Comment on How does lemmy implement Auth?
zedage@lemm.ee 2 weeks agoCurrently you need to trust the app and your instance. Most instances are implementing off-the-shelf lemmy but there is no way to confirm that.
Yes that is what I wanted to know. My question was more directed towards other fedi software where you might want to secure/recover your account instead of using completely disposable accounts. So providing an e-mail address to an instance manager is what I was worried about, in case the instance manager decides to doxx their user. It’s just a possibility that needs to be taken into account when signing up on the fediverse, which is not what most people are used to.
Honestly didn’t think about relay addresses which is a handy tip. But I asked because I wanted to use the alexandrite front end on my desktop browser and was wondering how safe it is to hand over my login credentials to lemmy skins. Since those are hosted on closed source servers, you can’t really verify what’s happening on the server side and how safe it is to hand over your login credentials to them if you’re not using a disposable account and a unique password.
Dave@lemmy.nz 2 weeks ago
Whoever is running the Alexandrite frontend you are accessing definitely could modify it to steal your password, so it’s another point of trust. To help reduce this risk, many instances will run their own Alexandrite (and other third party frontends). With a quick search I didn’t find lemm.ee hosting any though.
I believe OAuth support is planned for Lemmy but not sure on the timeline or the exact implementation.
On the relay emails, I believe some instances block their use, but the benefit of having many instances is you can find one that aligns to your values.