As we are concerned about privacy, I am curious just to understand if lemmy can be at some point exploited by someone to profile its users.

  • Zeth0s@reddthat.comOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    What if database entries are encrypted, so that a person cannot match email and username with the requests in the urls?

    Users’ client create encryption key on client side. Would it make sense?

    • LordXenu@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      This all happens before the database even gets asked for information. The web server will make a log of the requests as they come in before responding.

      At minimum the web server needs to know where to send the data back to.

    • SheeEttin@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      If you consider the server to be malicious, why would you trust any claim that the data is encrypted?

      • Zeth0s@reddthat.comOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I am thinking more of a Meta “threads” -like situation. Not necessarily malicious, just a different privacy expectations between user and provider

    • fubo@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Somehow the server has to be able to look up the user’s subscriptions so it knows what posts to show them.

      • Zeth0s@reddthat.comOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I am mainly thinking about matching navigation history with identifiable information… You are right, It’s a tricky thing…

        I also wonder, if lemmy becomes a thing, with numbers in the same order of magnitude of reddit, if and how gdpr will affect server admins… Having a privacy anonymization tool built in by design might avoid headaches on the long term

    • dudeami0@lemmy.dudeami.win
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      It’s still a fingerprint, the most vague information correlated with other data points can make a useful fingerprint. This is how a lot of the companies can track you even if you aren’t logged in, you using any service creates a pattern that with enough aggregate data can be used to approximate who you are.