sh.itjust.works Main Community

8248 readers

4 users here now

Home of the sh.itjust.works instance.

founded 2 years ago

MODERATORS

TheDude@sh.itjust.works

manifex@sh.itjust.works

biela@sh.itjust.works

imaqtpie@sh.itjust.works

Who has access to our email addresses? (sh.itjust.works)

submitted 4 days ago by jballs@sh.itjust.works to c/main@sh.itjust.works

11 comments fedilink hide all child comments

There have been a lot of news articles lately about a concentrated movement to get people fired for making social media posts critical of Charlie Kirk. I'm wondering how effective such an effort would be against Lemmy, where many of us provided an email address when signing up.

Not being an admin, I'm curious if our email addresses tied to our users names are stored in a database that only the SJW admins can access - or if anyone creating their own instance would have access to the same database

top 11 comments

sorted by: hot top controversial new old

[–] kersploosh@sh.itjust.works 27 points 4 days ago (2 children)

Each instance's database contains the email addresses of local users only. Lemmy does not share email addresses between instances.

Viewing users' email addresses requires directly querying the database. They are not visible through the API.

[–] jaybone@lemmy.zip 8 points 4 days ago (1 children)

Are ip addresses of posts stored? Or sessions?

[–] kersploosh@sh.itjust.works 8 points 4 days ago* (last edited 4 days ago)

~~I believe user IP addresses are stored and correlated with a user's session token. Those tokens are valid for a while. The database does not have a post-by-post record of a user's IP.~~

~~Disclaimer: I am not one of the admins with direct database access, so I cannot confirm that this is true. My statement above about IP addresses is secondhand information from memory. I may be wrong.~~

I should leave this to the professionals:

https://lemmy.world/post/4754397/3291219

[–] jballs@sh.itjust.works 6 points 4 days ago

Good to hear, thanks!

[–] InEnduringGrowStrong@sh.itjust.works 8 points 4 days ago (2 children)

The email is only stored locally and never used in federation.
So that's local admins only, and even then, only if you have access to the database itself.
Right now, that would be TheDude and me.

Emails aren't very useful to us admins.
Sure, spammers tend to use junk emails, but (some) legit users also do, so it's a bit moot to start looking at addresses en masse.
Basically the only time I even see any email address is if they have trouble with the initial verification email.
The email is very useful to allow users to reset their password, but that's an automated process, and not something we'd look at.

Peace

[–] ryedaft@sh.itjust.works 3 points 3 days ago (1 children)

But my client on my phone has my email as well though, right? Unless I used the browser on my phone.

[–] InEnduringGrowStrong@sh.itjust.works 5 points 3 days ago

Yes, your email might be saved in some app you've used to login, including your browser's saved credentials thingy.

[–] jballs@sh.itjust.works 2 points 3 days ago

Thanks I appreciate the info!

[–] neidu3@sh.itjust.works 6 points 3 days ago* (last edited 3 days ago)

Just to confirm the gist of what the admins have been saying in here, they don't really care about your address or even the fact that you're registered with your daily one.

Source: My account has an obviously bogus e-mail address associated with it. (I don't remember what exactly). By applying what little charm I have, I still have a valid SJW account.

Sure, I won't be able to do password recovery via email and other QoL stuff, but that's a sacrifice I'm willing to make.

[–] originalucifer@moist.catsweat.com 8 points 4 days ago

if its anything like mbin,and i suspect it is, the email address is keyed from the user account but doesnt leave that instance and isnt available to anyone besides admin.

[–] inlandempire@jlai.lu 6 points 4 days ago

Admins, or anyone having access to your hypothetical instance database breach / leak