Hi every lemmy. I’ve just stood up a couple new instances and I’ve been hanging out in the Admin chat over at https://matrix.to/#/#lemmy-support-general:discuss.online. Someone there asked if they could view subscriptions so I wrote and shared the sql query. (could I have done better on the joins with 2 joins to instance?)
And that’s when I realized what an invasion of privacy that is. Maybe there’s an easier way to do it but could we add optional support for user key pairs, so that if I associated a public key with my account, everything related to me in the db gets hashed with that key? Then I provide my private key at login?
I say optional because I know that’s hard for a lot of folks. But maybe there’s a way to make it easier with something like letsencrypt at sign up so it would be trivial for everyone to do it… Or maybe there’s a way to do it globally with a central key common to all instances, perhaps paired with instance specific keys?
I understand there’s other aspects of user activity that would be best made private to so this could also work, say for votes or whatever else.
This sounds like it would achieve data at rest - It’s a good idea in theory but i’m not sure how sensible this would be for Lemmy?
Even if our subscriptions are protected, the server would need some way to establish what your followed communities are to populate your feed… Because of this it could still be possible to identify a user’s subscriptions, maybe via looking at proxy logs or outgoing traffic?
Would be useful if someone more knowledgeable had some input, I’m not really a cryptography guy myself 😅
Tbh, if you did a GDPR request to some site like the Alien R, part of that result package will include a plaintext list of communities you follow…