this post was submitted on 28 Jun 2023
41 points (83.6% liked)
Privacy
31886 readers
644 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's always an option, and my usual go-to when disposing of drives at least. It gets a bit scary to do so with the main prod data though, lose a key and everything is toast. If you have a solid means to keep crypto keys secure and redundant though by all means. It can put a hit on CPU and disk performance depending on how many random read/writes it has to do. I wouldn't think it's a great plan with a lot of fedi services just because of that factor. My mastodon instance has something like 116GB of attachment data in almost half a million objects, that's a lot of encrypt/decrypt action to maintain.
I'm not all that concerned with ACTUAL privacy/encryption but rather more concerned with lower-level things like stalking, harassment, employers doing research about their employees' non-work habits, insurance companies, etc.
I'm not talking about doing anything illegal and hiding from authorities who can use forensics on your data. Just general anti-corporate snooping and anti-harassment privacy protection.
Like, I feel more inclined to sign up and use something more like Raddle.me instead of lemmy because the owner of that site has a philosophical mission in favor of privacy.
Daniel Micay, the head programmer of GrapheneOS thankfully stepped down from his position, but not after entirely torching the goodwill of Louis Rossman, who liked GrapheneOS because it respected his privacy. Louis was then accused by Daniel of trying to destroy the GrapheneOS project and threatened with "exposure" which Louis expertly documented and lead to the GrapheneOS developer stepping down because of how absolutely unhinged he looked accusing Louis of this.
https://www.youtube.com/watch?v=4To-F6W1NT0
How are you so sure that the owner won't pop off on you in such a way in the future? Lemmy at least you can 1. run your own instance and be in tighter control of your data and 2. If you really want to make it more secure, contribute to the codebase or 3. Make your own fucking fork of the codebase that is more secure and privacy oriented. Raddle may be open source, but it doesn't look like you're encouraged to run your own Raddle.
Also, you're still handing your data off to a stranger, who has made promises. What about those promises makes you think this stranger will keep them? It's still inherently a risk, even if they never end up doing anything nefarious. You just don't know their mind and can't know their mind, and being just a user instead of someone who actually knows them in person, you're only basing it on promises they've made in an attempt to try to draw people to use their service. Are you really sure the code that is running on Raddle.me is exactly the same as the open sourced codebase? This is a question that regularly gets asked in respect to Signal Messenger, is the code on the servers the same as what is actually released. How far does this "trust" based on words alone, go?
To quote Mark Zuckerberg about people sharing information with him and why:
You know whose mind you can know and trust? Your own. Thus making your own instance.
And last but not least... You're already here. You're making a post about this here. You have an account. You have 23 posts and 352 comments. Sorry to say but you're just not that worried about this issue, so this feels a little like concern trolling.
Definitely not concern trolling. Just finally thinking about all this stuff. Thanks for the insight.
It's one's own line and what you're looking to accomplish. Privacy can have a lot of different faces.
There's public/profile data, does a site demand full identity authentication to get an account, is that info public on your profile, is your comment/browsing/post history public or concealed? All those things still generally will reside with the service and be readily available if someone asks.
There's the privacy of data in flight, my ISP actually has it in their TOS that they reserve the right to collect browsing data and sell it to third parties after the FCC (US based) gutted what little network privacy/neutrality we had in the past administration, so since then virtually all outgoing traffic goes over a pair of VPNs just to avoid, or at least make more difficult being another data-point in the internet marketing machine.
There's the privacy of data at rest, can anyone on my own network or that comes into contact with my systems read things that they shouldn't be? File permissions or to the extreme end full disk encryption comes into play.
All personal preference and risk tolerances. Some are fine with putting all their personal info and that of their contacts in public hands, that's why places like Facebook exist to begin with. I'm pretty far on the other end of that spectrum.