this post was submitted on 05 Apr 2024
-19 points (35.8% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54577 readers
238 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

I thought r/piracy was dead but I see is very active, I don't know if mods changed or something though. Where do you guys think is best to ask questions?

you are viewing a single comment's thread
view the rest of the comments
[–] anzo@programming.dev 10 points 7 months ago (2 children)

How is it "less" private? Because the API isn't a paywall, sure. But... I don't know what's your perspective, really.

[–] lemann@lemmy.dbzer0.com 9 points 7 months ago (2 children)

Probably along the lines of federated user activity, so things like upvotes/downvotes etc and subscriptions to a community being federated to the relevant server(s)

So even if you're lurking just voting on content, someone could setup a lemmy server, sub to a bunch of communities, and theoretically look at incoming activitypub updates from those communities for your activity I think

[–] anzo@programming.dev 4 points 7 months ago (1 children)

Assuming that is really an issue (depends on who you are, what you're doing, and the motivation of the actor mounting such spying infrastructure), how is it any different on Reddit? First, being closed source and everything, we can't rule out that easier and large scale logging isn't already implemented. Secondly, such actor would probably just pay the API and scrape the same data if not with more details. It would also get extra metadata from brokers, etc.

Ultimately, if you want privacy, I agree that federation is undesired. That's why there are Lemmy instances that block all other instances by default. AFAIK those were from right extremists and pesos, at least judging by the name of their URLs.

[–] TheGalacticVoid@lemm.ee 3 points 7 months ago (2 children)

The difference here is that on Reddit, only 1 party has access to your info. On Lemmy, it's any party who has an instance that federates with yours.

[–] anzo@programming.dev 2 points 7 months ago (1 children)

Well, on Reddit any party can pay the API prices that are needed to scrape data. So, the paywall. I guess it's some measure... But if you are being tracked by such an actor, your threat model can't really include reddit... It's defeating the purpose. All this is discussion on air.

[–] TheGalacticVoid@lemm.ee 2 points 7 months ago

Reddit doesn't provide nearly the same level of granular data that Lemmy does via the API or any publicly available channels. While we can't verify whether stuff like upvote data is sent or sold to data brokers, we do know that Lemmy, by design, gives it to literally anyone who wants it.

[–] Ringmasterincestuous@aussie.zone 1 points 7 months ago

On one hand everyone can access it, on the other, 1 party can sell it.

[–] Bezier@suppo.fi 2 points 7 months ago (1 children)

I don't think it sends info about subscriptions and voter identities to other servers, or am I wrong?

[–] key@lemmy.keychat.org 6 points 7 months ago (2 children)

You up voted "how did "step" porn become so popular when we did such a good job keeping scat and insest porn out of the mainstream for so long" and "I didn't forget your birthday either."

And down voted "seamless seeking"

I can say you're not subscribed to the like two communities on my instance. Subscription (follows) mostly only go to the instance hosting the community in question. Voting goes everywhere though.

[–] Bezier@suppo.fi 2 points 7 months ago (1 children)

I tried to look more into this and I guess that everything goes out identifiable in some way.

And down voted "seamless seeking"

I looked up what that post is, and it ain't downvoted. Might have accidentally hit it, and then un-disliked, without that getting federated.

[–] anzo@programming.dev 3 points 7 months ago (1 children)

Oh yes, that's an issue with Lemmy. Edits don't get federated, they stay on the instance. I didn't knew but it makes sense that it's the same with votes.

I believe the issue is that to keep every updated you'd need a far more complex system, like streaming the changes or CRDTs.

[–] Bezier@suppo.fi 1 points 7 months ago
[–] StrawberryPigtails@lemmy.sdf.org 2 points 7 months ago

The others in this comment thread have covered the potential threat vector fairly thoroughly. It’s not something I’m particularly worried about at the moment, but it is something that I try to keep awareness of for the future.