Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.
Remind me again how things can be deleted from the internet?
Exactly, this is not specific to Lemmy as it applies to the whole internet.
Also, Lemmy is not a website : it would be somewhat like saying the language Python doesn’t obey GDPR !/thread
To my knowledge, these privacy laws prevent corporations from holding onto your data after you have requested to delete it. Lemmy is not a corporation, and there is no single entity that holds onto all of your data. That’s just a tradeoff of being decentralized.
there’s a delete button
You know, I think I’m going to make some software that just siphons every ActivityPub message (ignoring delete requests except to log them) and call it “GDPR THIS”. The amount of mysticism and confusion around two very basic concepts (ActivityPub works by copying profusely, and the GDPR has no weight outside of the EU) just leaves me baffled here.
Effect of ActivityPub, not Lemmy. All federating systems function similarly, because it’s a feature of the protocol.
If instances want, they can ignore delete requests and your content stays in their cache forever (remember Pleroma nazis from couple of years ago?) - now, that is an instance problem that might be a GDPR issue, but good luck reporting it to anyone who cares. At best you can block and defederate, but that doesn’t mean your posts are removed.The fediverse has no privacy, it’s “public Internet”. Probably a good idea to treat it as such.
OP is simply incorrect.
I’m coding a Lemmy alternative right now and have been testing this functionality out extensively. Deletes of posts and comments certainly federate, I’ve seen the AP traffic to make it happen. Also, the docs: https://join-lemmy.org/docs/contributors/05-federation.html#delete-post-or-comment
I haven’t tested what happens when the ‘delete account’ button is clicked… Mastodon solves this by sending a ‘delete this user’ Activity to every fediverse instance so there’s nothing about ActivityPub that makes removing an account and all it’s posts in one go impossible.
Deletion of entities is optional in ActivityPub. That, by definition, makes known-removal of an account and all its posts in one go impossible, because a server can just ignore the deletion activity.
Yes, although the server will not ignore the deletion activity if that server is running Lemmy. We’re talking about Lemmy here, not the fediverse as a whole. OP singled out Lemmy in the post title and said “lemmy devs are not concerned with…”
I’m sure there is more to be done in this area. It’d be great to know for sure which software treats deletion activities properly (I’m really unsure about Kbin, I think it does not) and which does not so instance admins can make informed decisions about who they federate with. Perhaps this information could be made available right within the UI that Lemmy admins use to control their instance, rather than an obscure documentation page somewhere…
IMO having deletes federate should be part of a minimum standard all fediverse software has to meet (plus mod tools, spam control, csam filters, etc) before it is allowed to federate but obviously we’re nowhere near having that sort of social organisation.
How would you even know if deletes federate?
“Does your server respect delete activities?”
“Yeah. Yeah. Delete activities. Definitely. We totally respect them. Scout’s honour.”
Tell me: how much closer are you to knowing if the server is caching or not?
This is likely why deletion is optional. The people making the protocol know there’s no way to enforce it.
As long as a deleted post is no longer visible in the publicly-accessible parts of the site, that would be enough verification for me.
I don’t know how the GDPR authorities verify compliance with mainstream proprietary closed source apps, do you?
I think in terms of gdpr, if you notify a site that is providing service (allows users to register from I guess) to EU countries you want something deleted, they need to comply.
But I think in terms of federated content, you cannot be expected to do more than send information about the deletion out. If other instances don’t respect it, it’s not the originating instance’s job to police it.
Now the user could go to these other instances and chase it up. But I wonder if a third party instance doesn’t allow users from EU countries, if they’d be required to comply? Federated content opens up a an interesting set of scenarios that will surely test privacy laws.
I also wonder what the EU powers are to sites in non EU countries that allow EU users but don’t respect GDPR. what can they even do? Companies like twitter, Facebook, reddit etc have presences in EU countries that can be pursued, but John Smith running a lemmy instance on a $5 vps might be out of reach.
