cross-posted from: https://lemmy.today/post/6869625
I’m referencing this article: https://torrentfreak.com/film-companies-seek-torrenting-history-related-to-redditor-240220/
Given that they’re expanding to reddit, I was wondering how dbzer0 is setup to handle similar requests. The legal help page for dbzer0 is just an e-mail address.
I’d wager that it’s probably not that hard to obtain a lemmy user’s IP address, whether the admin hands it over or not.
Lemmy permits – arguably not the greatest design decision from a privacy standpoint – for inline remote images in comments. E.g.:
Yields:
As soon as that image is loaded, the remote http server knows the IP address of the client viewing the image.
I bet that it does in private messages too, though I haven’t tested it. Send a private message to a user, referencing an image on a server you control – maybe even a one-pixel, transparent image, a tactic that has been used in Web tracking in the past – and the server knows their IP when the image is viewed. Even if it doesn’t, you could probably just respond to a few comments by a user in regular threads, and they’re probably going to be the first to view the image (and probably the only to view all of them).
