GDPR is for companies/corporations to “respect” user’s requests about their data.
Lemmy (ActivityPub, actually) isnt a company.
What you are saying is the equivalent of saying that the concept of writing is in direct violation of GDPR.
What you probably can do is request that an instance remove your content… And then do the same for every single other instance of any platform that implements ActivityPub (and not all of them will even have data coming from you) and is federated with your instance. And the only ones that would really need to comply are those that are based or operating in the EU.
This is still the internet, not some magical place.
Use some of the most basic fundamental internet safety rules and don’t provide potentially compromising information for no reason whatsoever. Especially since this isnt a corporation such as Facebook or Google who require you do so in order to use their service.
The user should not need to request all other instances to delete their data, their account is with a single server. It’s on the server admin to ensure that all exchanged data is taken care of appropriately.
If your European server shares data with an American server, that European server has A Problem. There’s a good chance lemmy.world federation with fedia.io may already be a violation. The issue isn’t as black and white of course, but the entire situation is legally dubious to say the least.
You’re right that the Fediverse isn’t like Facebook or Google where there’s one company in control. However, the downside of that is that there are millions of tiny instances, all with legal responsibilities. There are implications about privacy law, but also porn laws, propaganda laws, hate speech laws, child porn laws, and intellectual property laws.
We’re all just kind of betting on nobody ever taking any legal action here. One lawsuit can wipe out the Fediverse as we know it.
I think it depends, given the data available on Lemmy, and the context of federated services I highly doubt that an instance could be held liable for another server not federating deletion.
It is impossible. Flatly impossible. Because you cannot see if they’ve really deleted it or not. You can rely on a “data processing agreement” which, together with $50, will buy you a small cup of coffee at Starbucks.
I federate with you here from China. I will agree to anything you like. And I will just attach an array of 16×16TB hard drives to slurp up all the data you send me. How will you know this is happening?
You can’t. It is impossible for you to know until it’s too late and I’ve used it for whatever purpose profits me.
An individual server admin can only ensure the data’s existence or lack thereof on their own server. Anything else presumes (rather stupidly) that bad faith actors don’t exist.
The GDPR doesn't just apply to legal persons (companies), it also applies to natural persons (individuals). If a Lemmy server is hosted in the EEA (EU+Norway, Lichtenstein, Iceland) and Switzerland it should have to comply with EU data protection laws.
For this Lemmy would need to implement deletion. As the feature does not exist the admin would likely have some initial legal protection (grounds of impossibility), but I'm not sure how much, in particular if there are repeated requests. That would probably lead to Lemmy being deemed illegal in the EEA and switzerland (32 countries)
Concerning federation, if Lemmy implements deletion and a federated server does not respect the deletion, that server is liable, not the original Lemmy server.
I think it’s also worth putting in extra effort to educate users so they know early and not when they’re expecting otherwise. The system has a benefit, and it’ll be smoother if users aren’t surprised
Data deletion and public vote records are the two big things that come to mind
You are slightly wrong. The GDPR applies to everyone dealing with personal data on the regular, which you always have to assume with open text boxes. There have been plenty rulings already imposing fines on individual, private citizens for their misconduct in violation of the gdpr.
While Lemmy as a system might be exempt, anyone running Lemmy for sure isn't, as long as it regularly processes data of EU citizens, which it does.
As for the devs, the gdpr does require privacy by design. One could argue the Devs themselves aren't running it at all, so their software doesn't have to adhere to it, but individual instance hosts could still be hit with fines for running it as is.
The GDPR is a directive implemented by 27 countries, so I guess you could call it “international law”?
With treaties such as the Safe Harbour Privacy Principles EU–US Privacy Shield EU–US Data Privacy Framework, GDPR restrictions may also start affecting American busineses, so the “international law” monniker would actually make sense.
The GDPR is implemented by 31 countries (EU27+Norway, Iceland, Lichtenstein, Switzerland). The UK also currently implements it, and both Californian and Chinese data protection laws are inspired by it.
