I’ve been grappling with a concern that I believe many of us share: the lack of privacy controls on Lemmy. As it stands, our profiles are public, and all our posts and comments are visible to anyone who cares to look. I don’t even care about privacy all that much, but this level of transparency feels to me akin to sharing my browser history with the world, a discomforting thought to say the least.
While the open nature of Lemmy can foster community and transparency, it also opens the door to potential misuse. Our post history can be scrutinized by creeps or stalkers, our opinions can be nitpicked based on past statements, and we can even become targets for mass downvoting. This lack of privacy control can deter users from actively participating in discussions and sharing their thoughts freely.
Even platforms like Twitter and Facebook, often criticized for their handling of user data, provide some level of access control. Users can choose who sees their timeline: friends/followers, the public or nobody. This flexibility allows users to control their online presence and decide who gets to see their content.
The current state of affairs on Lemmy forces us into a cycle of creating new accounts or deleting old posts to maintain some semblance of privacy. This is not only time-consuming but also detracts from the user experience. It’s high time we address this issue and discuss potential solutions.
One possible solution could be the introduction of profile privacy settings, similar to those found on other social media platforms. This would give users the flexibility to choose their level of privacy and control over their content without having to resort to manual deletion or account purging.
I believe that privacy is a fundamental right, and we should have the ability to control who sees our content. I’m interested in hearing your thoughts on this matter. How do you feel about the current privacy settings on Lemmy? What changes would you like to see? Let’s start a conversation and work towards making Lemmy a platform that respects and upholds our privacy.
If Lemmy cared about privacy, contributing source code & opening tickets would not require opening accounts with a for-profit, US-based, closed, prorietary service owned by a publicly-traded megacorporation that has shareholders to appease & a history (as well as current) record of EEE (embrace, extend, extinguish).
that also uses your code for their AI.
Copilot gets trained on Dessalines’ essays and becomes a Marxist
I mean it took the code production of from workers for the Commons, packaged it up, & sold it back to the workers—often in violation of the license if not the spirit of free, ethical, or similar software. All AI generations should be CC0 / 0BSD licensed.
Choosing proprietary tools and services for your free software project ultimately sends a message to downstream developers and users of your project that freedom of all users—developers included—is not a priority.
—Matt Lee, https://www.linuxjournal.com/content/opinion-github-vs-gitlab
A very stupid issue. Lemmy is similar to Reddit, not Twitter. Do not post something on public forums that you do not want the world to see. Lemmy does not need to become a private forum, as it will lead to horrific levels of federation abuse. All federation must be public.
Plus Lemmy is really good about allowing you to stay anonymous as it doesn’t pull any data other than what you write out. Meanwhile reddit or facebook monitor what you look at and for how long.
I personally enjoy that this sort of information is public, it keeps people honest and gives a tool to use against bad faith actors. People lie. Besides, it’s not like anyone’s forcing you to post personal information online. Some level of responsibility needs to be put on the user.
To me, it’s an issue of personal responsibility.
Lemmy is, like a lot of Fediverse platforms, about as private as it can be. There’s no trackers, you’re not forced to use real names or any other identifying information, no adverts follow you from site to site, no browser fingerprinting and no instance owners are trying to sell your data.
Beyond that, what you choose to say on Lemmy is your responsibility and yours alone.
The admin of Blahaj is openly interested in exposing trans people’s alt accounts and outing them on their mains. And somehow it’s the biggest trans instance. We need a community and admin reaction in favour of defederating people who do that.
Wait what? Do you have a source for this?
I don’t see much proof. Did anyone corroborate?
Yes, I saw Ada trying to out a trans person. It was a very odd experience to see from a supposedly safe space, and a definite disregard for their privacy.
In order to show you proof I would have to help Ada in her attempts at doxxing, but I asked a friend who saw the whole thing to confirm.
I understand this is hard to prove without doxxing. This situation is very concerning, and if true absolutely disgusting.
I was there and I was randomly claimed to be DroneRights’ alternative account without any sort of proof to back it up. I could have doxxed myself just to prove that I am not that user in any way whatsoever.
I remember a little while ago a thread with someone from kbin gloating that they could see what everyone was voting, and accusing the people upvoting comments they disagreed with of being bigots in a vaguely threatening way obviously intended to produce a chilling effect, and people found this surprising because that information is not public on most instances.
I basically agree with the people saying open info is just the nature of posting on a public forum and of federation, but there could be improvements, even just in awareness of what is and isn’t private.
This is a great point because in the Lemmy UI, this information isn’t shown, and you can’t even list out all posts you’ve upvoted. As most of us coming from Reddit, we’re used to upvotes being private, and probably assume it’s the same. I understand the technical reasons for having the information public, but it is not clear from a user perspective that it’s public.
