It’d be nice to (eventually!) see a link laying out a privacy policy for the instance, something like: https://newsie.social/privacy-policy
I’d especially be interested to know how long you associate the IP addresses we visit from with our accounts, who can see that info (and our emails), what other PII you store, and how long deleted posts/accounts are stored for.
(Totally get and very much appreciate that smorks &co have a lot on their plates just getting this place off the ground, not trying to demand additional work, just a suggestion. Seems like it’d take some thinking to balance with eg. a good backup regimen.)
As someone who sticks seeds in the ground and waits for rain, I enjoy the open discussion around balancing privacy/security/anti-spam bots. Although I may not understand all of it, this feels like a good discussion to have in the open. Big thumbs up from me, also is there a option to toss a coin to my Witcher(ie the person paying for back-up/server space). Due to the inconstancy of rain, money is tight but when I could spare a coffee for a stranger holding down the instance? Thanks again @smorks for your hard work.
is there a option to toss a coin to my Witcher(ie the person paying for back-up/server space
Isn’t very easy to find if you are using the app and took me a while to find myself, but on the main page there are these donation platforms listed:
https://liberapay.com/lemmy.ca/ https://opencollective.com/lemmy-ca
i would like to post a privacy policy when I have some free time.
as for your IP, i am anonymizing the ip stored in the nginx logs, basically just storing .0 for the last digit if the ip address, adapted from here: https://www.supertechcrew.com/anonymizing-logs-nginx-apache/
that used to be in one of the lemmy recommended nginx configs, but it appears to have been removed. but it’s still being used on this instance, and I should double-check to make sure it also works for IPv6 addresses.
i also don’t know if the IP is stored in the DB as well, i’d have to look through the lemmy code/tables to see if that’s the case.
i’m currently the only one with access to the server itself, so it would only be me who has access to that info.
i don’t think there’s any other PII that is stored?
As for how long deleted posts/comments/accounts are stored for? i’m not entirely sure. i know that typically deleted posts are just flagged in the db as “deleted”, but i think it also changes the content to
deleted by creator
or something, and i don’t believe there’s any way to get the original post/comment back? there’s also a way for admin’s to purge users/communities/posts/comments, which deletes them from the database, but i don’t think there’s anything that does that automatically after a certain time period.I know i have a lot of “i think”'s in there, so all of this is a best guess. I’ll do some digging and testing at some point so I can firmly answer these questions.
Thanks! That’s everything I’d hoped to get rolling and then some so clearly you have it well in hand.
Really what I was aiming for was a recognition that we shouldn’t have to guess about this stuff and it should be straightforwardly laid out. Of course that’s rarely the case but I see Lemmy as a way to collaborate in building the sort of social media we want rather than what we’re given as a byproduct of other’s interests.
Deletion on other instances isn’t something we can control but we can point that out so people understand. And for our part we can understand what’s happening on our systems, ensure it’s in line with what we want (eg. if it isn’t expunged you can add a cron job to do it after X days or w/e) and be transparent about it.
I didn’t expect that you’d go as far as not logging exact IPs at even the the HTTP level, I fear that you will have to walk that back a bit over time in order to use things like
fail2ban
and more sophisticated tools to quickly respond to abuse and DoS attempts. Alas time and time again has proven there are some people out there who just like to mess with stuff and we need to be proactively resilient against what’s unfortunately inevitable. Similarly, there’ll be more subtle stuff like it becomes obvious that some set of IPs has been used in mass creation of accounts for sockpuppets or LLM bots and it’d be useful to retain them for a bit so we’d have the option of going back and reviewing what they put out.i don’t think there’s any other PII that is stored?
We have the option to give your our emails too, is that only visible to you?
I know i have a lot of “i think”'s in there, so all of this is a best guess. I’ll do some digging and testing at some point so I can firmly answer these questions.
See? Right person for the job. Holler if you need anything, I get a general sense there’s a willingness to pitch in around here.
We have the option to give your our emails too, is that only visible to you?
yes, that’s only visible to me. 99% sure that it doesn’t leave this instance.
See? Right person for the job. Holler if you need anything, I get a general sense there’s a willingness to pitch in around here.
agreed. everyone has been super supportive and helpful so far. i will let you know what i find, and will reach out if i need help with anything. thanks!