Know what? I think I’ll just link instead of list because I can’t be arsed to type out all the names.
So it’s “international” as a technicality, but the context he was using it in implied he meant “universal”. And it barely qualifies even as international against the sheer weight of non-EU, non-US states.
In theory an EU institution could fine a non-EU company, the same way the Chinese government can fine a European company. It’d be tough to do business with outstanding legal action.
There’s another way to take the “international law” definition: many countries (China, Russia, the EEA, probably more) have laws defining where user information is stored. A Russian company can’t just store their user data in an American data centre. Most countries do have some kind of privacy law, and I’m sure ActivityPub violates more than just the GDPR.
It’d be silly to think you could enforce the GDPR against some guy running a server from his basement in Brazil, but for the larger instances, which take donations, things can become more problematic. Servers run by the Lemmy devs could be operating safely from the communist depths of Cuba, but if they get fined, I doubt those EU sponsor funds would keep flowing towards Lemmy development.
Also interesting to note: a LOT of big Fediverse instances operate from Europe. Mastodon.social, Lemmy.world, Lemmy.ml, Kbin.org, just to name a few. Based on the map on Fediverse.observer, most of the world’s Fediverse servers are either in Europe or in the USA (with twice as many in Europe as in the USA). When it comes to server count, Fediverse law may as well be about EU-USA relations, maybe with Japan as a third large host.
I have a ridiculous judgement against me in Germany. (Complicated shenanigans around an inheritance where the authorities’ legal representatives did shady shit specifically to unload an estate that would have cost them.) Technically I owe the city of Frankfurt something like 50,000€ in fines.
I’m comfortable with this.
Why?
Because good fucking luck enforcing a European fine on a Canadian citizen resident in China. Even if they catch me out when I visit Germany (which I have done a couple of times without incident since the judgement was levied against me), watch the judge make grumpy-faces at attorneys who sent legal documents in German to a Canadian in China whose repeated requests for translated versions was denied. Their case will vanish in a puff of legal sanctions and I’ll make fucking sure on top of it that it becomes a press circus.
EU types are almost as bad as American types for thinking their laws are extraterritorial. I love rubbing the fact that they aren’t in their faces.
It’s mostly important for when you wanna do business in the European markets.
The alternative is to be blocked by most of Europe entirely. Happens usually to tabloid news sites as they are often in violation of anti misinformation and hate speech laws. It’s also why they could sue Facebook so easily as otherwise Facebook would be non-GDRP compliant and be blocked there.
Lemmy however isn’t exactly for profit, so sees much less scrutiny. This is primarily for business after all. Lemmy doesn’t have ads, doesn’t take users money, nor does it sell products. It also does not actively distribute illegal media either.
(it should be noted that it’s usually not the EU doing the blocking but rather so websites choosing to block viewership from the EU because they’d rather do that than get sued to hell)
“Lemmy” doesn’t do ANYTHING. Lemmy is server software. It has no agency whatsoever.
Individual Lemmy sites might be beholden to the GDPR (or not, if individually run). But any site hosted outside of the EU can wave its ass in the faces of EU officials trying to enforce the GDPR.
Another example of this is that it’s not just about lemmy. One way in which lemmy actually federated well worth microblogs like mastodon is that users can be followed from mastodon etc.
So any number of servers running a number of open source easy to run platforms could be taking up everything you specifically post.
Thank you for posting that link. I’m not fed up (completely?) yet I suppose but it was eye-opening. I’ll have to be a lot more careful about posting, possibly not post again.
If you care about privacy, which I understand, you probably want to leave quickly.
Just because you care about privacy it doesn’t mean that you have to stay indoors all the time. You can still hang around on the town square you just have to be conscious about what you do where.
A big part of caring about privacy is understanding how the platforms you use work and using them accordingly. With proprietary platforms this is often opaque and the rules can change. Open platforms are transparent and you can actually understand them - if you make the effort.
It's not like deleting your comments or posts off of Reddit would magically remove them from all the various Reddit archives that exist around the Internet, either. Reddit only controls what happens on Reddit, and that problem is now generalized across the whole Fediverse.
