moner.ooo domain renewal is up! Consider helping to fund it - monero.town
monero.town

So I was going through /all and this admin is snooping at vote counts for posts in his instance and then posting it publicly.

Just a reminder that these kind of petty people exist. Pick a trustworthy instance or better yet, host your own.

Archive: https://archive.md/oybyL

  • @[email protected]
    25 months ago

    Off day 😉

    I should have been more specific when I said website, as… If you scan my other comments, you might have the hint that I have access to one such Lemmy instance. And they federate with minimal effort. I don’t know how to automate it yet, but it wasn’t hard to do so manually.

    • 7heo
      15 months ago

      I’m actually curious to know if federated instances share the data of their federated instances… if so, there is a proper reason to be actually alarmed, as ACLs would essentially be cosmetic only.

      • @[email protected]
        15 months ago

        Can you be more specific? I might be able to hunt down answers.

        Recently, federation vulnerabilities got exploited by an ex-Truth Social employee who apparently believes consent is only when someone shouts “no” at him, so pretty much anything is possible (without even going through the effort of spinning some kind of proxy server, if I’m reading this correctly).

        • 7heo
          15 months ago

          Well, as in let’s say instance A is federated to B, B federated to C, A blacklisted C.

          So, clearly, A isn’t getting data about C. It will drop it on ingress (I expect).

          But, will C have access to the exact same data about A, through B, that it would have access to from A if not blocked by A?

          • @[email protected]
            25 months ago

            “Indirect federation” (what I ended up eventually trying to find info on) appears non-existent.

            That answered the question, I think, but it caused me to ask a few more, like this one:

            What happens if a community is on Server A and Person C wants to check out how Person B is interacting on it. I think, in that case, that Person C can check out Person B’s profile and see comments left on a Server A community, but they cannot navigate to the post itself because Server A would not send the content to their server.

            It’s relatively easy to switch servers, by clicking the little rainbow icon next to a particular comment to see the server where it would have been viewed in Person B’s context, but servers on their own are not running around scraping missing data… At least, not as they are currently designed.

            ETA: More background on the major defederation in question (mostly political, not technical)

            • 7heo
              25 months ago

              Thanks for digging and reporting on this, but I’m gonna take a break with my phone (the main way I interact with Lemmy), since it is such a steaming pile of shit.

              I’ll try to find a way to use Lemmy on a proper OS without using the horrendous web interface (hopefully there are cool clients out there), and then I’ll see. 👋