Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server
  • ffmike@beehaw.org
    link
    fedilink
    English
    arrow-up
    79
    ·
    1 year ago

    In my opinion it’s unreasonable to think anything can truly be deleted in a federated system. Even if the official codebase is updated to do complete deletion & overwrite, it’s impossible to prevent some bad actor from federating in a fork that just ignores deletion requests.

    Seems sensible to just not post anything that you don’t want to be available for the lifetime of the internet.

    • dudeami0@lemmy.dudeami.win
      link
      fedilink
      English
      arrow-up
      36
      ·
      1 year ago

      Just as it’s impossible to stop scrapers from archiving data on traditional websites. “Deleted” data is probably in a database somewhere, being sold by someone. As you said, you lose some degree of control over your data as soon as you post it. Data is valuable, and if there is a will there is a way.

    • alyaza [they/she]@beehaw.orgM
      link
      fedilink
      English
      arrow-up
      35
      ·
      1 year ago

      In my opinion it’s unreasonable to think anything can truly be deleted in a federated system.

      yeah like. this is just a byproduct of how federation works currently. i don’t even know how you’d begin to design a federated system where some of these critiques can’t be levied

      • Gaywallet (they/it)@beehaw.org
        link
        fedilink
        English
        arrow-up
        12
        ·
        1 year ago

        Anything that is visible to another party can be hijacked - even a 1:1 communication does not guarantee that the other party doesn’t capture the data and then spread it. The only things that are private are thoughts that you have which are not shared with others in any fashion. As soon as information is shared in any fashion, it is not private.

        Past this point it’s a matter of how private you think is reasonably private. You could design a system where users are in control of their own data through a series of public and private keys, ensuring that keys must be active to view content, but as stated above even in such a case and the user revoking keys does not stop other people from making copies of said data. This is akin to screenshotting an NFT. For all intents and purposes, a copy of the data as it existed at the time of copying is now publicly available.

        Quibbling over the fact that you’re the one who “truly owns” the data when it comes to something like social media feels like a mostly pointless endeavor because the outcome (data is available for others to view/consume/read/etc) is the same regardless of who “owns” it. Copyright law will apply to anything you produce, if it comes to legal problems (someone copies your artwork and sells it, for example) and having a system to prove you own it is primarily a formality to make it easier to prove ownership. Generally people aren’t arguing through this lens, however, and are instead arguing through the privacy/security lens - that they don’t want people stealing/selling their data, which lol, good luck - AI models are proof that no one in the world actually cares about this ownership if they reasonably think they can get away with using your data without any real incentive to not do so - interestingly copyright law and models being trained on corporate data such as movies are a vector by which the legality of this might actually stop or slow AI development and protect the end-users data.

    • yourgodlucifer@kbin.social
      link
      fedilink
      arrow-up
      23
      ·
      1 year ago

      I don’t expect my data to be fully deleted in a centralized system either. even if it was deleted from the central server someone might have mad an archive of it

      and reddit is defiantly guilty of this since they were bringing back peoples deleted comments and accounts

    • pkulak@beehaw.org
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      This is how I treated Reddit too. And Twitter. And everything else. I have two modes; public and private. And private is private; strong encryption and local storage. Having some middle ground is a recipe for disaster.

    • CoffeeBot@lemmy.ca
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Exactly. Even a server to just go down one day. Theoretically it has a snapshot in time

    • Zetaphor@zemmy.cc
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      You don’t even have to modify the code in a fork, just take regular database backups

  • 0xtero@kbin.social
    link
    fedilink
    arrow-up
    72
    ·
    edit-2
    1 year ago

    First - we’re all using alpha/beta software (Lemmy is 0.17.4, Kbin is 0.10.). None of these services are “production quality” software yet, so let’s keep that in our minds - we’re all early adopters.

    The points mentioned in the OP are a bad look. Naturally. User should have expectation of their data being deleted on request - especially since this request might be regulatory privacy request (GDPR related). It’s a clear failure from the software and should be improved and iterated upon.

    The expectation shouldn’t be “oh well it’s on the Internet, live with it”. While Facebook might keep mining your data after deletion request, our software shouldn’t behave like that, we should strive to be better with this stuff.

    And finally, ensuring privacy in federated system is hard. Mastodon suffers from same problems. We shouldn’t give up on the idea though.

    • YMS@kbin.social
      link
      fedilink
      arrow-up
      13
      ·
      edit-2
      1 year ago

      It is an early stage software and such things can be worked out, you’re right. But on the other hand, such basic elements should be based on a thorough concept before a single line is coded, and implementing something like a delete button with “Let’s just make it delete the most visible stuff for now, we can always improve that later when there is time” is recipe for disaster.

