view the rest of the comments
Privacy Guides
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
- We prefer posting about open-source software whenever possible.
- This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
- No soliciting engagement: Don't ask for upvotes, follows, etc.
- Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
- Be civil, no violence, hate speech. Assume people here are posting in good faith.
- Don't repost topics which have already been covered here.
- News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
- Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
- No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
- No misinformation: Extraordinary claims must be matched with evidence.
- Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
- General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Additional Resources:
- EFF: Surveillance Self-Defense
- Consumer Reports Security Planner
- Jonah Aragon (YouTube)
- r/Privacy
- Big Ass Data Broker Opt-Out List
Also I'm concerned with where and how people's data is stored. Where are the account usernames, email addresses, and passwords stored? It sounds to me like each instance is a separate physical server, so you're 100% reliant on the instance 'host' to properly secure the data and maintain it. How does that work with GDPR compliance?
That scares the hell out of me...
That's why i chose the opportunity now, early in, to "move" to an instance in Germany. I still have to rely on the instance owner, but at least juristidiction is that same as where i live and GDPR/DSGVO is something i can somewhat count on. But in the end, it also is the question where the server is. Is the instance hosted on a QNAP NAS in someones basement or on an AWS instance in the US. That's my biggest gripe when everyone in the privacy community recommends federated stuff. The notion that some dude in Iowa or such is more trustworthy than some corporation is pretty questionable if you ask me.
Good call, I actually just did the same and deleted my .world account. I'm still not comfortable with the potential issues associated with having each instance hosted at the whim of whoever runs it.
lemmy.world is hosted in finland as far as I know and it is covered by gdpr. We know for a fact the corporations are datamining us, and you can see in your browser all of the third party requests and tracking code embedded in the html. I have had 0 blocks from lemmy.world hit my dns blocker. Nor anything blocked by the browser as there is no incentive and we would leave in a heartbeat if that were the case. Also it is a public forum so it comes with the usual don't put out what you don't want people to see. You point about the skillset of the admins is valid to properly secure it. Hopefully we can get some community whitehats to have a look at instances and the code itself
Don't reuse passwords, 2fa email, etc.
But really how different is trusting some guy with a server from trusting some corporation with a server farm?
Very, actually. A large corporation has the resources and staff to properly secure and maintain (both physically and digitally) their servers vs the decentralized nature where you don't know who is hosting it, or where. A large corporation can be held accountable for any data breeches or security issues, and are more able to report and respond quickly and properly to any security incidents. Individually run/maintained servers can vary greatly in technical support knowledge, hardware capabilities and security, and resources available to maintain the service.
That's even assuming the best in people and that those people running the servers are operating in good faith and not actively working to use peoples data for nefarious purposes. At least if a corporation is found to be acting in bad faith, they can be held accountable by some kind of regulatory body.
I dunno. I trust corps about as far as I can throw them - they're not human or sentient and they'll happily ruin you if it increases their profits by more than the amount they'll pay in fines.
Honestly, very. A large corporation has the resources to properly secure both physically and digitally their servers, keep up-to date in security threats and deal with them in a timely manner. If they don't, they can be held accountable for any data breeches or improper storage. Plus, ALL the servers of that corporation are secured to the same standard.
A bunch of dudes running servers in their basements has none of that, and their resources for managing/running/securing those servers vary greatly between them, and may even vary and change often depending on the server.
So yes, I trust a properly staffed/supported data farm vs individuals anyday in terms of security.
And that even starts off on the assumption that everyone running a server at all is aware of and concerned with securing the server and data properly, let alone bad actors who might actively try and subvert data integrity laws for their own gain.