this post was submitted on 12 Jan 2024
1109 points (99.0% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

55056 readers
221 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 25 points 11 months ago (8 children)

Is it possible a film studio, or legal agency, could set up a Lemmy Instance and then capture all our IPs?

[–] [email protected] 29 points 11 months ago

AP protocol doesn't propagate your IP

[–] [email protected] 21 points 11 months ago (1 children)

Absolutely. One of the biggest child porn groups is an FBI front for this purpose. I’d google the subject for a link but umm…no

[–] [email protected] 16 points 11 months ago (2 children)

So basically the only thing protecting our anonymity is the relative unpopularity of Lemmy?

[–] [email protected] 26 points 11 months ago (3 children)

To expand on this. If you are talking about anything online it is not private. That doesn't matter if it's in a WhatsApp chat, a telegram chat, a Lemmy post, a Facebook feed, etc. as soon as it hits a computer if someone wants to see it they will. There's just hurdles to get it.

If you want anonymity stop using computers.

[–] [email protected] 16 points 11 months ago (2 children)

Ain’t this the truth.

Here’s story about a serial killer being caught by a floppy drive’s meta data.

https://www.grunge.com/332018/heres-how-the-btk-killer-was-finally-caught/

[–] [email protected] 12 points 11 months ago (1 children)

Few things more fun than telling people who harp about vaccines being tracking chips that if they're worried about tracking they should ditch their smartphone, and watching them rage.

[–] [email protected] 12 points 11 months ago* (last edited 11 months ago)

You mean the always-on GPS-enabled internet-connected microphone and camera which is also likely Bluetooth and NFC beaconing and contains all of my most personal data including my name, contacts, unencrypted chats facilitated by major cell phone carriers, photos, emails, and other personal files which are also likely synced with a cloud service operated by major multi-national corporations, and also stores biometric data such as facial recognition, fingerprints, time spent sleeping, and even heart rate and number of steps taken assuming you have "fitness" features enabled?

With those last couple items, these massive companies that regularly share data with law enforcement are literally tracking your every step and nearly every beat of your heart.

Well don't worry about that, I've got Express VPN.

[–] [email protected] 12 points 11 months ago (1 children)

Detectives were able to run relatively simple tests to determine that the file had last been saved by a user named "Dennis," and it had been printed using one of the printers at the nearby Christ Lutheran Church.

Maybe the article is badly worded, but it seems like they got metadata from the file, not the floppy disk itself.

[–] [email protected] 2 points 11 months ago

It was either the FAT file or the file itself. The case is famous.

[–] [email protected] 0 points 11 months ago (1 children)

Privacy and anonymity are not the same thing.

[–] [email protected] 1 points 11 months ago (1 children)

You're not anonymous online either FYI.

[–] [email protected] 1 points 11 months ago

Depends what and how you do it. VPN gives some level of anonymity. TOR even more so. These give you probably greater anonymity than anything else you have in offline live.

[–] [email protected] -2 points 11 months ago (1 children)

Tell me you know nothing about computers without telling me you know nothing about computers.

CC BY-NC-SA 4.0

[–] [email protected] 3 points 11 months ago

The internet is at it’s worst when it’s popular

The Federation of lemmy/mastodon instances is the worst part about it

[–] [email protected] 15 points 11 months ago (1 children)

Yup. About 7 years ago I used to darkweb pretty hard in the drug scene (I haven’t in years so have at it, Mr. FBI).

Anyway I used Reddit subs a lot for info on new markets and onions, reliable sellers, and news on exit scams etc, but I only lurked - never commented. Anyone with a brain in their head knew they were honeypots.

[–] [email protected] 1 points 11 months ago

Hope I didn’t fall for Any honeypots. I sometimes wonder about posts in Piracy communities.

[–] [email protected] 7 points 11 months ago (1 children)

I'm not sure that this is how it works in practice, but ideally: Unless you are registered in their stance / are browsing directly in their website, your client shouldn't be making any direct requisitions to their instance, so there is nothing they can infer your IP from. (Everything you interact with is comes directly your instance - the only thing that interacts with other instances is the server) That said, it's possible for some links to direct to the original stance, in which case your client will have to make requests directly to the original instance hosting the content... looking around in this page a bit, it looks like the Community images (banner, icon etc.) are linking directly to the original instance, so I guess that's a little bit of a problem - but just that shouldn't be enough information for them to connect the dots between the IP address fetching the image and the account you're using to browse

[–] [email protected] 1 points 11 months ago

Don't images also link back to the original instance?

[–] [email protected] 3 points 11 months ago (1 children)

I think not as the only instance that has your ip is the one you are registered on.

[–] [email protected] 2 points 11 months ago

One would hope…

[–] [email protected] 3 points 11 months ago (1 children)

They would just have to start DMing us meme images hosted on a server they control, and they'd get a list of IPs. All we'd have to do is look.

Fwiw, this would work on Reddit too.

[–] [email protected] 5 points 11 months ago (2 children)

Unless anyone shared the in image link anywhere else on the internet. "Judge, they looked at this publicly accessible image" is hardly evidence

[–] [email protected] 4 points 11 months ago (1 children)

“Judge, they looked at this publicly accessible image” is hardly evidence

Sometimes you don't have to win a court case legally, to win a court case. Just the harassment of the lawsuit is enough.

[–] [email protected] 0 points 11 months ago (1 children)
“Judge, they looked at this publicly accessible image” is hardly evidence

Sometimes you don’t have to win a court case legally, to win a court case. Just the harassment of the lawsuit is enough.

That's not a lawsuit they would even attempt, as it would get immediately thrown out.

[–] [email protected] 5 points 11 months ago (1 children)

That’s not a lawsuit they would even attempt, as it would get immediately thrown out.

People use the threat of lawsuit as an intimidation tactic all the time.

[–] [email protected] 0 points 11 months ago (2 children)

So they would send random DMs with pictures, to threaten lawsuits they couldn't enforce, to achieve what exactly?

[–] [email protected] 1 points 11 months ago (1 children)

So they would send random DMs with pictures, to threaten lawsuits they couldn’t enforce, to achieve what exactly?

They wouldn't have to send random DM's if they got the IP addresses more directly, as the article describes.

[–] [email protected] 0 points 11 months ago (1 children)

The comment I originally replied to:

They would just have to start DMing us meme images hosted on a server they control, and they’d get a list of IPs. All we’d have to do is look.

[–] [email protected] 0 points 11 months ago* (last edited 11 months ago)

I'm aware. My point still stands.

[–] [email protected] 0 points 11 months ago

They know what torrents people download by IP.

anyone can figure that out: https://iknowwhatyoudownload.com/

Associating IPs with social media accounts is a step towards identifying people so they can threaten them and force them into settlements.

It's a numbers game for the lawyers. They want as much data as they can get to identify the largest number of people so they can demand an out-of-court settlement.

The "DMing pictures" part is just an example of how they could gather that kind of data from a social network like Lemmy that can't be so easily subpoenaed, and allows image hotlinking. I don't have any evidence that they are doing this (yet), I just know that it would work.

[–] [email protected] 1 points 11 months ago

Yeah, but do you publicly share every spam DM image that is shared with you? Would you even know if this happened, so you could react?

[–] [email protected] 3 points 11 months ago

unless you visit the instance yourself or activitypub starts including user ips

[–] [email protected] 2 points 11 months ago

Only if you directly use their instance.