But I think in terms of federated content, you cannot be expected to do more than send information about the deletion out. If other instances don’t respect it, it’s not the originating instance’s job to police it.
It actually is.
When delegating the processing of PII to someone else (like another instance), you’re supposed to initiate a data processing agreement with them: https://gdpr.eu/what-is-data-processing-agreement/
Unless Mastodon has somehow automated this process in inter-instance communication, they are just as liable as Lemmy is.
But pii isn’t being sent. A user’s nickname and the domain of their instance plus any content they create is. If they choose to put their pii in public posts or user info, that’s their choice but is not pii solicited in order to operate the service, it was volunteered.
It’s a crucial difference. I considered this when writing the terms and data retention information for my own instance. Federation is very frugal about the information shared.
Short of having someone inspect the databases, they can’t. The GDPR is a threat, basically, that says “if (or, rather, when) the truth outs, we can nail you later”. Which is why it’s really only effective on big players anyway.
And it’s only effective on players that have some kind of EU presence, otherwise there’s nothing the EU can put that nail into.
Very bad indeed! This is the beginning of the end for lemmy.
Ps for those who don’t know, copying a deleted comment makes it appear in your pastbin
I don’t know where this myth came from, but you don’t have a right to erase your public posts from there internet under GDPR. See, for example, https://law.stackexchange.com/questions/32361/does-a-user-have-the-right-to-request-their-forum-posts-deleted
If anything, you might have such rights under copyright law, if your posts cover the threshold for copyright. In that case, you can ask server admins to delete them, and they will have to comply. But the request has to reach them (if they’re defederated, the delete button won’t teach them, and you’ll have to contact them separately).
This is a lot like spray painting a message on a public wall in a neighborhood and then complaining because the community won’t paint over it (or destroy photos they took of it) when you realize how dumb it was.
You’re writing on a public space for free with no business behind it. You’re not the customer in this scenario.
That’s the beauty of the fediverse. There are no customers, there is no product, this is no business.
From their history, maybe their comment is this one they wanted deleted:
“software engineer” is such a stupid, shallow and arrogant description. I’m not an engineer and neither are you. I’m a software developer, developer for short. All these fake “engineers” and “scientists” tend to be arrogant stuck up pricks.
Idk OP, maybe step one is to be less of a jerk to people. If you do that you won’t have to worry as much about if things are deleted
deleted by creator
Lemmy lack of central control is a feature. But it can still be GDPR compliant. GDPR did not make useNet illegal. GDPR does not make peer-to-peer illegal.
As an EU citizen you can still write letters to the editor of newspapers, and those letters can be published in those newspapers of record. Sending a message to Lemmy is akin to publishing publicly and opinion piece in a newspaper.
Certainly you can use GDPR to talk to an lemmy admin to remove your data on the instance you registered and account on. But due to the nature of Lemmy, it’s architecture, you can’t go out and retract all of the newspapers that have been published. That’s a physical impossibility.
Even if you could somehow talk to every administrator of every instance, you can’t prove you were that user who posted that data.
GDPR is for companies/corporations to “respect” user’s requests about their data.
Lemmy (ActivityPub, actually) isnt a company.
What you are saying is the equivalent of saying that the concept of writing is in direct violation of GDPR.
What you probably can do is request that an instance remove your content… And then do the same for every single other instance of any platform that implements ActivityPub (and not all of them will even have data coming from you) and is federated with your instance. And the only ones that would really need to comply are those that are based or operating in the EU.
This is still the internet, not some magical place.
Use some of the most basic fundamental internet safety rules and don’t provide potentially compromising information for no reason whatsoever. Especially since this isnt a corporation such as Facebook or Google who require you do so in order to use their service.