      • Kresten@feddit.dk
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        Agree, it’s a little late to change core architecture. But this is the philosophy the devs ran with, and it has the advantage of longevity when an instance goes offline, then it’s still visible to everyone else.

    • aard@kyu.de
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      The more important part for privacy: Mail address is optional, and IP addresses are not stored in the database. A correctly configured instance (at least for EU legislation) also will not log IP addresses in the web server - with that you can have profiles that can’t be tied to an actual human, and you don’t have location and movement data.

      The data deletion is pretty much a nice to have - it’s on the level of the Exchange feature to recall Emails: Sure, you can ask nicely, but outside of your own server pretty much nobody will care. Lemmy is federated over multiple jurisdictions, so even with full deletion implemented there’ll almost certainly be instances which will ignore the deletion request - and it will be completely legal for them to do so. More important is education about what you publish, and a basic understanding of the technical and legal realities you’ll have to deal with if you later decide you want that information gone.

      I already had that discussion with my 6 year old when she wanted to publish some videos - and she understood the problems quite well.

      • Pekka@feddit.nl
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        but outside of your own server pretty much nobody will care. Lemmy is federated over multiple jurisdictions, so even with full deletion implemented there’ll almost certainly be instances which will ignore the deletion request - and it will be completely legal for them to do so

        Lemmy also seems to federate your matrix_user_id, that is clear personal data. It does not matter how the data gets to the federated server, this is still user data within the scope of the GDPR. It does not matter that that server does not have an agreement with the user, the instance that would ignore a GPDR related deletion request would be in direct violation of the GDPR. Maybe it can do that without consequences, though.

        I completely understand that making Lemmy fully GPDR compliant will probably be impossible, however I don’t like the approach of “we will not succeed, so we don’t make any attempt”. Instances should actually delete data when that is requested, or instance hosts can get fined. For now, Lemmy has bigger issues to solve, but eventually they should do at least a best effort attempt to respect user data.

        • appel@whiskers.bim.boats
          link
          fedilink
          arrow-up
          7
          ·
          1 year ago

          I had a look into the wording of the gdpr (more specifically the Data protection act as it is implemented in the UK) it seems to refer to organisations. I think most, if not all, instances are not hosted by organisations. (Just some group or individual hosting it on personal or rented hardware). Laws such as this are designed with centralization in mind, and kind of don’t make sense in the context of decentralisation.

        • aard@kyu.de
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          Lemmy also seems to federate your matrix_user_id, that is clear personal data.

          Just like specifying an email address when signing up adding a matrix identifier is your personal choice. Lemmy is perfectly usable without either.

          It does not matter how the data gets to the federated server, this is still user data within the scope of the GDPR. It does not matter that that server does not have an agreement with the user, the instance that would ignore a GPDR related deletion request would be in direct violation of the GDPR.

          Not a lawyer, but I’d say the instance outside of EU, not targetting EU users would not be in violation - though EU instances transmitting data there might.

          Instances should actually delete data when that is requested, or instance hosts can get fined.

          With that part I agree - but it should be made clear when deleting something that this is a local deletion, which may or may not propagate to other instances, and will almost certainly not remove the data from the internet.

          • dan@upvote.au
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            EU instances transmitting data there might.

            This is an interesting thought, as data transfer between the US and EU has been an issue with other social networks. Federation between an EU instance and a US instance could be seen as the same thing - data for EU users is being transferred to non-EU servers.

            • lovesyouandhugsyou@beehaw.org
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              It’s very possible that an EU instance that comes under regulatory scrutiny for whatever reason will have to start requiring Data Processing Agreements (DPAs) from every instance it federates with.

              Ultimately that would likely result in a few paid, professionally run instances, which only federate with each other and maybe a few similar instances in other regions with the capacity to provide DPAs.

              And next to that, a forest of independent, non-conforming instances flying under the regulatory radar; an entirely separate fediverse from the centralized one where instances disappearing is a regular occurence.

    • lovesyouandhugsyou@beehaw.org
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      But is it solvable at all in principle? The only enforcement policy available is defederation, but that just means future posts won’t go to that instance, the older posts will still be there. Plus an instance could just lie when confirming delete requests and you’d never know unless the non-deleted posts leaked.

      • Dee@beehaw.org
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        Not really, same as email. Once you send it out and it’s on somebody else’s server, you can request they delete it but that’s about it. They have a copy of your message and can do whatever they want with that.

        This is not a principle that needs solving imo, it’s the nature of Internet. If you post it online then you should know that there’s a chance it’ll be there permanently.

      • Mikina@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Hmm, it’s an interesting problem. I’m afraid you are right and there’s really nothing left but defederation - on the other hand, then it’s the same as with stuff like the parsers that could show deleted reddit messages, or things like waybackmachine, which basically do the same, so the core logic of base lemmy source should be as privacy-respecting as possible.

