A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
Just to correct the people who say they can't see your password - this is only true if they're running a stock copy of lemmy, which hashes passwords in the database.
They're free to modify their instance however they want, including storing unencrypted passwords or emailing your password on registration to a bot farm.
Always use a unique password for every site you use.
Before people get worried about this, this is how literally any online service works. If you have an account anywhere, you trusted that service to not record your password.
Only exception is oauth, which actually might be a good idea for Lemmy.
An instance owner having access to the database can surely change the password to access the account and then change it back. If you're the server owner, you can do anything you want directly on the database.
Yes but if I was a dick, I'd just harvest their passwords silently and then try them on other websites.
[This comment has been deleted by an automated system]
Oh boy, I have a bad feeling about this
The passwords are hashed (AFAIK), but the instance admin has effectively full control of any and all data originating on their instance, right down to the database level.
There has to be some level of guaranteed trust for any instance to work. And in some capacity there is inherent trust across the entire Fediverse that instances federating content are to be trustworthy. It's no different than any other forum from the old web days- there's zero guarantees and there's no way around it.
Password hashing occurs server-side. Even without removing the hashing step an admin can intercept the plaintext password during login. Use unique safe passwords.
An admin can intercept the jwt authentication cookie and use any account that lives in the instance.
Private messages are stored as plaintext in the database
Admins can see who upvotes/downvotes what
These are not things that are unique to Lemmy. This is common.
To avoid having to trust your admin, run an instance.
I'm assuming votes are all federated, so I think any instance admin would be able to see who voted in which direction for any post that gets federated to their instance, no? Or is it just the vote count that is federated?
I remember seeing someone listing everyone who voted, so I think the votes themself are federated.
Might even be accessible via the API so any frontend can list them, but that's just a guess.
I kinda hope they don't have an API for that. I really didn't like it on reddit when two people would be having a debate on a topic, and one person would search the other person's comment history to find something to attack their character on to hurt their credibility. I think debates should be handled using relevant points about the topic being discussed. Attempts to attack character are very underhanded. It's how politicians debate. It almost like admitting that you couldn't make a better point than your opponent, so you had to stoop to that level.
I think having an API for votes and front ends that showed votes would encourage people to do exactly that here. If front ends started showing that info, I think it would discourage lurkers from voting, which I'm not sure we want.
Obviously there's very little that could or even should be done about admins seeing that info. Admins have full visibility and manipulation power over the DB, and I feel like this wouldn't even make the list of improvements that I think lemmy needs right now. Admins just sort of need to be trusted or people will leave your instance.
No, there is no API to get the votes (https://join-lemmy.org/api/). If my understanding is correct, now that I upvoted your comment my instance will push that information. I'm not sure whether it pushes it to dandroid.app first or to all instances, saying basically "Sal@mander.xyz upvoted https://dandroid.app/comment/441785", and so every instance that has that comment can save my user ID in the "upvote" list of that comment, and that upvote is counted.
If only the vote direction was federated, then it would be very easy for me to spam the message "Upvote https://dandroid.app/comment/441785". I would not even need to create an instance for that, I just need to speak ActivityPub. And it would be more difficult to detect that I am doing that, because the database would only hold the vote count.
I don't think there is a way to ask an instance to reveal this list. You can only get it by directly querying the database if you have access to it. This is why if you fetch an older post or comment, it will arrive with a single or zero votes.
The votes themselves are the federated action.
If you fetch an old post, your instance will not see the previous voters. After that, whenever a user votes the instance will get the message "User X@instance upvoted/downvoted post Y" and the vote will be added to the database with the voter's user ID and counted.
This has a practical function. If you don't keep a list specifying who voted for what, it would be much easier to fake votes from one instance to another by simply communicating the message "Downvote post Y". With the current method it is still possible to create a lot of fake accounts and mass-vote, but at least you can get a better insight when looking at the database if the votes are associated with accounts with no activity from a single instance.
There are some federated platforms that will show who likes / dislikes something. I know that friendica used to do this - I have not checked if it still does. So it is not only admins who can see this, this is is basically open information in the fediverse.
Can you recommend a good free web host for running your own instance? I haven't dabbled in web development in over 15 years now, so I'm kinda out of the loop.
I'm not sure about Web Hosting. Many of us use a dedicated virtual private server (VPS)
I use https://serverspace.io, I think Lemmy.ml is hosted with https://www.hetzner.com/
These are servers that you access via SSH and can install the instance inside of it. I personally install using docker compose, but there are some other methods that are claimed to be easier. The cost starts at ~$5 / month. Currently I pay about $15 / month. You would then rent the domain name from a domain name registrar (I use namecheap.com) and ask them to point the domain name to your server's IP address.
I looked into it and gave up after half a day of trying. I can't figure out how this SSH thing works at all.
I'm used to CPanel and uploading files via FTP. I can code some CSS and manage a MySQL server, but this modern era of web development goes over my head. Apparently now you have to pick a Linux distro and install it, instead of it just being ready to go for you. (At least that's how it worked with Oracle).
Thanks for trying to help but I'm too old for this shit now. I don't even know what "docker compose" means. I've read the official documentation and looked at tutorials, but it's all a foreign language to me now. Like I said, in my day you just uploaded the files via FTP, changed some lines in a config file, redirected your .com to your nameservers in CPanel, and you were good to go. Installing an instance is 10x more difficult. Wasted $9 on a domain for nothing... *sigh*
They have full control over the account. Since they control the server, they can modify the database to do whatever they want.
as instance admins, they have access to the database, so they straight up can edit any data.
only thing they can't do is view your password (hashed), but they can replace the hash by one of a known pw.
so you must have some trust in your instance owner, again whats good with the fediverse is that you can just start your own instance, and then the best they can do is defederate from you or ban you.
A lot of people here mentioned that passwords are hashed, but unless I missed it no one pointed out the following:
The admin of your instance controls your login form and they can pull your password when you log in. So, as others mentioned: always use unique passwords, never ever reuse them.
In general a server admin can do anything they want on their own instance.
Federation wise I'd say if your home instance is the bad actor you are screwed, if it's another instance then their capabilities for mischief hare probably (hopefully?) more limited. And any such action would likely cause a swift defederation of the malicious instance
[This comment has been deleted by an automated system]
Your instance owner can easily change your password and log in as you.
You can counter that by using multiple accounts from different instances. Use at least 3, if one is compromised, you have the other 2 to counter any impersonation attempts. Make sure you link your other instance profiles in every profile description page. Then use an archive website to save each profile page. If any 1 account is compromised, use the other 2 to tell people the account has been taken over by someone else. And you have the archived profile page that links to the alt accounts to verify that it is indeed your 2 alts.
On which instance did this stuff happen? Iβd like to defederate for sure.
Lemmy needs GPG signatures!
Admins would still be able to change your key, wouldn't they?
Sure but you can also post your public key somewhere else for people to verify.
Or instances could store public keys of users from other instances, sorta like blockchain validation.
[This comment has been deleted by an automated system]
That could be an interesting idea. It might be needed at some point down the line
They canβt see your password in a usable state, but have control over everything else.