There are some great replies here
I think it’s also worth putting in extra effort to educate users so they know early and not when they’re expecting otherwise. The system has a benefit, and it’ll be smoother if users aren’t surprised
Data deletion and public vote records are the two big things that come to mind
You are slightly wrong. The GDPR applies to everyone dealing with personal data on the regular, which you always have to assume with open text boxes. There have been plenty rulings already imposing fines on individual, private citizens for their misconduct in violation of the gdpr.
While Lemmy as a system might be exempt, anyone running Lemmy for sure isn’t, as long as it regularly processes data of EU citizens, which it does.
As for the devs, the gdpr does require privacy by design. One could argue the Devs themselves aren’t running it at all, so their software doesn’t have to adhere to it, but individual instance hosts could still be hit with fines for running it as is.
thank you for the correction
deleted by creator
It’s on the server admin to ensure that all exchanged data is taken care of appropriately.
“It’s on the server admin to do the literally impossible.”
deleted by creator
It is impossible. Flatly impossible. Because you cannot see if they’ve really deleted it or not. You can rely on a “data processing agreement” which, together with $50, will buy you a small cup of coffee at Starbucks.
I federate with you here from China. I will agree to anything you like. And I will just attach an array of 16×16TB hard drives to slurp up all the data you send me. How will you know this is happening?
You can’t. It is impossible for you to know until it’s too late and I’ve used it for whatever purpose profits me.
An individual server admin can only ensure the data’s existence or lack thereof on their own server. Anything else presumes (rather stupidly) that bad faith actors don’t exist.
No. I think we mostly want federating instances to respect delete requests. But only the instance actually contacted has any onus to delete on their own instance and maybe, maybe try to send requests to delete elsewhere.
There’s no way there’s an expectation that the originating instance has a legal requirement to remove it from anywhere else.
deleted by creator
That argument doesn’t hold up when actual laws are being violated
deleted by creator
Silver already answered you. The fact that you can’t fathom it is on you
deleted by creator
Whose law?
The GDPR applies to servers running in Europe.
It does not apply to servers running in, say, Canada¹. Or China¹. Or South Africa¹. (If you try to claim European law is extraterritorial to non-European citizens, be prepared for the Nelson Muntz meme.)²
The very nature of the protocol in use makes any content anywhere on the Fediverse, no matter what the software, distributed. (It’s almost like that’s the very point of it! Almost…) And it could well be distributed into a jurisdiction where the GDPR is best used as toilet paper¹. If this bothers you, fuck off back to sites hosted entirely in Europe where the GDPR holds sway.²
Only wait! That’s not true either! Because that other protocol you’re likely to be using—HTTP(S)—also allows anybody who has access to the site from anywhere in the world to store it without being beholden to the GDPR!¹ Oopsie! Better make sure that site blocks any kind of access from outside of the EU as well!²
Only wait! That won’t work either because VPN’s are a thing as well! I can be sitting here in China with my IP address coming at you from, say, the Netherlands. (It doesn’t. It comes at you from the USA 'cause that’s where my Great Firewall-crossing back door is hosted.) And again, any post you make, were I to go to your web site in Europe through my (currently-hypothetical) European VPN endpoint, could be stored and held permanently with the GDPR being able to do precisely a) Fuck and b) All to about it.¹ Because European laws are not, in fact, extraterritorial to non-EU citizens, no matter how much wanking the EU parliament does about it.²
So it sounds like you should just shut off your Internet access. Or, you know, you could post knowing the reality of the world and moderate your content accordingly.
¹ Note: I am emphatically not saying that the GDPR is a bad thing. I think the GDPR’s goals are laudable. It’s just that the GDPR is ludicrous in the face of how literally every piece of technology used in web sites of any kind actually works. It is a regulation that is a nice idea but that has absolutely no meaningful way to get enforced. As the EU will find out over the years. Hopefully not the really hard way.
² Any claim of EU legal extraterritoriality is risible and needs to be rebuffed in the strongest possible way up to and including punching EU politicians who claim it in the face with a spiked gauntlet.
