Like even if they have nothing else they could just leak IP is there any law against it ? Or any technical aspect stopping them ?

  • ryannathans@aussie.zone
    link
    fedilink
    arrow-up
    76
    ·
    8 months ago

    Ethically it’d be shitty and people don’t want to be part of an instance with shitty admins so people would migrate away. Technically, nothing unless you’re using a VPN. Welcome to the internet, the same is true for every website

    • wizardbeard@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      35
      arrow-down
      1
      ·
      8 months ago

      Also there’s the aspect of just… not caring. As someone who technically could read the email, browse the files, or track the apps installed and used on the phone of nearly any person where I work, any small bit of idle curiousity died before I was done my first day.

      Even if I was nosy, 99% of people are just not that fucking interesting. What would even be the point of abusing my access?

      I’ve seen someone put it like this: male gynecologists don’t get excited looking at lady bits at work.

      • TexasDrunk@lemmy.world
        link
        fedilink
        arrow-up
        8
        ·
        8 months ago

        I was able to do that for years. For me to give a shit what’s in your email you have to be more interesting than the rest of the internet, which pretty much means you’d have to be doing something at least borderline illegal and have it brought to my attention by someone who noticed it over your shoulder.

  • henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    30
    ·
    edit-2
    8 months ago

    An IP address by itself isn’t going to let you dox users unless you have access to the databases that map these to the subscriber accounts. Typically, you would need to be an ISP or law enforcement to do this, but you can also purchase this information from a data broker if you know what you’re doing.

    With that said, there is absolutely nothing stopping the instance operator from getting your IP address. You’re connecting to his or her computer which they own, so they can easily see where you’re connecting from.

    • BombOmOm@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      2
      ·
      edit-2
      8 months ago

      A notable way to protect against this is to use a VPN. Then the operator only knows you use a VPN.

      Also need to be careful of what you write in comments (this is a public forum!). People sometimes write a surprising amount of detail about their life and it makes it much easier to narrow you down to a single individual the more you do it.

      • givesomefucks@lemmy.world
        link
        fedilink
        English
        arrow-up
        23
        ·
        8 months ago

        Eh, have faith in people

        Even on Reddit, I was always 100% honest about living in Monetenagro as a Canadian Mexican immigrant. Sure life is busy as CEO of Disney but I always make time to attend a Lakers game with Leonardo DiCaprio when I’m visiting Panama.

        But to comb thru a large account would take a bot to look for keywords and frequency mentioned.

        So if you’re concerned about it, a less honest person could just randomly make outrageous but specific claims. Even when in the same comments and obviously contradictory, it would throw it off as long as you’re not constantly disclosing identifying information

        That’s how I was able to become Batman and buy a house in Tokyo anyways

  • southsamurai@sh.itjust.works
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    8 months ago

    Serious answer: nothing except their own lack of access to anything except the ip address and whatever you give them.

    But that’s easy to counter with a VPN and a bit of common sense.

  • Undertaker@feddit.de
    link
    fedilink
    arrow-up
    17
    arrow-down
    4
    ·
    8 months ago

    Oh my… This whole thread is literally the best of ‘Do you have something to hide?’, ‘Why should they use it?’, ‘What could happen?’, ‘That’s paranoid’ and so on.

    Really disappointing.

  • sudneo@lemmy.world
    link
    fedilink
    arrow-up
    12
    ·
    8 months ago

    Technical measures are impossible in this particular case. However, I would say that the complete lack of benefits or incentives makes it very unlikely. Doing so could be illegal and collecting data which is otherwise useless is only a liability and a waste of resources. Basically the admin own self-interest I would say is what’s stopping them. That said, if someone is individually afraid due to a bad relationship with an admin, then personal motives could void the above, in which case, they should change instance probably or use a VPN at least.

  • Omega_Haxors@lemmy.ml
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    8 months ago

    You’re connecting to their servers. They’re going to get your IP. This is unavoidable.

    They can even * [gasp] * read the messages and things you willingly post onto their servers.

  • LWD@lemm.ee
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    8 months ago

    There’s not much to prevent it from happening. They could lose standing in the community. They could be given legal trouble, and they could be attacked in return by people who knew which server owner was responsible. But that’s pretty much it.

    There’s also a much lower bar for entry when it comes to running a server. All you need to “be” is technically competent. You don’t need to be very good at security, and you don’t need the temperament of a reasonable person.

