How to download account data?

dessalines, 2 months ago

Account settings import/export exists, but not a full data export. Part of the reason is that importing and overwriting historical data isn’t possible with activitypub.

But at least a full data export would be possible to do. Open up an issue for this in the lemmy back end.

freamon, 2 months ago

No settings page (as far as I’m aware), but you can use the API to get everything (posts, comments, etc):

step 1: get login token -

<span style="color:#323232;">curl --request POST 
</span><span style="color:#323232;">     --url https://lemmy.ml/api/v3/user/login 
</span><span style="color:#323232;">     --header 'accept: application/json' 
</span><span style="color:#323232;">     --header 'content-type: application/json' 
</span><span style="color:#323232;">     --data '
</span><span style="color:#323232;">{
</span><span style="color:#323232;">  "username_or_email": "2br02b",
</span><span style="color:#323232;">  "password": "YOUR-PASSWORD"
</span><span style="color:#323232;">}
</span><span style="color:#323232;">'
</span>

step 2: use login token (big long string starting with ‘ey’) to get data -

<span style="color:#323232;">curl --request GET 
</span><span style="color:#323232;">     --url 'https://lemmy.ml/api/v3/user?username=2br02b&page=1' 
</span><span style="color:#323232;">     --header 'accept: application/json' 
</span><span style="color:#323232;">     --header 'authorization: Bearer YOUR-JWT'
</span>

Increment page number until you have everything. source: lemmy.readme.io/reference/get_user

7heo, 2 months ago

One thing to be aware of is that there is currently, AFAIK, no way to “disable” a JWT.

Once you have created it, if you leak it, your account is, as far as I can tell, definitely compromised.

I will add, as a disclaimer, that I have not checked if there are conditions (password change, etc) under which any or all JWT (user, instance, etc) become invalid. So do audit the code if this is something that concerns you. As far as I am concerned, I treat the JWTs as extra-sensitive information, and store them only on machines I own.

nutomic, 2 months ago

The jwt is invalidated once you logout. You can also change/reset your password to invalidate all login tokens for your account.

7heo, 2 months ago

The jwt is invalidated once you logout.

Invalidated how?

You can also change/reset your password to invalidate all login tokens for your account.

OK. I was afraid this would not be the case. Thanks for confirming.

nutomic, 2 months ago

Invalidated how?

Well it’s deleted from the database so you can’t authenticate with it anymore.

7heo, 2 months ago

OK there now is a LoginToken class. This was not the case last time I checked. Good. Thanks for your answers.

manucode, 2 months ago

You can download your account settings as a JSON file. That includes the lists of followed communities, saved posts and comments, and blocked instances, communities and users. I’m not aware of any other way to download additional data.

ryannathans, 2 months ago

Is this a GDPR thing?