Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server
static
link
fedilink
19
edit-2
1Y

Mastodon’s privacy issues are just the same as the rest of the fediverse/threadiverse.

With federation there is more openness, transparency and accountability. Take care of your privacy, use alts.

@AllonzeeLV@vlemmy.net
link
fedilink
English
91Y

I wasn’t planning on doing any banking through Lemmy.

Anything put on the internet is forever. No one should be publicly posting anything with the expectation that they have any control of it after it goes out. If it’s not held by the server, there’s the way back machine or even just folks taking screenshots.

Maxcoffee
link
fedilink
81Y

Exactly, when you put it out there it’s out there on every single platform there is. It doesn’t matter if you “delete it”, the moment you share it you have lost control over it entirely.

For the same reasons I never understood why people post on Facebook with their own full name and life story out there in the open either.

Tyson712
link
fedilink
31Y

I mean yes but it’s still bad practice to keep deleted content. It’ll be a bad look to people interested in switching to lemmy and more people is really what it needs right now

@ipkpjersi@lemmy.one
link
fedilink
English
21Y

This is generally true, but at the same time, the Internet archive doesn’t archive every single page ever.

deleted by creator

@GiantBasil@beehaw.org
link
fedilink
English
51Y

The internet is forever, except that one thing you really want to find from years ago. That’s the rule.

It’s the Internet Corrolary to Murphy’s Law: your embarrassing posts will be available online forever, but any useful information you want to find later will have been deleted when you next look for it.

@knotthatone@lemmy.one
link
fedilink
English
121Y

I completely agree. I just don’t see how there can be any realistic expectation of privacy when publishing something publicly.

I appreciate the idea of laws establishing a right to be forgotten and I think there’s still some value in being able to take your data away from certain companies, but there’s no guarantee it wasn’t copied many times before the original location is taken down.

The Fediverse works like email. Once somebody hits send, there’s no real way to claw that back.

There’s a difference between “there’s no way to guarantee total privacy” and “the system is designed to guarantee no privacy”, though. Even the best of us fuck up and say something they shouldn’t on occasion, and plenty of people online were never given proper lessons or are too young to understand how serious revealing information is.

True but you should still be able to delete your account and your comments and username leave the service. Online privacy isn’t about completely disappearing, but making yourself so hard to track the average person won’t bother digging.

Which in turn decreases the likelihood of something happening. Like locking a door.
The saying “If somebody wants to get in they will.” is a terrible one when left as is.

Great points

Scrubbles
link
fedilink
English
91Y

Whether is Lemmy, federated, corporate owned, or even your own private site - nothing you put on the internet is ever truly private. If you have a public profile someone can access it and copy it.

The only things I’ll say that I have an expectation of privacy is health related, everything else I fully expect someone else to read, copy, and multiply.

I think there should be, but I never expect there to be. Did people’s parents not teach them about putting things on the internet they didn’t want shared?

Did people’s parents not teach them about putting things on the internet they didn’t want shared?

They used to, then social media became a thing and they stopped. Suddenly, it was normal to put your entire life up online for other people to see, and if you didn’t feel comfortable doing that you were the weird one.

My rule is, never post anything you wouldn’t mind the media tracing back to you IRL and then making the top story of the day in your country. Because, while rare, that does occasionally happen!

KingPyrox
link
fedilink
31Y

Probably because it became very profitable to let everyone do that 😔

My rule is, never post anything you wouldn’t mind the media tracing back to you IRL and then making the top story of the day in your country.

So don’t live, basically.
Or you can just maintain anonymity as best as you reasonably can and hope no one goes out of their way to identify you or the account(s). Making a new account after awhile is a safe practice. The goal is to decrease the likelihood of undesirable things, not make them impossible.

Sabzhero
link
fedilink
91Y

Odd response, you can still “live” without documenting your activities. Were people not living pre-Facebook/Instagram?

…Are we talking posting things anonymously or posting things with your irl name and photo?

db0
link
fedilink
English
311Y

The same is true for raddle. They kid themselves if they think anyone can’t record anything in there forever.

