265
submitted 1 month ago* (last edited 1 month ago) by j4k3@lemmy.world to c/youshouldknow@lemmy.world
top 50 comments
sorted by: hot top controversial new old
[-] mrdown@lemmy.world 68 points 1 month ago

Nothing private about the fediverse

[-] Azzu@lemmy.dbzer0.com 60 points 1 month ago

Except the ability to register an account without any personal details. Which makes it completely private if you want.

[-] glitchdx@lemmy.world 31 points 1 month ago

anonymous, not private. the two ideas are not the same.

[-] Swedneck@discuss.tchncs.de 9 points 1 month ago* (last edited 1 month ago)

you should also always assume a sufficiently willing person can find your identity, don't post anything sensitive online, don't post anything that would encourage those with resources to find your identity, and if you're e.g. a politician then only post online to explicitly non-anonymous accounts. If you have a protected identity/location/that stuff, just don't post online at all.

load more comments (1 replies)
[-] AntiBullyRanger@ani.social 9 points 1 month ago

says me, and my army of alts.

/s

[-] Pissmidget@lemmy.world 57 points 1 month ago* (last edited 1 month ago)

I get really surprised going through my up- and downvotes. Seems sausage fingers and mobile app leads to interesting votes sprinkled in with the ones I've actually voted for.

Pretty neat layer of obfuscation, though I can't imagine being interesting or infuriating enough for anyone to go through my voting history.

If it were to happen, I hope it's because of some shitpost of epic proportions.

[-] credo@lemmy.world 6 points 1 month ago

There was another instance that revealed all the data by post/comment. Far more useful to see if s post is getting brigaded, etc, or to see maybe if you have a wierdo stalker.

I just can’t remember what the instance was.

[-] Carrolade@lemmy.world 5 points 1 month ago

Yeah, every once in awhile I check my starred pages just to see what random things got fat fingered onto it. It's mildly amusing.

[-] Substance_P@lemmy.world 43 points 1 month ago

Seems like a fantastic stalking tool for anyone looking to check if you have been a model of social media purity. I'd be shocked if it got used to find derisive upvotes by authorities looking to screen individuals for political reasons. But hey, call me paranoid.

[-] Azzu@lemmy.dbzer0.com 16 points 1 month ago* (last edited 1 month ago)

If you're really worried about that, there's no reason why you need to have your private details associated to your account. You can even have a "clean" main account for show and a "real" secondary account.

Your votes being public is only a problem if your account can be associated with you.

[-] sad_detective_man@sopuli.xyz 5 points 1 month ago

I just had a realization. A lot of content on the fediverse that we interact with is region specific. A user could have no identifying info in their comments or profile but still get doxxed because they upvoted a post associated with things like their job, their home state, places they frequent, medical conditions.

Do you suppose this got posted today because there is a doxxing project happening right now on 4chan?

[-] YellaLeber@sh.itjust.works 6 points 1 month ago

I have no doubt it's incredibly easy to dox someone from upvotes alone. Maybe not on lemmy because interactions are just a lot more infrequent, but on reddit if you upvote posts about Omaha Nebraska, retro game collecting, Subaru wrx, and e bikes, you really narrow down your choice of people. If you just had one other bit of information about the user, like just a general photo or where they went to high school you could definitely nail someone down.

I really do hate this part of the Lemmyverse and wish it was all obfuscated. That with it being impossible to delete your posts really limits how much I want to interact with the site.

[-] tal@lemmy.today 2 points 1 month ago* (last edited 1 month ago)

What could be done to limit the amount of information associated with a username is to switch to a new account periodically.

That's somewhat unfortunate in that it clashes with reputation, which is also important for making the Threadiverse work.

[-] Azzu@lemmy.dbzer0.com 2 points 1 month ago

This doesn't really make sense. What you say is only identifying if you already have this information about someone. If you already do have all this info about someone, what else do you need?

[-] sad_detective_man@sopuli.xyz 1 points 1 month ago

That is pretty dark. I was hoping the admin would take people's safety a little more seriously but I guess it's going to be on us to make sure word gets around a lot more

[-] wizardbeard@lemmy.dbzer0.com 5 points 1 month ago

This is a foundational restriction with how federation works and was discussed back during the exodus from reddit when they cut off their API. Votes can't be federated without identity attached, or you'd end up with a single vote multiplied by however many instances federated it to yours.

