Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • consumer451@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    6
    ·
    edit-2
    1 year ago

    What about IP addresses? I see those are logged. Are they available to query?

    I would imagine so, right?

    If so, ummmmmmmm. That is not ok.

      • drascus@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Your public IP stays the same for long periods of time, is geographically tied, and also associates you to certain ISPs based on your address space. How long does it stay the same? Months - Years potentially depending on the lease set on the IP.

      • Mininux@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        It depends on the ISP, country etc

        I’m in France and almost every time our IP changes it’s because my parents changed our internet subscription, or because moved to another place

    • drascus@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      every website logs ip. The question is whether the admin maintains those logs. However a web server needs your IP so they can route traffic back to you. That IP gets logged so that if something is not working the admin can review the logs and figure out what is going on. Many websites that are privacy focused either turn the logging off or dump the logs fairly quickly. Doing something like that means the admin needs to take steps to create other avenues for troubleshooting that don’t factor user data into the scenario. With smaller projects like instances hosted on lemmy that might not always be feasible for volunteer admins. This doesn’t necessarily mean they are doing anything wrong. Lots of websites maintain logs that include IP addresses.

    • lemming007@lemmy.world
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      3
      ·
      1 year ago

      Umm, anything you access on the Internet has to know your IP address, that’s how the Internet works. Whether or not they choose to keep the logs is a different matter.

      • consumer451@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        2
        ·
        edit-2
        1 year ago

        Ok, sure. But the difference is that I can’t make my own Reddit instance and then see all Reddit users IP addresses.

        What is the vetting process of getting an instance federated?

        Like if I was an authoritarian henchman, could I make an instance with a community about cats, get federated, then see all the IPs of users calling my boss a pooh bear, on all other instances?

        Edit: what about swatting?

        • azuth@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          2
          ·
          1 year ago

          Ok, sure. But the difference is that I can’t make my own Reddit instance and then see all Reddit users IP addresses.

          There’s no difference, you don’t get IPs of other instances’ users just an id

          Like if I was an authoritarian henchman, could I make an instance with a community about cats, get federated, then see all the IPs of users calling my boss a pooh bear, on all other instances

          Or you could just buy it from reddit.

          what about swatting

          Fix your police.

          • consumer451@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            1 year ago

            This sounds a lot like “not my problem.” I am familiar with this type of response, but usually this level of irresponsible indifference comes from those evil VC backed companies. Except they don’t usually say it out loud.

            If this is the attitude of the devs, I am deleting all my glowing recommendations of lemmy on other sites.

            Is this really the attitude of the devs?

            • azuth@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              1 year ago

              I suppose if you ignore the part where I said the problem doesn’t actually exist (IPs are not included in federated content) then It can look like a not my problem response.

              I wonder if you will also delete the FUD and misinformation you posted on this thread.

    • veganzombeh@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I haven’t looked into it at all but I expect IPs are visible to instance admins. That’s pretty typical of any online platform.

      • consumer451@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        1 year ago

        But if I understand this, anyone that makes a lemmy instance can see the IPs of any commenter or voter, on any other federated instance?

        What is the vetting process for federation?

      • Awe@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Even if lemmy itself doesn’t support it, there are plenty of ways to log visitors ips and correlate that data with lemmy to figure out who the user is.

        EX: Using a revese proxy like cloudflare or nginx, which are both very common.

      • Awe@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Even if lemmy itself doesn’t support it, there are plenty of ways to log visitors ips and correlate that data with lemmy to figure out who the user is.

        EX: Using a revese proxy like cloudflare or nginx, which are both very common.

      • Awe@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Even if lemmy itself doesn’t support it, there are plenty of ways to log visitors ips and correlate that data with lemmy to figure out who the user is.

        EX: Using a revese proxy like cloudflare or nginx, which are both very common.