Signal messenger allows you to set up user handles since the latest beta, and they can be discarded and changed at any time, that’s great for privacy.
Comment on Who owns the servers for Lemmy?
solrize@lemmy.world 8 months agoI’m of the impression that only the origin and destination servers see any given private message, but I haven’t verified this. Anyway, don’t expect them to be really private. It’s worry more about reddit since pm exchanges there can be intensely private, there is a single evil corporation saving them all, and the user population is mostly oblivious to that.
When I’ve had something private to discuss with a reddit user, I’ve asked them to switch to email. They are sometimes willing but not always.
viking@infosec.pub 8 months ago
whoreticulture@lemmy.world 8 months ago
Could someone set up a private multi-user instance? I’m imagining like an instance with just a few friends, where you share content from other instances but noone can see what is shared there except the people invited in.
solrize@lemmy.world 8 months ago
Yes, that should be fairly easy and I sometimes think of doing it.
TWeaK@lemm.ee 8 months ago
It’s a bit more than that, when a client connects to lemmy they connect to all instances with displayed media. This includes thumbnails. Even inside a post, you’ll connect to every user’s instance to get their profile thumbnail. This could be quite exploitable, as the federated instance is always the user’s instance, not the instance of the community they post in - it would be possible for someone to fish for IP’s by setting up their own instance and posting on a popular community.
/u/sunauras@lemm.ee is making a new UI that apparently handles all these calls a different way, without connecting everywhere. It’s still a work in progress (you can’t comment there yet) but it looks promising.
solrize@lemmy.world 8 months ago
Thanks. Lemmy’s privacy story is actually kind of bad. Like if you read a post, the instance retains that fact, to support features like “show unread posts”. But that means not only is your posting history public, but your reading history can potentially be exposed.
That’s the main reason I sometimes think of running my own instance. It would receive all the posts from every community without revealing which of them I bothered looking at.