Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • tempest@lemmy.ca
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    2
    ·
    1 year ago

    secure machines than Reddit servers

    Not that I don’t agree but there is a pretty big citation needed there.

    We don’t really know how secure Reddit Servers are and their attack surface is likely to be far larger.

    • RightHandOfIkaros@lemmy.world
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      1
      ·
      1 year ago

      You’re right that we don’t know how secure Reddit servers are. But I would bet that they’re more secure than some instances that are hosted on someone’s personal home network. My statement wasn’t an authoritative fact, but it was a well educated guess based off of real world data.

      Reddits servers are under attack all the time, and its amazing that Reddit wasn’t down literally every day from attacks. Yes Reddit was successfully hacked before. Probably multiple times we don’t kniw about. However, I repeat that the security on whatever network they have their servers on is probably more than the security that average Joe Schmuck has on his Lemmy instance he runs from his house. I would imagine that like any business with server farms that isnt massive like Microsoft, Reddit probably rents servers at a farm. Some Lemmy instance hosters might do this, but I guarantee you that a lot of Lemmy instances are hosted from a home network, which is inherently less secure. The server farms follow rigorous cybersecurity protocols, Joe Schmuck probably left his NetGear router admin password as the default password sonce he bought it 7 years ago and hasnt updated its firmware since.

      • ashe@lemmy.starless.one
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        1 year ago

        I’m pretty sure that most lemmy instances run on a VPS, where the only thing you actually have to worry about usually is securing SSH, i.e. only using keys and setting up fail2ban. After that it’s only a matter of securing lemmy the software itself, which is a whole other discussion.

        • Muddybulldog@mylemmy.winOP
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          Lemmy support is full of people tripping over themselves because they didn’t change the lines in the default docker-compose that the docs explicitly say “You must change this to match your environment”.

          “The only thing you actually have to worry about” is doing a lot of heavy lifting.

        • shagie@programming.dev
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          Just the other day, the computers of Kolektiva.social (mastodon instance) got seized by the FBI.

          Well, it wasn’t the other day - it was back in May. It was the other day that its users were notified that it happened.

          https://kolektiva.social/@admin/110637031574056150

          In mid-May 2023, the home of one of Kolektiva.social’s admins was raided, and all their electronics were seized by the FBI. The raid was part of an investigation into a local protest. Kolektiva was neither a subject nor target of this investigation. Today, that admin was charged in relation to their alleged participation in this protest.

          Unfortunately, at the time of the raid, our admin was troubleshooting an issue and working with a backup copy of the Kolektiva.social database. This backup, dated from the first week of May 2023, was in an unencrypted state when the raid occurred and it was seized, along with everything else.

          I wouldn’t make any assumptions about the security of a particular instance of Lemmy or the locations of backups of the database that a developer or admin may have for testing.