Asklemmy

43852 readers

660 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago

MODERATORS

How much control/access does my instance owner haver over my account? (lemy.lol)

submitted 1 year ago* (last edited 1 year ago) by AchillesUltimate@lemy.lol to c/asklemmy@lemmy.ml

48 comments fedilink hide all child comments

I noticed that there were some accounts that were hijacked by the instance owners. All the posts from that user were then edited to say what happened.

This kind of surprised me, I figured instances could delete posts, but not edit them. So how much control do they have?

I assume they can't see my password (hopefully). Can they post in my name? Do they have all the access to my posts to foreign instances that they do over local posts?

Edit: thanks for all the responses everyone! I've wanted my own instance for a while, but maybe I'll get on it now

you are viewing a single comment's thread
view the rest of the comments

[–] Sal@mander.xyz 43 points 1 year ago* (last edited 1 year ago) (16 children)

Password hashing occurs server-side. Even without removing the hashing step an admin can intercept the plaintext password during login. Use unique safe passwords.
An admin can intercept the jwt authentication cookie and use any account that lives in the instance.
Private messages are stored as plaintext in the database
Admins can see who upvotes/downvotes what
These are not things that are unique to Lemmy. This is common.
To avoid having to trust your admin, run an instance.

[–] Psythik@lemm.ee 2 points 1 year ago (4 children)

Can you recommend a good free web host for running your own instance? I haven't dabbled in web development in over 15 years now, so I'm kinda out of the loop.

[–] afa@sh.itjust.works 3 points 1 year ago (1 children)

Oracle has a pretty decent free tier.

[–] Psythik@lemm.ee 1 points 1 year ago

Thanks

load more comments (2 replies)

load more comments (13 replies)