Anyway it’s also inaccurate. Deleted accounts are purged from the DB, so they’re definitelly not visible anymore

Likewise you you edit your comment, it’s edited in the DB.

minkshaman
link
fedilink
English
31Y

So what your saying is that it’s just like Reddit in that respect.

Yeah, I can live with that, as long as everyone knows that if they really want something deleted, edit over it first.

flatbield
link
fedilink
English
51Y

For a humbling experience just seach for your Reddit and Lenny IDs on a seach engine. You will get a list of everything you have posted. Also some account info. It is all public. What happens when deleted, depends on who has scraped the data and their retension. This is just how public forums are and that goes all the way back to Usenet and listservs.

@sinnerdotbin@lemmy.ca
link
fedilink
English
5
edit-2
1Y

This is assuming your local is still federated. If your local gets defederated you currently have no control over any previously federated copies of your posts / comments / votes.

Black616Angel
link
fedilink
English
51Y

And it also assumes, no one made a screenshot or used the web archive, crawled it and stored it in their own DB or any other way of copying stuff. Of course!

If you post any thing publicly on the internet, there is no way to be 100% sure it can be ever deleted again.

@sinnerdotbin@lemmy.ca
link
fedilink
English
2
edit-2
1Y

That isn’t what I am speaking to, and the fact someone could make a copy or it is archived somewhere doesn’t make the statement that you can always remove your data from the platform true. And there is a difference between a potential copy and an original federated, distributrd, and indexed version.

People need to be aware of the persistence of data, but people also have to understand the technology they are using to make their own informed decisions on how they engage.

Black616Angel
link
fedilink
English
11Y

People need to be aware of the persistence of data, but people also have to understand the technology they are using to make their own informed decisions on how they engage.

Exactly. Federation as well as the internet has restrictions in whether you can deleted your data. This should be known. Non federated data has the same problem, but the other way around. Someone running the site wants your stuff gone? It is now.

I know, what you are talking about, but there are things one has to accept, this being one of them.

the fact someone could make a copy or it is archived somewhere doesn’t make the statement that you can always remove your data from the platform true.

Why would someone think that?

And there is a difference between a potential copy and an original federated, distributed, and indexed version.

What is this difference? What do you think happens more often, screenshotting weird/compromizing stuff someone said or defederation?

But there can be a way around All that and that is deleting all Content from defederated sources. Maybe someone could make an issue or implemented it themselves…

@sinnerdotbin@lemmy.ca
link
fedilink
English
2
edit-2
1Y

Why would someone think that?

Because the comment I replied to, the actual thing I am addressing, makes an assertion that isn’t entirely true and could lead someone uninformed into believing they can have their information removed platform wide.

What is the difference?

Not everyone is concerned with someone digging up dirt or wildly compromising material. Most people aren’t special enough to be worried about that.

Most archives won’t be globally search indexed. An archive won’t show up on a federated search. There is more legitimacy to a federated version over someone reposting a screenshot (at least in perception, how federated could be altered or forged is another topic).

I also mention there are other reasons one might want to remove content. Just look at reddit right now, some may simply want to revoke support for a platform sometime in the future.

Sure, there could be a future where this is addressed. It isn’t right now.

I don’t disagree with you in the larger discussion on persistence of data. I am adding context to a scoped subtopic of it.

I’m behind Lemmy, but I’ve made an informed decision on what that means for my data.

@sinnerdotbin@lemmy.ca
link
fedilink
English
21Y

You are also kidding yourself if you think that defederation will not become more common. The community we are commenting on has already defederated 2 very large instances.

Communist
link
fedilink
English
351Y

https://github.com/LemmyNet/lemmy/issues/2977

It’s not like they’re doing it on purpose, there’s a lot of things being worked on, and this is one of them.

Senseibull
link
fedilink
English
21Y

I think this is a feature, well the media aspect anyway. Immutable media. The rest can be developed on.

@sinnerdotbin@lemmy.ca
link
fedilink
English
21Y

It isn’t truly immutable though, and could be dangerous to propigate the idea that it is 100% immutable

PCH
link
fedilink
English
21Y

It’s a work in progress.

