Skip Navigation
Fediverse @lemmy.world
purple_mimosa @programming.dev

Warning: You cannot delete posts or comments on Lemmy. It stays up forever, and is in direct violation of GDPR and other national privacy laws.

Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.

123 comments

  • GDPR is for companies/corporations to "respect" user's requests about their data.

    Lemmy (ActivityPub, actually) isnt a company.

    What you are saying is the equivalent of saying that the concept of writing is in direct violation of GDPR.

    What you probably can do is request that an instance remove your content... And then do the same for every single other instance of any platform that implements ActivityPub (and not all of them will even have data coming from you) and is federated with your instance. And the only ones that would really need to comply are those that are based or operating in the EU.

    This is still the internet, not some magical place.

    Use some of the most basic fundamental internet safety rules and don't provide potentially compromising information for no reason whatsoever. Especially since this isnt a corporation such as Facebook or Google who require you do so in order to use their service.

    • You are slightly wrong. The GDPR applies to everyone dealing with personal data on the regular, which you always have to assume with open text boxes. There have been plenty rulings already imposing fines on individual, private citizens for their misconduct in violation of the gdpr.

      While Lemmy as a system might be exempt, anyone running Lemmy for sure isn't, as long as it regularly processes data of EU citizens, which it does.

      As for the devs, the gdpr does require privacy by design. One could argue the Devs themselves aren't running it at all, so their software doesn't have to adhere to it, but individual instance hosts could still be hit with fines for running it as is.

    • There are some great replies here

      I think it's also worth putting in extra effort to educate users so they know early and not when they're expecting otherwise. The system has a benefit, and it'll be smoother if users aren't surprised

      Data deletion and public vote records are the two big things that come to mind

    • The user should not need to request all other instances to delete their data, their account is with a single server. It's on the server admin to ensure that all exchanged data is taken care of appropriately.

      If your European server shares data with an American server, that European server has A Problem. There's a good chance lemmy.world federation with fedia.io may already be a violation. The issue isn't as black and white of course, but the entire situation is legally dubious to say the least.

      You're right that the Fediverse isn't like Facebook or Google where there's one company in control. However, the downside of that is that there are millions of tiny instances, all with legal responsibilities. There are implications about privacy law, but also porn laws, propaganda laws, hate speech laws, child porn laws, and intellectual property laws.

      We're all just kind of betting on nobody ever taking any legal action here. One lawsuit can wipe out the Fediverse as we know it.

      • It’s on the server admin to ensure that all exchanged data is taken care of appropriately.

        "It's on the server admin to do the literally impossible."

  • It gets worse: everything you post to Lemmy is sent to multiple other servers automatically. Those servers may be in jurisdictions that have very different privacy laws than the server you post from, or that hosts the community you're posting to. You have no legal agreement with those servers.

    We're not done though. The ActivityPub standard makes delete optional, and other servers could be running anything, not just Lemmy. Some of them are probably running somebody's janky pet project that implements half of ActivityPub, poorly, on a jailbroken smart light bulb or something.

    Lemmy should implement proper post deletion, possibly with a delay to allow moderators and admins to inspect deleted posts, but expect anything you share via ActivityPub to follow the once on the internet, always on the internet rule even more than in the past.

    • Delete buttons are just a placebo on the Internet anway. At least activitypub is honest about that.

    • Almost like the entire platform is based on the idea that one server/owner can't be in charge of the data.

      Don't get me wrong, not picking a fight, just what op said is kind of obvious to me. You're picking a social media that is democratized and is federated with everyone. The natural tradeoff is that your data is not housed on one server... Which obviously means it's not private.

      Idk, the fediverse is a great place, but I would never post anything here I ever wanted to be private. It's not an accident, it's literally by design.

    • Lemmy should implement proper post deletion, possibly with a delay to allow moderators and admins to inspect deleted posts, but expect anything you share via ActivityPub to follow the once on the internet, always on the internet rule even more than in the past.

      How would this be done? Like you mentioned, anyone can run a modified instance of Lemmy that does not honor delete requests. I suppose you could put something that retrieves content from other servers as a pull operation instead of a push, but that's going to break Lemmy's ability to work with other ActivityPub applications (at the very least).

      • How would this be done? Like you mentioned, anyone can run a modified instance of Lemmy that does not honor delete requests.

        Delete currently renders posts invisible to most users. Delete should actually delete the post from the server.

        It's impossible to ensure that the post is deleted from federated servers, web caches, clients that cache things, etc....

  • This is a lot like spray painting a message on a public wall in a neighborhood and then complaining because the community won't paint over it (or destroy photos they took of it) when you realize how dumb it was.

