This may look like a weird question btw.

I see constantly people here worried about digital security, I see people using Tor, deleting social networks, and just sharing the different levels of security that they use.

So I was wondering, how safe is Lemmy? Sure it doesnt collect info like Twitter and Meta does, but that doesnt mean its 100% safe. So what are the main problems we can have here? Is there anything the 3 letter agencies could exploit? Is there any preventive measures users could take?

  • @pinkeston
    link
    21
    edit-2
    2 years ago

    So lemmygrad.ml is registered by somebody in the Netherlands while the server is hosted in Switzerland. Both of these countries are Western aligned so it should not be a big problem for the NSA to gain access if they really wanted to. If they get access to the server or the ISP serving it, then they can approximate your location and find out what ISP you’re using

    And if they get access to your ISP then they can find out everything about you since you registered with an ID

    If you’re in the USA, they 100% have near free access to your ISP. Everything you’ve ever done online has been logged in Utah and replicated multiple times across the entire country

    If you’re in the 5 Eyes they probably have a high degree of access through legal spying which they can then send to your country’s authorities

    If you’ve ever had any activity on any online communist space raw (no trusted VPN, no Tor), there’s a very high chance that all of that activity has been recorded on a database with backups and then replicated across multiple data centers in different regions, countries, or even continents

    If that online space is any modern American website, there is a 100% chance of this happening

    • @CriticalResist8A
      link
      62 years ago

      To explain some of that, we wanted to move the hosting to a non-5 eyes country, but also needed a host that could deliver infrastructure as well as DDoS protection and, if possible, privacy guarantees (that they won’t delete your hosting because you say stuff they don’t like). This Swiss host is the one we eventually found that fit everything, you can read more about them here: https://swissmade.host/en/.

      We would have moved the hosting to China to be completely safe but it was unfeasible at the time (need someone to speak Chinese and be able to make payments there which can be difficult).

        • @CriticalResist8A
          link
          52 years ago

          Probably, yeah, but I think we have a one year contract with the current host and we made the switch not long ago, like two months or so. @muad_dibber@lemmygrad.ml took care of it at the time so he can help you more than I with the technical stuff.

          • Muad'DibberA
            link
            22 years ago

            We could switch at any time, but this host is fine for now. If we start getting some warnings from them for being too communist, then it’ll be time to find another host.

    • nixfreak
      link
      22 years ago

      If you’re worried about the alphabet orgs. Only use 2048 bit encryption or higher , meaning only use RSA/ECC for all communications. The alphabet orgs don’t care about forums like this because it low threat level.

        • nixfreak
          link
          22 years ago

          Yes you can read about that with NIST also. There was a ECC algorithm that looked pretty deliberate (Dual_EC_DRBG). SHOR’s theorem uses quantum computing we don’t have that yet. Also there is post quantum algorithms getting decided by NIST. No NSA can’t break RSA or ECC curves unless the key itself is too small or the RNG or PRNG was tampered with. Also PGP/GPG is safe , alphabets can’t crack or bruteforce these. Just use anything over 2048 bit and make sure you have a long “passphrase” not password encrypted private key. Also for ECC check your curves https://safecurves.cr.yp.to/. I am a crypto guy and alphabet doesn’t have enough computing power to bruteforce these keys.