• henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    121
    arrow-down
    1
    ·
    1 year ago

    Now is a good time to remind users that you are placing some trust in the instance that you use. Lemmy is not anonymous. It is pseudo-anonymous. Your instance can do pretty much anything with your account up to and including turning your account into a sock puppet, and they know exactly where you’re connecting from.

    With that said, it’s a lot better than most social media today that actively tries to violate your privacy at every turn.

    • Bearigator@lemmy.fmhy.ml
      link
      fedilink
      English
      arrow-up
      34
      arrow-down
      1
      ·
      1 year ago

      This is part of why I signed up through FMHY. If anybody is going to try to protect my privacy it is probably going to be the very actively pro-piracy group.

    • circuitfarmer@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      30
      ·
      1 year ago

      To add to this: some instances require your email address, and others don’t.

      Obviously there are plenty of other ways you won’t be really anonymous, but if it’s important to you, one step in mitigating issues is not to have an email associated with your account.

      • thetreesaysbark@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        You may know the answer to this. If I’ve signed up with no email, and whilst on a secure VPN, how are they going to track me?

        • MBM@lemmings.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          edit-2
          1 year ago

          Your instance could (edit: theoretically, if they’re running custom Lemmy code) track you by your browser fingerprint (screen size, installed fonts, plugins, etc.). Others could keep a profile on you based on what you comment/post/upvote and when.

          • thetreesaysbark@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            So if I’m on an app instead of a browser, that app developer would have to provide info on me too?

            As for what I comment/post/upvote, that’s not really what I’m asking about as that’s a profile on what I do, not who I am from an identifiable point of view (correct me if I’m wrong)

            • circuitfarmer@lemmy.sdf.org
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Depending on the content you post though, it could hypothetically be traced to you. Potentially even mundane things like mentions of geographic locations, word choices, common phrases you use, common topics – all of those could be considered at least partly identifying in the right contexts (assuming someone was looking for it and already had info about some particular cue that indicates you).

              The point is: you can’t really be too careful, and realistically should assume there is always a way someone (including yourself) could be jeopardizing your privacy, if not overtly (by some kind of software or network tracking) then by holes in operational security.