YSK: Your Lemmy activities (e.g. downvotes) are far from private

Muddybulldog@mylemmy.win · edit-2 1 year ago

YSK: Your Lemmy activities (e.g. downvotes) are far from private

ashe@lemmy.starless.one · edit-2 1 year ago

I’m pretty sure that most lemmy instances run on a VPS, where the only thing you actually have to worry about usually is securing SSH, i.e. only using keys and setting up fail2ban. After that it’s only a matter of securing lemmy the software itself, which is a whole other discussion.

Muddybulldog@mylemmy.win · 1 year ago

Lemmy support is full of people tripping over themselves because they didn’t change the lines in the default docker-compose that the docs explicitly say “You must change this to match your environment”.

“The only thing you actually have to worry about” is doing a lot of heavy lifting.

shagie@programming.dev · 1 year ago

Just the other day, the computers of Kolektiva.social (mastodon instance) got seized by the FBI.

Well, it wasn’t the other day - it was back in May. It was the other day that its users were notified that it happened.

https://kolektiva.social/@admin/110637031574056150

In mid-May 2023, the home of one of Kolektiva.social’s admins was raided, and all their electronics were seized by the FBI. The raid was part of an investigation into a local protest. Kolektiva was neither a subject nor target of this investigation. Today, that admin was charged in relation to their alleged participation in this protest.

Unfortunately, at the time of the raid, our admin was troubleshooting an issue and working with a backup copy of the Kolektiva.social database. This backup, dated from the first week of May 2023, was in an unencrypted state when the raid occurred and it was seized, along with everything else.

…

I wouldn’t make any assumptions about the security of a particular instance of Lemmy or the locations of backups of the database that a developer or admin may have for testing.