ZILtoid1991
link
fedilink
141Y

I think an option for full data deletion would be nice for those who want it, otherwise people should also expect others recording their data, which can be published later on.

anaximander
link
fedilink
151Y

Parts of it may actually be required under EU law. GDPR requires that anyone holding data on EU citizens comply with certain things, including a request to delete certain kinds of data. The EU has shown themselves willing to go after sizeable corporations for violations; most Lemmy instance operators are much smaller. This should probably be addressed before people find themselves on the wrong end of lawsuits.

Kichae
link
fedilink
31Y

Thing is, Lemmy is easily compliant with the EU’s laws on this, because the laws state that the EU citizen merely needs to request the data be deleted. It says nothing about them having direct access to the lever to do it.

A basic Python script can be used purge the database after a written request and everything’s kosher.

I don’t understand why posts are held in reserve, rather than outright deleted. That’s a design decision that doesn’t totally make sense to me. I can see holding on to it for a period of time - 24 hours, 7 days, 30 days, what have you - so that users can undelete things, but just hiding it from end users and calling it deleted seems pointless to me.

It’s not like anyone is trying to sell it to 3rd parties for model training. And while I could see a use case in academic research, the delete button seems like an implied revocation of a license to show or distribute the content, at least in the absence of a proper ToS.

And it just makes more noise for admins and mods.

CoderKat
link
fedilink
21Y

I don’t think GDPR necessarily applies here, but I am not a lawyer. Quoting https://gdpr.eu/companies-outside-of-europe/:

Article 3.1 states that the GDPR applies to organizations that are based in the EU even if the data are being stored or used outside of the EU. Article 3.2 goes even further and applies the law to organizations that are not in the EU if two conditions are met: the organization offers goods or services to people in the EU, or the organization monitors their online behavior. (Article 3.3 refers to more unusual scenarios, such as in EU embassies.)

I’m not sure just what the definition of an organization is, so perhaps any server hosted within the EU is covered by the GDPR, but for servers outside of the EU that don’t have ads (which seems like all servers currently), I don’t think this would count. The example on the linked site about “goods and services” includes stuff like looking for ads tailored at European countries, so I suspect that simply serving traffic from Europe isn’t enough.

The website also mentions the GDPR applies to “professional or commercial activity”. There’s also apparently an exception for under 250 employees. I don’t even know how that works when something is entirely managed by volunteers like this currently is.

At any rate, I suspect we’re a long way off from having to worry about the GDPR.

static
link
fedilink
4
edit-2
1Y

Gdpr applies to servers within the EU, or for servers with EU clients. You can demand that they delete and stop transmitting data.

But you accept to transmit data all over the world, in the end that data could end up somewhere outside of the EU without any direct EU customers. Then all bounds are gone.

--
Do worry about GDPR in conforming to deletion requests, but only your own data, not anything you transmitted.

pterodactyl
link
fedilink
51Y

The GDPR itself doesn’t use the term organisation, it refers to data controllers and data processors.

A “data controller” refers to a person, company, or other body which decides the purposes and methods of processing personal data.

A “data processor” refers to a person, company, or other body which processes personal data on behalf of a data controller.

As someone from within the EU working in data the fediverse is absolutely not a long way off having to consider this, GDPR impacts even the smallest businesses or voluntary groups - it’s just how we handle data.

To make it easier to grasp GDPR is about your rights over your data, those don’t change depending on who is processing it, nor does the processors obligation, however what would be considered appropriate safeguards would scale with the size and intent of your organisation - it would be silly for my local shop to have a data protection officer.

I suppose the question would become who is the controller, is it the person who provides the software or the person who provides the servers? Typically it’s the servers.

GDPR likely doesn’t apply to public facing forums in the way you’re thinking, if you post actual personal data (which has a strict definition) yes it’s murkier, but in general just posting on a public facing forum is extremely unlikely to qualify under right to be forgotten under GDPR.

