cross-posted from: https://lemmy.today/post/24809302
also i can’t self-host.
No instance is privacy friendly, literally all activity here is public by definition.
And to further clarify, even DMs aren’t technically private, they’re just hidden.
Supporting this, Lemmy encourages people not to use DMs and wants people to add Matrix user details to their profile instead.
They do it the right way.
A DM is literally just like @ing someone on Mastodon and setting the visibility to that user only. It’s just unlisted. If you were the instance admin or otherwise knew the ID of the DM, you can find it.
Brother the protocol is called activity pub(lic)
I guess you didn’t get satisfactory answers from your first post, but you still haven’t clarified what you actually mean by your question. All Lemmy servers run Lemmy, so in some senses of the term, they’re all roughly equally private, which is to say not very, because all posts & comments are publicly scrapable, except for private messages.
A community of privacy and FOSS enthusiasts, run by Lemmy’s developers
I want to make sure that I don’t get doxxed at any cost.
- Don’t give your email address, or use a throwaway one when you join.
- Pick a username that’s unrelated to any others you’ve used.
- Use a VPN.
- Don’t reveal personal details in posts & comments.
Not all lemmy ibstances allow vpn. Some block it.
This just boils down to basic opsec. Be careful what you post/comment, continue to use a generic username, stuff like that.
in addition to what others have said, also have your browser fingerprint as fairly generic, and what is unique should ideally be randomised upon each start of your browser. There’s nothing stopping a Lemmy instance from running clientside code that gathers your browser fingerprint, and if they are well-resourced enough to have access to fingerprint data from other sites, they could correlate it to de-anonymise you.
Not a likely scenario but still possible. If one is serious about not getting “doxxed at any cost,” consider Mullvad browser.
Just follow the basic social media rules and you’ll be fine. Also don’t trust anything that is clickable unless you hover over the link/copy it to some text editor.
Look for an instance with these qualities:
- Does not use Cloudflare or any other large content delivery network. Instances that use thse allow the CDN to monitor everything your read and write on Lemmy, which can reveal a lot about you even if you haven’t used your real name. Cloudflare can then correlate that information with your other browsing habits, and possibly your real identity, because they operate as a middleman for a huge number of popular web sites.
- Maintains a sizable local image cache. Images served from other instances instead of your local one can be abused by remote parties to track what is viewed on Lemmy with your IP address (and sometimes your browser signature). Alternatively, you could block off-site images using a browser extension, but that would mean not getting to see as many pictures.
Lemmy.today is a very neutral instance
Umm
