Posts on NSFW communities on Burggit are inaccessible to visitors of the site who are not logged in, meaning these communities can only be browsed pseudonymously. There are two reasons why I think this restriction should be lifted:
- Security and privacy: Some people on the internet may wish not for their browsing habits to be connected to an account and may wish to minimise identifiers. Some browse the internet with cookies disabled. Some have to live paranoidly on the internet due to where they live and other life situation reasons, and these people won’t be able to enjoy the NSFW communities on Burggit.
- Discoverability: To check out NSFW communities, people have to register an account, so it’s not possible to make a decision after seeing if you like the instance. Previously, you could browse Burggit’s NSFW communities on lemmynsfw.com without an account but after they defederated, this isn’t an option either. There might be other instances you can use now, but it’s not a good idea to count on other instances for this purpose.
I’m curious about what you think about this.
deleted by creator
They could, and it would create a waste. Further extending the problem, if someone wants to limit links to viewing habits and some identifier (an account), they would need to create a brand new account every single time they browse an instance. This also does not address the no-cookies problem.
Sites with NSFW content usually display some warning about how you must be X years old and so on. I imagine once the toggle is implemented, such a warning can be displayed. This isn’t a good enough reason to require the creation of an account anyway IMO.
deleted by creator
I’m talking about how wasteful it is for the instance. Names will be taken and orphaned forever. If, again, someone creates an account each time they browse the site, which is reasonable as things stand, it’s wasteful for the instance. Not to mention it’s a waste of time for the user (and for the admin if they decide to run and then run a cleanup script), which is a more important resource.
You can always do a database query to delete accounts that never posted and haven’t logged in for a year.
An email is not required, it doesn’t make sense someone would want to make a new account every single time, they’d just make 1 account without an email connected and browse through that. There’s no difference between a 1 minute old account and 1 year old account if they don’t publicly interact with anything. I’m just not understanding your logic here.
An account is a data point, an identifier, that builds a correlation between the account and the posts and communities viewed. People who wish to remain anonymous online therefore would have to create a new account every time they want to browse NSFW communities so as not to have one point (account) that gives away all their interactions. I don’t mean public interactions. Every HTTP request they make is an interaction in this context.
That logic does not make sense. Say if for example, we do make NSFW public, by browsing this site anonymously, you’re already caching images. My best advice is if you’re in a country where what we’re hosting is illegal for you, then do not use our site and if you do, know the risks and use a VPN or Tor.
Of course, by just visiting the site, the user is already taking the risk of leakage from many angles. The user can, as you have said, use TOR and take other precautions. You can always reply with “Well, if the user isn’t doing X, they’re already too exposed anyway” but I’m trying to point out that an account is yet another thing to worry about that complicates the things that a user trying to stay anonymous has to do.
If you’re not subscribing to communities, liking posts, commenting, upvoting, posting or doing any interacting the account isn’t much of a data point. There’s no correlation as to the content you viewed or clicked on tired to your account and it’s the exact same as a brand-new account in every single way. It holds no more data than if you were not logged in, if you don’t use it for any interacting.
While this feature isn’t something i’m against inherently, we don’t have the resources right now to make a fork of lemmy to do this unless they add it in to the main lemmy software.
Well, along with an HTTP request sent to burggit for certain things, you send your account authentication information. For example, when viewing an NSFW post, since you have to be logged in. So everything banks of your (referring specifically to you lol) operational security being perfect or you being entirely trustworthy if someone doesn’t want their posts viewed to be stored or processed and therefore correlated to their account. This is why someone would make a new account every time they open up burggit.
You can just end this conversation by saying “Well, that’s not gonna happen” or “It’s not that big of a deal” but that’s for the user to decide. (I’m not putting words in your mouth. I’m just preemptively responding to such thoughts that someone might have.) Ignoring that, there is a real concern here, the way I see it. Data and system breaches are very commonplace, and people do people things.
Going to tag @Burger@burggit.moe so he can correct me if I get any of the following information wrong.
In the event of a data breach: We have a 50mb disk in ram for logs, this disk is purged at machine power down and once the 50mb is run up the old logs start being overwritten. We don’t have terrabytes of logs storing every bit of user data or every interaction they make. Even if somehow we had a breach of that 50mb file, it’d include at most an IP (which if using Tor/VPN wouldn’t link back to you) and a username. Unless it’s a username that you use literally everywhere, this is hardly information that anyone could do anything of value with.
Let’s also assume that somehow some of your post interactions got logged, too. Alright, so Burganon viewed this image of a loli… alright, if you’re using a VPN/Tor that doesn’t mean anything, there’s no tie to you. If you aren’;t using a VPN/Tor it doesn’t matter if you have 1 account or 200 since your IP would be there (if it was part of that 50mb file), this would be what people cared about, and it wouldn’t matter if you were logged in or not.
Obviously, we also have a list of usernames, emails (if provided) and hashed passwords which we obviously can’t delete, but these on their own are useless (except email, but you shouldn’t be providing that, frankly.)
In the end if people want to make a million accounts each time they log in, that’s up to them. An account uses little to no resources and we might look at purging old accounts that have never logged in and old accounts with no activity in the future, but it’s not an issue right now.
Couldn’t you tor in, or share one account?
It would be difficult to arrange a shared account between enough people to form a significant crowd so that every individual user, using TOR, blends in. I have just never heard of something like that happening, and I wouldn’t bet on it.
If mod tools progress to the point of being able to set up mutes, I bet a guest/guest account could work nicely
deleted by creator
I’m sure a pig or an outrage artist would have more time and tolerance to fill out a signup form (either by hand or automatically) than a random user who just wants to browse a based lemmy instance.
As for the third point, you can reason yourself into limiting the usage of something a lot using that thinking. I think extending public access to NSFW posts is reasonable considering the potential harms. People who might, for example, want to target users who might be into a certain category of pornography can right now target the meme communities of such categories. They would then be able to target the NSFW communities as well. But again, that kind of thinking will make you take away access to a lot. This is a public community that is very easy to get into afterall.