Having PieFed etc. in here could help raise awareness I made a Pull Request to add it, hopefully it gets accepted https://github.com/ente-io/privacypack/pull/122

top 43 comments

sorted by: hot top controversial new old

[–] Kirk@startrek.website 40 points 2 weeks ago* (last edited 2 weeks ago) (3 children)

I'm going to be THAT guy and point out that while Piefed and Lemmy instances have much better incentive structures to be good to their users they are very much NOT private and on the default instance setup nearly all data collected is publicly available.

EDIT: Many people in this comment section don't seem to be understanding that "Lemmy" is not one website like Reddit. Each instance is it's own thing entirely and there is ZERO guarantee than a given instance isn't using hidden trackers. This is NOT a defense of Reddit or a criticim of Lemmy software which is very good. But it is a fact and you should be wary of the motivations of anyone claiming that "Lemmy" is private or similar.

[–] Blaze@lemmy.zip 10 points 2 weeks ago (2 children)

Reddit:

forces users to use a proprietary app full of trackers to collect data and sell it to advertisers
blocks VPN usage

Lemmy/Piefed:

browser access is encouraged,
lots of third party apps, most of them being open source
allows VPN usage

[–] Kirk@startrek.website 21 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Privacy is a spectrum. But when 99.99% of userdata is publicly available no responsible person could call that service "private".

[–] Blaze@lemmy.zip 5 points 2 weeks ago

Privacy is a spectrum. There's always a level of privacy you're going to give away when posting or interacting on an Internet forum.

The levels of privacy that Reddit and Lemmy/PieFed offer are vastly different, for reasons I stated above. Saying that they are not private is just going to deter potential new joiners to give them a try.

[–] Blaze@lemmy.zip 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Are you following me around Lemmy specifically or are you a reply guy to everyone?

I mod this community, as I told you yesterday (https://lemmy.zip/post/48357775/21510824 ), but thank you for another bad faith example.

Edit: https://lemmy.zip/modlog?userId=18312344

[–] Kirk@startrek.website 2 points 2 weeks ago (1 children)

Yesterday I caught you spreading disinformation to promote a for-profit social media company. Today you're here with disinformation about Lemmy.

[–] Blaze@lemmy.zip 3 points 2 weeks ago (1 children)

People can read that thread and make their own opinions about our exchanges

https://lemmy.zip/post/48357775/21510389

Today you’re here

I have 5 posts on this community's home page. Maybe you're the one following me around

[–] Kirk@startrek.website 1 points 2 weeks ago* (last edited 1 week ago) (1 children)

"Teach the debate" right. The facts are the facts no matter what you feel about them. Please leave me alone.

[–] Blaze@lemmy.zip 2 points 1 week ago (1 children)

https://lemmy.zip/modlog?userId=18312344

[–] Kirk@startrek.website 1 points 1 week ago* (last edited 1 week ago) (1 children)

A power tripping mod is irrelevant to the fact that you knowingly continue to spread disinformation promoting a for profit social media company.

Do not reply to me ever again or I will report you for harassment.

[–] irelephant@lemmy.dbzer0.com 3 points 1 week ago (1 children)

If you don't want him to keep replying, try disengaging

[–] Kirk@startrek.website 1 points 1 week ago

Users on my instance are not responsible for the behavior of others.

[–] Skavau@piefed.social 6 points 2 weeks ago (2 children)

A detail, but I've been browsing Reddit on a VPN since OSA.

So has much of the UK. So I don't think their VPN checks are very good.

[–] Ek-Hou-Van-Braai@piefed.social 3 points 2 weeks ago (1 children)

What about trackers that collect data to be sold to advertisers? Seems like enough of a privacy concern to me.

[–] Skavau@piefed.social 1 points 2 weeks ago

Yeah sure, I was just noting that if Reddit does try to block VPN access, they're really bad at it.

[–] Blaze@lemmy.zip 2 points 2 weeks ago (1 children)

And people have been using third party client with their own API keys even after the API became paid.

They've never been good at any kind of check, it's just supposed to be annoying enough to bother the average user

[–] Skavau@piefed.social 1 points 2 weeks ago* (last edited 2 weeks ago)

Well I'll just say it hasn't once stopped me and I've bounced around a lot of IPs.

