Not a public one no, but instance admins can see it.
And what is to stop someone from hosting content - like an image - onto their personal server, then collect the IP addresses of everyone who visits? e.g. couldn’t you receive a message in your DM, and without being asked, merely viewing the (auto-loading!) image could reveal that it was your account (that the DM was sent to) that came from the IP address that the image hosting server recorded in the incoming traffic?
Yeah, that’s certainly possible, and AFAIK Lemmy doesn’t really do anything to protect against it (they’d have to intercept any outgoing content fetches).
However, in order to do that, they’d need to make a honeypot account that posts to get that data. That’s a lot of effort for a border patrol agent to go through on a quick stop, so they’re probably only going to bother for specific targets. So unless you’re targeted, they’re probably not going to bother making an effort to gather that type of information. The big tech companies will just hand that data over (for a fee, of course), whereas the federated nature of Lemmy means your admin would need to do that, and I just don’t think that’s very likely.
That said, if you’re worried about it, practice good OPSec. Use a VPN, burner email addresses, and don’t post personal info (or if you do, post conflicting personal info as often as you post accurate info).
And they’re more interested in matching up user accounts to people, and there’s no public link there unless you provide it.
Not a public one no, but instance admins can see it.
And what is to stop someone from hosting content - like an image - onto their personal server, then collect the IP addresses of everyone who visits? e.g. couldn’t you receive a message in your DM, and without being asked, merely viewing the (auto-loading!) image could reveal that it was your account (that the DM was sent to) that came from the IP address that the image hosting server recorded in the incoming traffic?
Maybe I’m wrong? But that’s what I fear.
Yeah, that’s certainly possible, and AFAIK Lemmy doesn’t really do anything to protect against it (they’d have to intercept any outgoing content fetches).
However, in order to do that, they’d need to make a honeypot account that posts to get that data. That’s a lot of effort for a border patrol agent to go through on a quick stop, so they’re probably only going to bother for specific targets. So unless you’re targeted, they’re probably not going to bother making an effort to gather that type of information. The big tech companies will just hand that data over (for a fee, of course), whereas the federated nature of Lemmy means your admin would need to do that, and I just don’t think that’s very likely.
That said, if you’re worried about it, practice good OPSec. Use a VPN, burner email addresses, and don’t post personal info (or if you do, post conflicting personal info as often as you post accurate info).
THIS is indeed the way:-).