this post was submitted on 11 Jul 2023
11 points (92.3% liked)

Lemmy Support

4655 readers
9 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 5 years ago
MODERATORS
 

Hi every lemmy. I've just stood up a couple new instances and I've been hanging out in the Admin chat over at https://matrix.to/#/#lemmy-support-general:discuss.online. Someone there asked if they could view subscriptions so I wrote and shared the sql query. (could I have done better on the joins with 2 joins to instance?)

sql query to all user subscriptions

And that's when I realized what an invasion of privacy that is. Maybe there's an easier way to do it but could we add optional support for user key pairs, so that if I associated a public key with my account, everything related to me in the db gets hashed with that key? Then I provide my private key at login?

I say optional because I know that's hard for a lot of folks. But maybe there's a way to make it easier with something like letsencrypt at sign up so it would be trivial for everyone to do it.. Or maybe there's a way to do it globally with a central key common to all instances, perhaps paired with instance specific keys?

I understand there's other aspects of user activity that would be best made private to so this could also work, say for votes or whatever else.

you are viewing a single comment's thread
view the rest of the comments
[–] Max_P@lemmy.max-p.me 6 points 1 year ago* (last edited 1 year ago) (9 children)

There's no reasonable way around it. The best that can be done would to anonymize the votes but then there's nothing preventing a rogue instance from reporting "yup, 500 users have upvoted this".

Tying the votes to an account can be helpful mitigating spam. Bots can analyze your patterns and based on your account age, comment history and what not, establish whether you're a legit user. If everything is anonymous, there's nothing that can be done.

ActivityPub was just not designed with privacy in mind. There's debates as to whether Lemmy can possibly be GDPR compliant at all.

Keys would not help at all here, you just switch it from a user ID to a public key.

Either we have trusted mega instances, or we have complete transparency.

[–] boulderly@lemmyadmin.site 1 points 1 year ago* (last edited 1 year ago) (8 children)

lets take community subscriptions specifically. Here's a handful of rows from community_follower with my person_id. Why couldn't you hash community_id with my public key and then I provide my private key to whatever ui client I'm using to populate my feeds when I log in?

rows from the community_follower table

[–] Max_P@lemmy.max-p.me 3 points 1 year ago (3 children)

Then how is the server gonna know what content to push to your home instance?

Arguably that might not be needed for subscriptions specifically, the home instance could just know the overall list of subscriptions and use that. But then the subscription counters would be wrong, and lead to the same problem as votes.

But at least subscriptions are already strictly between the home instance and the remote instance, and never leaves the instance if the community is local.

[–] boulderly@lemmyadmin.site 1 points 1 year ago

also, you could modify subscription counters so you had a count of subscribers from an instance without knowing who they were.

load more comments (2 replies)
load more comments (6 replies)
load more comments (6 replies)