Is there any laws against it ? Will the admins walk scot free ? This question just popped into my head its not serious but do feel free to answer .

  • solrize@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    9 months ago

    I think only the instance that the person reads from gets that person’s click trail. The sending and receiving instances get the private messages between users A and B, but I don’t know if other instances get those. I do think it’s an anti-privacy design in Lemmy that the person’s read actions are logged. I would change the architecture to avoid that among other things. Alternatively I think of running my own instance just to avoid leaking this info.

      • solrize@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        9 months ago

        I get the impression that lemmy’s designers wanted to build a meme propagation system rather than a discussion forum. Well they got what they wanted.

        • tal@lemmy.today
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          9 months ago

          Ehhh. As much as I have annoyances with the devs on some issues, I think that it’s more that it’s just hard to design a distributed system like this without thinking of all the tradeoffs and security and privacy issues.

          Like, there were some cross-site scripting issues in the past in lemmy. I didn’t spend a lot of time looking into them, but there were some web dev types who were kinda scathing, said that this is something that an experienced Web dev should know about. But I don’t think that the lemmy devs thought “oh, let’s add cross-site scripting security holes”. I think that it was probably just that they didn’t have someone with a lot of Web security experience – which is its own little unique field – looking at what they were doing.

          If you want to permit for inline images – which may or may not be a good idea, agree that they aren’t essential – then there are going to be tradeoffs. If you have a user’s home instance fetch and serve all the images, which is what they do with comment text, then that avoids exposing a user’s IP on comment view to random other people…but then it also increases bandwidth costs to run a lemmy instance. Maybe by a lot. And if instances are mutating comments to redirect images to be versions that they host, then if you want to do pubkey/privkey signing of comments, which might be a good idea down the road, then you’re gonna introduce more complexity, because that’d invalidate a comment’s signature. Lemmy would have to do something like expose both the original comment and the mutated comment and let a client validate the signature. Maybe have a signature on images to ensure that another instance isn’t just replacing the images with something else. But then that maybe breaks if a remote site generates an image dynamically and its content changes every time it’s served. Lot of tradeoffs and unintended side effects. And it’s a distributed system with different people who may or may not trust various other people to do various things and may not all agree on what acceptable risks are.

      • Hyperreality@kbin.social
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        9 months ago

        I use a VPN. Good luck whoever decides to DDoS the CIA, FBI and/or NSA.

        FBI/NSA/CIA man: don’t pay attention to me, as you can see all I do is torrent shit movies and watch porn.