[–] bjoern_tantau@swg-empire.de 2 points 2 weeks ago (1 children)

With the big difference being that all that data is what the users explicitly put into it. No hidden trackers.

[–] webpack@ani.social 2 points 2 weeks ago (1 children)

I think they are trying to say that any instance could theoretically add hidden trackers to their own website, which is not the same as users putting in their own data.

[–] bjoern_tantau@swg-empire.de 2 points 2 weeks ago

Where of course the distributed nature can hopefully keep any one instance from becoming too powerful.

[–] FailBetter@crust.piefed.social 2 points 1 week ago (1 children)

Thank you for the critical info--for tech-dummies like myself that still wish to use piefed in a most private/secure way, would it be better to use a non-default instance? Please advise on anything else that can be done as best practices here please

[–] Kirk@startrek.website 1 points 1 week ago* (last edited 1 week ago) (1 children)

A default installation of Lemmy/Piefed won't track users beyond what they intentionally do on the site. But if you want to be sure, then you can always host your own instance of one person. (In addition to all user activity), other instances can only see the IP of the instance the account is hosted on.

If you want something to be private then well, don't post to the public web (as a reminder- DMs aren't private on Piefed/Lemmy). If you want to be anonymous, then use a VPN and don't repeat a username you used elsewhere.

[–] FailBetter@crust.piefed.social 1 points 1 week ago (2 children)

Thanks for DM tip, I didn't think about it, but I guess that explains the need for something like the matrix protocol. Only thing i've ever hosted myself was a simplex chat smtp/xftp server on a vps. I basically just closely followed a guide from simplifiedprivacy with a readymade script and already knew how to ssh into stuffs. Do you recommend hosting a one person instance strictly as an experiment to verify that nothings being tracked? Or would concentrating my lemmy/piefed use strictly through a self-hosted one person instance account help to ensure nothing but what I'm 'intentionally doing' is tracked? I'm looking to get sold on hosting, but I'm also not really in a spot to waste money on another vps just for fun.

Also I really need a good resource to finally stop confusing privacy/anonymity/other similar security concepts. Thank you greatly for the patience and help

[–] Kirk@startrek.website 1 points 1 week ago

Or would concentrating my lemmy/piefed use strictly through a self-hosted one person instance account help to ensure nothing but what I’m ‘intentionally doing’ is tracked?

It would ensure that yes. The other instance would only see the IP of your instance, not browser information or anything else. I haven't tried selfhosting, so I can't speak to it's difficulty, but as far as I know, there is no reason to distrust any of the major Lemmy or Piefed instances. I'm not an expert and it is open source software so anyone could theoretically edit the code if they wanted.

And privacy refers to having control over who can see your personal information, anonymity means being unidentifiable.

[–] Blaze@lemmy.zip 1 points 1 week ago

!privacy@programming.dev could be a good community for you

[–] infeeeee@lemmy.zip 7 points 2 weeks ago (2 children)

I use most of them or similar alternatives, but this is the first time I hear about Migadu:

After a quick lookup: it's a service, not an app, it's not on the cheaper side, the smallest subscription is 19€ per year. https://www.migadu.com/pricing/

I pay for my mailbox.org email 12€ per year, I will stay with mailbox.

[–] Ek-Hou-Van-Braai@piefed.social 4 points 2 weeks ago* (last edited 2 weeks ago)

It's more expensive if you only have one account. But the price doesn't really go up if you have more accounts

For 19€ per year you and your family could all have 10+ email accounts each, all on different domains

What would mailbox.org cost you for 5 accounts using your own domain?

if you're not using your own domain, you're kind of vendor locked

[–] Blaze@lemmy.zip 1 points 2 weeks ago (2 children)

Migadu is indeed a bit more expensive, but I've heard good things about it. IIRC they offer more domains https://www.migadu.com/pricing/#what-is-the-domains-limit-on-the-micro-plan

Mailbox is also a good options, they just redid their UI, it was posted recently on !buyeuropean@feddit.uk

[–] Ek-Hou-Van-Braai@piefed.social 1 points 2 weeks ago (1 children)

It's more expensive if you only have one account. But the price doesn't really go up if you have more accounts

For 19€ per year you and your family could all have 10+ email accounts each, all on different domains

[–] Blaze@lemmy.zip 1 points 2 weeks ago

Interesting, thanks!

