this post was submitted on 04 Jul 2023
86 points (100.0% liked)
VLemmy Chat
36 readers
1 users here now
A place for chatting, talking about local communities, and overall just vibing in VLemmy. Follow the instance rules when chatting in here.
Remember to post support questions to the support community, [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If they really wanted to, they can make it work. Maybe add spyware through a security hole in Lemmy no one's discovered yet. And since instances are federated, they just spread the disease to one another and it's users. Anything is possible. If a human made it, it can be broken.
One thing I've learned thus far is to never trust a platform/software owner that has a financial interest. RHEL is also a perfect example of that. The latest changes basically do exactly what MS did 20+ years ago when FOSS and open source was at it's infancy - shared source. It's a company that deals with FOSS software for more than 25 years, yet they decided to do this. After you see things like this, you really start to reevaluate things. Many people are scared to donate code to companies now, that's why projects like Arch and Void thrive nowadays. People finally said "f it, I'm not contributing code to a company that might wanna sell that some day, better donate it to community projects".
That's perfectly normal, Lemmy admins have that info as well. Forums also have that info... you can't hide everything, that's nuts, you at least have to have an IP to browse the internet.
Well, kinda, but not exactly. In order for a post or a comment to be saved on Lemmy (and I presume the same is true for Mastodon), 2 copies of the post are made. One resides on your instance (that's called the original) and the other is saved on the instance on which the community you posted in resides (that's the copy). Both copies share the same info, date, time, username, post content, original instance (the one you've got your account on), etc. Even if the IP is only available on the user's instance, that still gives meta (or anyone else) a lot of info to manipulate with. They know my username, post content, date and time of post. That info can easily be exploited by people who know what they're doing. As I said previously, all it would take is a piece of malware that could grab data from the instance's database and send that to Meta, or whoever. People think that this is really hard, it actually isn't, coders do stuff like this for fun every day.
They could do that, but with thousand of instances in the fediverse, that's just not viable. Even if you do it only to the larger instances, you still have to automate the process, which can get tricky if you don't actually use the fediverse'es biggest downfall (and it's biggest strenth at the same time) - everyone is connected to everyone else. Sure federation is clanky ATM, but that will pass. Eventually, everyone will in fact be connected to everyone else. It's a lot easier to spread malware that way.