this post was submitted on 04 Jul 2023
1355 points (97.0% liked)

You Should Know

33420 readers
406 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 2 years ago
MODERATORS
 

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: Obligatory RIP my inbox.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 501 points 1 year ago* (last edited 1 year ago) (11 children)

To anyone surprised at this: welcome to the fediverse, please treat everyhing you do or say as public.

The way to achieve privacy around here is by following the long forgotten arts of the old internet before Facebook was a thing: use a Nick name and don't tell strangers on the internet your real identity.

Your home instance will act as a proxy and only they have access to your email and IP address. That does stay private.

So, as long as you trust your home instance to not leak or disclose your connection or sign up data (which would be illegal in EU countries), just sign up with an alias.

A very positive aspects of this is that it should allow us to detect voting manipulation by correlating the activity of certain potentially malicious actors. If Lemmy instances take vote manipulation seriously and do their best to block bots this has the chance to make Lemmy / Kbin much more transparent and credible than Reddit ever was.

[–] [email protected] 139 points 1 year ago* (last edited 1 year ago) (7 children)

Lol. kids these days would psot their bank info online if the banks didn't prevent them from doing so.

[–] [email protected] 99 points 1 year ago (5 children)

You say that like A/S/L wasn't a thing back in the day.

[–] [email protected] 76 points 1 year ago (3 children)

19/f/Cali was the only acceptable response

[–] [email protected] 39 points 1 year ago (2 children)
[–] [email protected] 12 points 1 year ago

Depends, could I have talked some vanilla WoW gold out of you?

[–] [email protected] 10 points 1 year ago

As I put on my robe and wizard hat…

[–] [email protected] 4 points 1 year ago

puts on wizard’s hat

[–] [email protected] 2 points 1 year ago
[–] [email protected] 18 points 1 year ago (1 children)

Even back then we were told never to reveal that sort of stuff online. How many of us do you think were telling the truth?

[–] gravitas_deficiency 7 points 1 year ago (1 children)

You think someone would do that?

Just go on the internet and tell lies?

[–] snakesnakewhale 3 points 1 year ago

I don't know about you but I'll have you know I graduated top of my class in the Navy Seals, and I've been involved in numerous secret raids on Al-Quaeda, and I have over 300 confirmed kills. I am trained in gorilla warfare and I'm the top sniper in the entire US armed forces.

[–] [email protected] 13 points 1 year ago

Lol yeah but we were 12 back then and we still understood the internet better than anyone else 🙃

[–] [email protected] 7 points 1 year ago

Yall remember those “your stripper name is the street you grew up on and your pet’s name” challenges? Literally phishing for password recovery keys.

[–] [email protected] 4 points 1 year ago (1 children)
[–] [email protected] 4 points 1 year ago (2 children)
[–] [email protected] 1 points 1 year ago

Flagrant System Error

Computer Over.

Virus = Very Yes

[–] [email protected] 25 points 1 year ago (1 children)

I don't want to shame anyone, but I've had people sign up give me their full DoB and offering to show me their ID. I know of people who disclose their id to get access to nsfw discord communities.

[–] [email protected] 5 points 1 year ago

DUDE MY GIRLFRIEND FUCKING DID THAT AND I JUST LOOKED AT HER AND ASKED HER IF SHE THOUGHT THAT WAS A GOOD IDEA. In hindsight no, thankfully she's gonna be moving soonish. This was from before we were together, otherwise I would have warned her not to do that. It was the same discord she got a cyberstalker from, thankfully the stalker wasn't a friend of the owner because otherwise he totally could have gotten her address and irl info.

[–] [email protected] 9 points 1 year ago

Wasn't there a twitter account that retweeted people posting photos of their credit cards?

[–] [email protected] 6 points 1 year ago

so would my grandpa

[–] [email protected] 5 points 1 year ago

So would a significant portion of the population of all ages

[–] [email protected] 4 points 1 year ago

19/f/Cali is the only acceptable response

[–] csm10495 1 points 1 year ago

If I offered someone a nice cup of Starbucks, they'd give me their SSN.

[–] [email protected] 15 points 1 year ago (2 children)

Your home instance will act as a proxy and only they have access to your email and IP address.

Your home image typically doesn't proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.

[–] themoonisacheese 1 points 1 year ago

That's fair enough, but other servers can't correlate your account with your IP nor do they have your email. User agent strings are public information, and you control what it is. If you're worried about privacy, simply send a recent chrome user agent and nobody can identify you in the sea of other chrome user agents.

[–] [email protected] 0 points 1 year ago (1 children)

The posts just contain a URL which doesn't include the uploader's ip address or their browser string.

[–] [email protected] 3 points 1 year ago (2 children)

When the browser loads that URL, hotlinked image, that server has to have your IP address to return the results. Just browsing posts those images are being loaded.

[–] [email protected] 1 points 1 year ago

Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.

[–] [email protected] 1 points 1 year ago

Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.

[–] [email protected] 12 points 1 year ago (1 children)

I whole heartedly agree with this perspective.

Additionally, and this is an unpopular opinion, but trying to maintain a Nick or online identity over many years is folly. You end up with a huge repository of personal information, increasing the risk that it can be connected to you personally.

[–] NorwegianBlues 4 points 1 year ago

This has come up as part of those requests to migrate accounts between instances. "I want a persona that stays with me for years"... Is that actually a good idea though!?

[–] [email protected] 8 points 1 year ago (1 children)

What about post views? Are those also stored?

[–] [email protected] 18 points 1 year ago (1 children)

No, Lemmy currently doesn't do authorized fetch and thus there's no way for users to request access to a certain post, which would sort of require to disclose a user wanting to get access to something. So no, they are not stored as part of activitypub.

They could be logged on your instance's server and/or the server where are an image is hosted as part of typical logs for web requests. These would contain your ip address and other browser metadata such as the user Agent, but these are typical logs that happen every time you load anything on the internet on any website that exists.

[–] [email protected] 7 points 1 year ago (1 children)

Me, using an mail alias + VPN, should be safe privacy wise. :)

[–] sugar_in_your_tea 1 points 1 year ago

That's only going to protect you from your instance admin or data breaches knowing your connection location and email.

Most doxxing happens from user-submitted information. For example, you just mention the following:

  • the city you live in
  • your birthday
  • physical characteristics - hair color, height, etc

Those can be done across a lot of comments, and someone can easily write a script to distill all of that into a list of details.

My general strategy is:

  • don't give someone a reason to dox me - i.e. be polite
  • recreate my account every so often - usually 1-2 years
  • lie frequently to make it harder to sift through
  • assume someone is going to try to dox me
[–] [email protected] 6 points 1 year ago (1 children)

No, an alias will only give you pseudo-anonymity. Even trivial analysis like counting which words occur together frequently in your writings can reveal with very good accuracy any other alt of you, so the available information of you is basically everything you have shared online with enough accompanying self-written text.

[–] [email protected] 0 points 1 year ago

Also, it's not just about privacy, it's about retaliation. It will be the easiest thing in the world for people to put together bots that will track the downvotes on every post they make and automate adding those people to block lists. Suddenly a whole fleet of alts is invisible to the people that would disagree with them.

[–] [email protected] 2 points 1 year ago

The thing is, there is really no way to know is trustworthy as a home instance...?

[–] [email protected] 2 points 1 year ago

That is why I am as my username states: intentionally anonymous

[–] [email protected] 0 points 2 months ago
[–] [email protected] -1 points 1 year ago* (last edited 1 year ago)

This person internets. 👏