Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.
The GDPR is a required to comply EU law for all websites in their jurisdiction. You can’t get away with claiming “but people choose to join the website”.
Many other websites and even major social media sites have gotten fined and other sanctions put against them already for violating it.
if it was any other social media like reddit doing this, everyone would be up in arms about it. no one is forced to be on reddit either. we’re on lemmy bc we value our privacy (no ads, tracking, etc.) so it should be held to the same standard too and not given a free pass.
“We” aren’t on Lemmy for any one uniform reason. We aren’t even all on Lemmy, I’m on a kbin instance for example.
I, personally, understand how federation and ActivityPub operate and so I’m not surprised by this. I expected it, I accept it, it’s just the way the world works. When I say something in public I lose control over who will hear it or how long it will last, and any laws that mandate I should have that control are just a placebo or illusion in the grand scheme of things.
That’s a pretty uncharitable interpretation, especially considering Lemmy is developed in and funded in part by the EU, and the “staying online forever” thing is a consequence of Federation (and one they’re working on remedying).
If you were worried about this sort of thing, perhaps you should have done your research about the platform before making an account so you could bitch about it here. You definitely don’t sound like the voice of reason when you couldn’t be arsed to figure this out before you made an account.
So you can’t make an account on this platform if you don’t agree with how it operates? By that logic no criticism of the platform by its users is possible, which is a great way to ensure it never gets better.
Edit: Let me make this clearer:
Saying in effect “yet you participate in lemmy” to dismiss the OP’s concerns is ridiculous. If this logic were taken to its endpoint, there would be no valid criticism of anything lemmy ever did.
Maybe that’s your goal, but I would rather not blindly defend lemmy because I like it. I’d rather make it better, and that starts with criticism.
It took this person 20 days to post this. They didn’t create their account to post it the same day or even the next day, ergo, they figured it out after the fact.
If they really had an issue with stuff like this, why pray-tel weren’t they already doing their due diligence to ensure that the service they were signing up for didn’t violate the GDPR in ways they didn’t like? That seems like a gross oversight by someone clearly incensed by it.
(Also, it continues to be questionable whether it’s actually breaking GDPR rules, and even in that regard, it would be individual server admins responsible for enforcing GDPR compliance.)
(Also, it continues to be questionable whether it’s actually breaking GDPR rules, and even in that regard, it would be individual server admins responsible for enforcing GDPR compliance.)
Wow I can’t believe you’re criticising the policy that you agreed to when you made your account. Sounds like you need to delete your account and take that kind of talk elsewhere.
I mean, yes?
If you do not agree to the terms of a service, do not use the service. This is the case for essentially every system ever. You can go complain about it on Reddit or something if you like.
Okay, since you clearly carefully read and completely agree and support eveything in the Lemmy TOS, please tell me where it says it will keep your comments forever.
I don’t agree with that reasoning. It’s entirely possible for someone to be personally accepting of the Fediverse’s privacy issues, but make an intelligent, well informed, coherent critique of them.
Like perhaps the OP did? Seems like they had to personally accept the TOS, or at least tolerate it, but they also have a critique.
I also still don’t see how “yet you participate in lemmy” is a real answer.
seems weird this expectation of privacy on public sites built for public consumption of public content posted by people publicly.
i mean, i get wanting to control your data. the software i use allows for this ( the 'bins offer a user-level purge).
but privacy? seems weird
I mean, to have a Lemmy account you already decided to put your trust in total strangers with questionable security credentials.
Mastadon works the same way, all ActivityPub services work the same way.
By being Federated that means data is being sent to remote servers. Sometimes that data doesn’t always make it, like a delete request. So someone on their own home-server deletes their post, but on some remote server where that post they made is cached, it’s not deleted, because the delete request never federated. For example, say you made a post on your own box, which you clearly have, and you delete a post, but it doesn’t get deleted over on say, Lemmy.world. That’s not purposeful, that’s something the developers also trying to fix, so I think it’s disingenuous to say they don’t care.
This is literally a consequence of how federation works. It’s not a purposeful violation of GDPR.
Oh no, that’s not even the half of it. The admin for your instance has access to literally anything on their server, including passwords afaik. If you want privacy, this ain’t it chief.
including passwords afaik
Nobody has access to passwords. They have access to password hashes, which are not the same thing. It would be the absolute most half baked of solutions to still be saving passwords in cleartext.
They have access to your password hash, effectively the “infrastructure” admin(s) as I’ll call it (not admins of the site - they need to have access to the actual system that is running the instance) have access to the same things that infrastructure admins of another site would have.
It gets worse: everything you post to Lemmy is sent to multiple other servers automatically. Those servers may be in jurisdictions that have very different privacy laws than the server you post from, or that hosts the community you’re posting to. You have no legal agreement with those servers.
We’re not done though. The ActivityPub standard makes delete optional, and other servers could be running anything, not just Lemmy. Some of them are probably running somebody’s janky pet project that implements half of ActivityPub, poorly, on a jailbroken smart light bulb or something.
Lemmy should implement proper post deletion, possibly with a delay to allow moderators and admins to inspect deleted posts, but expect anything you share via ActivityPub to follow the once on the internet, always on the internet rule even more than in the past.
Almost like the entire platform is based on the idea that one server/owner can’t be in charge of the data.
Don’t get me wrong, not picking a fight, just what op said is kind of obvious to me. You’re picking a social media that is democratized and is federated with everyone. The natural tradeoff is that your data is not housed on one server… Which obviously means it’s not private.
Idk, the fediverse is a great place, but I would never post anything here I ever wanted to be private. It’s not an accident, it’s literally by design.
Lemmy should implement proper post deletion, possibly with a delay to allow moderators and admins to inspect deleted posts, but expect anything you share via ActivityPub to follow the once on the internet, always on the internet rule even more than in the past.
How would this be done? Like you mentioned, anyone can run a modified instance of Lemmy that does not honor delete requests. I suppose you could put something that retrieves content from other servers as a pull operation instead of a push, but that’s going to break Lemmy’s ability to work with other ActivityPub applications (at the very least).
There are no guarantees either way. Even if the delete was somehow enforceable in software, it can be defeated with a simple server backup/restore of any federated server.
I think federated servers should respect any user generated delete request, but as users we need to expect that they wont.
How would this be done? Like you mentioned, anyone can run a modified instance of Lemmy that does not honor delete requests.
Delete currently renders posts invisible to most users. Delete should actually delete the post from the server.
It’s impossible to ensure that the post is deleted from federated servers, web caches, clients that cache things, etc…