        I remember few years ago when I was reading about Signal that there is some way how you can verify that their server is running on the same code as the one published (and audited heavily), so you can be 100% sure that there were no modifications. Wouldn’t something like that be a solution? That would prevent servers from modifying the code that deletes data. I don’t know how it works, and I couldn’t find it when I tried looking for it again, but assuming such a thing is possible, each Lemmy instance could just have a verify widget on their VCS and you could be sure that this instance really does delete your data, since they didn’t modify the deletion code.

        But this is just a theorycrafting, I wouldn’t really have enough experience to create something like that and I can imagine that it’s not an easy thing. But if anyone knows more details about the way Signal verification works, assuming I’m just didn’t misunderstood something (since it’s literally a memory I have of a single sentence from one random article when I was researching best private messages app), I would love to read more about the way it works!

        But yeah, outside of that, I’m afraid that the following set of features is mutually exclusive:

        • An user is able to delete their data, and it’s guaranteed that they are deleted from everywhere.
        • If a lemmy instance dies, it’s data is not lost.
        • There is not a single centralized authority for anything.

        Another option would be to create some kind of reputation system, where self-hosted bots could check for servers that still provide posts and comments that should be deleted, and flag offenders. But that’s overengineering anyway, and as I’ve already said - there’s still no way how to stop scraper or anyone from simply copying your data when they see it.

  • russjr08@outpost.zeuslink.net
    link
    fedilink
    English
    arrow-up
    68
    ·
    1 year ago

    So, I was born in the late 90’s - I don’t know if they still have “computer literacy” as a core course in schools these days, but they did when I was going through K-12 (or, well K-9… once you were in high school they assumed you knew the basics of how to use a computer, and had more advance courses).

    One of the very first things we learned about the internet is that once you put something on the internet, there is no way to take it back. At the time, uploading pictures to the “cloud” and such wasn’t really a thing so we learnt this by using email: Once you’ve sent an email to someone, you cannot “unsend” it. You can kindly ask the other party to delete the copy of the email without opening it, but you cannot guarantee that the email wasn’t saved on another computer, or saved somewhere else along the route between your computer and the receiver’s computer. Clicking the send button was taught to us as “etching your letter into stone”.

    Because of this, I’ve always (or at least, as far as I can remember) made sure that anything I put on the internet, or even “put into digital form” (such as even writing something in a file on your computer - you can recover deleted files from a hard drive unless you really put in the effort to actually erase it… there is a huge difference between erasing a file, and marking it as “deleted”) is something that I’m okay being tied with me forever. I’m sure if you looked hard enough, you could find me participating on message boards as a young teenager - and to that I just say “Oh well”. Is some of it probably very cringe-inducing and embarrassing? I have no doubt.

    (This is also why you should take extreme caution when talking about say, your friend, on the internet - if you post something about them on the internet, you’re condemning them to this same exact thing)

    Now funnily enough, as far as I understand the ActivityPub protocol, it is for all intents and purposes the exact same as email in this regard. Once you’ve sent something, there are no “take backs”. All you can do is kindly ask others to delete their copy, and that comes with zero guarantees. If I had a mastodon server, and someone deletes their toot - I could take down my server and my server would never receive that delete request. Or, just simply change the source code of the Mastodon instance on my server to straight up ignore deletion requests.

    Would it be nice for Lemmy to have a way to actually delete your content? Sure. But that’s not technically feasible, and personally (as controversial as it may seem) I would rather Lemmy not try to give you the false sense that everything was completely gone forever. I’m not saying that you shouldn’t be able to delete your account off a Lemmy instance, but it shouldn’t come with an option that says “Check here to remove your data/media from all federated instances” because Lemmy/no one can promise that, and I really hate it when software (or really anyone/anything) attempts to make a promise in bad-faith knowing that they can’t possibly ever uphold it.

    Anyone who thinks Reddit is “better” than Lemmy in this regard probably doesn’t realize that Reddit is making a claim they can’t keep. The most obvious example of this is all of these subreddits that have gone dark? You can bring up most of their posts on the Wayback Machine or Google Cache. That would be the case regardless of whether they were set to private, or even if they were just straight up “deleted”.

    We really should not be setting the belief for people that there exists a way to completely nuke a piece of data off the internet, because you cannot make a guarantee of that being the case.

    • Mikina@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I don’t really agree with this. The core behavior of Lemmy should be to make a reasonable effort to delete it, which as I’ve understood it doesn’t really.

      And you don’t have to give people a false belief - the button shouldn’t only say “Request removal of data from all Federated instances”, but also add that “But keep in mind that it’s not possible to enforce deletion from all instances in a Federated environment, and some instances may refuse to comply”.

