Privacy

29831 readers

1054 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

Creating decoy Lemmy accounts for plausible deniability (lemmy.zhenyapav.com)

submitted 10 months ago by [email protected] to c/[email protected]

15 comments fedilink hide all child comments

So, I've started my own Lemmy instance. The main issue is that right now, I am the only user, which makes it pretty easy for anyone to see what kinds of communities I visited, or am subscribed to. Is there any way to automate creation of some amount of accounts, and subscribing to random communities?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 7 points 10 months ago (2 children)

You could disable web interface access to block easy scraping. Unauthenticated users only need a few ActivityPub routes with very specific Content-Types to make federation work.

You can put the web UI and Lemmy API behind some kind of auth screen (you can use Caddy or Apache+OpenID to block access to URLs in your proxy unless the user is authenticated, of example) but that would break most apps. You could also whitelist your personal IP range or require a VPN for the frontend.

Your comment history will be visible to other servers so you'll probably spread information that way. I can think of workarounds but they require patching the Lemmy source code. You could probably patch the Lemmy code to pick a random username for each comment to block other servers from tracking your comment history as easily (though server admins can still get all the comments for your domain, of course). Alternatively, you could make implement a 4chan-style "everyone is anonymous" system where all accounts turn into @[email protected] after posting by faking the data that gets rendered to the frontend. If you allow multiple people on your server, you'd all appear (and get banned/moderated) as one single user, but probably without breaking functionality (because the local database can still keep track of who actually owns what posts).

I think hiding the web UI and Lemmy API would probably block most scrapers. You can also mess with scrapers (feed the web UI fake data when an unauthenticated user queries it) if you really want. Your post history cached on other servers will be your biggest privacy challenge.

[–] [email protected] 0 points 10 months ago (1 children)

AFAIK post history is always public, like Reddit. I'm mainly concerned about subscription list

[–] [email protected] 1 points 10 months ago

Running one of the various subscriber bots would make your own subscriptions simply be part of the noise otherwise on the server. The downside of course being that now you have a pile of noise to sift through. Left one sit for about a week onine and emded up with around 2000 communities subscribed.