Exactly this, I don’t see why everyone is so obsessed with cracking the passwords in the database.

Evil instance admin guide:

1. Kill the session tokens for an account, logging them out
2. Attach wireshark/tshark to the docker network that’s hosting the Lemmy backend
3. Wait for the user to submit their password. You will get it in plaintext.

This won’t work against people who never log in again. Active users will.

If the admin just wants to impersonate you… they can just generate a session under your account name and do that. 2FA doesn’t stop them, difficult passwords doesn’t stop them, OAuth doesn’t stop them.

There’s no way for other admins validate if someone is actually getting hacked by their admin or if they’re just being dicks spreading rumours.

The best you can do is create a new account and always cryptogroahically sign your messages using a key stored offline on your computer…There are PGP applications for every platform. If you and someone you DM both have PGP keys, you can even use that to send end-to-end encrypted messages. If everyone does that, unsigned posts can essentially he discarded by the community as fakes.

This won’t stop the admin from faking your account downvoting everyone, subscribing you to pedo communities, or messing with your account. The admin can also post things like “I don’t have my PGP key on this phone, I’ll sign this later” and delete any of your messages that indicate any protest against the admin’s actions. The admin can even strip the signature from all of your previous posts and replace with with a different signature using a key of theirs. Only if you and everyone around you know that your messages should always be signed by a certain key, are you free from admin interference.

Just like every other online platform (that isn’t run by cryptobros).

You can only avoid all of this by hosting stuff yourself and being your own admin.