This is the price of the fediverse being uncensorable. Everything you do on it is oublic, and norhing can be reliably deleted from the entire fediverse.

There was some efforts to obsfucate voting by one of the m/kbin lemmy alternatives, to have each account have an associated hidden account with a randomly generated name that would technically be the account used for voting, so only the admin of your own instance could connect between your public account identity and your voting identity, but that could also just be defeated by basic pattern identification.

As far as instance admins are concerned, this has been known from the start, and is completely outside of their control. That said, it could definitely use some more signposting for awareness. It's shocking how often this entire discussion gets repeated by people who apparently never thought to look into how federation actually works.

load more comments (1 replies)
[-] lena@gregtech.eu 3 points 1 month ago

The authorities could do this without Lemvotes, just set up a lemmy instance and voilà, you have access to votes

[-] FenderStratocaster@lemmy.world 36 points 1 month ago

Now I'll know which of you goons don't like my jokes.

load more comments (1 replies)
[-] cmgvd3lw@discuss.tchncs.de 34 points 1 month ago

That is really concerning. Activity Pub should have a mechanism to hide those. If by any chance, one's identity is reviled, their entire behaviour history would be out in the wild. The more one use an account, the more information is getting shared. Social engineering is a real thing.

The only way is it be absolutely private by not interacting (lurkers), which is not good for a social media like Lemmy or by changing accounts often.

[-] Croquette@sh.itjust.works 28 points 1 month ago

No we shouldn't. Anyone can create an instance and scrape whatever data.

Assume that all the posts and comment you make are public and linked to your real identity and don't say things you wouldn't say in person.

It's a pretty simple concept.

[-] HereIAm@lemmy.world 11 points 1 month ago

Shame, guess I can't say categorising Palestine Action as a terrorist group is dumb.

[-] Croquette@sh.itjust.works 10 points 1 month ago

My comment was misguided because it didn't take the US social context into account.

You can't say it, but I can though.

Categorising Palestine Action as a terrorist group is ultra dumb.

[-] Substance_P@lemmy.world 8 points 1 month ago
[-] Croquette@sh.itjust.works 3 points 1 month ago

I know that already, I'm fine with what I said.

[-] ohshit604@sh.itjust.works 1 points 1 month ago

This post might as well encourage people to go and harass them, it genuinely isn’t a good look for Lemmy as a whole.

[-] Croquette@sh.itjust.works 2 points 1 month ago

Lemmy is a social media after all, and we have to assume that what we write is public.

Lemmy is great because many instances allow people to create accounts without an email, so you can create burner accounts if you want.

This isn't an oversight. If you aren't comfortable with the coversations you are participating in or the upvote/downvote you make, you either don't participate or you create a burner account for that.

[-] carrylex@lemmy.world 23 points 1 month ago* (last edited 1 month ago)

Oh god this discussion again... We totally haven't had this before:

That is really concerning

The only way is it be absolutely private by not interacting...

I don't know if this is news to you but this is not a lemmy specific problem and basically applies to the entire internet...

[-] tal@lemmy.today 3 points 1 month ago* (last edited 1 month ago)

The only way is it be absolutely private by not interacting...

I don't know if this is news to you but this is not a lemmy specific problem and basically applies to the entire internet...

Hyphanet's Frost can provide pretty solid forum pseudonymity.

But that comes with its own performance, usability, and functionality tradeoffs.

[-] tal@lemmy.today 9 points 1 month ago* (last edited 1 month ago)

identity is reviled [I assume revealed]

The fact that most instances permit external image hosting permits obtaining user IP addresses by posting inline images hosted on a server created by an attacker, then harvesting IPs there. I noticed when going through the code that Lemmy, as of 0.19.4, has an option to protect users of a home instance by proxying images viewed there. However, it requires bandwidth and disk space, and I don't think that many home instances have it on. It is definitely not on on my own home instance, lemmy.today.

0.19.4 release announcement:

Image Proxying

There is a new config option called image_mode which provides a way to proxy external image links through the local instance. This prevents deanonymization attacks where an attacker uploads an image to his own server, embeds it in a Lemmy post and watches the IPs which load the image.

