I think most of us are aware of the shady history of Reddit when it comes to respecting privacy (and if not, here is but one example: https://techcrunch.com/2023/09/28/reddit-is-removing-ability-to-opt-out-of-ad-personalization-based-on-your-activity-on-the-platform/)
I’m wondering what you feel are the pros and cons of Lemmy in this regard?
On the one hand, Lemmy is structurally very different. There’s no single corporate entity building detailed behavioural ad profiles, most instances run minimal (or no) tracking, and you can choose an operator whose logging, retention, and analytics policies align with your risk tolerance.
Hell you can roll your own (yes, with black jack and hookers).
In theory, that alone removes a huge chunk of the surveillance-capitalism model that platforms like Reddit depend on.
On the other hand, your posts, comments, and votes are not confined to one database - they propagate across multiple servers, each with their own admins, logs, and retention practices.
Deletion is best-effort, not guaranteed. You’re effectively trusting a network of operators, not just one. I dunno whether that makes it better or worse.
Any deep thoughts on this conundrum?
PS: I’m leaning towards “don’t say anything you wouldn’t in a court of law” model these days. If its online - and you don’t own the infra - there’s always a risk.
Even Reddit had third parties tracking everything, with some of them republishing data. There was a long era where sites like Removeddit let you read deleted and removed posts.
In Lemmy it’s structurally different, but there are still plenty of third parties doing similar stuff. For instance, LemVotes is tracking and republishing everyone’s votes (looks like you’ve recently been on a downvote tear, OP).
I have to assume that by now all of the major and aspiring LLM companies are quietly drinking the full firehose of posts and comments (and ignoring delete messages), and will use the data however they want, indefinitely. That probably includes at least one entity happy to give it to law enforcement.
In other words, it’s all public, deletes are only best effort, and the policies of your instance are mostly irrelevant with respect to other parties retaining your data. There are a few things that only your instance knows, such as your IP addresses, but that’s relatively little comfort.
Don’t be dumb.
Oof, busted :)
I had a feeling there were background trackers, even here.
Your comment wrt LLM firehose is on point too I think.
I do think the don’t be dumb is good advice (barring the famous quote from George Carlin) but given what you’ve just shown, it does sort of negate one of the appeals to self hosting a Lemmy instance. A lot of squeeze for not much more juice.
I don’t know if this is a solvable problem but I’m willing to listen / learn.
Wait, so is Lemmy no better than Reddit?? Not OP but would like to know.
Lemmy is way better than Reddit on several fronts. Reddit is a profit-motivated corporation domiciled in a fascist country and their administrative actions reflect that.
“Don’t be dumb” can be interpreted in many ways.
You can accidentally dox yourself anywhere, especially as you build up a large comment history for a person (or LLM) to analyze. You can deduce my age to a pretty narrow range because I’ve written about growing up with modems calling local BBSes. I’ve tried not to write much about my location, but there are probably many clues out there. The totality of my comments may be very good at filtering down who I could possibly be. Similar for anyone else.
One nice thing about Lemmy is that you can make alt accounts on different instances and then limit your community participation accordingly, to choose your own self-doxxing exposure. One account could be great for location-divulging commentary, such as regional politics or the weather involved in your gardening. Another could be great for your porn habits, although lemmynsfw recently went dark.
Reddit has spent a lot of effort building internal tools to correlate your access habits and such so that they can group all of your alts together to try to prevent ban evasion. The Fediverse design makes that much more difficult unless you get colluding instance operators.
Instead of ads here (and their associated surveillance), we have occasional pleas from instance admins to kick in some donations. It’s too bad that we don’t have good anonymous micro transactions yet, but maybe a cryptobro will tell me how easy that is if I would just use their preferred tech. At least you can donate to an instance without disclosing your account (although lemmynsfw was obvious in its purpose).
Lemmy is better, but it’s still public. Don’t be dumb.
I appreciate the detailed response, especially the idea of having separate accounts for separate interests (even if I most likely won’t actually do that). At some point, the number of measures one takes in the name of their online privacy becomes too much. I think that, for now – as someone who had a single Reddit account which had an extensive public history through several communities at the time [I didn’t know any better back then] – it’s enough to just switch from these profit-driven fascist-feeding corporations to platforms like lemmy.
Maybe in the future I’ll have another phase where I take it one step further, I don’t know, but I don’t want to make my using the internet become a nightmare.
It’s a realistic appraisal of Lemmy vs Reddit you’ve provided, I feel.
Public posts publish here.
You want private messages? Get a chat app.
Lemmy lets you sign up and use it without a lot of the linked identifiers that reddit requires, that can be tied to your real identity (so they can serve you targeted ads). These include things like IP addresses, your email address, browser or device fingerprint, phone number, etc.
The other privacy concern I can think of, is middle-men capturing passwords and text input, and IP addresses. As long as your server isn’t using cloudflare (unfortunately many lemmy servers are), and you aren’t using a closed-source app or web UI (unfortunately many users are), you’re likely safe.
Of course the other comments are correct that this is a public platform that’s distributed, so we have to assume nefarious agencies are scanning it, so you shouldn’t say anything that could tie your account to your real identity. Its also probably a good idea to create new accounts every so often if you’re the type of person who tends to leak that info.
PS: I’m leaning towards “don’t say anything you wouldn’t in a court of law” model these days. If its online - and you don’t own the infra - there’s always a risk.
You should assume everything you say online is being captured by govts. Encrypt everything you can, use a no log VPN not based in 15 eyes, use OS and browser with sandboxes/containers
There is no flawless solution , that being said there is such thing as worse and even worse … to me Reddit is “even worse”. I’m only accountable for what I post and what I “vote” on and there I’ve got no problems. It’s nice to know here if there are trackers it’s not necessarily baked in. LLMs maybe reading what it can see but those LLMs aren’t determining how and what I’m doom scrolling. That’s what would bothers me.
And while I’m sure there are bad actors probably willing I still think the fediverse is to small to really garner a ton of effort to extort much of anything.
Can people actually be held accountable to what they write as thoughts and opinions, anonymously? Are you talking about online surveillance in the US?
It certainly seems to be trending in that direction, no? A lot of the “best” ideas do tend to get crowbarred out of the US.
OTOH, with the EU pushing to divest itself of American software and policies, perhaps there’s still some wriggle room.
OTOOH, because of the nature of the Fediverse, something like this can happen in theory:
- You use a German-hosted instance → primarily subject to EU/GDPR
- Your posts replicate to instances in other countries (including the US), which you don’t directly control (unless you self-host and block that)
- Those servers operate under their own local laws
- End result: your reposted data and meta data may now fall within the American legal domain.
