Profile Privacy Settings · Issue #4223 · LemmyNet/lemmy
github.comI’ve been grappling with a concern that I believe many of us share: the lack of privacy controls on Lemmy. As it stands, our profiles are public, and all our posts and comments are visible to anyone who cares to look. I don’t even care about privacy all that much, but this level of transparency feels to me akin to sharing my browser history with the world, a discomforting thought to say the least.
While the open nature of Lemmy can foster community and transparency, it also opens the door to potential misuse. Our post history can be scrutinized by creeps or stalkers, our opinions can be nitpicked based on past statements, and we can even become targets for mass downvoting. This lack of privacy control can deter users from actively participating in discussions and sharing their thoughts freely.
Even platforms like Twitter and Facebook, often criticized for their handling of user data, provide some level of access control. Users can choose who sees their timeline: friends/followers, the public or nobody. This flexibility allows users to control their online presence and decide who gets to see their content.
The current state of affairs on Lemmy forces us into a cycle of creating new accounts or deleting old posts to maintain some semblance of privacy. This is not only time-consuming but also detracts from the user experience. It’s high time we address this issue and discuss potential solutions.
One possible solution could be the introduction of profile privacy settings, similar to those found on other social media platforms. This would give users the flexibility to choose their level of privacy and control over their content without having to resort to manual deletion or account purging.
I believe that privacy is a fundamental right, and we should have the ability to control who sees our content. I’m interested in hearing your thoughts on this matter. How do you feel about the current privacy settings on Lemmy? What changes would you like to see? Let’s start a conversation and work towards making Lemmy a platform that respects and upholds our privacy.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.43K Posts
- 57.3K Comments
- Modlog
The only privacy setting I can encourage on any social media site is don’t share private stuff about yourself and never link to your account from other accounts
That is part of the problem though. Proper privacy allows you to express what you want to, without self censorship. The issue is not: don’t speak about x, but rather: speak about it and feel comfortable that you can do it in a safe environment. I fully agree with the account linking though
Technical question: How would posts federate if private?
The admin of Blahaj is openly interested in exposing trans people’s alt accounts and outing them on their mains. And somehow it’s the biggest trans instance. We need a community and admin reaction in favour of defederating people who do that.
Wait what? Do you have a source for this?
https://lemm.ee/post/14609313
I don’t see much proof. Did anyone corroborate?
Yes, I saw Ada trying to out a trans person. It was a very odd experience to see from a supposedly safe space, and a definite disregard for their privacy.
In order to show you proof I would have to help Ada in her attempts at doxxing, but I asked a friend who saw the whole thing to confirm.
I understand this is hard to prove without doxxing. This situation is very concerning, and if true absolutely disgusting.
I was there and I was randomly claimed to be DroneRights’ alternative account without any sort of proof to back it up. I could have doxxed myself just to prove that I am not that user in any way whatsoever.
There’s a grim tragedy in how many people in this comment section have either succumbed to defeat or actively seek to advocate against privacy.
The comments can mostly be boiled down to:
You will find Fediverse types are far more cynical and antagonistic to privacy than people on other platforms.
I’ve not seen any of these arguments. Though it may be all downvoted to hell and back.
My main gripe with adding privacy features to Lemmy is that the whole point of Lemmy is that all data is already publicly available and for Lemmy to continue working the way it does it’ll need to remain that way. And because of that there’s nothing that can be done to stop bad actors setting up an instance and selling all the data they collect.
At least in the EU (and UK to a lesser extent) no major corporation would be able to get away with selling that data, so the spent man hours on allowing privacy settings would be wasted time.
It doesn’t necessarily need to remain that way. For example,we should have the option to make our profiles private. We should also be able to create pseudonyms for content we submit. The content will still be federated, but not necessarily linked to one user ID
But why? Is there a compromise taken on privacy in favour of visibility and mass adoption of whatever fediverse client they’re using? I don’t understand this, especially since I also find the strongest advocates for privacy right here.
A lot of Lemmy adopters joined with rose tinted glasses, and came with a lot of good ideas, like getting data out of the hands of big companies, making it easy to access it (as Reddit locked down APIs), etc. Which is all good, but a subset of them believe “not officially belonging to one company” is good enough. As for how your data is handled online, a subset of them believe nothing can be improved, and a subset believes it shouldn’t be improved because your data shouldn’t belong to you at all.
And Lemmy is made up of all sorts, so there’s overlap between Reddit refugees and diehard fans. That interaction is a lot more implicit here, but the friction is a lot more visible on sites like Mastodon where similar privacy discussions have been happening.
Bruh what? If you’re repeatedly making new accounts because you don’t want people reading your post history you’re doing something wrong.
What you’re describing is an issue with all of social media. While your concerns are valid, I don’t see your arguments as privacy issue. I honestly prefer post and comment history being transparent and accessible. It’s much like Reddit and this format fits much better with an open forum style of platform.
Don’t post private information and it’s a non-issue.