Instead if image_mode is set to ProxyAllImages, image urls are rewritten to be proxied through /api/v3/image_proxy. This can also improve performance and avoid overloading other websites. The setting works by rewriting links in new posts, comments and other places when they are inserted in the database. This means the setting has no effect on posts created before the setting was activated. And after disabling the setting, existing images will continue to be proxied. It should also be considered experimental.

Many thanks to @asonix for adding this functionality to pict-rs v0.5.

I don't know whether PieFed and Mbin presently have comparable functionality.

One major issue is that proxying the images will create more bandwidth usage on a home node, since they're serving up all the images viewed by users of that home node, as well as disk space to store the proxied images


it's more-expensive to run a node in that mode.

Unless your home instance has this option enabled, you should probably consider your IP address to be globally-visible. Note that using a VPN will mean that only the VPN's exit node IP will be visible.

[-] Mniot@programming.dev 6 points 1 month ago

If by any chance, one’s identity is reviled, their entire behaviour history would be out in the wild.

So close to a sweet meter. What do you think of

"If, by some chance, one's handle's reviled / their foul history would be out in the wild."

? It's not perfect. Probably just a little more work-shopping.

[-] Not_mikey@lemmy.dbzer0.com 33 points 1 month ago* (last edited 1 month ago)

I know this is how the fediverse works, and how it has to work. But maybe we shouldn't be advertising this tool right now when the right is trying to dox people and get them fired/deported for liking a kirk meme.

[-] CaptainBlinky@lemmy.myserv.one 2 points 1 month ago

Does it show how an individual votes, something has been voted or both?

[-] jballs@sh.itjust.works 25 points 1 month ago

Apparently I upvote a thousand times more than I downvote.

[-] Justas@sh.itjust.works 3 points 1 month ago
[-] trk@aussie.zone 12 points 1 month ago

Just gives me a 404 error for any of my own stuff I try to look up.

[-] athairmor@lemmy.world 4 points 1 month ago

Check the link you paste into it. If it has “lemmy.link” at the beginning, cut that part out.

[-] j4k3@lemmy.world 4 points 1 month ago

It has to be the link from the root instance. It also needs to be the username@instance syntax

[-] bravesilvernest@lemmy.ml 3 points 1 month ago
[-] BradleyUffner@lemmy.world 11 points 1 month ago

It can be blocked at the instance level by an admin defederating with them.

[-] SatyrSack@quokk.au 3 points 1 month ago

Is it known what Lemmy instance is actually running that site? Even if it were widely known and most instances decided to defederated from it, Lemvotes is open source software that is made to be self-hosted. Anyone could revive the website by running their own instance.

https://github.com/gragorther/votes

[-] rimu@piefed.social 7 points 1 month ago

Yes.

gregtech.eu is the instance.

piefed.social has defederated from it so any community on piefed.social will not be broadcasting votes cast within it to lemvotes.

[-] lena@gregtech.eu 1 points 1 month ago

I'm on gregtech.eu and can still see this post, is it possible to disable just the federation of votes on piefed? If so, very cool.

[-] JTskulk@lemmy.world 10 points 1 month ago

Good, hopefully someone will train an ai on them and offer me better porn!

[-] cornshark@lemmy.world 7 points 1 month ago

AI generates porn of scantily clad woman scrolling and upvoting on lemmy

[-] irelephant@lemmy.dbzer0.com 8 points 1 month ago

unless they're defederated or blocked by gregtech.eu

[-] recursive_recursion@piefed.ca 7 points 1 month ago

Narcissists hate it, everyone else loves it!

[-] RickyRigatoni@retrolemmy.com 7 points 1 month ago

I will use this to find my many enemies.

[-] sad_detective_man@sopuli.xyz 3 points 1 month ago

Good to know. I keep jumping between instances during outages and I'm worried in upvoting stuff twice

load more comments
view more: next ›
this post was submitted on 14 Sep 2025
265 points (100.0% liked)

You Should Know

41651 readers
2 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Rule 11- Posts must actually be true: Disiniformation, trolling, and being misleading will not be tolerated. Repeated or egregious attempts will earn you a ban. This also applies to filing reports: If you continually file false reports YOU WILL BE BANNED! We can see who reports what, and shenanigans will not be tolerated. We are not here to ban people who said something you don't like.

If you file a report, include what specific rule is being violated and how.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 2 years ago
MODERATORS