YSK: Your Lemmy activities (e.g. downvotes) are far from private - eviltoast

Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • JasonDJ@vlemmy.net
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Then the instance admin holds the private key and can still decrypt.

    If you cared that much about privacy in DMs, we should have a “profile page”. Post a PGP public key there. Then you can send PGP encrypted messages to anyone who you have a public key for.

    • Waltzy@lemdit.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Aye, my proposal was a trade off between privacy and convenience for non technical users ( it’s only as bad as a non federated social media site).

      The best balance here would be a client on the user device that manages the keys for you, and an API in lemmy for accepting and sending encrypted messages.

      As a side note, I thing PGP is more or less superseded by AGE