[–] infeeeee@lemmy.zip 1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I never used thier webui, thunderbird on desktop and android works really well. I see migadu has extra features for the higher price, but I don't need those. 2gb is enough for me, I backup to my server then delete old emails from the cloud

[–] Blaze@lemmy.zip 2 points 2 weeks ago

I'm on mailbox.org too, same as you, happy with them so far

[–] Pamasich@kbin.earth 5 points 2 weeks ago (1 children)

Is Lemmy/Piefed really that desperate for growth that lies are needed to raise awareness?

Federation and privacy are incompatible. You can't tell me Lemmy is private when Google can just get all your data for free with minimal work and without you ever getting even just a hint about it.

[–] Ek-Hou-Van-Braai@piefed.social 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

If you post something to a public forum, obviously it's public that's no surprise to anyone.

That's not the whole picture, Mainstream social media are some of the worst offenders when it comes to privacy, they use trackers and share all your data with advertisers.

Lemmy/Piefed doesn't

[–] tyler@programming.dev 4 points 2 weeks ago (1 children)

…those advertisers can literally set up a server themselves and collect all the data that is being federated. It’s arguably easier for advertisers to get your data from here than from Reddit or Facebook.

[–] Ek-Hou-Van-Braai@piefed.social 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

If I anonymously host my own blog, is that blog of mine a invasion of my privacy? because anyone can read it and see what and when I post there?

As others have said here:
PieFed has no Google analytics, no Facebook pixel, no mobile app hoovering up all your phone contents, no telemetry, doesn't track which websites you leave to, doesn't require a real name and so on and on. It's not even in the same league.

[–] tyler@programming.dev 1 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

I think you misunderstand what people are looking for when they say privacy. They don’t want any company having their data. If you set up a blog and post about yourself on that blog then yes, you understand you are revealing your private details and that’s a choice you make.

You coming on here and telling people that a platform they are using is private when it isn’t is a completely different scenario. Those people reading here might have no understanding of how federation works. They think “oh this is like email, my email is private, this must be private as well” when in reality every detail is sent to every other node in the network, including votes. That’s not something you would expect a privacy conscious service to do. And pretending like it’s the same as a blog is disingenuous.

Currently lemmy and piefed are not private and do not pretend to be. You are the only one saying that.

[–] Blaze@lemmy.zip 2 points 2 weeks ago

They think “oh this is like email, my email is private, this must be private as well”

They know they can't read other people's emails. They can read all the comments here even without being logged in.

[–] Ek-Hou-Van-Braai@piefed.social 1 points 2 weeks ago

Do you think people don't realise what the post on a public forum is public?

What are people looking for when they say privacy? Privacy means different thigns to different people.

For some it's corporations not using trackers etc. to sell their data to advertisers.

PieFed/Lemmy is a step in the right direction in this regard.

[–] rimu@piefed.social 4 points 2 weeks ago

Some people are claiming the fedi is not private and anyone can see "all your data". This is sooo simplistic.

Yes federation means anyone can see your posts and votes which reduces privacy. But in comparison the privacy-invasive stuff that mainstream social media does goes way way beyond that.

PieFed has no Google analytics, no Facebook pixel, no mobile app hoovering up all your phone contents, no telemetry, doesn't track which websites you leave to, doesn't require a real name and so on and on. It's not even in the same league.

[–] ekZepp@lemmy.world 3 points 2 weeks ago* (last edited 2 weeks ago)

1wacyt-2390796725

[–] FailBetter@crust.piefed.social 2 points 2 weeks ago

I'm seeing great discussions around fediverse tools' level of privacy.
Can anyone speak to how different it is to trust meta/twitter/google in comparison to say the flagship piefed.social or some equivalent lemmy instance of best reputation? (I know this is more of a security Q, but yeah)

[–] Blaze@lemmy.zip 1 points 2 weeks ago

Thank you for the pull request!