Final post: Ah fuck it, I made it all up. Lemmy.world is a good instance you folks have nothing to worry about here. I doubt they took that meeting, I’m out.

Go ahead, ask the admins, surely they’ll tell you they did not take the meeting.

Removed by mod

Removed by mod

Yeah so what? Its not like either of you signed up here.

Maybe that’s why they won’t comment on the issue.

I don’t know what they signed.

I know at least one attended, personally I expect multiple, but I know at least one.

I’ll respond to comments on this thread, and no matter what, I’m done using lemmy.world after this.

I will not ask my fellow lemmy community members to blindly trust me on this.

I also will not expose my sources.

I thought it would take a long time for me to be sure enough to make this post. But I’m making it less than three weeks after joining lemmy.

If you want, you can take a wait and see approach.

I never wanted to admin an instance, I don’t think I have time for it, but I have enough to convince me that I should.

I don’t expect blind trust from you guys, because youve proven to be intelligent and diligent in my time here. But for the love of Foss and open, distributed platforms and what WE believe that means, please use your judgment when considering your home instance for lemmy.

I am almost certain lemmy.world admins will ignore this claim.

Removed by mod

Removed by mod

Removed by mod

Removed by mod

Removed by mod

Removed by mod

Wonder if they were invited to metas p92 meeting for “off the record conversation” and obliged

I’d love to take credit but that was midjourney (and all the artists that feed its capabilities.)

I think my prompt was “a logo featuring a mouse holding a magnifying glass”

I’ve since realized that I should have said lemming instead of mouse, but a dummy like me can only do so much.

Great point and ideas, I hope to see things like this introduced as the lemmy project matures

Those are good practices if you have privacy concerns.

we’re just talking about custom interfaces to analyze public data

Semi-public. As it stands, only instance admins have access to per-user vote data. Possibly also API users, but I’m not sure the lemmy api has an endpoint for exposing per-user vote data, I believe it just gives you a tally of the up/down votes of posts and comments, but not who made each vote. But most people don’t have the skillset to host their own instance and process the data into something meaningful/easy to digest.

You could make the argument that semi-public is basically public, but I think there is some nuance to be explored:

Once a site like open lemmy stats launches, it becomes trivial for any user to query that data, who upvoted what, who downvoted what, when they up/downvoted it, etc.

There’s a difference between something being available to people motivated enough to get it vs it reaching critical mass and being trivial to access by anyone with a browser. How the data is ultimately used, whether it is used nefariously or not, is going to be up to the people that access openlemmystats and what they wish to use it for.

Which has me considering an analogy, without expressly intending to make this political, please consider the statement “guns don’t kill people, people kill people”. “Openlemmystats doesnt harass political dissenters! The people who use it do!”. One could argue that openlemmystats wouldn’t do anything inherently bad, it’s the people who would use it. Just like with guns, there will likely be debate on whether or not the world would be better without openlemmystats or if we should start doing things to make it impossible for openlemmystats-alike sites to exist.

That said, I mostly agree with you, and I appreciate your privacy suggestions/best practices, good stuff!

Edit: for the record, I think “guns don’t kill people, people do” is a stupid statement, but I thought it was an interesting analogy. That is to say nothing of my feelings on gun control, I’m just not a fan of distilling complex issues into dismissive one line statements.

biggest concern is getting all participating instances to agree

I see what you mean, that is true if the responsibility ultimately ends up falling on instance owners.

Which is why I’m hoping that the developments instead occur on the Lemmy project itself and other fediverse project code bases. Lemmy devs and contributors will hopefully work on privacy and security as the Lemmy project matures. If instance admins are keeping their instances mostly up to date, there is virtually no (dis)agreement to be had: the mitigation patches will be loaded on the next update.

Of course, anyone can fork lemmy or manually remove these changes from their instance, or some admins may simply refuse to update, but that would reflect badly and privacy minded users may choose move to another instance that has updated to the latest/most secure version of Lemmy and other instance owners can also choose to defederate from instances that leave themselves vulnerable to issues that have been patched out.

There are handsome penalties for violating copyright but torrent trackers are still thriving, I expect similar legal evasion tactics from sites like OpenLemmyStats

it’s an absolute nightmare

Indeed! I felt it was important to illustrate this, to Jumpstart discussion and hopefully motivate some talented/passionate devs to start thinking about this. Not that they haven’t, but there’s been a lot of handwaving on lemmy this week when someone brings up the vulnerabilities of the fediverse. I wanted to further illustrate the possibilities.

I’m encouraged by seeing folks like yourself taking the implications seriously (not to say you ever didn’t take it seriously)