I have been using Lemmy for 20 days, at first I opened an account at Lemmy.world because you can join without writing a text and waiting approval. I have been enjoying the experience overall but despite the admin teans best efforts Lemmy.world has been experiencing some serious performance issues. If you want to avoid that join a smaller instance, preferably hosted in your country. I joined discuss.tchncs.de today and everything is so much faster it has added benefit of being able to see beehaw.org posts too. It will improve not only your but all other Lemmy.world users experience too.
What info? Lemmy is a public forum - anyone can see anything you post. Many Lemmy instances don’t even require an email address to sign up.
Like if you are ginger or not
Pfft - everyone knows you need a soul to get online
Only a ginger can call another ginger ginger.
At the very least they would get access to your IP address (assuming you aren’t ok a VPN/proxy) and browsing habits. Whether they take the steps to log those in a usable format and do something with it? I wouldn’t say the risk is much different on an instance with 1000 users vs 100.
My main concern would be instance longevity.
A public IP address is (by definition) public. If you’re behind CG-NAT you don’t get your own public IP and if you have a public IP but not a static one then restarting your router will change it. I don’t think there are many cases where an instance knowing your public IP is an issue. Lemmy instances hotlink media from other instances so many different instances get your IP just from browsing Lemmy.
This is a different conversation but if your account is meaningful then this should be a real concern. A month ago there were about 80 instances, now there are nearly 1000. How many of those will still exist in a year?
I am aware of how a public facing IP address works, and how little information it does give, by itself. It is still a privacy concern, and can be used in conjunction with other data to launch social engineering attacks or to help narrow down other data.
IP address doesn’t mean anything, really.
The biggest issue is that you’re giving them your email address and then posting info online. If you use your main email and then post something inappropriate or private, someone could easily leak that info. Someone who posts nudes without their face for example. A malicious admin could easily try to blackmail you with that info. Is it going to happen? Probably not, but why risk it?
You don’t need to provide an email address to sign up at most of the big instances. I think lemmy.world is the exception. Even your instance lemmy.ca does not require an email address.
If you really want to provide one, you could use a service that does email forwarding. Some examples are https://simplelogin.io (owned by Proton Mail), and Firefox Relay (Owned by Mozilla, makers of the Firefox browser). These both have free tiers. There is also https://duckduckgo.com/email/ from the people who make the privacy focused search engine DuckDuckGo. That one I believe gives you unlimited new randomised email addresses for free. Very low attachment size limit but great for something like Lemmy.
You’re right that you don’t have to on most large instances, and that you can make burner email accounts if you have to.
But this post was simply about telling people to be careful of smaller, less known instances. The links you provided are excellent ways to protect yourself, even outside of Lemmy.