this post was submitted on 11 Aug 2023
285 points (93.6% liked)

Technology

59575 readers
3615 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Note: This post now archived and as such no longer works

An external image showing your user-agent and the total "hit count"

you are viewing a single comment's thread
view the rest of the comments
[–] krayj@sh.itjust.works 21 points 1 year ago* (last edited 1 year ago)
  1. If you are planning on hijacking one of their online accounts, then obtaining all possible intel about someone helps to make phishing their other service providers easier. Knowing someone's IP address means you instantly know what city they are in and who their service provider is.

  2. If you are trying to reveal someone's true identity and you have already learned of their IP address through some other means, then this would allow you to reveal their identity on lemmy. Example: an employer already knows the home ip addresses of their employees who work remotely and vpn into the company office. They see someone on lemmy sharing insider info about the company they would rather not have shared and suspect the lemmy user is a disgruntled employee and send them a dm with tracking pixel to verify whether that lemmy user's ip address matches the addresses of any of their employees.

  3. Consider the case of someone thinking they are anonymous and boasting about some activities that might be legally questionable, then consider some law enforcement agency using tracking pixel to get user's ip address. If the lemmy server is outside of jurisdiction they might not be able to subponea the lemmy instance admins for that user's ip address, but now they don't have to. With the IP address they can just subponea the isp to get the user's identity. This could be over criminal activity...or maybe just something like admitting being gay in a country that sentences to death for that.

These are just three examples...there are countless other examples just as bad.

TL/DR: it is a significant security breach to allow 3rd parties the ability to use the platform to expose user's ip addresses, and even worse when it can be targeted at specific users (such as the DM scenerio that is also affected).