YSK: Your Lemmy activities (e.g. downvotes) are far from private - eviltoast

Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • PixxlMan@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    If it’s hashed it’s impossible to see your password (hashing is a one way process, it’s not encrypted). However nothing prevents someone from running a modded instance if they want to harvest passwords.