      I think we should strive for privacy as much as possible, and by default the instances should comply. Sure, there’s nothing stopping anyone from not complying, but that doesn’t mean that we shouldn’t at least attempt to do it.

    • rothaine@beehaw.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Not a guarantee, but a reasonable effort would be good.

      Consider doxxing. It would be better if instances propagated delete requests to the fullest extent possible so that that information would be as hard as possible to find.

  • NightOwl@lemmy.one
    link
    fedilink
    English
    arrow-up
    55
    ·
    1 year ago

    Did anyone use reddit thinking it was private? With stuff like push shift and way back machine people shouldn’t be posting stuff they aren’t comfortable sharing anyways on a wide open message board.

    Always weirded me out the people who’d treat their reddit accounts like Facebook.

  • lowleveldata@programming.dev
    link
    fedilink
    English
    arrow-up
    53
    ·
    edit-2
    1 year ago

    It is reasonable that people should be able to delete their posts / comments. However I don’t see how is this related to “privacy”. How can something you post on a public forum be private?

    • Lols [they/them]@lemm.ee
      link
      fedilink
      English
      arrow-up
      19
      ·
      1 year ago

      its the principle behind the ‘right to be forgotten’

      if you posted something to a public forum and changed your mind, deciding it shouldnt be public after all, you should have that option

      • Lionir [he/him]@beehaw.org
        link
        fedilink
        English
        arrow-up
        11
        ·
        edit-2
        1 year ago

        While this makes sense for corporations - it doesn’t really make sense on the internet. People will archive, take screenshots, etc. Anything that is public on the internet will likely stay on someone’s computer for years no matter how much we try to delete things.

        It is kind of naive to think that the right to be forgotten will be respected by anyone other than the service provider.

    • rstein@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      You can’t delete a mail you sent me, nor put your hand written letter to me in the bin. I can keep both and I can keep your name and addresses in my little black book. So there isn’t even that level of privacy in the real old fashioned communication.

      And communication over the Internet was always the subject of storage. Your mail may be on the backup tape of a mail server. Your usenet posting is on archive.

      So the assumption that the fediverse can forget….

      • GiantBasil@beehaw.org
        link
        fedilink
        English
        arrow-up
        13
        ·
        edit-2
        1 year ago

        There’s long dead people’s very private letters and diaries in museum’s and public archives. Really available on the internet now. So that’s not even a failing of the internet, if you write something people find interesting, they’ll find a way to preserve it.

        I’m not sure how they think the fesiverse will be the one to solve that.

    • CrateDane@feddit.dk
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      That is generally true, with exceptions like leaking someone else’s private information.

      But it implicates the adjacent “right to be forgotten” rather than narrowly defined “privacy”. This could be a real legal issue in the EU.

      • hoshikarakitaridia@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        It is. GDPR in the EU dictates that every user which requests their information has to get it in 30 days, and every user who removes their information has to be able to get it removed (I think the time span for that is even shorter, so more pressure for the server admins)

        • Umbrias@beehaw.org
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          It almost definitely isn’t and that’s clear looking into GDPR at all.

          The right to be forgotten is not all powerful, and the lemmy instance your data originates on has an obligation to delete your data, that is true. However other servers may or may not have any of that obligation for a variety of reasons.

          Now if you go to those other servers and make the request to have your information deleted, they may have an obligation to depending on whether that data is seen as currently usable.

          The right to be forgotten is far weaker than you think it is, especially on public forums, under GDPR.

        • Retronautickz@beehaw.org
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          The problem here is that your data is not only recopilated by your server and accessible to your server admins, the servers of the communities/magazines or people you interact with also recopilate any activity you have in relation to any community/magazine or user hosted in their server.

          So, while the admin of your server has the obligation of deleting your data if you ask for it, the other servers admins don’t necessarily have that obligation.

          Also, I’m reading the GDPR and the “right to be forgotten” that many are quoting seems to refer to personal information only.

      • __forward__@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        Blockchains have the property of being append-only, so a blockchain is precisely what makes it impossible to delete transactions. That being said, in a distributed system, once the message leaves trusted servers, it is obviously also impossible to delete it.

        • Zetaphor@zemmy.cc
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 year ago

          Nothing about how lemmy or the fediverse platforms work has anything to do with blockchains. Don’t conflate “decentralization” to include blockchain. Torrents are also decentralized and have nothing to do with blockchains.

          • __forward__@lemm.ee
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Lovely, the parent comment mentioned blockchain but was since edited… Trust me I would not have brought it up otherwise.

