I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.
No.
It would be unusual to be able to exactly identify someone purely from their IP, but let’s say someone posted from their work IP in a small company. It would substantially lower the bar to dox them.
Let’s go further and ponder if an authoritarian regime setup an admin and started coorelating dissent ip’s collected from user when they did things like paying parking fines, or signing their online tax forms.
Let’s say that they collected all that and trained an LLM on it, then when you go to get a passport renewed or are stopped for a traffic violation and ask the LLM if you’re a dangerous person based on their criteria.
It’s not a direct problem, but it has slippery slope all over it.
Let’s just say you don’t understand how IP or llms work.
IP addresses are not something that can be pulled from just any instance. You would need to be the administrator, and even then you’d only get access to the ip address of just your own instance users. AFAIK, at least - maybe they’ve made efforts to mask ips, too, but im not even sure how that’d work.
Federated posts and comments are copied from server to server. When someone from .world is looking at a comment from .dbzer0, what they are seeing is information that was synced from the dbzer0 server address, not the user’s.
There was a brief moment when there was a vulnerability with linked images sent via DM that could route you to an external server and log your IP address, but that has been patched now by most instances.
As with anything on the internet: assume your activity is not private at all times, or take active precautions to mask your identity, or both. No opsec is perfect and often the only thing standing in the way of a hack or dox is the endurance and motivation of the bad actor.