this post was submitted on 20 Aug 2023
672 points (87.2% liked)

Lemmy.world Support

3248 readers
1 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge


You can also DM https://lemmy.world/u/lwreport or email [email protected] (PGP Supported) if you need to reach our directly to the admin team.


Follow us for server news ๐Ÿ˜

Outages ๐Ÿ”ฅ

https://status.lemmy.world



founded 2 years ago
MODERATORS
 

This is completely counter productive to growing Lemmy. I absolutely despise discord. Look at the network traffic it generates and tell me wtf they are doing. They won't tell you. Their business model will leave you completely dumbfounded as to how they exist. Everything shared on the platform is lost in a black hole unavailable to the outside world and everything shared is a privacy nightmare. Posting this, pinning it here, and locking it is one of the biggest trolls possible. It pisses me off every time I log in. "Everyone else does it" is the excuse of idiots. Discord makes absolutely no sense to anyone that actually cares to look into it, read the user agreement, and ask sane questions about what they are doing.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] CantSt0pPoppin 21 points 1 year ago (1 children)

Sure, Lemmy does not offer end-to-end encryption by default, which means that your messages could be intercepted by someone who is able to access your ISP's network or the Lemmy server. A red flag for me is the fact that Lemmy stores some user data on their servers, such as your IP address and email address. This data could be used as breadcrumbs.

Lemmy may not sell user data to third parties, but what about the servers? There have been some security vulnerabilities found in Lemmy's code. These exploits could result in servers being hijacked or user accounts compromised.

So, what does all this mean? It means that it is your personal responsibility to take steps to protect your privacy and security when using Lemmy. This includes using the encryption feature, being aware of the risks associated with using Lemmy, and carefully evaluating the privacy policies of any platform before you use it.

I know it's a lot to keep track of, but it's important. Your privacy is your business, and it's up to you to protect it. So take these things seriously, and don't let anyone take your privacy away from you.

About the concerns with Discord:

Creating a post saying, 'everyone else does it' and locking it is funky in my book. I, like you, I am all about transparency and understanding. I fully understand your anxiety, and it is a bit warranted. I am not trying to sound like an alarmist.

On the subject of Discord, it is amazing and disturbing how much data is curated and harvested. Their business model is quite mysterious. No one really knows what their real motives are. Discord shrouds itself and does not provide clear and concise privacy audits or statements on the subject.

You are concerned about your privacy, and rightfully so. Lemmy is designed for privacy from the ground up when used properly and only with encryption functions enabled. Discord, on the other hand, unfortunately has a stranglehold on the instant messaging backbone.

CVE-2021-29465: This vulnerability allowed attackers to overwrite any file on the system with the command results. This could have been used to steal user data, install malware, or take control of Discord servers.

CVE-2021-29466: This vulnerability allowed attackers to read local files from the server. This could have been used to steal user data, such as passwords or chat logs.

CVE-2021-34491: This vulnerability allowed attackers to bypass Discord's rate limit, which could have been used to send spam or DDoS attacks.

CVE-2022-22936: This vulnerability allowed attackers to take control of Discord servers by exploiting a flaw in the Discord Token Generator.

These are just a few examples, but I would be lying if I said they were not patched. That being said there is no telling how many zero-day security risks are out there at this time, so it is important to stay vigilant and ask the hard questions to ensure that your privacy is protected.

Lastly, you could totally start a community here on .world for Discord alternatives. It's a easy breezy lemon squeezy way to find people who are also into privacy and security.

[โ€“] [email protected] 10 points 1 year ago (1 children)

I just wanted to address a single point from your comment:

Lemmy does not offer end-to-end encryption by default, which means that your messages could be intercepted by someone who is able to access your ISP's network

If the Lemmy server is using HTTPS, nobody at your ISP or anywhere else between you and the Lemmy server should be able to read your messages (they could see that you are exchanging data with a particular host, but not the contents).

[โ€“] [email protected] 1 points 1 year ago

Glad someone mentioned this already, not so surprised OP hasn't either updated their comment or replied