• OpenStars@piefed.social
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    3
    ·
    4 days ago

    I wonder if Lemmy will be included. On the one hand we are tiny, but there are also a lot of extremists here so it’s enriched in precisely the types that they would most want to know about.

      • OpenStars@piefed.social
        link
        fedilink
        English
        arrow-up
        9
        ·
        4 days ago

        How much though? I mean we have usernames yes there’s that, but can the federal agencies simply request that an instance turn over all signup data for all users and accounts? That might be an argument to avoid using US-based instances (though those mostly use Mbin or PieFed rather than Lemmy).

        Or Lemmy is notoriously leaky itself - couldn’t someone simply put a thumbnail that pings a server owned by those agencies, and thereby get IP data directly? (or if not a thumbnail then a link to some website, like maybe supposedly a wordpress software or something, which functions yet also feeds IPs too) They could even spin up their own instance and watch all voting and posting traffic coming in as well, which in correlation to the IP addresses could tie down a user account. I guess a proxy would solve this particular issue. iirc there is all kinds of traffic from all kinds of servers whenever you visit every single Lemmy page, so simply putting out a post seems like it would be enough to get data from anyone that even so much as views it in their feed?

        Another one relates to that time that Lemmy.World put out a user survey based on Google - anyone that responded would thereby tie a Google account to using Lemmy.

        Sorry, I am all questions here and no answers, but this is going to be life & death & livelihood to so many people - splitting families apart all over again (I am referring to the previous border incidents, where e.g. babies were ripped from their mothers’ arms, some of which never did get reconnected even multiple years later).

          • OpenStars@piefed.social
            link
            fedilink
            English
            arrow-up
            3
            ·
            4 days ago

            Oh I thought that was blocked, but I guess maybe that’s just Lemmy.World that did that, while other instances can do otherwise (I thought I recalled that lemmy.cafe could - not from an onion b/c Lemmy itself somehow precludes that, but over Tor perhaps?).

            • Wildly_Utilize@infosec.pub
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              3 days ago

              Lemmy world uses cloudflare, privacy respecting instances would never block tor

              Mander.xyz even has an .onion hidden service

          • OpenStars@piefed.social
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 days ago

            Not a public one no, but instance admins can see it.

            And what is to stop someone from hosting content - like an image - onto their personal server, then collect the IP addresses of everyone who visits? e.g. couldn’t you receive a message in your DM, and without being asked, merely viewing the (auto-loading!) image could reveal that it was your account (that the DM was sent to) that came from the IP address that the image hosting server recorded in the incoming traffic?

            Maybe I’m wrong? But that’s what I fear.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              3
              ·
              3 days ago

              Yeah, that’s certainly possible, and AFAIK Lemmy doesn’t really do anything to protect against it (they’d have to intercept any outgoing content fetches).

              However, in order to do that, they’d need to make a honeypot account that posts to get that data. That’s a lot of effort for a border patrol agent to go through on a quick stop, so they’re probably only going to bother for specific targets. So unless you’re targeted, they’re probably not going to bother making an effort to gather that type of information. The big tech companies will just hand that data over (for a fee, of course), whereas the federated nature of Lemmy means your admin would need to do that, and I just don’t think that’s very likely.

              That said, if you’re worried about it, practice good OPSec. Use a VPN, burner email addresses, and don’t post personal info (or if you do, post conflicting personal info as often as you post accurate info).