Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.
GDPR is for companies/corporations to “respect” user’s requests about their data.
Lemmy (ActivityPub, actually) isnt a company.
What you are saying is the equivalent of saying that the concept of writing is in direct violation of GDPR.
What you probably can do is request that an instance remove your content… And then do the same for every single other instance of any platform that implements ActivityPub (and not all of them will even have data coming from you) and is federated with your instance. And the only ones that would really need to comply are those that are based or operating in the EU.
This is still the internet, not some magical place.
Use some of the most basic fundamental internet safety rules and don’t provide potentially compromising information for no reason whatsoever. Especially since this isnt a corporation such as Facebook or Google who require you do so in order to use their service.
There are some great replies here
I think it’s also worth putting in extra effort to educate users so they know early and not when they’re expecting otherwise. The system has a benefit, and it’ll be smoother if users aren’t surprised
Data deletion and public vote records are the two big things that come to mind
This is a lot like spray painting a message on a public wall in a neighborhood and then complaining because the community won’t paint over it (or destroy photos they took of it) when you realize how dumb it was.
You’re writing on a public space for free with no business behind it. You’re not the customer in this scenario.
deleted by creator
All your posts on the fediverse are effectively a public blog of your thoughts that will be scraped and stored in servers you have no control over.
If you care about privacy, which I understand, you probably want to leave quickly.
Here’s a rundown from someone who got fed up with the fediverse and kinda rage quit: https://blog.bloonface.com/2023/07/04/the-fediverse-is-a-privacy-nightmare/
Another example of this is that it’s not just about lemmy. One way in which lemmy actually federated well worth microblogs like mastodon is that users can be followed from mastodon etc.
So any number of servers running a number of open source easy to run platforms could be taking up everything you specifically post.
If you care about privacy, which I understand, you probably want to leave quickly.
Just because you care about privacy it doesn’t mean that you have to stay indoors all the time. You can still hang around on the town square you just have to be conscious about what you do where.
A big part of caring about privacy is understanding how the platforms you use work and using them accordingly. With proprietary platforms this is often opaque and the rules can change. Open platforms are transparent and you can actually understand them - if you make the effort.
Thank you for posting that link. I’m not fed up (completely?) yet I suppose but it was eye-opening. I’ll have to be a lot more careful about posting, possibly not post again.
This is definitely a con of Lemmy for me. I like to be more privacy focused but Lemmy gives you 0 privacy on whatever you do on the website. Anyone who wants more privacy on Lemmy is told you have no right to privacy, don’t expect any privacy, everything you do is public on the internet, etc. A massive boner killer for me. I think basic things like deleting your own post or comments should actually get removed from all servers, PMs should not be viewable by anyone except the recipients, and what you vote on or subscribe to should be private. Lemmy doesn’t sell your data but that’s because anyone can take the data for free. I thought this stuff was because Lemmy is still new and will get to it eventually but the push back seems to say this was a choice or is not broken. I ended up exploring different social media alternatives but I like the style of Lemmy better since it is more reddit-like with an active user base plus has different android clients. I don’t like kbin because it shows who upvoted or downvoted something to everyone - it’s not accountability when it erodes your privacy.
I used to comment on Lemmy more but then I ran into this problem when juggling multiple accounts, Liftoff sucks ass at letting you know which account you are logged into (I use Summit now and it is better at it) so I ended up getting my accounts’ wires crossed when I thought using the drop down on your accounts changed your account but no you have to go to manage instances to switch which was not intuitive. I ended up abandoning the accounts when I couldn’t figure out how to actually delete the post from the server.
Edit: man I wish I saw this sooner, might be time for me to either stop posting again or look somewhere else.
While I didn’t find any factual issues in a quick skim of that article, I really don’t agree with its tone.
The Fediverse is radically public. That’s the nature of a protocol like ActivityPub, not a bug to be fixed. Using it for anything you’re not comfortable with being public forever is a mistake.
Kilroy was here -U-
there’s a delete button
Mods and admins can remove posts and they don’t stay on the server. If you delete it yourself, then it stays. Comments stay deleted, though and is replaced with a ‘deleted by creator’ message.
I noticed a lot of clients like sync try and hide that fact. Poorly
That’s a pretty uncharitable interpretation, especially considering Lemmy is developed in and funded in part by the EU, and the “staying online forever” thing is a consequence of Federation (and one they’re working on remedying).
If you were worried about this sort of thing, perhaps you should have done your research about the platform before making an account so you could bitch about it here. You definitely don’t sound like the voice of reason when you couldn’t be arsed to figure this out before you made an account.
GDPR is international now? Do I need to break out Nelson Muntz when some Euro type thinks European law is extraterritorial?
Don’t make me break out Nelson Muntz, please.