    • Rinox@feddit.it
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Probably in the sense that if it’s not me that posted it, then I don’t have any way of truly remove it (which I think is against the EU’s laws). What I can think of right off the top of my head is revenge porn and doxxing. Furthermore there’s also the right to be forgotten.

  • heartlessevil@lemmy.one
    link
    fedilink
    English
    arrow-up
    47
    ·
    1 year ago

    What does this have to do with Mastodon?

    The same privacy issues also exist with Mastodon and all distributed systems.

  • KNova@links.dartboard.social
    link
    fedilink
    English
    arrow-up
    38
    ·
    1 year ago

    BTW, the OP on Raddle was spamming that message around Reddit last week and directing people to Raddle. I think he has a bone to pick with the developers’ politics more than anything.

    • Telodzrum@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      That’s probably because the Lemmy dev’s “politics” are beliefs that have no place in a civilized society. Luckily, Lemmy itself and the fediverse writ large don’t have any relationship to those beliefs.

      • cavemeat@beehaw.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        True, and I agree. Thing is, I don’t think the raddle base is willing to look past that, or consider how federation makes the dev’s beliefs largely meaningless outside of the server he moderates.

        • Telodzrum@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          100% agree

          It’s funny, they commenter in that chain are calling out Lemmy users for being blind to dev-related issues, but they demonstrate a strong myopic slant on their own assessment of the landscape.

  • Retronautickz@beehaw.org
    link
    fedilink
    English
    arrow-up
    36
    ·
    edit-2
    1 year ago

    The illusion of Privacy is Mastodon (or social media in general)

    There’s a reason why when you go to “private mentions” on Mastodon, this appears:

    Private mentions. Post on mastodon are not end-to-end encrypted.Do not share any sensitive information over Mastodon

    While yes, we should be able to delete our content if we want, but it’s a bit naive to think there could be true privacy in any decentralised social media platform.

    There’s a reason why one of the think people tell you when you come to the fediverse is not to share personal and sensible information.

    The only decentralised social media that has some level of privacy is Matrix, and that’s why it has it’s own protocol and only federates within/between its own servers.

    • KitemanHellYeah@lemm.ee
      link
      fedilink
      English
      arrow-up
      24
      ·
      1 year ago

      In general I think we should go back to separating personal identities from internet identities on discussion forums like these. There are already platforms for promoting your personal identity that are way better than these types of forums

      • Retronautickz@beehaw.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        I completely agree. I’d add that. in general I wouldn’t put any type of personal information on the internet, no social media site, is really private.

        • Hexorg@beehaw.org
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          The line gets a little blurry if you start posting into a geographical community though. Sometimes it’s hard to stay 100% anonymous

        • wewbull@feddit.uk
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I was rather peeved I had to give an email to create an account on Lemmy. It shouldn’t be needed.

          • fedi@geddit.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Unfortunately there has been a wave of fake accounts being created on lemmy. Requiring email on signup is one way to try to prevent this from happening.

          • Retronautickz@beehaw.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I have an email that I specifically use for the fediverse. I wasn’t asked to give email here, but otherwise it would have been hard to know when and whether my join in request was approved or not.

    • BitOneZero@beehaw.org
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      While yes, we should be able to delete our content if we want, but it’s a bit naive to think there could be true privacy in any decentralised social media platform.

      Especially an email or “reddit” threaded conversation systems where quoting of messages is routine. Here I am, quoting you.

      You are putting a billboard up in public, on a bulletin board in the center of the Internet, the assumption should be that anyone can photograph it.

      • Retronautickz@beehaw.org
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Exactly.

        That with the addition that the function of thread-like social media is being a place to discuss topic and share information/knowledge. So content needs to be kept even if the account that posted it exist no more. The contain remaining when the account gets deleted is a feature, because otherwise important information could be lost.

        Content deletion should be an option, but the content remaining if you delete your account its a needed feature for this type of platform

    • Zetaphor@zemmy.cc
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      There’s a reason why when you go to “private mentions” on Mastodon, this appears:

      Lemmy carries the same warning:

  • loving_kindness@midwest.social
    link
    fedilink
    English
    arrow-up
    36
    ·
    1 year ago

    Anything put on the internet is forever. No one should be publicly posting anything with the expectation that they have any control of it after it goes out. If it’s not held by the server, there’s the way back machine or even just folks taking screenshots.

      • Eufalconimorph@beehaw.org
        link
        fedilink
        English
        arrow-up
        14
        ·
        1 year ago

        It’s the Internet Corrolary to Murphy’s Law: your embarrassing posts will be available online forever, but any useful information you want to find later will have been deleted when you next look for it.

      • GiantBasil@beehaw.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        The internet is forever, except that one thing you really want to find from years ago. That’s the rule.

