Its all public anyways. Did you think you had privacy posting to a public forum?
you miss the point: instance owners have quite a lot more information on their user’s activities than what’s public.
or would you argue that reddit does not aggregate data because it’s all public?
instance owners have quite a lot more information on their user’s activities
Not really. Only thing additional that could be identified is browsing patterns while on the site itself. I don’t think it’s that valuable. You likely already gave up what you’re likely to see by commenting in communities. That’s going to be tracked best through a proxy or something, not lemmy itself. And can even be tracked externally through other means. Ex: This post has a tracking image on it and because you need to connect to me to load it I now see everyone that had loaded this comment. So this can be done externally without even being an instance owner. Click view source to see it at the end of the post.
Votes are federated, kbin instances see them as “likes” publicly. Messages are federated, sent in clear text. And posts that are loaded can be tracked via other means… Think of sites that display ads… They do this exact thing and collect information by the boatload because they can inject on every page that shows an ad. Without needing to be an admin on the site itself.
Edit: In theory someone could canvas/comment on every post with a bot and embed tracking images everywhere. Rotate usernames doing it from different servers and rotate through domains that are all cnamed back to the same tracking node and you could attack the whole fediverse with this type of tracking. Probably already being done… But it would be visible in that we have the ability to check source of each comment. But who the hell is going to take the time to do that?
Edit2: Here’s example of what was collected with that embedded image. Keep in mind that this type of tracking can happen with REAL images as well, making it impossible to track. And I’m specifically not tracking much of anything. But things like IP address used to access is on the backend. There’s also Browser, OS, referrers… etc…
In a recent Lemmy version they added support for proxying images. So for people worried about this, see if you can find an instance (or set up your own) that does image proxying.
Before you ask, I’m not aware of any but I’m sure there are some.
you are (still) missing my point - but i might be wrong as well (i am mot too familiar with ActivityPub).
my point is not that my public posts are in fact public and can be (and probably are) mined through unknown parties, but that instance owners have even more, probably more valuable info, like IP addresses from which not just geolocation but also wake times, device usage patterns and other gnarly stuff could be extracted, that could - together with other personalized surveillance info (like the usual adware stuff) - be aggregated to give a bigger picture.
just showing (as you did) that one can get some info about me through my (public) actions does not refute the point that instance owners have access to more, not-so-public information