Reddit still has to ensure what is deleted on their end, is actually deleted (which they don't, as we saw during the whole protest thing with delted comments being restored)
The fact that archive websites exist doesn't change that. A request under gdpr to such a site would have to result in deletion as well.
Sure someone who doesn't host or specifically target EU citizens can ignore it at their leisure, but I doubt every Lemmy instance is hosted somewhere in non EU areas.
You're misunderstanding my point, I think. A Lemmy instance within the EU can theoretically be fully compliant with EU laws and delete whatever they're told to delete, but it's not going to make a difference because non-EU Lemmy instances can retain that data. Likewise, Reddit can delete whatever the EU tells it to delete, but that won't make a difference either because of those archives outside of Reddit;s control.
I'm not saying anything about what's legal, just about what happens. When you post something in public, be it on Lemmy or on Reddit, that public post is not going to easily "go away" when you try to delete it regardless of whether your instance is following EU law. Arguing "but it should go away" isn't going to make a difference, it isn't going to go away. It's important to understand this when making use of a forum like the Fediverse or Reddit.
Yes, and my point is, that the person running an instance has to comply with the gdpr if they are within the EU.
It doesn't matter if data has already been propagated somewhere else. On that instance, data needs to be able to be fully deleted. For the matter of deletion, it is irrelevant where the data might have been pushed or mirrrored to, that is a seperate issue, which still needs to be dealt with. But one cannot argue that deleting is pointless or needn't be implemented, just because "public" data is already mirrored elsewhere. The people running "elsewhere" have their own compliance to deal with.
that is a seperate issue, which still needs to be dealt with.
And my point is that expecting this to be "dealt with" is unrealistic. It's going to continue existing on servers that are outside of your control and outside of the EU's reach. No matter how hard the EU legislates or how hard you believe it should be possible to delete that data, it's just not going to happen. Not without turning the world into a police state dystopia in the process, at any rate.
I'm not saying "don't implement post deletion." Go ahead and do that if it makes you feel better. But making you feel better is all that it's really going to accomplish, in the grand scheme of things. If you're concerned about stuff you post "sticking around" even after you want it gone, nothing is going to actually solve that. The only option is to not post that stuff in the first place.
There already is federation of deletion. It's not even something that needs to be implemented.
I have less of a defeatist attitude about privacy. Same way I don't think absitence is the only true way of contraconception. Privacy, yes, even if public spaces is possible. It's not easy, it won't just happen, but it is achievable. Needs a lot of work from a lot of people, but it is doable.
It's an optional feature, there's no way to ensure it actually gets respected. If it was universally implemented and it worked what would be the point of this whole thread to begin with?
That difference doesn't make a difference to the point I was explaining. It doesn't matter how or why those public posts are being replicated into archives from which deletion will be difficult or impossible. All that matters is that it is getting replicated.
You may not be directly using it, but this is part and parcel of the entire point of federated social media. Other software will be accessing the pool.
By being Federated that means data is being sent to remote servers. Sometimes that data doesn’t always make it, like a delete request. So someone on their own home-server deletes their post, but on some remote server where that post they made is cached, it’s not deleted, because the delete request never federated. For example, say you made a post on your own box, which you clearly have, and you delete a post, but it doesn’t get deleted over on say, Lemmy.world. That’s not purposeful, that’s something the developers also trying to fix, so I think it’s disingenuous to say they don’t care.
This is literally a consequence of how federation works. It’s not a purposeful violation of GDPR.
You know, I think I’m going to make some software that just siphons every ActivityPub message (ignoring delete requests except to log them) and call it “GDPR THIS”. The amount of mysticism and confusion around two very basic concepts (ActivityPub works by copying profusely, and the GDPR has no weight outside of the EU) just leaves me baffled here.
Yeah, the Fediverse is terrible for privacy. By design, I should add.
I’m pretty sure running a Lemmy server (or Mastodon server) in Europe in blacklist federation mode is illegal, as you’re exchanging data with external processors without any kind of validation about privacy arrangements. No DPAs, no competency decesions taken into account, data shared all over the world.
