Like even if they have nothing else they could just leak IP is there any law against it ? Or any technical aspect stopping them ?

  • @[email protected]
    link
    fedilink
    7610 months ago

    Ethically it’d be shitty and people don’t want to be part of an instance with shitty admins so people would migrate away. Technically, nothing unless you’re using a VPN. Welcome to the internet, the same is true for every website

    • @[email protected]
      link
      fedilink
      English
      3310 months ago

      Also there’s the aspect of just… not caring. As someone who technically could read the email, browse the files, or track the apps installed and used on the phone of nearly any person where I work, any small bit of idle curiousity died before I was done my first day.

      Even if I was nosy, 99% of people are just not that fucking interesting. What would even be the point of abusing my access?

      I’ve seen someone put it like this: male gynecologists don’t get excited looking at lady bits at work.

      • @TexasDrunk
        link
        910 months ago

        I was able to do that for years. For me to give a shit what’s in your email you have to be more interesting than the rest of the internet, which pretty much means you’d have to be doing something at least borderline illegal and have it brought to my attention by someone who noticed it over your shoulder.

    • @SinningStromgald
      link
      210 months ago

      Haven’t some instances started blocking VPN traffic after the CSAM incident(s)?

  • @[email protected]
    link
    fedilink
    English
    29
    edit-2
    10 months ago

    An IP address by itself isn’t going to let you dox users unless you have access to the databases that map these to the subscriber accounts. Typically, you would need to be an ISP or law enforcement to do this, but you can also purchase this information from a data broker if you know what you’re doing.

    With that said, there is absolutely nothing stopping the instance operator from getting your IP address. You’re connecting to his or her computer which they own, so they can easily see where you’re connecting from.

    • BombOmOm
      link
      English
      20
      edit-2
      10 months ago

      A notable way to protect against this is to use a VPN. Then the operator only knows you use a VPN.

      Also need to be careful of what you write in comments (this is a public forum!). People sometimes write a surprising amount of detail about their life and it makes it much easier to narrow you down to a single individual the more you do it.

      • @givesomefucks
        link
        English
        2210 months ago

        Eh, have faith in people

        Even on Reddit, I was always 100% honest about living in Monetenagro as a Canadian Mexican immigrant. Sure life is busy as CEO of Disney but I always make time to attend a Lakers game with Leonardo DiCaprio when I’m visiting Panama.

        But to comb thru a large account would take a bot to look for keywords and frequency mentioned.

        So if you’re concerned about it, a less honest person could just randomly make outrageous but specific claims. Even when in the same comments and obviously contradictory, it would throw it off as long as you’re not constantly disclosing identifying information

        That’s how I was able to become Batman and buy a house in Tokyo anyways

      • andrew_bidlaw
        link
        fedilink
        310 months ago

        It was always a concern for me, so I introduced some non-hurting lies into my replies. If they can see my IP after VPN it’s pointless, sure. But it’s a fun hobby to research and create a fake identity online.

  • frozen
    link
    fedilink
    2010 months ago

    I run an instance. I promise, I have literally 0 care about who you are. I have much more productive things to do with my time.

      • frozen
        link
        fedilink
        12
        edit-2
        10 months ago

        I’m sorry I didn’t call out every exception to the rule. Obviously, if you do illegal things on my instance, I will care. I kind of thought that was a given, to be honest.

  • southsamurai
    link
    fedilink
    1810 months ago

    Serious answer: nothing except their own lack of access to anything except the ip address and whatever you give them.

    But that’s easy to counter with a VPN and a bit of common sense.

  • @[email protected]
    link
    fedilink
    1310 months ago

    Oh my… This whole thread is literally the best of ‘Do you have something to hide?’, ‘Why should they use it?’, ‘What could happen?’, ‘That’s paranoid’ and so on.

    Really disappointing.

  • @sudneo
    link
    1110 months ago

    Technical measures are impossible in this particular case. However, I would say that the complete lack of benefits or incentives makes it very unlikely. Doing so could be illegal and collecting data which is otherwise useless is only a liability and a waste of resources. Basically the admin own self-interest I would say is what’s stopping them. That said, if someone is individually afraid due to a bad relationship with an admin, then personal motives could void the above, in which case, they should change instance probably or use a VPN at least.

  • @[email protected]
    link
    fedilink
    910 months ago

    There’s not much to prevent it from happening. They could lose standing in the community. They could be given legal trouble, and they could be attacked in return by people who knew which server owner was responsible. But that’s pretty much it.

    There’s also a much lower bar for entry when it comes to running a server. All you need to “be” is technically competent. You don’t need to be very good at security, and you don’t need the temperament of a reasonable person.

    And when that’s the case, data might be leaked even indirectly.

    Two Mastodon examples come to mind.

    • One administrator shut down their servers after being accused of transphobia. They could have done anything after having a bit of a public meltdown, so that was the best case scenario.
    • Another server administrator was raided by police, and all the contents on the server were made accessible to them.
  • arran 🇦🇺
    link
    fedilink
    610 months ago

    Don’t let your guard down but at some point trust and risk consideration is required for most systems to work. If you’re after solutions; you could run your own node in the cloud and federate it.

    • @[email protected]OP
      link
      fedilink
      310 months ago

      Was thinkin about it and read some docs which brought me to the conclusion that its too much work for me

  • poVoq
    link
    fedilink
    510 months ago

    They have no business incentive for it, contrary to most other websites that are funded by targeted advertisement which basically means doxxing their users to advertisement companies.

  • ɐɥO
    link
    fedilink
    510 months ago

    Nobody cares about ips. This is mine: 193.81.127.151 . Try to find out anything about me exept my approximate location.

  • @[email protected]
    link
    fedilink
    410 months ago

    Nobody cares about your IP. Admins can see it, they can see mine, they don’t care.

    If you want to be paranoid use mullvad and call it a day.

  • Rustmilian
    link
    English
    410 months ago

    Maliciously Leaking IP is doxxing, doxxing is illegal.
    That said, law enforcement can just request for the IP/Logs and they’ll likely hand them over.