Submitted 11 months ago by THE_MASTERMIND@feddit.ch to nostupidquestions@lemmy.world
Your instance admins know basically everything. They won’t know the password you use since the software shouldn’t be storing that in plaintext. But your activity is pretty clear to them. They can see how you upvote, what you subscribe to, and probably also the IP you connect from.
Let’s see where we can get to:
if the admins install from a reputable source
if they harden their server
if they diligently patch then the chances of getting hacked are slim(mer).
if they configure encryption in transit no one except they and you should be able to see what you’re doing from outside
if they only do minimal logging
if they do data retention properly
if they do proper disk encryption a switched-off machine’s data should not easily be cracked open. However, in on state these things are generally accessible; in-ram encryption is complex to run and not generally used.
So as always, it comes down to how much you trust the admins of that instance, for every instance you access.
So if the instance go down will it be encrypted automatically or something
What is “it”, and what do you mean by “go down”?
Use a VPN, use a unique password, don’t register with an email, and don’t post personally identifiable information.
Why is everyone saying passwords are encrypted? I thought they were hashed?
Hashing is one-way encryption. So, while you’re techcnically correct that they’re not encrypted in the traditional sense (encryption is reversible), for many it’s easier to understand the concept of encryption instead of hashing and terms are often used interchangeable.
IsoKiero@sopuli.xyz 11 months ago
Logging depends on the instance. Many admins choose to not log any data which could be used to identify any individual, but verifying their claims (without a doubt) as a single user is pretty much impossible and there’s nothing stopping an instance admin of gathering all the data (s)he wants to.
Passwords are encrypted, but in case of a security breach on an instance they are still vulnerable, like with any other password leak. Majority of the systems today use one way encryption with their passwords, but still millions and millions of user accounts are leaked almost daily.
Nothing.
If done properly, no, you can’t detect them.
But that’s not any different from any of the services around the net. Companies like Meta and Google make their money by selling user data, advertisers track you and all the other things you’re most likely already aware of.
Administrator of my instance said that they don’t gather IP addresses or any other data they don’t need to keep the servers running and I trust them on that, but your mileage may vary. And then there’s different legal systems around the world where an admin might be forced to give out information about individual user, but where I live that’s not a thing.