This isn’t how any of this works at all. Defederation does not increase your privacy from them. That’s not how federation works. They still will see your posts. Blocked or defederated. You just won’t see theirs. Blocked means you filter out their content. But they could theoretically show up in comments. Defederated means it won’t populate. But it doesn’t mean your content won’t get populated there. They simply can’t comment on content from or direct message folks on a server that defederated them.
Privacy through obscurity is as bad as security through obscurity.
Any real danger Meta presents is looming regardless of federation. I’m not against defederation. I’m just against defederating without purpose. And to be honest, what I’ve heard so far leads me to believe defederation will be my likely call if and when Threads goes live with ActivityPub (well, defederate with their primary instances at least, not sure of the details of how one can defederate with every Threads based instance, though it may be simple). But I don’t even know if they’ll federate with Lemmy/Kbin to begin with and I do not want to start some trend of instances needing to act on hypotheticals.
Tl;Dr - defederation does not increase your privacy at all. Not saying you shouldn’t defederate for other reasons, but your exposure is absolutely unchanged one way or the other. This article has federation entirely wrong.
To be fair I do not expect any privacy protections from lemmy/mastodon in general, or from blocking/defederation in particular.
Lemmy/Mastodon protocols are not really private, as soon you place your data in one instance your data is accessible by others in the same instance. If that instance is federated this extends to other instances too. In other words the system can be seen as mostly public data since most instances are public.
The purpose of blocking or defederation (which is blocking at instance level) is to fight spam content, not to provide privacy.
I do sort of expect the Lemmy instance to protect my IP address, email associated with my account and whatever fingerprinting can be done in the browser as well as protect any Javascript they use from injections of third party Javascript, but only when accessing the instance, not when following external links or otherwise loading external content (e.g. images hosted elsewhere).
Fair point (IP, email, browser session data). Those should not be exposed via the federation in any way. And the existence of the federated network means we could switch instances if we are concerned our instance is a bad actor about this.
I did not mean to suggest the ecosystem is not valuable for privacy. I just really don’t want people to associate federation with privacy protections about data that is basically public (posts, profile data, etc). Wrong expectations about privacy are harmful.
Lemmy isnt’t meant to be private, it’s a public forum. One should fully expect everything one posts to be seen by anyone. Assume Meta is using all your Lemmy posts to try and build a profile on you - be careful how much personal info you post.
Also periodically delete your account and start a new one with a new name. Harder to build a profile on you if the data is spread between unrelated accounts that don’t reference each other.
Or has AI made this untenable?
Depends what your trying to hide and from who. Someone trying to stay anonymous from creepy dudes is fine (ops sec best practices should be used if one wants to stay anonymous). If someone with resources (say some agency) wants to figure out who you are, they can de-anonymized instantly due to all the tracking that’s out there, plus any subpoena power they might have, it’s a wrap. “AI” doesn’t even need to come into play (not that I even know what you mean by AI)
Is that it then? The best privacy we can expect to have is to never be looked upon by Sauron’s Eye?
There must be atleast one community out there who specialises in privacy that even the acronym boys can’t see.
Honestly I think the answer is a depressing no. Your face is already on some facial recognition software somewhere (most likely). If you pay for an internet connection, your IP will be able to get traced back to your real world identity. If you have a cell phone or use a modern computer, there is so much finger printing and tracking going on that its basically a lost cause.
Now there are steps you can take to fight for your privacy, but if you take part in the modern world, I don’t think there are any easy steps. The acronym boys have access to all the identifying systems and much more.
Now if you are serious about guarding your privacy, there are steps to take and a more privacy focused forum/board/community can give better pointers than me, but if you are looking to not be identifiable or untraceable by a state actors, that’s some real spy level shit. Remember “they” can find and identify the serious cyber criminal players, but most of the time these guys are in countries that dont have extraditions to the US. An anonymous cyber criminal only has to fuck up once to be uncovered
All content on Lemmy are public by design, you can collect any data by just connecting to any instance, they don’t need a full on federated instance. Threads changes nothing as far as privacy is concerning. Don’t post anything you don’t want to be spread all over the internet, with no way to remove it.
You should read the article first
The case with Matisse is absolutely horrifying.
Sort of reminds me of that Google thing, I think it was when they started Google Plus when they had this braindead idea of adding everyone in your phone book without your consent.
Here is a major red pill that no one from this community will ever shallow:
You will never be 100% anonymous.
Come on, Lemmy.world, take a moral stand now, I stead of “wait and see”- reminds me of appeasement just before ww2, and yes, I’m going to enact Godwin’s law, meta are the fucking Nazis and guess who Hitler is.
(Written only somewhat tongue in cheek)