this post was submitted on 03 May 2024

57 points (90.1% liked)

Ask Lemmy

26279 readers

1427 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have fun

Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'

This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spam

Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reason

Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected]. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.

It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.

Reminder: The terms of service apply here too.

Partnered Communities:

Logo design credit goes to: tubbadu

founded 1 year ago

MODERATORS

[email protected]

How does lemmy deal with ban evasion? (lemm.ee)

submitted 4 months ago by [email protected] to c/[email protected]

34 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 4 months ago (2 children)

Lemmy has quite a few unfortunately invasive qualities of its own, including generally needing an email address from you (Reddit does not), having poor privacy and data retention practices, and generally being very messy with who gets to decide what happens with your data and how easily it can be scraped.

Sure, Reddit sells it... But Lemmy gives it to any web scraper for free.

[–] [email protected] 11 points 4 months ago (1 children)

But Lemmy gives it to any web scraper for free

Which is good. You either have an open system or a closed one. There's no in-between.

If you want to have advantages of public free decentralized network you can't obfuscate and centralize bits and pieces of it. Also, it's 2024, we need to stop this misinformation that email address is supposed to be private. What is private is email address association with the owner and Lemmy doesn't leak or infringe on. The address is literally called address because it's supposed to be public.

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (2 children)

...And attitudes like this towards privacy will keep Lemmy from progressing to a point where those issues will be fixed.

I have a fundamental problem with giant corporations scraping user data without user consent. That's a system-level issue. It doesn't become "good" just because they get to scrape without consent for free.

[–] [email protected] 2 points 4 months ago

Nah it has nothing to do with attitude but with practicality. This would mean people's fingerprints need to be public and shared between servers or some other hack. It's just possible in any safety and its not really a hill worth dying on. Do we really care about users dodging subreddit bans that much? Its silly.

[–] [email protected] 1 points 4 months ago (1 children)

What would a "fix" look like in your eyes? Do you have na implementation in mind?

[–] [email protected] 1 points 4 months ago (1 children)

I have a few suggestions for development concerns off the top of my head:

Scrub post metadata* after users request its deletion
Auto-purge deleted content* rather than letting it sit behind a "deleted" flag (something Facebook got a ton of flak for doing)
Auto-purge deleted media*
Consider seriously limiting opening data wide for scraping, since the problem is non-consensual scraping, not payment for non-consensual scraping

* either immediately or, to prevent spam, after some time

[–] [email protected] 1 points 4 months ago (1 children)

I agree with your first few points but I'm unsure about the scraping. This is a public forum, what could be done to mitigate scraping that wouldn't take away form that?

[–] [email protected] 1 points 4 months ago

If we take "unlimited unauthenticated API access shouldn't be possible" for granted, I'm unfortunately not all that technically competent about what can be done next.

The first thing that comes to mind is treating website access and app access differently, maybe limiting app API access by default for people who haven't logged in.

Or creating a separate bot API that's rolled out across all servers at some point in the future... And I know federation could pose some serious chokepoints here so that's where my speculation ends.

[–] [email protected] 8 points 4 months ago

Instances can enable or disable the email verification and other measures, like asking why you want to join that instance.

I don't recall reddit being so liberal. I haven't used an account I didn't verified in the same day, so I can't say if it works, but I suspect they can enable different protocols for inspecting unverified accs.

As a side-note to that discussion: my VPN works with most services i can't access otherwise while reddit blocked me as I tried to access it to see for myself. I'm surprised.