    And when that’s the case, data might be leaked even indirectly.

    Two Mastodon examples come to mind.

    • One administrator shut down their servers after being accused of transphobia. They could have done anything after having a bit of a public meltdown, so that was the best case scenario.
    • Another server administrator was raided by police, and all the contents on the server were made accessible to them.
  • arran 🇦🇺@aussie.zone
    link
    fedilink
    arrow-up
    6
    ·
    8 months ago

    Don’t let your guard down but at some point trust and risk consideration is required for most systems to work. If you’re after solutions; you could run your own node in the cloud and federate it.

  • ɐɥO@lemmy.ohaa.xyz
    link
    fedilink
    arrow-up
    7
    arrow-down
    2
    ·
    8 months ago

    Nobody cares about ips. This is mine: 193.81.127.151 . Try to find out anything about me exept my approximate location.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    5
    ·
    8 months ago

    They have no business incentive for it, contrary to most other websites that are funded by targeted advertisement which basically means doxxing their users to advertisement companies.

  • bloodfart@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    8 months ago

    Nothing stops them.

    Don’t worry too hard about the ip though, there’s plenty of servers still running versions with insecure pms and that seems like a much bigger problem than ip addresses.

    What are you concerned about? maybe I can help you figure out a way to mitigate it.

      • bloodfart@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        Well, ip leak would be useful for me if I were trying to figure out your general location, the specific edge device that you’re behind or if I were compiling a massive dataset to find a vulnerability.

        In the first case, don’t worry about it. Ip addresses are allocated to the provider and dynamically assigned such that without a huge corroborating dataset or at least a couple of recent delivery records cross referenced to an online order someone can’t reasonably figure out your home address from it.

        The second thing is inherent to the design of the internet, but the danger of someone knowing the ip of the edge device you’re sitting behind can be mitigated by securing that device. The easy stuff would be like turning off web console or snmp on wan, picking a good password, making sure its firmware is updated etc. if you’re forwarding ports or self hosting it gets more complex but that’s how you can make it “okay” that anyone could know your ip.

        The third thing is complex and at this point requires a fundamental change in the way you view computer&web usage, communication and most likely a subscription to some scrubbing service. Sorry, we live in the bad timeline.

        All three can be either mitigated or assisted by the use of a vpn. You have to pay for a vpn, the free options are monetized by bundling and selling the data that goes through them.

        If there’s something I missed or whatever, lmk.

          • bloodfart@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            8 months ago

            Get a vpn. It’ll make you less worried.

            The gold standard is mullvad paid for with cash, but lots of stuff blocks their exit ips so if you get pissed off by that, use express or nord or whatever gets high ratings from websites that see if their exit nodes are blocked.

            • Zoot@reddthat.com
              link
              fedilink
              arrow-up
              1
              ·
              8 months ago

              Tor is also so ungodly slow as a browser. At least in mt experience many years ago. Plus one on the VPN. Best way to stay hidden unless someone REALLY wants to know who you are, and has big money behind them.

          • bloodfart@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            8 months ago

            I just want to comment again and say that the obfuscation that a vpn provides is only one part of concealing your identity. Your browser identifies itself with a unique token every time you visit a website and if that site asks to see your cookies the browser will happily let them, giving another avenue for tracking. Sites often use tracking pixels that report the screen rendering geometry which pretty much identifies your browser and device and if all else fails they can just clock the only motherfucker running arch and ice weasel coming out of the expressvpn chicago node.

  • h3ndrik@feddit.de
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    8 months ago

    Yes, there are laws against doxxing in several countries.

    There is no technical aspect stopping it. Every website has your IP, sometimes also the people you chat with or write emails to, as this might (or might not) be part of the meta-information.

    An IP address is a boring piece of information. Usually you can just infer the country and which internet service provider someone uses. You’d need to sue the ISP or get a court order to get the name and address of who’s using that IP number.

    Running these services is a lot of work and requires some skill, at least to do it sustainably. Usually it’s certain people who are dedicated enough and willing to put in the effort… They are motivated to build something or help people. That’s what drives them. It’s somewhat unlikely but not impossible that they participate in malicious behaviour. Sometimes internet drama happens. But users aren’t stupid either.

    (But people who want to destroy and troll, rarely have the character traits to succeed at something like this. You’d pass on easier methods to wreak more havoc, to instead spend time learning webhosting, Linux, build up a community and maintain the server… You wouldn’t do all of that unless it were worth it. I can only imagine that happening in a targeted attack that pays a good amount of money. Or a really good amount of internet fame because you doxxed a high-profile celebrity or something like that.)

