I’ve been on Lemmy for some time now and it’s time for me to finally understand how Federation works. I have general idea and I have accounts on three federated instances, but I need some details.
Let Alpha, Beta, Gamma and Delta be four federated instances. I have an account on Alpha and create a post in a community on Beta. A persoson from Gamma comments on it and a person from Delta upvotes the post and the comment.
The question: On which instances are the post, the comment and the upvotes stored?
On all instances. Each instance has copy of what happened and every action is relayed by community instance (in this case, Beta) to all subscriber of the community.
So if I make an instance, I can scrape all the content and gather data on every user and sell it to Cambridge analytica?
Technically, yes. But if you are caught red handed, be ready for the mass ban to your account/instance.
But if it’s just sat there silently data gathering, nobody would know?
Yup, that is what professional/corporate scrapper do from the very beginning. Fediverse has poor privacy, and it is designet that way. It is better to share only safe content to fediverse for our safety, and share more private things on messaging/chatting apps like matrix or email only to person we trust.
What info do you think they will get? The only info is what you put in the public info on the user profile on your instance. So they can get your username (well user@instance), avatar, about info. That’s about it. Anything else like email address and password hashes are only stored on the instance you signed up to.
Every single comment and post anyone ever names and anything they are subscribed to. Run everyone’s content through some sentiment analysis, and now you have a great set of users, emails and their commonly used IP, grouped into interests, general mood, and political leanings, perfect for advertising.
Where are you getting email and ip from?
your votes are visible to all instances. it’s easier to think about when you think of voting like favoriting in mastodon except lemmy doesn’t send a notification
Yes, I discussed this in another thread. There could be ways to protect this info. But, it would mean totally changing (and agreeing with all other threadiverse apps) the way this is handled. Even then, I’m not sure you could prevent exploitation if the full info isn’t sent. On kbin this info is visible anyway. You don’t need any fake instance to do it.
What’s my name?