https://lemmy.world/comment/6867400

      • sovietknuckles [they/them]
        ·
        10 months ago

        No, the LW admins doxxed a lemmy.world user in the admin chat, claiming they had discovered the alt of Hexbear admin CARCOSA. Answered here

        • combat_brandonism [they/them]
          ·
          10 months ago

          Yeah I mean I was around for that. What you quoted is what I'm saying:

          They also log and monitor the IPs and the emails used to sign up on their instance

          None of that is unique to hexbear. Anyone visiting the URL in the OP will have their IP logged, there's no way to tell if the traffic originates from someone clicking that link here*. And no way for them to link your IP with the fact that you're a hexbear user unless you're naive enough to sign up for a lemmy world account and post correlating info to a hexbear account.

          What is unique to hexbear (sort of, I'm sure they hate the grad too) is the vendetta they hold against us, so even though it's probably a PITA to correlate these things you can be confident that they're petty enough to do that.

          Fuck lemmy world and good on ya for posting a lemmy.ml link to the federated thread.

          * unless your browser's adding headers to note what site you're clicking that link on, which uh stop using chrome I guess shrug-outta-hecks

          • PaX [comrade/them, they/them]
            ·
            edit-2
            10 months ago

            unless your browser's adding headers to note what site you're clicking that link on, which uh stop using chrome I guess

            As far as I know, all major browsers (Firefox, Safari, Chrome) at least send the host you came from in the referrer header (like "https://hexbear.net")

            desolate

            Edit: This is true only if the site you're on doesn't set a different referrer policy! And Lemmy does set a safer referrer policy, see below

            • combat_brandonism [they/them]
              ·
              10 months ago

              Weird, I tested it by clicking the lemmy.ml link and didn't see a referer header in the request headers.

              • PaX [comrade/them, they/them]
                ·
                edit-2
                10 months ago

                You're right! I'm on Firefox and I just figured out how to test it and it seems Lemmy's web UI thing sets the referrer policy to same-origin which means no referrer information is sent when navigating to a different domain.

                But my copy of Firefox's default referrer policy is set to strict-origin-when-cross-origin so it would have sent "https://hexbear.net" if the referrer policy was not set.

                My bad, I should have checked first to be sure. I would hate to be a web developer lol