As we are concerned about privacy, I am curious just to understand if lemmy can be at some point exploited by someone to profile its users.

  • @[email protected]OP
    link
    fedilink
    English
    21 year ago

    What if database entries are encrypted, so that a person cannot match email and username with the requests in the urls?

    Users’ client create encryption key on client side. Would it make sense?

    • @[email protected]
      link
      fedilink
      English
      31 year ago

      This all happens before the database even gets asked for information. The web server will make a log of the requests as they come in before responding.

      At minimum the web server needs to know where to send the data back to.

    • @SheeEttin
      link
      English
      31 year ago

      If you consider the server to be malicious, why would you trust any claim that the data is encrypted?

      • @[email protected]OP
        link
        fedilink
        English
        11 year ago

        I am thinking more of a Meta “threads” -like situation. Not necessarily malicious, just a different privacy expectations between user and provider

    • @fubo
      link
      English
      11 year ago

      Somehow the server has to be able to look up the user’s subscriptions so it knows what posts to show them.

      • @[email protected]OP
        link
        fedilink
        English
        11 year ago

        I am mainly thinking about matching navigation history with identifiable information… You are right, It’s a tricky thing…

        I also wonder, if lemmy becomes a thing, with numbers in the same order of magnitude of reddit, if and how gdpr will affect server admins… Having a privacy anonymization tool built in by design might avoid headaches on the long term

    • dudeami0
      link
      fedilink
      English
      11 year ago

      It’s still a fingerprint, the most vague information correlated with other data points can make a useful fingerprint. This is how a lot of the companies can track you even if you aren’t logged in, you using any service creates a pattern that with enough aggregate data can be used to approximate who you are.