I would be cautious about viewing any Lemmy.world communities right now, and the Beehaw admins should make sure their credentials are locked down in case they get targeted next.

  • Dankenstein@beehaw.org
    link
    fedilink
    arrow-up
    26
    ·
    1 year ago

    Just because Beehaw is defederated from this instance, that does not mean that visiting a recently compromised server will not cause your credentials to be compromised.

    • BrikoX@lemmy.zip
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      Read the post again. It was specifically mentioning viewing lemmy.world communities, which is not possible through beehaw.org due to defederation. All you would see is the content before defederation.

      • Dankenstein@beehaw.org
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        I don’t have to read the post again, nobody should be accessing hacked servers and expecting their credentials to be safe.

    • TheOtherJake@beehaw.org
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      No user data like credentials gets transfered. Everything between instances is done with bot like helpers that do the data transfers.

      • Dankenstein@beehaw.org
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        That’s the problem, they don’t. If you have them stored anywhere on the device you view the communities with, your credentials are not safe.

        Edit: this was for someone else.

        Anything can be transferred without your knowledge. Do not access hacked servers while expecting privacy.

        • jarfil@beehaw.org
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          That would require your device to get hacked, not just the server.

          As for privacy… there is really little of that on Lemmy or the fediverse as a whole.

    • SatyrSack
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Why would a “foreign” instance need to know my credentials from my local instance just to allow me to browse that foreign instance?

      • Dankenstein@beehaw.org
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        That’s the problem, they don’t. If you have them stored anywhere on the device you view the communities with, your credentials are not safe.