    You're writing on a public space for free with no business behind it. You're not the customer in this scenario.

  • OP is simply incorrect.

    I'm coding a Lemmy alternative right now and have been testing this functionality out extensively. Deletes of posts and comments certainly federate, I've seen the AP traffic to make it happen. Also, the docs: https://join-lemmy.org/docs/contributors/05-federation.html#delete-post-or-comment

    I haven't tested what happens when the 'delete account' button is clicked... Mastodon solves this by sending a 'delete this user' Activity to every fediverse instance so there's nothing about ActivityPub that makes removing an account and all it's posts in one go impossible.

    • Deletion of entities is optional in ActivityPub. That, by definition, makes known-removal of an account and all its posts in one go impossible, because a server can just ignore the deletion activity.

      • Yes, although the server will not ignore the deletion activity if that server is running Lemmy. We're talking about Lemmy here, not the fediverse as a whole. OP singled out Lemmy in the post title and said "lemmy devs are not concerned with..."

        I'm sure there is more to be done in this area. It'd be great to know for sure which software treats deletion activities properly (I'm really unsure about Kbin, I think it does not) and which does not so instance admins can make informed decisions about who they federate with. Perhaps this information could be made available right within the UI that Lemmy admins use to control their instance, rather than an obscure documentation page somewhere...

        IMO having deletes federate should be part of a minimum standard all fediverse software has to meet (plus mod tools, spam control, csam filters, etc) before it is allowed to federate but obviously we're nowhere near having that sort of social organisation.

  • Remind me again how things can be deleted from the internet?

    • Exactly, this is not specific to Lemmy as it applies to the whole internet.
      Also, Lemmy is not a website : it would be somewhat like saying the language Python doesn't obey GDPR !

    • /thread

  • All your posts on the fediverse are effectively a public blog of your thoughts that will be scraped and stored in servers you have no control over.

    If you care about privacy, which I understand, you probably want to leave quickly.

    Here’s a rundown from someone who got fed up with the fediverse and kinda rage quit: https://blog.bloonface.com/2023/07/04/the-fediverse-is-a-privacy-nightmare/

    Another example of this is that it’s not just about lemmy. One way in which lemmy actually federated well worth microblogs like mastodon is that users can be followed from mastodon etc.

    So any number of servers running a number of open source easy to run platforms could be taking up everything you specifically post.

  • seems weird this expectation of privacy on public sites built for public consumption of public content posted by people publicly.

    i mean, i get wanting to control your data. the software i use allows for this ( the 'bins offer a user-level purge).

    but privacy? seems weird

  • Kilroy was here -U-

  • Thats why I stay as anonymous as possible.

  • This is definitely a con of Lemmy for me. I like to be more privacy focused but Lemmy gives you 0 privacy on whatever you do on the website. Anyone who wants more privacy on Lemmy is told you have no right to privacy, don't expect any privacy, everything you do is public on the internet, etc. A massive boner killer for me. I think basic things like deleting your own post or comments should actually get removed from all servers, PMs should not be viewable by anyone except the recipients, and what you vote on or subscribe to should be private. Lemmy doesn't sell your data but that's because anyone can take the data for free. I thought this stuff was because Lemmy is still new and will get to it eventually but the push back seems to say this was a choice or is not broken. I ended up exploring different social media alternatives but I like the style of Lemmy better since it is more reddit-like with an active user base plus has different android clients. I don't like kbin because it shows who upvoted or downvoted something to everyone - it's not accountability when it erodes your privacy.

    I used to comment on Lemmy more but then I ran into this problem when juggling multiple accounts, Liftoff sucks ass at letting you know which account you are logged into (I use Summit now and it is better at it) so I ended up getting my accounts' wires crossed when I thought using the drop down on your accounts changed your account but no you have to go to manage instances to switch which was not intuitive. I ended up abandoning the accounts when I couldn't figure out how to actually delete the post from the server.

    Edit: man I wish I saw this sooner, might be time for me to either stop posting again or look somewhere else.

    • While I didn't find any factual issues in a quick skim of that article, I really don't agree with its tone.

      The Fediverse is radically public. That's the nature of a protocol like ActivityPub, not a bug to be fixed. Using it for anything you're not comfortable with being public forever is a mistake.

  • Effect of ActivityPub, not Lemmy. All federating systems function similarly, because it's a feature of the protocol.
    If instances want, they can ignore delete requests and your content stays in their cache forever (remember Pleroma nazis from couple of years ago?) - now, that is an instance problem that might be a GDPR issue, but good luck reporting it to anyone who cares. At best you can block and defederate, but that doesn't mean your posts are removed.

