this post was submitted on 06 Jul 2023
11 points (92.3% liked)

Lemmy

12572 readers
1 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

As we are concerned about privacy, I am curious just to understand if lemmy can be at some point exploited by someone to profile its users.

you are viewing a single comment's thread
view the rest of the comments
[–] Zeth0s@reddthat.com 2 points 1 year ago (4 children)

What if database entries are encrypted, so that a person cannot match email and username with the requests in the urls?

Users' client create encryption key on client side. Would it make sense?

[–] LordXenu@lemm.ee 3 points 1 year ago (1 children)

This all happens before the database even gets asked for information. The web server will make a log of the requests as they come in before responding.

At minimum the web server needs to know where to send the data back to.

[–] Zeth0s@reddthat.com 1 points 1 year ago

Thanks, makes sense

[–] SheeEttin@lemmy.world 2 points 1 year ago (1 children)

If you consider the server to be malicious, why would you trust any claim that the data is encrypted?

[–] Zeth0s@reddthat.com 1 points 1 year ago

I am thinking more of a Meta "threads" -like situation. Not necessarily malicious, just a different privacy expectations between user and provider

[–] fubo@lemmy.world 1 points 1 year ago (1 children)

Somehow the server has to be able to look up the user's subscriptions so it knows what posts to show them.

[–] Zeth0s@reddthat.com 1 points 1 year ago

I am mainly thinking about matching navigation history with identifiable information... You are right, It's a tricky thing...

I also wonder, if lemmy becomes a thing, with numbers in the same order of magnitude of reddit, if and how gdpr will affect server admins... Having a privacy anonymization tool built in by design might avoid headaches on the long term

[–] dudeami0@lemmy.dudeami.win 1 points 1 year ago (1 children)

It's still a fingerprint, the most vague information correlated with other data points can make a useful fingerprint. This is how a lot of the companies can track you even if you aren't logged in, you using any service creates a pattern that with enough aggregate data can be used to approximate who you are.

[–] Zeth0s@reddthat.com 2 points 1 year ago

Thanks, it looks like privacy on internet is really a mirage