    • knotthatone@lemmy.one
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      I completely agree. I just don’t see how there can be any realistic expectation of privacy when publishing something publicly.

      I appreciate the idea of laws establishing a right to be forgotten and I think there’s still some value in being able to take your data away from certain companies, but there’s no guarantee it wasn’t copied many times before the original location is taken down.

      The Fediverse works like email. Once somebody hits send, there’s no real way to claw that back.

    • LewsTherinTelescope@kbin.social
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      There’s a difference between “there’s no way to guarantee total privacy” and “the system is designed to guarantee no privacy”, though. Even the best of us fuck up and say something they shouldn’t on occasion, and plenty of people online were never given proper lessons or are too young to understand how serious revealing information is.

    • Scrubbles@poptalk.scrubbles.tech
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      Whether is Lemmy, federated, corporate owned, or even your own private site - nothing you put on the internet is ever truly private. If you have a public profile someone can access it and copy it.

      The only things I’ll say that I have an expectation of privacy is health related, everything else I fully expect someone else to read, copy, and multiply.

      I think there should be, but I never expect there to be. Did people’s parents not teach them about putting things on the internet they didn’t want shared?

      • DreamerOfImprobableDreams@kbin.social
        link
        fedilink
        arrow-up
        10
        ·
        1 year ago

        Did people’s parents not teach them about putting things on the internet they didn’t want shared?

        They used to, then social media became a thing and they stopped. Suddenly, it was normal to put your entire life up online for other people to see, and if you didn’t feel comfortable doing that you were the weird one.

        My rule is, never post anything you wouldn’t mind the media tracing back to you IRL and then making the top story of the day in your country. Because, while rare, that does occasionally happen!

        • QuestioningEspecialy@kbin.social
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          My rule is, never post anything you wouldn’t mind the media tracing back to you IRL and then making the top story of the day in your country.

          So don’t live, basically.
          Or you can just maintain anonymity as best as you reasonably can and hope no one goes out of their way to identify you or the account(s). Making a new account after awhile is a safe practice. The goal is to decrease the likelihood of undesirable things, not make them impossible.

    • Maxcoffee@kbin.social
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      Exactly, when you put it out there it’s out there on every single platform there is. It doesn’t matter if you “delete it”, the moment you share it you have lost control over it entirely.

      For the same reasons I never understood why people post on Facebook with their own full name and life story out there in the open either.

    • couragethecowardlydog@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      True but you should still be able to delete your account and your comments and username leave the service. Online privacy isn’t about completely disappearing, but making yourself so hard to track the average person won’t bother digging.

    • Tyson712@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      I mean yes but it’s still bad practice to keep deleted content. It’ll be a bad look to people interested in switching to lemmy and more people is really what it needs right now

    • ipkpjersi@lemmy.one
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      This is generally true, but at the same time, the Internet archive doesn’t archive every single page ever.

  • rubywingedflier@possumpat.io
    link
    fedilink
    English
    arrow-up
    36
    ·
    1 year ago

    I understand the impulse but the way some people get so hung up on trying to make a way to permanently and universally delete posts made on public facing social media and framing it as a “privacy” issue feels kinda like saying something you regret on mic at a town hall and being mad that you can’t permanently delete the memory of it from the minds of everyone present, and claiming that they violated your privacy by remembering it

    • mythmon@beehaw.org
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      it’s an interesting idea, but it doesn’t vibe with the reality of the laws in the EU which has “right to be forgotten” rules

      • wet_lettuce@beehaw.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        The “right to be forgotten” rules are, with all due respect to the EU regulators, pretty shortsighted.

        I think the initial “right to be forgotten” lawsuit that Google faced from that Spanish guy-- where he claimed bankruptcy years prior. People( potential lenders?) kept finding that information online through google searches. He sued to have Google remove those sites from the index. He won and the Spanish Judge told Google they had to remove those results from searches.

        But it didn’t change that the information was still on each site. Those sites, the ones that actually held the information didn’t get sued, just Google.

        It also opened the door for oppressive governments covering up human rights abuses or hide other information they dont want widely available.

        Google appealed and won: https://www.bbc.com/news/technology-49808208

        I also want to point out that this Spanish guy’s situation is very different from “posting publicly on social media”. He was getting written about by others and the courts eventually said “no, this can stand. This information should remain available”. So I imagine, public statements made by an individual certainly wouldn’t qualify to be forgotten.

        At the end of the day, to me, this is a technical decision not a privacy one.

      • thundermoose@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        GDPR applies to companies operating in the EU, not every single entity on the internet. Posts on random forums are not subject to these laws, so I don’t think Lemmy would count.

        Now if a Lemmy operator began using user personal data for profit, then GDPR would apply. At the moment, I don’t think that’s happening anywhere in the fediverse.