    The fediverse has no privacy, it's "public Internet". Probably a good idea to treat it as such.

  • there's a delete button

  • GDPR is international now? Do I need to break out Nelson Muntz when some Euro type thinks European law is extraterritorial?

    Don't make me break out Nelson Muntz, please.

    • The GDPR is a directive implemented by 27 countries, so I guess you could call it "international law"?

      With treaties such as the Safe Harbour Privacy Principles EU–US Privacy Shield EU–US Data Privacy Framework, GDPR restrictions may also start affecting American busineses, so the "international law" monniker would actually make sense.

      • It's not really as simple as that. Businesses in countries outside the EU have to follow the gdpr rules if they have or want customers from the EU because the EU can hit them financially in their EU operations.

        Normal people offering a free service that are not based in the EU probably cannot be pursued at all. I doubt the EU considered people that might not be some business wanting to profit from EU citizens.

      • India? China? Japan? Vanuatu? ...

        Know what? I think I'll just link instead of list because I can't be arsed to type out all the names.

        So it's "international" as a technicality, but the context he was using it in implied he meant "universal". And it barely qualifies even as international against the sheer weight of non-EU, non-US states.

    • It's mostly important for when you wanna do business in the European markets.

      The alternative is to be blocked by most of Europe entirely. Happens usually to tabloid news sites as they are often in violation of anti misinformation and hate speech laws. It's also why they could sue Facebook so easily as otherwise Facebook would be non-GDRP compliant and be blocked there.

      Lemmy however isn't exactly for profit, so sees much less scrutiny. This is primarily for business after all. Lemmy doesn't have ads, doesn't take users money, nor does it sell products. It also does not actively distribute illegal media either.

      (it should be noted that it's usually not the EU doing the blocking but rather so websites choosing to block viewership from the EU because they'd rather do that than get sued to hell)

      • "Lemmy" doesn't do ANYTHING. Lemmy is server software. It has no agency whatsoever.

        Individual Lemmy sites might be beholden to the GDPR (or not, if individually run). But any site hosted outside of the EU can wave its ass in the faces of EU officials trying to enforce the GDPR.

  • Lemmy lack of central control is a feature. But it can still be GDPR compliant. GDPR did not make useNet illegal. GDPR does not make peer-to-peer illegal.

    As an EU citizen you can still write letters to the editor of newspapers, and those letters can be published in those newspapers of record. Sending a message to Lemmy is akin to publishing publicly and opinion piece in a newspaper.

    Certainly you can use GDPR to talk to an lemmy admin to remove your data on the instance you registered and account on. But due to the nature of Lemmy, it's architecture, you can't go out and retract all of the newspapers that have been published. That's a physical impossibility.

    Even if you could somehow talk to every administrator of every instance, you can't prove you were that user who posted that data.

  • Mods and admins can remove posts and they don't stay on the server. If you delete it yourself, then it stays. Comments stay deleted, though and is replaced with a 'deleted by creator' message.

  • Message your admin and ask for purging of that post/comment/user.

    • Then message every federated server's admin.

      Then message every federated server's federated servers' amins.

      Then ...

      The number of surprised Pikachu faces people are displaying here is actually pretty funny now.

      • Technically, yes. If the law is of concern, if you're an admin, purging it from your database will be the only extend your power can reach. If privacy is of concern, while purging will not federate, delete/edit will, so edit all comment into gibberish before deleting your own account, and then ask for it to be purged. If that's unacceptable then best not use social media at all.

  • That's a pretty uncharitable interpretation, especially considering Lemmy is developed in and funded in part by the EU, and the "staying online forever" thing is a consequence of Federation (and one they're working on remedying).

    If you were worried about this sort of thing, perhaps you should have done your research about the platform before making an account so you could bitch about it here. You definitely don't sound like the voice of reason when you couldn't be arsed to figure this out before you made an account.

    • So you can't make an account on this platform if you don't agree with how it operates? By that logic no criticism of the platform by its users is possible, which is a great way to ensure it never gets better.

      Edit: Let me make this clearer:

      Saying in effect "yet you participate in lemmy" to dismiss the OP's concerns is ridiculous. If this logic were taken to its endpoint, there would be no valid criticism of anything lemmy ever did.

      Maybe that's your goal, but I would rather not blindly defend lemmy because I like it. I'd rather make it better, and that starts with criticism.

      • I mean, yes?

        If you do not agree to the terms of a service, do not use the service. This is the case for essentially every system ever. You can go complain about it on Reddit or something if you like.

