All online systems suffer from this problem.

Bots are scraping websites daily, including places like archive.org, where they compile everything and save it for posterity. Half the time, your data is already saved by a third party, even if you delete it off a website.

Further, all databases have the option to flag something as “Deleted” and keep the original data while not showing the data on the main web page. Just because you “deleted” something online doesn’t fucking mean anything at all materially. It just means they are hiding it from end-users. The data is very likely still there. This is why people who are bulk-deleting their comments on Reddit are shocked to find those comments later restored… because they were never actually deleted to begin with. They were just flagged in the database as “deleted” and to not be shown to end-users.

Unless you are running your own server and your own service, you are at the mercy of strangers who are in full control over whatever data you share with them.

This has always been true, since the beginning of the internet.

This is why parents in the 90’s told kids to not post personal stuff online.

Because once it is sitting on a hard drive on a server owned by someone else, it is not legally any longer your data, it is now the data of the person who owns/operates that server and the hard drive.

Sorry for this message being kind of aggressive, I am very tired of everyone just figuring this out for the first time and thinking somehow it only applies to the Fediverse.

It applies to every single service you sign up for on the internet. You’re storing your data with someone else, and you don’t control the server software, database software, or hardware. That data is no longer yours. You are effectively hanging out on someone else’s property, and what you do on their property is being recorded.

This is not a Fediverse problem, this is an Internet problem.

EDIT: Forgot to add, it’s also the problem that the Fediverse is trying to help solve by allowing individuals to run their own instances and thus be in greater control of what happens to their own data.

Never rely on being able to delete anything that has been published/posted. If you want privacy, don’t post it. Yes, some systems make it easier to delete a post, but you can never rely on it being deleted everywhere (someone could have made a screenshot, etc.).

You can’t truly delete anything period, anything posted publicly can be copied. What’s more important is if it’s verifiable. I can trivially edit your post locally and take a screenshot and pretend it’s you, but there’s nothing verifying you actually said it.

It’s possible through encryption to verify that something was actually said, but most of the time we verify things through trust, we trust centralized services to have an accurate record of what happened. We trust social networks to not alter the original content posted to it. We trust archive organizations to store an original copy securely as it was at the time.

But that trust can be broken. u/spez himself has admitted to altering comments (happen in 2016, huge red flag), and we can only trust that archivers did their job properly.

You can prove that a post was truly made and unedited via encryption, but even then you’re still trusting that all the clients you are using are not doing anything nefarious in between. Unless you read the source code and compile your own applications you can’t know for sure, so still, trust is a big part.

But if you can prove a post was made, how do you unprove it? I don’t really see how that’s mathematically possible. So when you “delete” something on the internet, you can’t really remove it completely.

So what does “deleting” something actually mean? What it really means is “please stop hosting this and monetizing it on your server”, and it’s not even possibly to be sure they deleted all of it internally, you can only really check that they are no longer showing it to the public. That’s easy enough to do when it’s a centralized service, but for anything decentralized it means going to every single server and getting them all to delete it. You can send out a signal asking them nicely to delete it, and I don’t know if Lemmy has this, but even if they did it’s unenforceable to get a server to fully delete something, but you could put some rules in place that it needs to be publicly inaccessible otherwise the instance gets defederated or something, but I don’t know how hard it would be to implement something like that. The resources required to verify that all instances have stopped serving it and don’t begin to serve it later may be far too high to be practical.

If you’re talking to the public, nothing you say is private. That includes federated systems like Mastodon and Lemmy. If you want privacy and federation, using an encrypted Matrix chat. There’s still of course the caveat that the people you’re talking with can leak your chats, since they have a copy of them, so don’t talk to glowies.

Agreed, and the emphasis on the Lemmy GitHub page that it has “full delete” doesn’t have any kind of disclaimer about this. Newcomers to the project just don’t realize it.

I mean, everything you post is archived somewhere else in the same way. There’s multiple copies of everything on Reddit elsewhere, even if you delete your account and comments successfully without them restoring it.

In every other way than the one you mention, federation is more private. Especially since the data isn’t being collected to be sold.

I agree with everyone that this is an issue that affects all data on the Internet and everyone should treat what they publish with this in mind.

However, it may be worth requesting a feature for broadcasting delete requests to federated instances, though it’s not going to be a high priority as the devs prioritize scaling, bug fixes, and mobile app development.

The idea that things could be deleted by you at any time was always delusional, fediverse or otherwise. There are more meaningful privacy battles to fight anyways.