Looked through the docs a bit and it’s not really clear to me: I’m posting this on lemmy.ca, does that mean only that instance knows my IP? Or does every instance it federates with get my ip alongside this post?

This seems maybe important, did I miss a privacy guide to Lemmy someplace? Cursory searching didn’t come up with much official. Are there other aspects we should be thinking about here? I’d come across some mention of deleted posts being still available everywhere they were sent but that sorta makes sense – hard to “unpublish” anything.

  • heartlessevil@lemmy.one
    link
    fedilink
    arrow-up
    35
    ·
    1 year ago

    I gave a cursory look at the source code.

    So, from what I can tell, nobody can see your IP address through Lemmy. But the person who runs the server that your Lemmy instance runs on can trace IPs by looking at access logs. That doesn’t get shared with other servers, or even people who adminster your Lemmy instance but don’t have access to the underlying server.

    • MiddleWeigh@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      Hey thanks. I’m trying to be more mindful of how tech interacts with my life, and as a non techie, I appreciate you doing this, and I found it to be useful information even for my idiot self, even if only to understand the lemmyverse a little better.

      • macgregor@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        Fyi As a (non-lemmy) backend developer, this is completely normal/standard use of IP addresses in a system not designed around harvesting your personal data. IP addresses are commonly used for efficiently and securely (security for the server more than you) handling active (inflight) requests so you generally only see it in specific network logs like those of the reverse proxy, not stored long term in a DB. Most of us who aren’t in advertising or government want to know as little about you as possible.

        Being privacy mindful is good, but it is a deep and creepy rabbit hole to go down. Stay safe out there 🙂.

    • BuoyantCitrusOP
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Great, thanks for this. I did glance there but saw the migrations and blithely presumed I’d have to run them to see the resulting schema.

      And ya, there’s no way I can connect to an instance without revealing my IP to whoever controls that host, I’d be on a VPN if I was that concerned. Mostly just wanted to confirm someone with a self-hosted instance and a script kiddie hobby wouldn’t be able to directly mess with the system of whichever hapless commentor says something they take umbrage at.

    • Sterben
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      That sounds just about right. That fact that it is open source, already give me a good peace of mind.

      Thanks for the information. 😊