I know this is how the fediverse works, and how it has to work. But maybe we shouldn't be advertising this tool right now when the right is trying to dox people and get them fired/deported for liking a kirk meme.
this post was submitted on 14 Sep 2025
187 points (94.7% liked)
You Should Know
41013 readers
950 users here now
YSK - for all the things that can make your life easier!
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must begin with YSK.
All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.
Rule 2- Your post body text must include the reason "Why" YSK:
**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding non-YSK posts.
Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.
Rule 7- You can't harass or disturb other members.
If you harass or discriminate against any individual member, you will be removed.
If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.
For further explanation, clarification and feedback about this rule, you may follow this link.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- The majority of bots aren't allowed to participate here.
Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.
Rule 11- Posts must actually be true: Disiniformation, trolling, and being misleading will not be tolerated. Repeated or egregious attempts will earn you a ban. This also applies to filing reports: If you continually file false reports YOU WILL BE BANNED! We can see who reports what, and shenanigans will not be tolerated. We are not here to ban people who said something you don't like.
If you file a report, include what specific rule is being violated and how.
Partnered Communities:
You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.
Community Moderation
For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.
Credits
Our icon(masterpiece) was made by @clen15!
founded 2 years ago
MODERATORS
unless they're defederated or blocked by gregtech.eu
Apparently I upvote a thousand times more than I downvote.
That is really concerning. Activity Pub should have a mechanism to hide those. If by any chance, one's identity is reviled, their entire behaviour history would be out in the wild. The more one use an account, the more information is getting shared. Social engineering is a real thing.
The only way is it be absolutely private by not interacting (lurkers), which is not good for a social media like Lemmy or by changing accounts often.
No we shouldn't. Anyone can create an instance and scrape whatever data.
Assume that all the posts and comment you make are public and linked to your real identity and don't say things you wouldn't say in person.
It's a pretty simple concept.
Shame, guess I can't say categorising Palestine Action as a terrorist group is dumb.
My comment was misguided because it didn't take the US social context into account.
You can't say it, but I can though.
Categorising Palestine Action as a terrorist group is ultra dumb.
You may want to be careful then if you need to travel through the United States.
I know that already, I'm fine with what I said.
Oh god this discussion again... We totally haven't had this before:
- https://lemmy.world/post/34224572 (exact same discussion literally last month)
- https://lemmy.world/post/18813833
- https://lemmy.world/post/18805474
- https://lemmy.world/post/480760
That is really concerning
The only way is it be absolutely private by not interacting...
I don't know if this is news to you but this is not a lemmy specific problem and basically applies to the entire internet...
identity is reviled [I assume revealed]
The fact that most instances permit external image hosting permits obtaining user IP addresses by posting inline images hosted on a server created by an attacker, then harvesting IPs there. I noticed when going through the code that Lemmy, as of 0.19.4, has an option to protect users of a home instance by proxying images viewed there. However, it requires bandwidth and disk space, and I don't think that many home instances have it on. It is definitely not on on my own home instance, lemmy.today.
Image Proxying
There is a new config option called image_mode which provides a way to proxy external image links through the local instance. This prevents deanonymization attacks where an attacker uploads an image to his own server, embeds it in a Lemmy post and watches the IPs which load the image.
Instead if image_mode is set to ProxyAllImages, image urls are rewritten to be proxied through /api/v3/image_proxy. This can also improve performance and avoid overloading other websites. The setting works by rewriting links in new posts, comments and other places when they are inserted in the database. This means the setting has no effect on posts created before the setting was activated. And after disabling the setting, existing images will continue to be proxied. It should also be considered experimental.
Many thanks to @asonix for adding this functionality to pict-rs v0.5.
I don't know whether PieFed and Mbin presently have comparable functionality.
One major issue is that proxying the images will create more bandwidth usage on a home node, since they're serving up all the images viewed by users of that home node, as well as disk space to store the proxied images
it's more-expensive to run a node in that mode.
Unless your home instance has this option enabled, you should probably consider your IP address to be globally-visible. Note that using a VPN will mean that only the VPN's exit node IP will be visible.
If by any chance, one’s identity is reviled, their entire behaviour history would be out in the wild.
So close to a sweet meter. What do you think of
"If, by some chance, one's handle's reviled / their foul history would be out in the wild."
? It's not perfect. Probably just a little more work-shopping.
Now I'll know which of you goons don't like my jokes.
Nothing private about the fediverse
Except the ability to register an account without any personal details. Which makes it completely private if you want.
anonymous, not private. the two ideas are not the same.
you should also always assume a sufficiently willing person can find your identity, don't post anything sensitive online, don't post anything that would encourage those with resources to find your identity, and if you're e.g. a politician then only post online to explicitly non-anonymous accounts. If you have a protected identity/location/that stuff, just don't post online at all.
says me, and my army of alts.
