Theoretically speaking of course ;)

If my home instance gets hacked, what’s the worst case scenario for my personal data?

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    English
    arrow-up
    25
    ·
    edit-2
    1 year ago

    Data collected by a standard Lemmy server:

    • IP address of the device you’re using to access Lemmy

    • Posts, comments, favourites, upvotes, downvotes, subscriptions, blocked users, blocked communities. This also includes PMs (don’t use Lemmy PMs, make use the fact that your Lemmy can include a link to a Matrix account!)

    • Username, hashed password, email address if provided

    • TOTP public key if you have 2FA enabled

    • Your application if your server requires/required you to apply to register

    • Avatar, profile description, account registration date

    Installed apps may track more information (i.e. paid apps will probably collect some information so you can actually use the pro features, maybe device IDs, possibly advertising information if you can find a Lemmy app with ads)

    Individual Lemmy apps may or may not collect more information; the code is open so servers can modify the source code if they so wish.

    • Margot Robbie@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      PM is a misnomer since it’s not really private. Direct message or DM would be more correct, on Lemmy, DM as if it would be shown in public.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        In ActivityPub, PMs are just “notes”. They’re comments that don’t get posted in public, essentially. This has the (hilariously awkward) side effect of sending a copy of your entire private conversation if you tag a user you’re gossiping about, especially on Mastodon.

        ActivityPub is not suited for PMs. Use Matrix, XMPP, Signal, or anything else instead. You’re one @someone@example.com away from sharing your message history.

        I guess most people consider them to be a separate thing. I’ll add them to the list.

        • ddtfrog@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Haha, neat. That’s good to know! I wish the Lemmy apps would stop advertising PM’s them.

          I don’t think I ever PM’d anyone on Reddit unless it was /r/HardwareSwap anyways.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Matrix is a decentralized chat service. It’s to Signal/Discord what Lemmy is to Reddit. It doesn’t interoperate with the Fediverse directly, but Lemmy does have a special field in the profile page to write down your Matrix account. What Matrix does have, is a chat system that’s actually designed for chat, which the Fediverse lacks by itself.

        Like on the Fediverse, you pick a server to sign up with (matrix.org, matrix.infosec.exchange, there’s a whole bunch of them) and then you use it to talk to other people. Here’s a guide to joining Matrix if you’ve never heard of it.

        If you don’t want to use someone else’s server, you can set up your own server if you’re technically oriented, like you can set up your own Mastodon or Lemmy instance. You can use it to put all manner of chat apps in one place (iMessage + SMS + Signal + WhatsApp + Telegram + Line + Slack + Discord) through bridges if you set it up yourself, or you can pay for a service to do it for you. Using bridges isn’t quite as easy and intuitive as using the native apps themselves, but Matrix to Matrix chats work excellent.

        Matrix has individual chats, group chats, “spaces” (like Discord servers, but with the ability to group together “servers” and individual chatrooms in spaces of your own name and hierarchy if you wish). There are various apps to choose from (“Element” is probably the one you want), and all of it is end-to-end encrypted.

        Alternatively, XMPP is an older protocol that offers many of the same benefits, but I don’t think it’s as popular these days. Various big open source projects switched to Matrix from IRC chat, which probably helped a lot with popularity.