Account settings import/export exists, but not a full data export. Part of the reason is that importing and overwriting historical data isn’t possible with activitypub.
But at least a full data export would be possible to do. Open up an issue for this in the lemmy back end.
I will add, as a disclaimer, that I have not checked if that as Nutomic highlighted below, there are conditions (password change, etc) under which any or all JWT (user, instance, etc) become invalid. So do audit the code if this is something that concerns you. As far as I am concerned, I treat the JWTs as extra-sensitive information, and store them only on machines I own.
Edit: correct information in the light of Nutomic’s comments.
You can download your account settings as a JSON file. That includes the lists of followed communities, saved posts and comments, and blocked instances, communities and users. I’m not aware of any other way to download additional data.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !lemmy@lemmy.ml
Everything about Lemmy; bugs, gripes, praises, and advocacy.
Account settings import/export exists, but not a full data export. Part of the reason is that importing and overwriting historical data isn’t possible with activitypub.
But at least a full data export would be possible to do. Open up an issue for this in the lemmy back end.
No settings page (as far as I’m aware), but you can use the API to get everything (posts, comments, etc):
step 1: get login token -
step 2: use login token (big long string starting with ‘ey’) to get data -
Increment page number until you have everything. source: https://lemmy.readme.io/reference/get_user
One thing to be aware of is that there is
currently, AFAIK, nonow (since 0.19.3) a way to “disable” a JWT.Before that, once you had created it, if you leaked it, your account was, as far as I can tell, definitely compromised.
Now, it is possible to logout, to mark the JWT as “invalid”.
I will add,
as a disclaimer, that I have not checked ifthat as Nutomic highlighted below, there are conditions (password change, etc) under whichany orall JWT (user,instance, etc) become invalid.So do audit the code if this is something that concerns you. As far as I am concerned, I treat the JWTs as extra-sensitive information, and store them only on machines I own.Edit: correct information in the light of Nutomic’s comments.
The jwt is invalidated once you logout. You can also change/reset your password to invalidate all login tokens for your account.
Invalidated how?
OK. I was afraid this would not be the case. Thanks for confirming.
Well it’s deleted from the database so you can’t authenticate with it anymore.
OK there now is a
LoginTokenclass. This was not the case last time I checked. Good. Thanks for your answers.You can download your account settings as a JSON file. That includes the lists of followed communities, saved posts and comments, and blocked instances, communities and users. I’m not aware of any other way to download additional data.
Is this a GDPR thing?