Privacy drove me off reddit, I looked around for these answers but not sure where to come across them.

Am I sharing my IP address/ location with my host instance?
is there a log of my view history
are there general privacy concerns that I am not thinking of?

I do not want to be in a position where a Government creates an instance, and allows them to monitor.

  • Dnlb@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    host your own instance and use that for your account.

    if you can’t host, you’ll have to trust somebodies instance like you do with reddit etc

  • marsara9@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    The project is open source so you can see what they are logging, if you can read the code.

    But simply some things that are logged:

    • IPs are logged but I don’t see them being associated with a user account. This looks to mainly be for rate limiting.
    • What posts/comments you’ve looked at are logged. This is so the UI can gray out posts you’ve already seen or mark replies to you own comments as read.

    From what I can tell neither of these data points are federated so only the instance your logged into has that information.

    ** Don’t use this as an exhaustive list. These are just the two items you specifically asked about and what I’ve seen looking through the code so far. **

  • aski3252@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Am I sharing my IP address/ location with my host instance?

    Yes. If you connect to any server whatsoever, the server will have to know your IP, otherwise it can not send any data to you and the whole connection cannot be established. With your IP, one can figure out your (rough) location.

    is there a log of my view history

    As far as I can tell, yes. There is the option “show read posts” in your option menu which hides posts you have already read. In order for this to work, your read history has to be saved somewhere.

    are there general privacy concerns that I am not thinking of?

    There are always privacy concerns when accessing/using any service or server on the internet, at the end of the day it comes down to protecting yourself and using services you trust.

    A potentially specific issue with federated, decentralized and self-hosted services such as lemmy is that the people who are running the servers are mostly hobbyists. Most will probably also work in IT professionally, but in general, people who host lemmy are doing it in their spare time at their own cost. This could potentially mean that they have less resources to secure their servers and the data on it than a multi-million dollar company.

    Another thing to keep in mind on lemmy is that private/direct messages are not encrypted, which means that server admins can read your direct messages (there is a warning about this when you write a direct message).

    I do not want to be in a position where a Government creates an instance, and allows them to monitor.

    I’m not quite sure if I understand your worry here correctly. In general, most of the content that is posted on lemmy is publicly available anyway, so they wouldn’t even need an account to get that information, let alone their own instance.

    And if governments have an issue with a user where they want information on a user, they can just contact the site admin and demand the information from them. So if you are planning on posting stuff that is considered illegal where you are from or if you are planning to access content that is considered illegal, Lemmy is probably a bad place to do that

  • punkskunk@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    To add to the good information that’s already been posted - upvotes/downvotes are public, which has surprised some people. Disgruntled people can easily see that you downvoted their post, or what other things you upvoted/downvoted.

  • Wander@yiffit.net
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    You need to separate what the instance owner sees vs what other federated instances see about you.

    The instance owner will have access to everything, including your IP and view history. That is true for every website.

    Other instance owners could potentially see what content you fetch from them. Not always, because usually it’s them sending the info over to your server, but there are “signed fetch requests” that the ActivityPub protocol supports and become relevant when you try to load content your instance hasn’t seen before.

    Your upvotes and downvotes are currently also visible across instances.

    The best way to use the fediverse is with a pseudonymous account with a username that isn’t tied to your identity.