Notably, GDPR is extremely unclear about this specific circumstance, and will likely fall to practicality. The user can make requests for their data to be deleted, those should in general be followed no matter who’s server it’s on, but they have to be given to each server by the user. Following the deletion requests is generally advisable, but again, it’s highly unlikely GDPR applies here. Feel free to get a GDPR lawyer to actually weigh in though.

anaximander
link
fedilink
11Y

Part of it will depend on what data you’re holding, and part will depend on who’s running the instance. A lot of people won’t be covered, but I’d wager there’s some here and there who need to consider it.

flatbield
link
fedilink
English
141Y

It is all public just as most forums on Reddit. No real difference. No difference with Usenet either. Relax.

ffmike
link
fedilink
English
831Y

In my opinion it’s unreasonable to think anything can truly be deleted in a federated system. Even if the official codebase is updated to do complete deletion & overwrite, it’s impossible to prevent some bad actor from federating in a fork that just ignores deletion requests.

Seems sensible to just not post anything that you don’t want to be available for the lifetime of the internet.

@pkulak@beehaw.org
link
fedilink
English
91Y

This is how I treated Reddit too. And Twitter. And everything else. I have two modes; public and private. And private is private; strong encryption and local storage. Having some middle ground is a recipe for disaster.

Sojourn 🐢
link
fedilink
61Y

@ffmike @elbowmacaroni advance ignoring deletion request technology like copy paste

alyaza [they/she]
mod
link
fedilink
English
361Y

In my opinion it’s unreasonable to think anything can truly be deleted in a federated system.

yeah like. this is just a byproduct of how federation works currently. i don’t even know how you’d begin to design a federated system where some of these critiques can’t be levied

@hemmes@vlemmy.net
link
fedilink
English
11Y

Yeah, but dick-pics…safe?

Gaywallet (they/it)
link
fedilink
English
10
edit-2
1Y

Anything that is visible to another party can be hijacked - even a 1:1 communication does not guarantee that the other party doesn’t capture the data and then spread it. The only things that are private are thoughts that you have which are not shared with others in any fashion. As soon as information is shared in any fashion, it is not private.

Past this point it’s a matter of how private you think is reasonably private. You could design a system where users are in control of their own data through a series of public and private keys, ensuring that keys must be active to view content, but as stated above even in such a case and the user revoking keys does not stop other people from making copies of said data. This is akin to screenshotting an NFT. For all intents and purposes, a copy of the data as it existed at the time of copying is now publicly available.

Quibbling over the fact that you’re the one who “truly owns” the data when it comes to something like social media feels like a mostly pointless endeavor because the outcome (data is available for others to view/consume/read/etc) is the same regardless of who “owns” it. Copyright law will apply to anything you produce, if it comes to legal problems (someone copies your artwork and sells it, for example) and having a system to prove you own it is primarily a formality to make it easier to prove ownership. Generally people aren’t arguing through this lens, however, and are instead arguing through the privacy/security lens - that they don’t want people stealing/selling their data, which lol, good luck. AI models are proof that no one in the world actually cares about this ownership if they reasonably think they can get away with using your data without any real incentive to not do so - interestingly copyright law and models being trained on corporate data such as movies are a vector by which the legality of this might actually stop or slow AI development and protect the end-users data.

dudeami0
link
fedilink
English
341Y

Just as it’s impossible to stop scrapers from archiving data on traditional websites. “Deleted” data is probably in a database somewhere, being sold by someone. As you said, you lose some degree of control over your data as soon as you post it. Data is valuable, and if there is a will there is a way.

@CoffeeBot@lemmy.ca
link
fedilink
English
51Y

Exactly. Even a server to just go down one day. Theoretically it has a snapshot in time

Maeve
link
fedilink
31Y

Yeah, I was thinking about jfs.

yourgodlucifer
link
fedilink
22
edit-2
1Y

I don’t expect my data to be fully deleted in a centralized system either. even if it was deleted from the central server someone might have made an archive of it

and reddit is definitely guilty of this since they were bringing back peoples deleted comments and accounts

@Zetaphor@zemmy.cc
link
fedilink
English
31Y

You don’t even have to modify the code in a fork, just take regular database backups

lohrun
link
fedilink
191Y

It’s no different than me sending an email to someone and then sending a request to delete it. There likely is still a copy on the email provider’s server and the recipient could have potentially backed up their emails to something outside of the email ecosystem.

