Using a VPN won’t give you much extra privacy unless you don’t trust your instance’s admins. IP addresses aren’t federated, only the content. I don’t think Lemmy itself stores any IP addresses, they merely show up in NGINX logs which ideally are rotated fairly frequently anyway.

But at that point if you care that much, you should already be using a VPN 24/7, because practically everything you’re logged into has your account tied to an IP at some point and any of them are potentially vulnerable to a breach.

I’m just careful about what I post and what I vote on, this identity is fairly public anyway.

What data does Lemmy store that isn’t already inherently public. Private DMs and IPs are all I can think of, and neither of those are of any value as far as I’m concerned.

I just don’t care?

I know that stuff is public when I used it.

I’ve known this is how the internet works since the 90’s. I’ve also known that my IP address isn’t a scary super identifying thing as the movies would make you believe. For most people, it’s gonna point to your ISP and not your personal device.

Shit man, back in the day we used to scare noobs by showing them their own IP because it was incredibly easy to obtain. It still is, most of the time. Because it doesn’t mean fuck all.

As for everything else: If you don’t want certain pieces of information out in the wild… Don’t put them there in the first place. It’s that simple.

I’m always using a vpn for the sake of living in China, not particularly fediverse related. I simply don’t share anything I’m not comfortable everybody knowing regardless, just like we were told in the early days of the internet.

Using a VPN is not going to help much.

I don’t know if Lemmy traffic can be routed through TOR directly, but that might not be the best idea in terms of usability.

I try not to expose too much PII on Lemmy. That’s basic OPSEC.

I mainly worry about data security at my end, I’m very careful about what kind of information I ever give out. I’ve gotten more lax with the rise of ecommerce, but my computer didn’t even used to know my real name or any real information about me. I simply lied for absolutely everything, up until I went to college.

Nowadays I’ve gotten lazier, but some of those habits remain. Anything that could ever even remotely lead back to anything less than tens of thousands of people simply doesn’t go on here. While a personality profile could be assembled and used to sell me stuff, I don’t care so much about that. Though if we slowly get absorbed into Meta because $$$, I might change my mind on that last one.

So, no, I don’t worry about it too much. If I was a hacker or political activist irl or something I might take it a little more seriously.

That would be pretty wasteful on the Tor bandwidth, unless it is necessary for you to hide your Lemmy activity from the glowies. Realistically all you would need would be a VPN, but I do not think our IPs are publicly accessible on Lemmy, and only visible to the instance admins, so another not so worrisome worry. All in all, just limit what you share and how much of it you share and you will be good.

Currently I do use a VPN, though it’s not because of Lemmy that I do so, it’s the general threat model that I made which causes me to use a VPN. I do not recommend it to others which have no use for a VPN, specially if they have not made a threat model yet.

Remember, OPsec is what kills privacy and creates linkability, something which you do not.

I don’t see that much of a point in this unless you’re in “they’re coming to get me” stages of paranoia.

Are there any onion service lemmy instances yet?

I kind of just assume everything on the internet is in public space by default.

No because I didn’t choose this public forum for its privacy or security