There have been a lot of news articles lately about a concentrated movement to get people fired for making social media posts critical of Charlie Kirk. I’m wondering how effective such an effort would be against Lemmy, where many of us provided an email address when signing up.
Not being an admin, I’m curious if our email addresses tied to our users names are stored in a database that only the SJW admins can access - or if anyone creating their own instance would have access to the same database
Each instance’s database contains the email addresses of local users only. Lemmy does not share email addresses between instances.
Viewing users’ email addresses requires directly querying the database. They are not visible through the API.
Are ip addresses of posts stored? Or sessions?
I believe user IP addresses are stored and correlated with a user’s session token. Those tokens are valid for a while. The database does not have a post-by-post record of a user’s IP.Disclaimer: I am not one of the admins with direct database access, so I cannot confirm that this is true. My statement above about IP addresses is secondhand information from memory. I may be wrong.I should leave this to the professionals:
Good to hear, thanks!
Just to confirm the gist of what the admins have been saying in here, they don’t really care about your address or even the fact that you’re registered with your daily one.
Source: My account has an obviously bogus e-mail address associated with it. (I don’t remember what exactly). By applying what little charm I have, I still have a valid SJW account.
Sure, I won’t be able to do password recovery via email and other QoL stuff, but that’s a sacrifice I’m willing to make.
The email is only stored locally and never used in federation.
So that’s local admins only, and even then, only if you have access to the database itself.
Right now, that would be TheDude and me.Emails aren’t very useful to us admins.
Sure, spammers tend to use junk emails, but (some) legit users also do, so it’s a bit moot to start looking at addresses en masse.
Basically the only time I even see any email address is if they have trouble with the initial verification email.
The email is very useful to allow users to reset their password, but that’s an automated process, and not something we’d look at.Peace
But my client on my phone has my email as well though, right? Unless I used the browser on my phone.
Yes, your email might be saved in some app you’ve used to login, including your browser’s saved credentials thingy.
Thanks I appreciate the info!
if its anything like mbin,and i suspect it is, the email address is keyed from the user account but doesnt leave that instance and isnt available to anyone besides admin.
Admins, or anyone having access to your hypothetical instance database breach / leak