        • Atemu@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          GDPR applies to companies operating in the EU, not every single entity on the internet

          It applies to every single public entity on the internet that holds data of EU citizens. No matter which country they’re located in.
          AFAIK, this world-wide nature of the GDPR is pretty unique and quite contentious.

          The GDPR includes exceptions for private purposes but hosting a lemmy instance with public signups is most certainly not intended to be of private nature, so the GDPR does apply.

          I can’t comment on whether that means the right to be forgotten needs to be exercised by federated instances, I just want to set the record straight here.

    • wet_lettuce@beehaw.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I think this is a great point. I would say its much less of a privacy issue and more of a technical issue.

      I think deletions should propagate across all instances and there should be a level of trust between federated servers that they will make those deletions as requested. If only because we’d have a mismatch and orphan comments lingering in perpetuity and we could end up with wildly inconsistent data across the fediverse.

    • Prunebutt@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      That’s a strawman. No one demands mind-altering powers. Records to be deleted: that’s another story.

      Being able to delete tweets doesn’t stop people from screengrabbing them. It’s still good that the option exists.

  • db0@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    32
    ·
    1 year ago

    The same is true for raddle. They kid themselves if they think anyone can’t record anything in there forever.

    Anyway it’s also inaccurate. Deleted accounts are purged from the DB, so they’re definitelly not visible anymore

    Likewise you you edit your comment, it’s edited in the DB.

    • sinnerdotbin@lemmy.ca
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      This is assuming your local is still federated. If your local gets defederated you currently have no control over any previously federated copies of your posts / comments / votes.

      • Black616Angel@feddit.de
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        And it also assumes, no one made a screenshot or used the web archive, crawled it and stored it in their own DB or any other way of copying stuff. Of course!

        If you post any thing publicly on the internet, there is no way to be 100% sure it can be ever deleted again.

        • sinnerdotbin@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          That isn’t what I am speaking to, and the fact someone could make a copy or it is archived somewhere doesn’t make the statement that you can always remove your data from the platform true. And there is a difference between a potential copy and an original federated, distributed, and indexed version. There are also reasons someone might want to remove their data other than simply being worried about the actual content of it.

          People need to be aware of the persistence of data, but people also have to understand the technology they are using to make their own informed decisions on how they engage.

          • Black616Angel@feddit.de
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            People need to be aware of the persistence of data, but people also have to understand the technology they are using to make their own informed decisions on how they engage.

            Exactly. Federation as well as the internet has restrictions in whether you can deleted your data. This should be known. Non federated data has the same problem, but the other way around. Someone running the site wants your stuff gone? It is now.

            I know, what you are talking about, but there are things one has to accept, this being one of them.

            the fact someone could make a copy or it is archived somewhere doesn’t make the statement that you can always remove your data from the platform true.

            Why would someone think that?

            And there is a difference between a potential copy and an original federated, distributed, and indexed version.

            What is this difference? What do you think happens more often, screenshotting weird/compromizing stuff someone said or defederation?

            But there can be a way around All that and that is deleting all Content from defederated sources. Maybe someone could make an issue or implemented it themselves…

            • sinnerdotbin@lemmy.ca
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              Why would someone think that?

              Because the comment I replied to, the actual thing I am addressing, makes an assertion that isn’t entirely true and could lead someone uninformed into believing they can have their information removed platform wide.

              What is the difference?

              Not everyone is concerned with someone digging up dirt or wildly compromising material. Most people aren’t special enough to be worried about that.

              Most archives won’t be globally search indexed. An archive won’t show up on a federated search. There is more legitimacy to a federated version over someone reposting a screenshot (at least in perception, how federated could be altered or forged is another topic).

              I also mention there are other reasons one might want to remove content. Just look at reddit right now, some may simply want to revoke support for a platform sometime in the future.

              Sure, there could be a future where this is addressed. It isn’t right now.

              I don’t disagree with you in the larger discussion on persistence of data. I am adding context to a scoped subtopic of it.

              I’m behind Lemmy, but I’ve made an informed decision on what that means for my data.

              • sinnerdotbin@lemmy.ca
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                You are also kidding yourself if you think that defederation will not become more common. The community we are commenting on has already defederated 2 very large instances.

    • minkshaman@lemmy.perthchat.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      So what your saying is that it’s just like Reddit in that respect.

      Yeah, I can live with that, as long as everyone knows that if they really want something deleted, edit over it first.

      • flatbield@beehaw.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        For a humbling experience just seach for your Reddit and Lenny IDs on a seach engine. You will get a list of everything you have posted. Also some account info. It is all public. What happens when deleted, depends on who has scraped the data and their retension. This is just how public forums are and that goes all the way back to Usenet and listservs.