/s
I get really surprised going through my up- and downvotes. Seems sausage fingers and mobile app leads to interesting votes sprinkled in with the ones I've actually voted for.
Pretty neat layer of obfuscation, though I can't imagine being interesting or infuriating enough for anyone to go through my voting history.
If it were to happen, I hope it's because of some shitpost of epic proportions.
There was another instance that revealed all the data by post/comment. Far more useful to see if s post is getting brigaded, etc, or to see maybe if you have a wierdo stalker.
I just can’t remember what the instance was.
Yeah, every once in awhile I check my starred pages just to see what random things got fat fingered onto it. It's mildly amusing.
It can be blocked at the instance level by an admin defederating with them.
Is it known what Lemmy instance is actually running that site? Even if it were widely known and most instances decided to defederated from it, Lemvotes is open source software that is made to be self-hosted. Anyone could revive the website by running their own instance.
Yes.
gregtech.eu is the instance.
piefed.social has defederated from it so any community on piefed.social will not be broadcasting votes cast within it to lemvotes.
Seems like a fantastic stalking tool for anyone looking to check if you have been a model of social media purity. I'd be shocked if it got used to find derisive upvotes by authorities looking to screen individuals for political reasons. But hey, call me paranoid.
If you're really worried about that, there's no reason why you need to have your private details associated to your account. You can even have a "clean" main account for show and a "real" secondary account.
Your votes being public is only a problem if your account can be associated with you.
I just had a realization. A lot of content on the fediverse that we interact with is region specific. A user could have no identifying info in their comments or profile but still get doxxed because they upvoted a post associated with things like their job, their home state, places they frequent, medical conditions.
Do you suppose this got posted today because there is a doxxing project happening right now on 4chan?
I have no doubt it's incredibly easy to dox someone from upvotes alone. Maybe not on lemmy because interactions are just a lot more infrequent, but on reddit if you upvote posts about Omaha Nebraska, retro game collecting, Subaru wrx, and e bikes, you really narrow down your choice of people. If you just had one other bit of information about the user, like just a general photo or where they went to high school you could definitely nail someone down.
I really do hate this part of the Lemmyverse and wish it was all obfuscated. That with it being impossible to delete your posts really limits how much I want to interact with the site.
What could be done to limit the amount of information associated with a username is to awitch to a new account periodically.
That's somewhat unfortunate in that it clashes with reputation, which is also important for making the Threadivwrse work.
This doesn't really make sense. What you say is only identifying if you already have this information about someone. If you already do have all this info about someone, what else do you need?
That is pretty dark. I was hoping the admin would take people's safety a little more seriously but I guess it's going to be on us to make sure word gets around a lot more
This is a foundational restriction with how federation works and was discussed back during the exodus from reddit when they cut off their API. Votes can't be federated without identity attached, or you'd end up with a single vote multiplied by however many instances federated it to yours.
This is the price of the fediverse being uncensorable. Everything you do on it is oublic, and norhing can be reliably deleted from the entire fediverse.
There was some efforts to obsfucate voting by one of the m/kbin lemmy alternatives, to have each account have an associated hidden account with a randomly generated name that would technically be the account used for voting, so only the admin of your own instance could connect between your public account identity and your voting identity, but that could also just be defeated by basic pattern identification.
As far as instance admins are concerned, this has been known from the start, and is completely outside of their control. That said, it could definitely use some more signposting for awareness. It's shocking how often this entire discussion gets repeated by people who apparently never thought to look into how federation actually works.
You're right. I'm pretty sure now that I may have even asked this all before but lost it because I have goldfish memory.
Just gives me a 404 error for any of my own stuff I try to look up.
It has to be the link from the root instance. It also needs to be the username@instance syntax
Check the link you paste into it. If it has “lemmy.link” at the beginning, cut that part out.
Same here
Narcissists hate it, everyone else loves it!
Good to know. I keep jumping between instances during outages and I'm worried in upvoting stuff twice
I don't get it. Is this the Lemmy version of Reddit's karma?
I just joined but lemmy does not seem to have a running Karma total attached to each user right? Or is that just this instance that does not have that?
AFAIK, you are correct, Lemmy does not have karma. Piefed has some sort of karma/reputation by account, but I think it’s geared more toward easing moderation than providing a status symbol
It doesn't, which is refreshing. A lot of personal ego and insecurity is tied to those that care about how many upvotes they have.
My concern is that something like OP posted just brings that crap over here, albeit not in an integrated fashion.
trying to get rid of the tools is pointless, the data is out there for those who want it anyways.