It’s mostly important for when you wanna do business in the European markets.
The alternative is to be blocked by most of Europe entirely. Happens usually to tabloid news sites as they are often in violation of anti misinformation and hate speech laws. It’s also why they could sue Facebook so easily as otherwise Facebook would be non-GDRP compliant and be blocked there.
Lemmy however isn’t exactly for profit, so sees much less scrutiny. This is primarily for business after all. Lemmy doesn’t have ads, doesn’t take users money, nor does it sell products. It also does not actively distribute illegal media either.
(it should be noted that it’s usually not the EU doing the blocking but rather so websites choosing to block viewership from the EU because they’d rather do that than get sued to hell)
“Lemmy” doesn’t do ANYTHING. Lemmy is server software. It has no agency whatsoever.
Individual Lemmy sites might be beholden to the GDPR (or not, if individually run). But any site hosted outside of the EU can wave its ass in the faces of EU officials trying to enforce the GDPR.
You know, I think I’m going to make some software that just siphons every ActivityPub message (ignoring delete requests except to log them) and call it “GDPR THIS”. The amount of mysticism and confusion around two very basic concepts (ActivityPub works by copying profusely, and the GDPR has no weight outside of the EU) just leaves me baffled here.
Oh no, that’s not even the half of it. The admin for your instance has access to literally anything on their server, including passwords afaik. If you want privacy, this ain’t it chief.
including passwords afaik
Nobody has access to passwords. They have access to password hashes, which are not the same thing. It would be the absolute most half baked of solutions to still be saving passwords in cleartext.
deleted by creator
I don’t know where this myth came from, but you don’t have a right to erase your public posts from there internet under GDPR. See, for example, https://law.stackexchange.com/questions/32361/does-a-user-have-the-right-to-request-their-forum-posts-deleted
If anything, you might have such rights under copyright law, if your posts cover the threshold for copyright. In that case, you can ask server admins to delete them, and they will have to comply. But the request has to reach them (if they’re defederated, the delete button won’t teach them, and you’ll have to contact them separately).
Very bad indeed! This is the beginning of the end for lemmy.
Ps for those who don’t know, copying a deleted comment makes it appear in your pastbin
deleted by creator
That argument doesn’t hold up when actual laws are being violated
deleted by creator
Silver already answered you. The fact that you can’t fathom it is on you
deleted by creator
“You went into the Walmart that steals your liver by choice” 🤓
Whose law?
The GDPR applies to servers running in Europe.
It does not apply to servers running in, say, Canada¹. Or China¹. Or South Africa¹. (If you try to claim European law is extraterritorial to non-European citizens, be prepared for the Nelson Muntz meme.)²
The very nature of the protocol in use makes any content anywhere on the Fediverse, no matter what the software, distributed. (It’s almost like that’s the very point of it! Almost…) And it could well be distributed into a jurisdiction where the GDPR is best used as toilet paper¹. If this bothers you, fuck off back to sites hosted entirely in Europe where the GDPR holds sway.²
Only wait! That’s not true either! Because that other protocol you’re likely to be using—HTTP(S)—also allows anybody who has access to the site from anywhere in the world to store it without being beholden to the GDPR!¹ Oopsie! Better make sure that site blocks any kind of access from outside of the EU as well!²
Only wait! That won’t work either because VPN’s are a thing as well! I can be sitting here in China with my IP address coming at you from, say, the Netherlands. (It doesn’t. It comes at you from the USA 'cause that’s where my Great Firewall-crossing back door is hosted.) And again, any post you make, were I to go to your web site in Europe through my (currently-hypothetical) European VPN endpoint, could be stored and held permanently with the GDPR being able to do precisely a) Fuck and b) All to about it.¹ Because European laws are not, in fact, extraterritorial to non-EU citizens, no matter how much wanking the EU parliament does about it.²
So it sounds like you should just shut off your Internet access. Or, you know, you could post knowing the reality of the world and moderate your content accordingly.
¹ Note: I am emphatically not saying that the GDPR is a bad thing. I think the GDPR’s goals are laudable. It’s just that the GDPR is ludicrous in the face of how literally every piece of technology used in web sites of any kind actually works. It is a regulation that is a nice idea but that has absolutely no meaningful way to get enforced. As the EU will find out over the years. Hopefully not the really hard way.
² Any claim of EU legal extraterritoriality is risible and needs to be rebuffed in the strongest possible way up to and including punching EU politicians who claim it in the face with a spiked gauntlet.
if it was any other social media like reddit doing this, everyone would be up in arms about it. no one is forced to be on reddit either. we’re on lemmy bc we value our privacy (no ads, tracking, etc.) so it should be held to the same standard too and not given a free pass.