“You went into the Walmart that steals your liver by choice” 🤓
If it’s a Walmart that’s surrounded by dumpsters filled with corpses missing their livers, and the occasional bloody survivor comes running out screaming “they’re after your liver! Don’t go inside!” Before being dragged back in by Walmart greeters wielding meathooks, then even if what Walmart is doing is illegal I’d still be very unsympathetic if you walked in that door anyway.
The GDPR is a required to comply EU law for all websites in their jurisdiction. You can’t get away with claiming “but people choose to join the website”.
Many other websites and even major social media sites have gotten fined and other sanctions put against them already for violating it.
The EU doesn’t have global jurisdiction.
No, it has jurisdiction in the EU. And Lemmy is a part of the EU jurisdiction.
Unless the devs want to block everyone in the EU from accessing the site.
Lemmy instances are hosted all over the world, by people in a wide variety of jurisdictions. A particular instance of Lemmy might be risking trouble, but Lemmy as a whole (and the Fediverse as a whole) is not.
If I were to write up a simple forum server and post the code, and it happens to lack the ability to delete comments, I’ve done nothing wrong. Someone running that software in the EU might run into some trouble, but I’m not on the hook for that.
I … think you have a deep failure to comprehend even the basics of how the software you’re on works.
“Lemmy” is not a fucking web site. Lemmy is a piece of software. It can be running on a site in the EU, in which case the GDPR applies absolutely; those running it on sites outside the EU … not so much.
if it was any other social media like reddit doing this, everyone would be up in arms about it. no one is forced to be on reddit either. we’re on lemmy bc we value our privacy (no ads, tracking, etc.) so it should be held to the same standard too and not given a free pass.
“We” aren’t on Lemmy for any one uniform reason. We aren’t even all on Lemmy, I’m on a kbin instance for example.
I, personally, understand how federation and ActivityPub operate and so I’m not surprised by this. I expected it, I accept it, it’s just the way the world works. When I say something in public I lose control over who will hear it or how long it will last, and any laws that mandate I should have that control are just a placebo or illusion in the grand scheme of things.
fair enough. allow me to rephrase, whatever reason we’re on the fediverse, it should be held to the same standard. for context, the initial commenter said something along the lines of “you don’t have to be here”
I’m also not on Lenny—I’m reading this on Kbin—and just to make sure, I also looked this thread up on Mastodon as well.
Pixelfed found OP—but they don’t have any photo posts yet.
So…
Mods and admins can remove posts and they don’t stay on the server. If you delete it yourself, then it stays. Comments stay deleted, though and is replaced with a ‘deleted by creator’ message.
I noticed a lot of clients like sync try and hide that fact. Poorly
Mods and admins can remove posts but they do stay only if they’re “removed”. But if they’re “purged”, then they’re deleted from the server.
seems weird this expectation of privacy on public sites built for public consumption of public content posted by people publicly.
i mean, i get wanting to control your data. the software i use allows for this ( the 'bins offer a user-level purge).
but privacy? seems weird
I mean, to have a Lemmy account you already decided to put your trust in total strangers with questionable security credentials.
but… im not using lemmy
You may not be directly using it, but this is part and parcel of the entire point of federated social media. Other software will be accessing the pool.
Mastadon works the same way, all ActivityPub services work the same way.
By being Federated that means data is being sent to remote servers. Sometimes that data doesn’t always make it, like a delete request. So someone on their own home-server deletes their post, but on some remote server where that post they made is cached, it’s not deleted, because the delete request never federated. For example, say you made a post on your own box, which you clearly have, and you delete a post, but it doesn’t get deleted over on say, Lemmy.world. That’s not purposeful, that’s something the developers also trying to fix, so I think it’s disingenuous to say they don’t care.
This is literally a consequence of how federation works. It’s not a purposeful violation of GDPR.
sorry, i was just being snotty.
i know full well and am on the side of pointing out the futility of attempting privacy in a public space.
