Hi every lemmy. I’ve just stood up a couple new instances and I’ve been hanging out in the Admin chat over at https://matrix.to/#/#lemmy-support-general:discuss.online. Someone there asked if they could view subscriptions so I wrote and shared the sql query. (could I have done better on the joins with 2 joins to instance?)

sql query to all user subscriptions

And that’s when I realized what an invasion of privacy that is. Maybe there’s an easier way to do it but could we add optional support for user key pairs, so that if I associated a public key with my account, everything related to me in the db gets hashed with that key? Then I provide my private key at login?

I say optional because I know that’s hard for a lot of folks. But maybe there’s a way to make it easier with something like letsencrypt at sign up so it would be trivial for everyone to do it… Or maybe there’s a way to do it globally with a central key common to all instances, perhaps paired with instance specific keys?

I understand there’s other aspects of user activity that would be best made private to so this could also work, say for votes or whatever else.

  • Scrubbles@poptalk.scrubbles.tech
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    Against the grain, but I don’t think users have an expectation of privacy here. This isn’t on some data dashboard for everyone to see, this is admin specific, and even then currently it’s not exposed in an admin panel even, it’s only here.

    2 big things that I have already done as an admin that uses this.

    • Querying for bot accounts. I had open signups for a while and wanted to know if anyone had signed up for my instance but had no subscriptions, something theoretically that would root out some bots, and it did.
    • Querying for trolls. I run a safe space instance where I aim to have quality content. For the time being I allow downvotes, but I keep an eye out for trolling. I have a script that shows me anyone with negative “karma” or who downvote more than they upvote. This way I know who my bad-actors are and I can keep an eye on them.

    Some may say it’s too far, but meh, don’t be a jerk on my instance. It keeps my other users happy so I’ll continue to do it.

    Finally, none of this is PII I’d say except for the email address, which is also something that’s allowed to be a spam/throwaway email. If a user wants to sign up completely anonymously that’s completely up to them, from a lemmy perspective, it’s a binary “should this user be banned or not”