If you are actually concerned, browse with a vpn, sign up without an email.
The amount of work needed to get any extra info is not worth it and hard to actually do anything with.
One of the best strategies on the internet is to assume that everything will leak eventually and operate with that perspective in mind.
Well, there are not many details to share anyway (registration is just username/password, e-mail is optional). And since everything is federated, they'd need to bring down all of Lemmy, which may not even be possible for them due to different instances being hosted in different countries.
I think what they are referring to is this.
The concern is that since the operator of the instance is not a huge corporation, it would be easier to achieve. I would bet that it's possible for an instance operator to have ip addresses of their users. So, it is a legitimate concern.
What about IP address? Or device info? Probably they collect that data.
Can't find anything about that over on GitHub, sorry...
A major issue in my opinion is cloudflare. It's horrible...
It really depends on how that specific instance is set up. Of course during the registration you provide your username and email, but some instances may keep logs that contain things like ip addresses, your user agent and so on (my instance does, for example, but only for a limited time), while some may opt to not keep that info at all (from the sysadmin perspective though they'd kinda be in the dark while trying to fight things such as server abuse).
However, I don't know how it looks from the legal perspective. I'd imagine only the courts could force you to share the information stored on the server, but that requires a trial.
Welcome to /c/piracy
No netflix or streaming services landlubbers allowed, this is pirates territory.