So I was interested in Lemmy, I checked Privacy policies of multiple instances; so far I cannot find any instance which doesn’t collect IP address at all; many instances dont even provide any info about what data they are collection (however they are using cookies so I assume they will be logging IPs too). I found some instances that say they delete IP address logs after 12 months, these are :

  1. linux.community
  2. endlesstalk.org
  3. lemmy.one

If anyone knows any other instance with similar or better policy for the user, kindly comment because I took quite a time to read through the “Legal” section of the instances.

Also, I find it odd that lemmy instances are storing 12 months, many firefish instances store IP addresses for 90 days

  • Big P@feddit.uk
    link
    fedilink
    English
    arrow-up
    6
    ·
    10 months ago

    however they are using cookies so I assume they will be logging IPs too

    You don’t need to log IPs to use cookies nor do cookies imply IP logging

    • canuteOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      5
      ·
      edit-2
      10 months ago

      I meant that such instances are collecting cookies for login without informing the user or/and not providing any Privacy Policy. Even if they are not collecting IP addresses (which I think is not the case for many), the fact that those instances are not mentioning what data is being collected makes me think that they aren’t concerned about user anonymity.

      • johntash@eviltoast.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Lemmy isn’t meant to be an anonymous platform afaik. Any web server is going to collect IP addresses by default. Even if the server admin doesn’t keep those logs, it’s still possible for the ISP to keep similar logs

        If you’re worried about that, you’d be better off using tor or a vpn

  • foo@withachanceof.com
    link
    fedilink
    arrow-up
    5
    ·
    10 months ago

    Private != anonymous. Saying “we don’t collect logs” really doesn’t mean all that much as there’s still many, many ways to track and uniquely identify you. That said, if you want to shield your IP from an instance using a VPN is your best bet rather than relying on someone’s pet Lemmy instance to not store logs or delete them after a period of time.

  • pe1uca@lemmy.pe1uca.dev
    link
    fedilink
    arrow-up
    2
    ·
    10 months ago

    If you have an account and a session you have a cookie or some other sort of “tracking” to know you’re logged in.
    I put it in quotes because the tracking via cookies people is usually worried about is the one used to identify and use your behaviour, but tracking if you’re logged in or not is usually fine.

    As for the IP logging, I’m not sure but AFAIK IP addresses given by ISPs are dynamic, so every now and then you’ll have a new IP anyways.
    If you’re sill paranoid, why not use a VPN or a proxy?
    Still, those services can track your original IP so we end up in the beginning and we need to go into another rabbit hole.
    Again the same as with the cookie, usually the problem with IP logging is if it’s to identify your behaviour and aggregate it to sell it in some way, but the one done by software like lemmy is to prevent spammers and bad actors, so it’s a necessary evil.

    You’re right tho, 12 months of IP log is a lot, not sure where you read that, I haven’t looked at all the code in lemmy to know how easy is to identify the IPs of each user.