Oh yes, that's an issue with Lemmy. Edits don't get federated, they stay on the instance. I didn't knew but it makes sense that it's the same with votes.
I believe the issue is that to keep every updated you'd need a far more complex system, like streaming the changes or CRDTs.
Nice
The others in this comment thread have covered the potential threat vector fairly thoroughly. It’s not something I’m particularly worried about at the moment, but it is something that I try to keep awareness of for the future.