As we are concerned about privacy, I am curious just to understand if lemmy can be at some point exploited by someone to profile its users.

  • Zeth0s@reddthat.comOP
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Thanks. It would be interesting to understand if some anonymization technique could technically be created, and eventually implemented in the future.

    Because it looks a pretty dangerous situation, given what people discuss on social media nowadays…

    • fubo@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      That may not be possible with web technology.

      Browsers send URLs to web servers. The web server has to have the URL the user wants in order to serve a response; and it has to know who the user is in order to check permissions (e.g. don’t accept a moderation action from a user who is not a moderator).

      This inherently creates an opportunity for the web server to record any details about that exchange.

      • Zeth0s@reddthat.comOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        What if database entries are encrypted, so that a person cannot match email and username with the requests in the urls?

        Users’ client create encryption key on client side. Would it make sense?

        • LordXenu@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          This all happens before the database even gets asked for information. The web server will make a log of the requests as they come in before responding.

          At minimum the web server needs to know where to send the data back to.

        • SheeEttin@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          If you consider the server to be malicious, why would you trust any claim that the data is encrypted?

          • Zeth0s@reddthat.comOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I am thinking more of a Meta “threads” -like situation. Not necessarily malicious, just a different privacy expectations between user and provider

        • dudeami0@lemmy.dudeami.win
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          It’s still a fingerprint, the most vague information correlated with other data points can make a useful fingerprint. This is how a lot of the companies can track you even if you aren’t logged in, you using any service creates a pattern that with enough aggregate data can be used to approximate who you are.

        • fubo@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Somehow the server has to be able to look up the user’s subscriptions so it knows what posts to show them.

          • Zeth0s@reddthat.comOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I am mainly thinking about matching navigation history with identifiable information… You are right, It’s a tricky thing…

            I also wonder, if lemmy becomes a thing, with numbers in the same order of magnitude of reddit, if and how gdpr will affect server admins… Having a privacy anonymization tool built in by design might avoid headaches on the long term