  • teawrecks@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    31
    ·
    edit-2
    1 year ago

    This demonstrates a fundamental misunderstanding of digital privacy. You can never be guaranteed that data is deleted, just like you can never be guaranteed that someone has “forgotten” something. It doesn’t matter what any entity claims they are doing under the hood, you have to assume they can’t be trusted. That’s not an expectation you can have, and not something privacy advocates are asking for.

    I’m posting this comment publicly, and there’s nothing stopping any random user (or non-user) from scraping this lemmy instance and archiving the data themselves. I know that when I post it. Same for reddit, raddle, any mastodon instance, etc. I can copy the text and usernames of everyone involved in that raddle thread and do whatever I want with it, there’s nothing anyone can do to stop me.

    To think otherwise reminds me of that first day on the internet kid meme. “I deleted my comments off of their servers, hah, they’ll never get them now!”

    What I can demand is: if I send a message directly to another party, I want to be able to verify that that party and ONLY that party can read the message (end-to-end encryption). I can also demand that they not require me to dox myself to them, that they not run weird js-based fingerprinting/port scanning processes on my system/network, and that I am allowed to connect to their services through a VPN should I so choose.

    • nix@midwest.social
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      1 year ago

      You’re talking about real privacy, the critiques above are all about exposure reduction (incorrectly framed as privacy). Good retention policies are still important for situations like trying to delete something that you regret posting.

      An example I could think of from the other site is the very common occurrence of posting some relationship questions and then deleting them later so that the person they’re about can’t stumble onto them. In that case you want finding the thing you deleted to be nontrivial enough that it can’t accidentally be found. Someone with both the skills and knowledge about what they’re looking for may still find it, because it was once public, but that’s a different threat.

    • Ivyymmy@lemmy.one
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Knowing that any information you share publicly can be stolen, I think the way Lemmy’s instances have the original comment after you deleted it could help counteract people manipulating what you said after you deleted it, such as making a quote and editing “your” original post after it was deleted. But this could give a lot of power to the admins as well, as they could be the ones manipulating.

  • kool_newt@beehaw.org
    link
    fedilink
    English
    arrow-up
    25
    ·
    edit-2
    1 year ago

    The fediverse is the real internet, it’s not a company providing a service. On the real internet, once something gets out there, there can never be a guarantee that it’s taken back. Even on Reddit, once you post something, Reddit might fully delete it but someone out there may have copied it.

    • Zetaphor@zemmy.cc
      link
      fedilink
      English
      arrow-up
      14
      ·
      edit-2
      1 year ago

      I had years worth of posts and comments that I deleted via the interface a while ago. Then as part of the reddit exodus I decided to run a removal tool that used the API, and it turns out 11 years worth of “deleted posts” were all still sitting out there, they were just hidden from me.

      I did find it strange when I received a reply to a years old comment that my profile page said was deleted, but I just thought it was a caching issue. Turns out all of that content was still out there with my name attached, I was the only one who couldn’t see it.

      • Ivyymmy@lemmy.one
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        What about editing the comments? Do they keep any log of the original message and the subsequent edits or something? Maybe this would be a workaround to effectively delete them.

        • Zetaphor@zemmy.cc
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          There’s no way to know without proper testing, and I’m gone for good. I did use redact.dev, which overwrote all of my comments before deleting them, so fingers crossed that the account is nuked.

    • marco@beehaw.org
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Multiple people reported Reddit undeleted stuff they had deleted from their accounts recently …

  • BitOneZero@beehaw.org
    link
    fedilink
    English
    arrow-up
    22
    ·
    1 year ago

    Given the beta status of Lemmy, I don’t even think it’s a great idea to give the appearance of privacy. I think the core purpose of a webapp like Lemmy is public messages.

    I think it’s a can of worms for server operators to get into the business of thinking they can safely hold private messages between users/strangers. None of the Lemmy instances I’ve joined have had a “terms of service” or anything like that on SIgn Up, I really think the message should be sent far and wide that Lemmy is about posting IN PUBLIC and that messages are being FEDERATED to peers, even people that you don’t know could be collecting the data for a search engine.

    With small-time server operators opening up hundreds of Lemmy instances, without giving away their experience or human identity, how can you have any confidence that someone is properly securing a server they only have part-time job to update and operate? Major corporations are having their database stolen, Valve, Sony, Nintendo, health care companies, mobile network companies (AT&T)… you think a low-budget shoestring server by a hobbyist running Lemmy should be held to the same standards as a corporation who has an entire team and services to defend their data?

    • BurnedDonutHole@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Exactly my thoughts. People looking for privacy on these public forums/platforms with o real audit or checks in place is really ironic in my opinion.