Looked through the docs a bit and it’s not really clear to me: I’m posting this on lemmy.ca, does that mean only that instance knows my IP? Or does every instance it federates with get my ip alongside this post?

This seems maybe important, did I miss a privacy guide to Lemmy someplace? Cursory searching didn’t come up with much official. Are there other aspects we should be thinking about here? I’d come across some mention of deleted posts being still available everywhere they were sent but that sorta makes sense – hard to “unpublish” anything.

  • ono
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Yeah, it can be abused. I don’t want to raise an alarm about it because I don’t think it’s worth scaring people who are just dipping their toes in the fediverse waters, and because it can be fixed.

    For now, I block remote images by default and allow them from a few specific instances.

    • diyrebel@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I don’t want to raise an alarm about it because I don’t think it’s worth scaring people who are just dipping their toes in the fediverse waters, and because it can be fixed.

      Informing people is always the right move. People should be as aware of the security situation as possible & it’d be irresponsible to withhold that info.

      The warning should also come with the solution: use Tor. That solution would solve countless other problems stemming from the marginalization of the Tor community. The advice should be:

      1. install Tor
      2. get on the fedi