• BarqsHasBite
    link
    fedilink
    English
    3310 months ago

    So how would that work with Lemmy? If a company demands the IP of users?

    • Rikudou_SageA
      link
      English
      2310 months ago

      Guess that depends on the instance. Mine will sadly have a technical issue which corrupted the database.

    • recursive_recursion [they/them]
      link
      fedilink
      English
      13
      edit-2
      10 months ago

      For our instance we’ve answered that here:

      Reddit might be forced to hand out IPs of users frequenting piracy subreddits: how does programming.dev compare?

      edit: just wanted to share a great observation that was made by UlrikHD in our admin channel:

      “So if a company wanted to demand the ip of every member on a piracy community, they would have to contact every instance federated with that community then
      good to know”

    • gregorum
      link
      fedilink
      English
      9
      edit-2
      10 months ago

      Don’t browse lemmy with your naked IP. This isn’t the 90s. When using the Internet, wear a condom.

      • Johanno
        link
        fedilink
        English
        710 months ago

        As long you don’t do the “known illegal” stuff you don’t need a VPN.

        However if you upload copyrighted material a vpn is one of very many steps to ensure that the police won’t get you. A VPN alone does not provide any security. It delays at best the police

      • @Nighed@sffa.community
        link
        fedilink
        English
        610 months ago

        Ah yes, give your browsing history to the shady VPN company instead.

        Although that would help in this situation.

        • @yamanii@lemmy.world
          link
          fedilink
          English
          210 months ago

          At most you will get some targeted ads (if you use “free” ones), compared to fines and jail, I say it’s a good trade-off.

          • @Nighed@sffa.community
            link
            fedilink
            English
            1
            edit-2
            10 months ago

            A VPN either:

            1. Logs access/usage so it can be given to authorities. (And/or sold/stolen etc)

            2. doesn’t log usage data and willingly accepts that some disgusting stuff will be done using their service.

            1 might have to give browsing data if sued by a media company, 2 is ethnically bankrupt and shouldn’t be trusted at all.

            Doesn’t mean their not useful, just be aware of who you are giving your money to and the limitations of their protection.

      • @bamboo@lemmy.blahaj.zone
        link
        fedilink
        English
        3610 months ago

        IANAL but withholding evidence from a court order can hold you in contempt of court. I remember hearing a story of a person who was accused of having CSAM on an encrypted hard drive, and refused to decrypt it, and is in jail until he decrypts it. Just because you’re a person doesn’t mean you can ignore a warrant.

        • originalucifer
          link
          fedilink
          4110 months ago

          information itself is a liability. best to have a policy of ‘we keep no IPs in logs, so are happy to hand over whatever’… dump data the moment you dont require it

          • @Tangent5280@lemmy.world
            link
            fedilink
            English
            2710 months ago

            yeah, this sounds like a much more sustainable solution. Do it the way signal does it. Collect as little as necessary, and delete it as soon as you dont need it.

          • @cmnybo@discuss.tchncs.de
            link
            fedilink
            English
            710 months ago

            Just store what logs you need on a ram drive. The logs will be gone the instant the server shuts down and there is no way to recover them.

            • @nevemsenki@lemmy.world
              link
              fedilink
              English
              610 months ago

              Downsides include : if any intrusion happens on the server, red team just needs to reboot it to wipe evidence.

              • Perhyte
                link
                fedilink
                English
                4
                edit-2
                10 months ago

                If they have the root access typically needed to reboot a server1 they could also just wipe the logs without rebooting.

                1: GUIs typically have a way to reboot without such privileges, but those are typically not installed on machines just used as servers.

        • Davel23
          link
          fedilink
          510 months ago

          I looked into that guy somewhat recently, he was in jail for something like five years then eventually released. Kind of a sickening situation all around.

      • @esserstein@sopuli.xyz
        link
        fedilink
        English
        010 months ago

        With the federation does that also mean that the ip records are replicated? Because that would be a lot of parties that can be threatened, with only one required to give in…

    • @ripcord@lemmy.world
      link
      fedilink
      English
      8
      edit-2
      10 months ago

      Instance owners would have way, way fewer resources and almost definitely need to just capitulate. Assuming they even had the info to share, though.