What’s extra confusing is that I’ve seen people asking about how to get this information from the API, with the answer being that you can’t (I guess to protect privacy?). It’s only accessible to federated servers, but then those can do what they want with it including publishing it to everyone.
The lemmy devs would probably take something sensible like that and flat out shoot it down because they think they know better.
I have a feeling that you might be misunderstanding what the actual purpose of lemmy is. lemmy has taken quite a few design decisions from Reddit which is exactly the same way. Both platforms are public places where all content is shared. Anyone using them needs to be aware of that fact. Mastodon might be a better fit for you as it is more focused on individuals rather than public communities.
Well, not exactly.
Reddit Lemmy Content is public Content is public API access is limited API access is limitless Vote data is inaccessible Vote data is accessible No email needed Email or something else often required One privacy policy Basically no privacy policy
If you’re not running your own server privacy policies are not even worth the pixels they’re presented on.
Literally, you’re just taking a random person’s word for it (whoever the admin is). A website is a black box, you have no idea what’s going on on the back-end.
The only way to be in complete control of your user data is to run your own server and be literally the only user on it.
Even then, any public comments you make are, you know… public.
Ask me no questions and I’ll tell you no lies. It asks much less of my instance admins if it’s understood that my information was never private to begin with.
Even then, any public comments you make are, you know… public.
As they should be.
Public comments is how you can find patterns of sketchy user behaviour.
Well there’s still the legal threat. You have to trust someone, unless you’re creating your own hardware and never connecting to the internet
True! All your data will pass over other hardware owned by other people.
The only real online privacy is not connecting to the internet to begin with.
The whole system is based on trust.
Which is why I think some of these privacy demands are straight silly.
*to run your own server,
be the only person on it,
and never federate with any other serverLemmy’s privacy makes Reddit’s look like Fort Knox by comparison. I think that’s worth considering: an open-source volunteer project requires and leaks way more data than a private corporation it’s mimicking.
I think that’s worth considering: an open-source volunteer project requires and leaks way more data than a private corporation it’s mimicking.
It couldn’t be that one has had loads of VC funding for *checks notes… 15 years. Whereas one has been barely funded for five years and has more people complaining than adding code.
Actually, it makes perfect sense that an open source project that doesn’t have a big organization behind it isn’t going to have the same capability anywhere near as quickly. Reddit also makes money from advertising. The money for Lemmy is from donations and an abysmally small set of grants.
Hell, Matrix, an actual open source communications protocol is 9 years old and they still haven’t gotten encrypted video group chats working properly and if I recall correctly still offload a lot of that to JitsiMeet. I was using Matrix/Riot.IM (now Element) in 2016 and it was garbage that barely worked, and updates constantly broke what previously worked, etc. It took time to become better and Matrix does have a whole ass organization backing it.
For comparison, Lemmy has been around for about five years and they’ve had far less financial backing and developers contributing to the project. Matrix has governments like France and Germany lining up for services for private communications, which means they’ve literally got people paying them for the service of helping manage their Matrix servers. Lemmy doesn’t have the same advantages. They don’t have a service or ads to sell (no ads is part of the appeal.).
For what its worth, Veilid exists, if you’re looking for a better framework to start with than ActivityPub.
Technical question: How would posts federate if private?
I strongly agree, I wrote a post on this type of privacy and why it matters, which I’ve dubbed “casual privacy”. https://coship.bloggi.co/casual-privacy
pull requests would work a lot better than blog posts.
I prefer the complete lack of privacy settings because it is open and honest about the reality of what Lemmy is able to provide.
Even if you’re running your own instance, you are necessarily submitting your data to another party. I don’t have to trust the platform as much when my data isn’t private. It’s much easier to engineer a system around that assumption.
If we suppose that anything I submit to Lemmy is submitted to the public, I can’t be misled. My data cannot be leaked because I’m presenting it to the world already. Lemmy is a young social project with many problems to solve, still trying to gain traction and hold on to users and with an uncertain future. In brief: bigger fish to fry.
Maybe privacy controls could be on the list, but I don’t think it addresses the main problems or applications of the platform and creates its own set of issues. Keep it simple and stupid.
Idk, doesn’t quite seem appropriate for a federated reddit clone. I think you’re better off on a chan board
On Lemmy any comment you post gets federated out to other servers, so it’s available to anyone who sets up a server. So by design it is not possible to control who gets to see or archive your comments. I could set up a server to permanently archive every comment it sees, and if your server sends me your comment it goes into my archive. Probably people are already doing this for data mining. It’s not clear that you could bolt some kind of privacy control on to this architecture, which is fundamentally designed for sharing.