    • The wild card@lemmy.todayOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      8 months ago

      So your whole argument is based of the kindness of admins ? I get that you are trying to see the good but still

      • Troy@lemmy.ca
        link
        fedilink
        arrow-up
        5
        ·
        8 months ago

        The kindness of admins is a requirement of pretty much all internet infrastructure. Email servers are the same, no? And it gets even harder with proprietary networks – if the admins are being unkind, you can just switch discord servers or whatever. Anyway, I digress.

      • h3ndrik@feddit.de
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        8 months ago

        What’s your question? I mean different types of services exist. You’re currently on a platform powered by volunteers. If you don’t like it, there is alternatives like Reddit which is a commercial / for-profit company.

        We have projects like Lemmy, Linux and the whole Free Software which somewhat relies on kindness and giving. It’s the same for charity, your schools extracurricular club where parents and teachers volunteer their time and energy. Or bring cake to a special day.

        And with the “trust”: I think it’s more nuanced. You also rely on other peoples kindness to stop at the red light at a traffic junction and not crash into you at full speed. Theoretically nothing is stopping them. It’s the same concept, you’re forced to cooperate sometimes and rely on other people to abide by the law and also cooperate. It regularly works fine. Just make a good choice whom you trust and why.

        You don’t need to worry about your IP. It’s really not a big deal if people know it… I’d have a look at who’s running a service once I upload private documents with my finances etc, photos of me… More than random ramblings. And experience shows also the services that don’t rely on volunteering aren’t a safe bet. Most of the big companies and platforms have been hacked. https://haveibeenpwned.com/ lists my email AND password has been lost at least 3 times by the big players.

        And regarding you specifically… I already know enough about you by reading your public posts. You’re probably from the USA. At least I didn’t find comments in other languages, and statistics tell me people here are either american or german. You use Android, know what FOSS is, seem to like it and play things like Supertuxkart. You like to waste some of your time in meme communities and casual conversation and just created this account yesterday. And you talk a certain way which makes me think this isn’t your first time on the internet. What else am I supposed to deduct by knowing your IP?

        You’re right asking the question “should I trust you with my data”. That is why I don’t use Facebook, Microsoft, bonus cards, TEMU…

        • The wild card@lemmy.todayOP
          link
          fedilink
          arrow-up
          2
          arrow-down
          2
          ·
          edit-2
          8 months ago

          Woah you were close

          like it and play things like Supertuxkart.

          Wrong . I hate playing any and all games.

          just created this account yesterday.

          And you talk a certain way which makes me think this isn’t your first time on the internet.

          There was a post about me moving my account on casual conversation.

          Other than these two mistake you mostly nailed it

          • h3ndrik@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            8 months ago

            Hehe, we seem to share a few things…

            I mean we’re often predctable, and while Lemmy is somewhat diverse, most people I meet here are either American or German and males from, lets say 20-40. And there are certain types prevalent. Like the Meme-Lord, the casual Linux expert, the normal guy or the agitated opposer. Some people fulfill multiple categories or like being a bit schizophrenic on the internet. But I’ve also met people with crazy niche interests, or trying new things, so there is that.

            And I can’t really tell: Playing devil’s advocate, participating in memes and internet culture and having multiple sock-puppet accounts for different use-cases are fairly common and make it difficult to judge a person. And my own behaviour is also very different in real-life than what I do here.

            • The wild card@lemmy.todayOP
              link
              fedilink
              arrow-up
              2
              arrow-down
              2
              ·
              edit-2
              8 months ago

              Huh never knew germans where the other popular category here i guessed that usa would be one of course. You learn somethin everyday i guess.

              • h3ndrik@feddit.de
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                8 months ago

                It’s been the same on Reddit, so I think with lots of people coming from there, it’s just the logical consequence that we get the same demographics here. My perspective might be a bit skewed on that… I’ve also talked to some British and Canadian people here. There’s some server statistics (on Fediverse observer or something) that reflect a similar thing with the origin of the servers. Ultimately I like platforms like this for connecting people all across the world.

      • Kissaki@feddit.de
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 months ago

        Their comment started with mentioning laws. That’s more than betting on only kindness.

      • catloaf@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        All of society runs on people acting on the goodness of their hearts.