Good Bod! Now see what thou doeth.
DivergentHarmonics
joined 2 years ago
Apart from the list of items being somewhat generic and IP address just being unobtainable as someone else pointed out, it's just saying that they get data about users by means of the normal functioning of federation. It's ok in the same way as the server that originally hosts this community we are posting to (lemmy.ml) necessarily getting user data from our "home" servers we are posting from (feddit.de, sopuli.xyz), is ok. This is how we want it to work.
They would have to modify it for the other, "third party" server through which the user interacts with theirs, though.
Being annoyed is only one of the reasons for shying away flies but most times it would be waste of energy and attention.
Oh, i never experienced this. My thought is rather, "nobody will call anyway" ... that said, perhaps it's because i'm largely living outside of online buseness. Location: Europe mostly. What busenesses are you talking about, out of interest?
Obviously, never enter your real number in a web form unless the service depends on you getting called back ... in which case you likely would have called the company by phone anyway.
This is true for practically every online service ever.
Sorry i have to correct this statement. Unless all encryption can be broken one day (which is a different discussion), end-to-end encryption can be seen as private ... if both parties can trust each other to keep it so.
One can see if a service/app does e2ee if they (best) ask you to enter your public key (and only that) which will be shared to others to enable them to encrypt messages to you (such PMs can only get decrypted with your private key which is stored nowhere but on your own devices), and verify signatures done using your privkey. In the second-best case, an application will generate a key pair on your device and instruct you to store away the private key it just generated somewhere safe and protected by a long passphrase because if you lose it your PMs can not be recovered.
Interestingly, the ActivityPub protocol and IIRC also the Lemmy database have a "public key" field which could be used for e2ee purposes but the functionality is just not implemented.
That's a feature not a bug!
Actually, users should not be required to trust the browser storage or in-app key generation, but be enabled to enter their own pgp key.
Yes, they are 2-stage bunker-penetrating ammunition. Which, from this perspective, doesn't seem to be very effective against bridges.
kɛɪ 🤷