Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.
Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.
All your posts on the fediverse are effectively a public blog of your thoughts that will be scraped and stored in servers you have no control over.
If you care about privacy, which I understand, you probably want to leave quickly.
Here’s a rundown from someone who got fed up with the fediverse and kinda rage quit: https://blog.bloonface.com/2023/07/04/the-fediverse-is-a-privacy-nightmare/
Another example of this is that it’s not just about lemmy. One way in which lemmy actually federated well worth microblogs like mastodon is that users can be followed from mastodon etc.
So any number of servers running a number of open source easy to run platforms could be taking up everything you specifically post.
Just because you care about privacy it doesn’t mean that you have to stay indoors all the time. You can still hang around on the town square you just have to be conscious about what you do where.
A big part of caring about privacy is understanding how the platforms you use work and using them accordingly. With proprietary platforms this is often opaque and the rules can change. Open platforms are transparent and you can actually understand them - if you make the effort.
It’s not like deleting your comments or posts off of Reddit would magically remove them from all the various Reddit archives that exist around the Internet, either. Reddit only controls what happens on Reddit, and that problem is now generalized across the whole Fediverse.
The difference is that Reddit doesn’t actively push those comments out to those archives, they’re scraped. ActivityPub, on the other hand, is push based; unless the server chooses to push your activity objects, other ActivityPub servers wouldn’t know about what you’re saying.
Someone could scrape the Fediverse the same way they do Reddit (although by design Mastodon is a lot harder to scrape than Lemmy so there are differences in what content would be archived), but for basic Fediverse operation, servers must make an active decision to send information out to other servers.
The fact most communities are off-server should help (because the user is actively deciding to publish information on another server that’s not in the home server’s jurisdiction) but when it comes to letting foreign servers subscribe to communities, I’m not sure if Lemmy servers can use the same defence. After all, ActivityPub is designed to have the ability do deny subscriptions.
That difference doesn’t make a difference to the point I was explaining. It doesn’t matter how or why those public posts are being replicated into archives from which deletion will be difficult or impossible. All that matters is that it is getting replicated.
Reddit still has to ensure what is deleted on their end, is actually deleted (which they don’t, as we saw during the whole protest thing with delted comments being restored)
The fact that archive websites exist doesn’t change that. A request under gdpr to such a site would have to result in deletion as well.
Sure someone who doesn’t host or specifically target EU citizens can ignore it at their leisure, but I doubt every Lemmy instance is hosted somewhere in non EU areas.
You’re misunderstanding my point, I think. A Lemmy instance within the EU can theoretically be fully compliant with EU laws and delete whatever they’re told to delete, but it’s not going to make a difference because non-EU Lemmy instances can retain that data. Likewise, Reddit can delete whatever the EU tells it to delete, but that won’t make a difference either because of those archives outside of Reddit;s control.
I’m not saying anything about what’s legal, just about what happens. When you post something in public, be it on Lemmy or on Reddit, that public post is not going to easily “go away” when you try to delete it regardless of whether your instance is following EU law. Arguing “but it should go away” isn’t going to make a difference, it isn’t going to go away. It’s important to understand this when making use of a forum like the Fediverse or Reddit.
Yes, and my point is, that the person running an instance has to comply with the gdpr if they are within the EU.
It doesn’t matter if data has already been propagated somewhere else. On that instance, data needs to be able to be fully deleted. For the matter of deletion, it is irrelevant where the data might have been pushed or mirrrored to, that is a seperate issue, which still needs to be dealt with. But one cannot argue that deleting is pointless or needn’t be implemented, just because “public” data is already mirrored elsewhere. The people running “elsewhere” have their own compliance to deal with.
And my point is that expecting this to be “dealt with” is unrealistic. It’s going to continue existing on servers that are outside of your control and outside of the EU’s reach. No matter how hard the EU legislates or how hard you believe it should be possible to delete that data, it’s just not going to happen. Not without turning the world into a police state dystopia in the process, at any rate.
I’m not saying “don’t implement post deletion.” Go ahead and do that if it makes you feel better. But making you feel better is all that it’s really going to accomplish, in the grand scheme of things. If you’re concerned about stuff you post “sticking around” even after you want it gone, nothing is going to actually solve that. The only option is to not post that stuff in the first place.
There already is federation of deletion. It’s not even something that needs to be implemented.
I have less of a defeatist attitude about privacy. Same way I don’t think absitence is the only true way of contraconception. Privacy, yes, even if public spaces is possible. It’s not easy, it won’t just happen, but it is achievable. Needs a lot of work from a lot of people, but it is doable.
I don’t expect you to change your mind on that.
It’s an optional feature, there’s no way to ensure it actually gets respected. If it was universally implemented and it worked what would be the point of this whole thread to begin with?
Thank you for posting that link. I’m not fed up (completely?) yet I suppose but it was eye-opening. I’ll have to be a lot more careful about posting, possibly not post again.