Trying to wrap my head around the fediverse. Is each instance like another person with a server? Could that person just shut it down whenever they wanted to?

Are there any companies that have invested in hosting Lemmy/ other fediverse servers?

Sorry I’m sure I messed up some of the terminology, I hope my questions make sense! I love the idea of the fediverse as I understand it, but I like to dig into these details.

  • viking@infosec.pub
    link
    fedilink
    arrow-up
    22
    ·
    9 months ago

    Is each instance like another person with a server?

    Individual person, group of people, nonprofit, company, governments, political parties, whatever. Anything goes.

    Could that person just shut it down whenever they wanted to?

    Yes. That’s why it’s advisable to join one with a dedicated group of committed individuals, or run your own. Joining super small servers might sound nice, but the owners might just ditch it.

    Are there any companies that have invested in hosting Lemmy/ other fediverse servers?

    There are some run by companies, yes, for example social.bbc which is run by the British Broadcasting Corporation. gruene.social is run by the Greens (political party) in Germany, and social.overheid.nl is operated by the Dutch government.

    There will probably be some company-run instances that don’t allow user signup, since all they do is feredate with everyone and exfiltrate data. It’s what people do…

      • viking@infosec.pub
        link
        fedilink
        arrow-up
        8
        ·
        9 months ago

        No, I mean companies that have only one objective - gather user data. Advertisers, marketing agencies, AI language models, corporates. If they federate with other instances, they essentially copy all posts and messages (including private messages!) over to their own server, and can then run it through data analytics software for whatever use case they have, try to match your user profile to other advertiser profiles they already have on you, etc.

        And there’s nothing you can do about it, that’s simply how a decentralized network works. Every node in the system can see all the data and use it as they see fit.

        • TWeaK@lemm.ee
          link
          fedilink
          English
          arrow-up
          7
          ·
          9 months ago

          And there’s nothing you can do about it, that’s simply how a decentralized network works.

          It’s also how the internet works, and you wouldn’t need to set up an instance to scrape the data from lemmy.

          • viking@infosec.pub
            link
            fedilink
            arrow-up
            5
            ·
            9 months ago

            True, what I mean is that federation removes the need for scraping since the data is delivered to you in its purest form.

            • TWeaK@lemm.ee
              link
              fedilink
              English
              arrow-up
              4
              ·
              9 months ago

              Yeah API access is more efficient for the host than delivering the human-viewable content. Hence why Twitter and others always used to have their API open, so they could minimise the load from scraping.

        • solrize@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          9 months ago

          I’m of the impression that only the origin and destination servers see any given private message, but I haven’t verified this. Anyway, don’t expect them to be really private. I’d worry more about reddit since pm exchanges there can be intensely private, there is a single evil corporation saving them all, and the user population is mostly oblivious to that.

          When I’ve had something private to discuss with a reddit user, I’ve asked them to switch to email. They are sometimes willing but not always.

          • TWeaK@lemm.ee
            link
            fedilink
            English
            arrow-up
            4
            ·
            9 months ago

            I’m of the impression that only the origin and destination servers see any given private message, but I haven’t verified this.

            It’s a bit more than that, when a client connects to lemmy they connect to all instances with displayed media. This includes thumbnails. Even inside a post, you’ll connect to every user’s instance to get their profile thumbnail. This could be quite exploitable, as the federated instance is always the user’s instance, not the instance of the community they post in - it would be possible for someone to fish for IP’s by setting up their own instance and posting on a popular community.

            /u/sunauras@lemm.ee is making a new UI that apparently handles all these calls a different way, without connecting everywhere. It’s still a work in progress (you can’t comment there yet) but it looks promising.

            • solrize@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              9 months ago

              Thanks. Lemmy’s privacy story is actually kind of bad. Like if you read a post, the instance retains that fact, to support features like “show unread posts”. But that means not only is your posting history public, but your reading history can potentially be exposed.

              That’s the main reason I sometimes think of running my own instance. It would receive all the posts from every community without revealing which of them I bothered looking at.

          • viking@infosec.pub
            link
            fedilink
            arrow-up
            4
            ·
            9 months ago

            Signal messenger allows you to set up user handles since the latest beta, and they can be discarded and changed at any time, that’s great for privacy.

          • whoreticulture@lemmy.worldOP
            link
            fedilink
            arrow-up
            2
            ·
            9 months ago

            Could someone set up a private multi-user instance? I’m imagining like an instance with just a few friends, where you share content from other instances but noone can see what is shared there except the people invited in.

        • jaybone@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          9 months ago

          Didn’t think about DMs. Can’t they keep a private key for you in your home instance and then encrypt all DMs to external users with their public key which the home instance makes available for that user?