Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server
  •  ManeraKai   ( @ManeraKai@programming.dev ) 
    link
    fedilink
    English
    30
    edit-2
    1 year ago

    Opposite to Instagram or Facebook, on Lemmy or Mastodon you can create an anonymous account. Yes it will be logged (normal public internet), but you won’t be treacable. The UI doesn’t have any tracking scripts, and many instances don’t require an email even to sign up. Use the Tor browser to spoof your IP.

    • There are certainly ways to manage your privacy in how you use this service, and it’s different in a lot of ways from other services out there. Users should be educated on the risks against different types of threat models:

      • In what ways can my comments be linked to my real world identity, through correlation to my username, registered email address/phone number/Matrix ID/other identifier, by other users of this service?
      • In what ways can my comments and activity be linked to my real world identity by site administrators or other privileged users of the service (through access to things like server logs, trackers, etc.)?
      • How can I control what activity I consider to be public or private on this service, and who can view that activity I prefer to be considered private?

      Even with end to end encryption (which Lemmy does not have for DMs), the most secure protocol is only as secure as the other end you don’t control. People can and will screenshot, save, log, or simply remember what you’ve sent them before.

      Lemmy and ActivityPub are new services and protocols to a lot of people. The shortcuts they have internalized on what is or isn’t true about privacy of other services (Facebook, Instagram, TikTok, Snapchat, Reddit, plain old email, cell phones, WhatsApp, iMessage/Facetime, etc.) need to be re-learned for these specific services.

      New users should understand that the Lemmy/ActivityPub protocols on deletion or privacy of DMs don’t necessarily work like other services they’re used to. And we should encourage robust discussion around these things until they become common knowledge.