      • It took this person 20 days to post this. They didn't create their account to post it the same day or even the next day, ergo, they figured it out after the fact.

        If they really had an issue with stuff like this, why pray-tel weren't they already doing their due diligence to ensure that the service they were signing up for didn't violate the GDPR in ways they didn't like? That seems like a gross oversight by someone clearly incensed by it.

        (Also, it continues to be questionable whether it's actually breaking GDPR rules, and even in that regard, it would be individual server admins responsible for enforcing GDPR compliance.)

      • I don’t agree with that reasoning. It’s entirely possible for someone to be personally accepting of the Fediverse’s privacy issues, but make an intelligent, well informed, coherent critique of them.

    • Lemmy may be developed partially by EU funding, but that doesn't mean they're necessarily following EU laws.

      For what it's worth, complying with the GDPR and other privacy laws is on the corporate instance owners, not on the Lemmy devs. It's up to the instance devs to make sure things like data encryption and deletion requests are set up correctly.

      That said, there are exemptions for personal use. Things become a little muddy when you get to the "personal server but donations" territory, but companies and people have very different obligations when it comes to privacy.

      Lemmy needs better tooling for privacy compliance, though. As an instance admin, the only way to generate full takeouts is to go through the database manually. The export button helps a lot, but doesn't contain all user data.

      "Maybe check if the website you signed up with is following the law" is a ridiculous take. They may be overestimating their privacy rights (especially when it comes to small servers run by individuals) but that's not how the law works.

  • You know, I think I'm going to make some software that just siphons every ActivityPub message (ignoring delete requests except to log them) and call it "GDPR THIS". The amount of mysticism and confusion around two very basic concepts (ActivityPub works by copying profusely, and the GDPR has no weight outside of the EU) just leaves me baffled here.

  • It's been a problem for a while. Considering major social media companies have already gotten massive fines from the EU for violating the GDPR, maybe the lemmy devs will put more effort in setting up a deletion system once the EU sends them a fine for breaking the law?

  • Yeah, the Fediverse is terrible for privacy. By design, I should add.

    I'm pretty sure running a Lemmy server (or Mastodon server) in Europe in blacklist federation mode is illegal, as you're exchanging data with external processors without any kind of validation about privacy arrangements. No DPAs, no competency decesions taken into account, data shared all over the world.

    Lemmy lacks proper delete functionality (you can edit to replace the contents with an empty string, though). In theory you could exercise your rights and demand thst the administrator deletes all your PII, and instructs any data processors that PII was hared with to do the same. If they do not or cannot comply, that should be grounds for a complaint with your local DPA.

    I'm not aware of any international privacy law, but this is going to be A Thing now that Meta and Tumblr and Foursquare are joining the Fediverse. My guess is that they'll consult at least one DPA (probably the Irish one, they're usually located there for tax reasons) for guidelines. I wouldn't be surprised if data they severely restrict Fediverse activity within EU/EEA borders because of privacy laws.

    Even more interesting will be what would happen if a user sued the instance admins of a European server that's more than just a person. Several Fediverse instances are backed by organisations, which means they need to comply with the terms of the GDPR if they operate within Europe, and the way the open Fediverse operates just isn't compatible.

    This is one of the reasons I don't see the Fediverse lasting long. Unless you add some kind of validation system to verify that you're exchanging data within certain borders, the entire system as it stands simply cannot be run legally by anything bigger than private individuals.

    However, it's important to note that privacy law generally only applies to PII. Your works (blog posts, comments, etc.) are probably not covered by privacy laws. Your username probably is, though.

    I think the fact there's a privacy oriented community on Lemmy is pretty hilarious. Of course, privacy is irrelevant if you choose to share information willingly, but the entire protocol is a giant privacy violation.

    As an added bonus: this applies to most other federated protocols as well (Bluesky, Matrix, XMPP, you name it) unless those servers are configured to only communicate with known-compliant servers.

  • Well it is pretty much impossible to delete any thing on any federated service. It is technically just not possible without opening a whole other world of problems.

    I always like to think of the fediverse in some way like emails. If you send an E-Mail, the moment it leaves your mail providers server it is pretty much impossible to stop.

    Basically think before you post. The internet never forgets, the fediverse especially so.

  • To my knowledge, these privacy laws prevent corporations from holding onto your data after you have requested to delete it. Lemmy is not a corporation, and there is no single entity that holds onto all of your data. That's just a tradeoff of being decentralized.

  • Oh no, that's not even the half of it. The admin for your instance has access to literally anything on their server, including passwords afaik. If you want privacy, this ain't it chief.

123 comments