Hi all,
I stood up a single user Lemmy instance today and found out the hard way that you can't have a private instance that can also federate. It was a pain but I had to manually go into the database to fix it.
Now that federation is working and the instance is no longer private, I've noticed that unauthenticated users can see all remote communities I've subscribed to. This wouldn't be a big deal on a larger instance but it feels like a privacy issue since I'm the only user, so everyone can see everything I'm subscribed to.
My question is, is this actually a technical requirement for the federation protocol to work? I've considered trying to configure nginx to serve 403s on certain pages listing communities but I'm not sure if it would break the federation protocol.
Thanks!
AFAIK it's not that easy to access data on the machine while it's running unless they can bypass the lock screen. People pick stupid passwords for their user accounts so it's totally possible to get in in those cases, but otherwise dont you need really sophisticated side channel attacks to get data out of memory on locked system? It's not like there is some port on the MOBO you can just plug into to get access to RAM