this post was submitted on 04 Jul 2023
3359 points (96.1% liked)

You Should Know

33003 readers
7 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 1 year ago
MODERATORS
 

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 48 points 1 year ago (4 children)

Can someone explain why r/privacy is so up in arms about this? Seems fairly obvious that my actions in the public domain are public, but they’re all “Lemmy doesn’t care about your privacy”. Why?

https://www.reddit.com/r/privacy/comments/144clka/warning_lemmy_federated_reddit_clone_doesnt_care/?utm_source=share&utm_medium=ios_app&utm_name=ioscss&utm_content=1&utm_term=1

[–] [email protected] 59 points 1 year ago (2 children)

I wouldn't say Lemmy doesn't care about your privacy, but probably they didn't have enough traffic before the death of Reddit to really prioritize it. I myself have security concerns, particularly with the storage of account data on servers that who knows where they are hosted or what the security is. But I would say Lemmy instances are much more likely to be targetted for attacks by malicious hackers than Reddit, because most instances are likely hosted on far less secure machines than Reddit servers.

[–] [email protected] 22 points 1 year ago (1 children)

secure machines than Reddit servers

Not that I don't agree but there is a pretty big citation needed there.

We don't really know how secure Reddit Servers are and their attack surface is likely to be far larger.

[–] [email protected] 19 points 1 year ago (1 children)

You're right that we don't know how secure Reddit servers are. But I would bet that they're more secure than some instances that are hosted on someone's personal home network. My statement wasn't an authoritative fact, but it was a well educated guess based off of real world data.

Reddits servers are under attack all the time, and its amazing that Reddit wasn't down literally every day from attacks. Yes Reddit was successfully hacked before. Probably multiple times we don't kniw about. However, I repeat that the security on whatever network they have their servers on is probably more than the security that average Joe Schmuck has on his Lemmy instance he runs from his house. I would imagine that like any business with server farms that isnt massive like Microsoft, Reddit probably rents servers at a farm. Some Lemmy instance hosters might do this, but I guarantee you that a lot of Lemmy instances are hosted from a home network, which is inherently less secure. The server farms follow rigorous cybersecurity protocols, Joe Schmuck probably left his NetGear router admin password as the default password sonce he bought it 7 years ago and hasnt updated its firmware since.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (2 children)

I'm pretty sure that most lemmy instances run on a VPS, where the only thing you actually have to worry about usually is securing SSH, i.e. only using keys and setting up fail2ban. After that it's only a matter of securing lemmy the software itself, which is a whole other discussion.

[–] [email protected] 5 points 1 year ago

Lemmy support is full of people tripping over themselves because they didn’t change the lines in the default docker-compose that the docs explicitly say “You must change this to match your environment”.

“The only thing you actually have to worry about” is doing a lot of heavy lifting.

[–] [email protected] 3 points 1 year ago (1 children)

What account data are you referencing?

[–] [email protected] 5 points 1 year ago (1 children)

I mostly mean username and password credentials, primarily the storage and handling of passwords. Most people don't take cybersecurity seriously and use the same username and passwords for every site they log into. Someone steals your Lemmy data, and they can try it on every social media and gain access to everything. Now, I am not one of those people, and my Lemmy account credentials are unique to Lemmy only, but imagine if someone joined and used the same credentials they always do, including for their bank login. There is where the concern is.

[–] [email protected] 4 points 1 year ago

Passwords are hashed and salted.

[–] [email protected] 5 points 1 year ago

Because they're stupid

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Being able to doxx someone for their upvotes without even commenting strongly disincentivises engagement with communities that oppose authoritarian governments and such.

When it’s just between the user and admins of their home instance that’s a feasible level of trust. When it’s available to literally anyone that’s a huge jump.

[–] [email protected] 2 points 1 year ago

Because they've not ever done a data request from Reddit, I imagine. Reddit stores a COLOSSAL amount of information on you. The bits that they are willing to provide are concerning enough; I do wonder what they have that they don't reveal. For example. your ENTIRE history of IP connections seem to be stored (because there's a use for a 3 year old IP record, you know,) all of your chat messages (no way to delete those either,) associated accounts (I am guessing this is "accounts we think are you too, but I don't know...) ...so I'm not sure why Lemmy / Kbin / etc get the hate here.

I think Kbin and Lemmy could be better about disclosure, but there's nothing inherently shady about the way they're set up. Downvotes being revealed, I am torn on. I tend to lean toward private, but I see arguments either way.