Unfortunately the only way to be absolutely sure that there isn’t information you don’t want on the internet is to not share it at all. There will always be an issue of making sure every system actually deletes content when you request it. Like I said, that doesn’t stop anyone from backing up the data to another system. (E.g. Reddit archives from 2005 to now are available to download, even content that has already been deleted)

CoderKat
link
fedilink
7
edit-2
1Y

Honestly, I kinda question how good of a time investment it is to try and allow deletion from the public facing parts of the internet, given the numerous places where your content will be cached or otherwise stored.

There is certainly some value in simply making it as hard as possible to find things you want to delete. Why let perfect be the enemy of good, after all. There’s plenty of types of content we certainly want to do our best at deleting even if we can’t be perfect. Eg, do you wanna be the one to tell a revenge porn victim, “sorry, we can’t make it harder to find the content that harms you because we can’t delete all of it anyway”?

But at the same time, development time is limited. Everything is a trade off. We do have to decide what is most important, because we can’t do it all immediately. The fact we can’t actually delete everything does have to be a factor in this prioritization, too.

There is something to be said about ensuring people know and understand that nothing can truly be 100% deleted once it’s posted on the internet. Not that Lemmy is doing good about that, either (especially since deleted comments apparently lie about being deleted).

All this said, I do think federated, reliable deletion is critical for illegal content. Such content needs to be removed quickly and easily from as many places as possible. Without this, instance owners are put at considerable legal risk. This risk poses a threat to the scalability of the Fediverse.

The privacy stinks you say? Did you know that Likes and Dislikes are public too? That was the most shocking to me. Because it is very much not like Reddit or others.

It’s still a fantastic piece of software, with all its flaws, though.

poVoq
link
fedilink
English
121Y

It’s impossible to federate these without making them public in this way.

The up-votes are also mapped to favourites in Mastodon etc, so that was always public anyway.

You could argue that this should not be hidden in the Lemmy UI, but there are also good reasons to not highlight that much who voted on a post.

@binwiederhier@discuss.ntfy.sh
link
fedilink
English
2
edit-2
1Y

Hey 👋 I know you. Hehe.

And yes, it should not be hidden. It is very much unexpected, because Reddit doesn’t do it, and it’s not visible to normal users.

trent
link
fedilink
31Y

I thought votes didn’t federate yet anyways… but, yes, it is possible, and i can come up off the top of my head with three or four potential implementations.

poVoq
link
fedilink
71Y

Good luck with finding an anonymous system that can not be easily abused.

trent
link
fedilink
31Y

FHE solves that through and through, as has been documented widely, but that’s overengineering when you could just use plain ZKP.
Zero-knowledge voting is here and has been for a while now.

The up-votes are also mapped to favourites in Mastodon

Explains why this obvious issue is not brought up by Mastodon lol

exoteefs
link
fedilink
71Y

I’m not sure what this has to do with mastodon all I see are some salty idiots on raddle moaning.

bedrooms
link
fedilink
31Y

Kinda unsurprising as rumors have it that lemmy’s developed by pro-China Tankies.

Melmi
link
fedilink
221Y

The developers will freely admit that they are Marxist-Leninists who support China. I don’t get why people frame it as a rumor.

That said, that has nothing to do with this. It’s just implementation details, and are on the docket to be worked on once the mission-critical stuff is out of the way.

@grte@lemmy.ca
link
fedilink
5
edit-2
1Y

That said, anarkiddies rallying against federation and preferring to use a centralized service like raddle is very funny.

I was thinking that. I can understand disliking lemmy for its developer, but then making it a call against federated media seems strange, as someone who also considers themselves an anarchist.

@x2XS2L0U@feddit.de
link
fedilink
English
11Y

I switch accounts after some time and use other ones. It’s quiet okay this way

Create a post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

  • 1 user online
  • 59 users / day
  • 169 users / week
  • 619 users / month
  • 2.31K users / 6 months
  • 1 subscriber
  • 3.28K Posts
  • 67K Comments
  • Modlog