Also, can’t you just delete posts and comments like on Reddit?
Would still be nice to hide that information
Nothing ever dies on the Internet. With the federated nature of Lemmy, it’s possible for deletes to not sync across instances, especially if there’s defederation that happens.
Makes sense, when I think about it
Not really AFAIK. Your comment is spread across many instances, and they’re not required to follow your deletion request.
Oh, I see. TIL
It’s no required, but if a server is misbehaving, people could notice and those servers could be defederated. By default, deletions are federated.
What irritates me many times when I enter Lemmy is that instead of my Nick at the top right, someone else’s Nickname appears for a moment, before changing it to mine. This is a sign of an open account sharing channel, which is quite serious and should be fixed quickly. Security at Lemmy is apparently non-existent.
Do you see a random nickname from a stranger, or a nickname of an account that was previously logged into using the same computer?
What is an open account sharing channel?
It occurres sometimes, I see a random nick from strangers. It means that my account obviously is públic and even shared. I will be attentive and I will try to take a screenshot, before the nickname changes to mine while Lemmy loads.
I will also pay close attention and see if I can catch that happening.
It’s not easy to catch, because it’s only a moment when Lemmy loads and just sometimes. For now I always have my eyes to the top right corner when I enter Lemmy.
removed by mod
Plus Lemmy is really good about allowing you to stay anonymous as it doesn’t pull any data other than what you write out. Meanwhile reddit or facebook monitor what you look at and for how long.
To me, it’s an issue of personal responsibility.
Lemmy is, like a lot of Fediverse platforms, about as private as it can be. There’s no trackers, you’re not forced to use real names or any other identifying information, no adverts follow you from site to site, no browser fingerprinting and no instance owners are trying to sell your data.
Beyond that, what you choose to say on Lemmy is your responsibility and yours alone.
The lemmy devs would probably take something sensible like that and flat out shoot it down because they think they know better.
I personally enjoy that this sort of information is public, it keeps people honest and gives a tool to use against bad faith actors. People lie. Besides, it’s not like anyone’s forcing you to post personal information online. Some level of responsibility needs to be put on the user.
If Lemmy cared about privacy, contributing source code & opening tickets would not require opening accounts with a for-profit, US-based, closed, prorietary service owned by a publicly-traded megacorporation that has shareholders to appease & a history (as well as current) record of EEE (embrace, extend, extinguish).
that also uses your code for their AI.
Copilot gets trained on Dessalines’ essays and becomes a Marxist
I mean it took the code production of from workers for the Commons, packaged it up, & sold it back to the workers—often in violation of the license if not the spirit of free, ethical, or similar software. All AI generations should be CC0 / 0BSD licensed.
—Matt Lee, https://www.linuxjournal.com/content/opinion-github-vs-gitlab
I remember a little while ago a thread with someone from kbin gloating that they could see what everyone was voting, and accusing the people upvoting comments they disagreed with of being bigots in a vaguely threatening way obviously intended to produce a chilling effect, and people found this surprising because that information is not public on most instances.
I basically agree with the people saying open info is just the nature of posting on a public forum and of federation, but there could be improvements, even just in awareness of what is and isn’t private.
This is a great point because in the Lemmy UI, this information isn’t shown, and you can’t even list out all posts you’ve upvoted. As most of us coming from Reddit, we’re used to upvotes being private, and probably assume it’s the same. I understand the technical reasons for having the information public, but it is not clear from a user perspective that it’s public.
What’s extra confusing is that I’ve seen people asking about how to get this information from the API, with the answer being that you can’t (I guess to protect privacy?). It’s only accessible to federated servers, but then those can do what they want with it including publishing it to everyone.
If you don’t want to share information on a public forum, then don’t.
Chilling.
https://en.wikipedia.org/wiki/Chilling_effect
While I think most of us forum users are, I get the impression that the biggest proponents of activity pub and the fediverse as a whole aren’t even seeing privacy as even relevant. It’s a lot of talk of businesses having their very own instances to interface with the public rather than needing to rely everything on the whims of Facebook, twitter, LinkedIn, etc. Nothing with regards to the implications for surveillance, identity theft, spam, privacy or security.
Right now, we’re relatively under the radar because the fediverse hasn’t really hit the mainstream yet. But I think it will, and once it does, everything we’ve ever posted will just get slurped up by data trawlers and the flood of spam will be inevitable. We’ll be juggling social media accounts just like we do with emails.
I don’t know if this is relevant, but I’d like to someday have my own kbin instance hosted on my own personal server exclusively for family. I imagine the instance being able to federate content from bigger instances, allowing members to follow people they like on microblogs or participate in federated forums from this privately maintained instance. But if anyone wanted a thread or magazine to be available to users from outside the instance, they would have to specifically opt-in to that option when creating it, and it would only apply to that one thread or magazine. Any other instance would just see our humble little family instance with only that one thing to federate. The rest of the instance would be an ecrypted enclave specifically for family accounts, and completely invisible to the fediverse.