Reddit: IP Address Disclosure Puts User Anonymity At Risk * TorrentFreak - eviltoast
    • recursive_recursion [they/them]@programming.dev
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      edit-2
      9 months ago

      For our instance we’ve answered that here:

      Reddit might be forced to hand out IPs of users frequenting piracy subreddits: how does programming.dev compare?

      edit: just wanted to share a great observation that was made by UlrikHD in our admin channel:

      “So if a company wanted to demand the ip of every member on a piracy community, they would have to contact every instance federated with that community then
      good to know”

    • ripcord@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      10 months ago

      Instance owners would have way, way fewer resources and almost definitely need to just capitulate. Assuming they even had the info to share, though.

      • bamboo@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        40
        ·
        10 months ago

        IANAL but withholding evidence from a court order can hold you in contempt of court. I remember hearing a story of a person who was accused of having CSAM on an encrypted hard drive, and refused to decrypt it, and is in jail until he decrypts it. Just because you’re a person doesn’t mean you can ignore a warrant.

        • originalucifer@moist.catsweat.com
          link
          fedilink
          arrow-up
          46
          ·
          10 months ago

          information itself is a liability. best to have a policy of ‘we keep no IPs in logs, so are happy to hand over whatever’… dump data the moment you dont require it

          • Tangent5280@lemmy.world
            link
            fedilink
            English
            arrow-up
            29
            ·
            10 months ago

            yeah, this sounds like a much more sustainable solution. Do it the way signal does it. Collect as little as necessary, and delete it as soon as you dont need it.

          • cmnybo@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            10
            arrow-down
            1
            ·
            10 months ago

            Just store what logs you need on a ram drive. The logs will be gone the instant the server shuts down and there is no way to recover them.

            • nevemsenki@lemmy.world
              link
              fedilink
              English
              arrow-up
              8
              ·
              10 months ago

              Downsides include : if any intrusion happens on the server, red team just needs to reboot it to wipe evidence.

              • Perhyte@lemmy.world
                link
                fedilink
                English
                arrow-up
                5
                ·
                edit-2
                10 months ago

                If they have the root access typically needed to reboot a server1 they could also just wipe the logs without rebooting.

                1: GUIs typically have a way to reboot without such privileges, but those are typically not installed on machines just used as servers.

        • Davel23@kbin.social
          link
          fedilink
          arrow-up
          7
          ·
          10 months ago

          I looked into that guy somewhat recently, he was in jail for something like five years then eventually released. Kind of a sickening situation all around.

      • esserstein@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        With the federation does that also mean that the ip records are replicated? Because that would be a lot of parties that can be threatened, with only one required to give in…

    • gregorum@lemm.ee
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      6
      ·
      edit-2
      10 months ago

      Don’t browse lemmy with your naked IP. This isn’t the 90s. When using the Internet, wear a condom.

      • Johanno@feddit.de
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        1
        ·
        10 months ago

        As long you don’t do the “known illegal” stuff you don’t need a VPN.

        However if you upload copyrighted material a vpn is one of very many steps to ensure that the police won’t get you. A VPN alone does not provide any security. It delays at best the police

      • Nighed@sffa.community
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        10 months ago

        Ah yes, give your browsing history to the shady VPN company instead.

        Although that would help in this situation.

          • Nighed@sffa.community
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            4
            ·
            edit-2
            10 months ago

            A VPN either:

            1. Logs access/usage so it can be given to authorities. (And/or sold/stolen etc)

            2. doesn’t log usage data and willingly accepts that some disgusting stuff will be done using their service.

            1 might have to give browsing data if sued by a media company, 2 is ethnically bankrupt and shouldn’t be trusted at all.

            Doesn’t mean their not useful, just be aware of who you are giving your money to and the limitations of their protection.

        • yamanii@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          At most you will get some targeted ads (if you use “free” ones), compared to fines and jail, I say it’s a good trade-off.