I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.
Your IP isn’t accessible to anyone but your instance admin, that doesn’t federate.
As long as we’re talking about privacy issues on Lemmy, I’m pretty sure that isn’t true. I strongly suspect that it would be possible to set up a tool that would post image links, or even just track the accesses for your own avatar, in a way where you could statistically be pretty confident of associating IP addresses with usernames after participating in Lemmy for a while (correlating people accessing your avatar image with replying to particular people’s comments and then them replying to those comments, sending DMs to particular people from a not-very-much used account, something like that.)
I think modern versions of Lemmy can proxy images to reduce this, but it’s hard enough to do robustly that I would bet that there is some kind of way the information leaks out. It’s really hard to prevent this kind of thing even if you’re trying hard to make it difficult and the Lemmy devs don’t seem to be trying all that hard.
I don’t even think image proxying is on by default in Lemmy, although I just checked and this Piefed instance is doing it.