Although I agree that is how things work now, one could imagine a different approach:
For instance, I could maybe control who my content gets federated to. That is, if I decide I don’t particularly want my content blasted to certain places that my instance would not call any blocked ones with my data.
If that causes some issues with ActivityPub, you can imagine encrypted blobs that could only be opened by others with a shared key.
We don’t need to achieve perfection out of the gate, to me these questions are worth discussing so that we can build out more high quality tech for the fediverse, let’s not try to just immediately shut down discussion.
How would you ensure other instances are not sharing your content?
To me this seems to be a question of ideology. I came here from Reddit because this is an open forum with transparent history.
Federetion by design ensures that accessibility (as far as I understand, correct me if I’m wrong). This design principle to me is the core. If that seems like an issue maybe this style of social media is not for you.
Can you elaborate on what being “an open forum” means?
In this context, it’s an open public digital space. Noone is obligated share anything.
The part that is discussed as a privacy issue is a design element. It is by design post are visible to everyone, it is by design that comments are visible to everyone.
How is it a privacy issue when the user desides what to post for everyone to see?
If you are looking for a different design ideology then maybe you need a different social media platform.
So regarding an open, public digital space like Twitter, how do you feel about people having the ability to lock their accounts and instantly hide all their tweets from the public?
Mastodon doesn’t have that, but it could.
My reaction to adding something like that will always be “that would be rad” regardless of previous assumptions about how public an app should be, or truisms like “the Internet is forever”, because I believe strongly that trying to fix issues is better than letting them languish unchecked.
I’ve never been on Twitter. Besides Reddit I really disliked all other main platforms. So answering your question: I don’t care, it’s a different platform for different style of social media interactions.
the Internet is forever
My position has nothing to do with this sentiment. Internet forgets, and often.
I like federated nature of Lemmy, I like that there is no “private” accounts. This is a feature not a bug.
I’m not trying to argue against privacy, but what you are describing isn’t a privacy issue or an issue at all. It’s a design element. And it’s this design is why I like it here.
As someone here has said, at some point the responsibility has to fall on the user. You don’t need to share anything. As long as the nature of the platform is clear (and it’s a separate discussion) the is no issue to be fixed.
If to you that is seems as an issue, well then maybe you are at the wrong place. And if the platform changes in the direction I don’t agree, I will leave.
I like that there is no “private” accounts. This is a feature not a bug.
I’m not trying to argue against privacy…
I appreciate your honesty but this seems to conflict
Could ≠ Should.
Smarter defaults should be encouraged by products that are made for consumers, not corporations
The very nature of Lemmy and most social media, is that what you put out there is public. If you don’t want everyone in the world to read something you wrote, then social media may not be your kind of thing.
You need to be careful when you mix the prescriptive with the descriptive. You are correct, that from a descriptive standpoint, social media is not private. But does that mean, from a prescriptive standpoint, that we should discourage efforts to make it more private?
Personally, I prescribe a projects like Lemmy that aren’t interested in selling our data in becoming more private. And I believe privacy defeatism is unhealthy.
And I believe privacy defeatism is unhealthy.
Is there such a thing as “perfect privacy?”
Because it seems that, to exist in society, is to give up some form of privacy by dint of existing in it.
You cannot stop yourself from being observed by other people, if they can see you. That’s just basic reality.
To be completely private, you would have to live in the woods and not interact with anyone or speak with anyone.
Is it defeatist to be realistic about the limitations of the idea of privacy?
As someone who has spent a lot of time seeking internet privacy, I’ve learned that more often than not I’m making myself more conspicuous. That doesn’t mean I’m going to give up on privacy, but it does mean that I’m going to consider its limitations.
EDIT: I’m reminded of an interview with Mark Hossler from Negativland. The interview is long gone from the internet (it was on an obscure website pre-youtube) but the center of it always stuck with me.
“If you really want full control of your art, don’t show it to anybody, keep it in your home.” His argument was Richard Dawkins’ argument for memes. The human mind functions by copying and mimicking. When someone else has viewed your artwork, they’ve already created an internal image of it in their memory. That memory is inconsistent with reality, but if they have a good memory, they can recreate it relatively easily (if they have similar artistic skills). You can’t really stop that kind of copying from happening, so the only way to fight it and keep “complete control” is to not share it at all.
Similarly, the only way to have complete control over your privacy is by not interacting with anyone at all.
Mark Hossler’s interview
Not the interview in question
Give me some good hints and help, and I will dig it out from the depths of hell.
