this post was submitted on 01 Jul 2023
129 points (97.1% liked)

Selfhosted

40415 readers
447 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I'd be really keen to host a lemmy instance but just wondering with GDPR and everything, if there is anything else to consider outside of the technical setup and provisioning of hardware?

Lemmy is storing users data so is there any requirement to do anything GDPR wise?

Hope this is the right place for this - But seen a lot of posts interested in hosting their own lemmy instance, and this is an extension of that

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

This is everything you upvoted:

How does that work? As the admin of the lemmy.max-p.me you have access to your server's db which contains a replica of the db of all servers you receive federation from, including detailed per-user upvotes/downvotes? Correct?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah pretty much, although not entirely. I only get pushed copies of the intersection between the communities my instance tracks and the victim's, and only from the time my server started federating those. I guess I could make a bot account that subscribes to every possible Lemmy communities so that I do get a copy. I could also patch up the backend to ignore any deletion requests and stash up everyone's deleted posts and even go fetch linked images and store them forever.

It's not really a secret though. Some users in another thread were shocked to learn that kbin does publicly display that information. For example, picking the first post on kbin.social: https://kbin.social/m/tech/t/124303/Bluesky-temporarily-halts-sign-ups-because-so-many-people-are-joining/votes/up

Essentially, it's extremely public, so one's gotta be careful about every single interaction on here.

I only did this for example's sake, I respect people's privacy and have no intention of running a hostile instance. But point being, anyone can rather easily.

[–] [email protected] 1 points 1 year ago

Interesting - I had the feeling this was how the federation mechanism worked, I don't see how it could work without sacrificing privacy.

So a "bad" actor could just spin up their own instance, federate with a huge amount of other instances (I don't think other instances have a say in this, except if they explicitly, manually blacklist the "bad" instance?), and start profiling users based on their votes.

The potential for global surveillance is enormous. But I can also see it being useful to detect and fight bot farms, spam, brigading and other bad stuff that has plagued Reddit for quite some time.

Lemmy could do a better job at informing users that basically everything you do here is public (including votes). On Kbin the /votes/up page makes it clear at least (I like that even comments have a /votes/up page).