Lemmy lacks proper delete functionality (you can edit to replace the contents with an empty string, though). In theory you could exercise your rights and demand thst the administrator deletes all your PII, and instructs any data processors that PII was hared with to do the same. If they do not or cannot comply, that should be grounds for a complaint with your local DPA.
I’m not aware of any international privacy law, but this is going to be A Thing now that Meta and Tumblr and Foursquare are joining the Fediverse. My guess is that they’ll consult at least one DPA (probably the Irish one, they’re usually located there for tax reasons) for guidelines. I wouldn’t be surprised if data they severely restrict Fediverse activity within EU/EEA borders because of privacy laws.
Even more interesting will be what would happen if a user sued the instance admins of a European server that’s more than just a person. Several Fediverse instances are backed by organisations, which means they need to comply with the terms of the GDPR if they operate within Europe, and the way the open Fediverse operates just isn’t compatible.
This is one of the reasons I don’t see the Fediverse lasting long. Unless you add some kind of validation system to verify that you’re exchanging data within certain borders, the entire system as it stands simply cannot be run legally by anything bigger than private individuals.
However, it’s important to note that privacy law generally only applies to PII. Your works (blog posts, comments, etc.) are probably not covered by privacy laws. Your username probably is, though.
I think the fact there’s a privacy oriented community on Lemmy is pretty hilarious. Of course, privacy is irrelevant if you choose to share information willingly, but the entire protocol is a giant privacy violation.
As an added bonus: this applies to most other federated protocols as well (Bluesky, Matrix, XMPP, you name it) unless those servers are configured to only communicate with known-compliant servers.
This is a lot like spray painting a message on a public wall in a neighborhood and then complaining because the community won’t paint over it (or destroy photos they took of it) when you realize how dumb it was.
You’re writing on a public space for free with no business behind it. You’re not the customer in this scenario.
From their history, maybe their comment is this one they wanted deleted:
“software engineer” is such a stupid, shallow and arrogant description. I’m not an engineer and neither are you. I’m a software developer, developer for short. All these fake “engineers” and “scientists” tend to be arrogant stuck up pricks.
Idk OP, maybe step one is to be less of a jerk to people. If you do that you won’t have to worry as much about if things are deleted
I haven't tested what happens when the 'delete account' button is clicked... Mastodon solves this by sending a 'delete this user' Activity to every fediverse instance so there's nothing about ActivityPub that makes removing an account and all it's posts in one go impossible.
edit: What I said above is correct if you or a moderator deletes individual pieces of content. However Lemmy does not federate account deletions. If you delete your account, all your posts and comments are deleted on your server only. Disappointing. PieFed will do better than this.
Deletion of entities is optional in ActivityPub. That, by definition, makes known-removal of an account and all its posts in one go impossible, because a server can just ignore the deletion activity.
Yes, although the server will not ignore the deletion activity if that server is running Lemmy. We're talking about Lemmy here, not the fediverse as a whole. OP singled out Lemmy in the post title and said "lemmy devs are not concerned with..."
I'm sure there is more to be done in this area. It'd be great to know for sure which software treats deletion activities properly (I'm really unsure about Kbin, I think it does not) and which does not so instance admins can make informed decisions about who they federate with. Perhaps this information could be made available right within the UI that Lemmy admins use to control their instance, rather than an obscure documentation page somewhere...
IMO having deletes federate should be part of a minimum standard all fediverse software has to meet (plus mod tools, spam control, csam filters, etc) before it is allowed to federate but obviously we're nowhere near having that sort of social organisation.
Short of having someone inspect the databases, they can’t. The GDPR is a threat, basically, that says “if (or, rather, when) the truth outs, we can nail you later”. Which is why it’s really only effective on big players anyway.
Effect of ActivityPub, not Lemmy. All federating systems function similarly, because it's a feature of the protocol.
If instances want, they can ignore delete requests and your content stays in their cache forever (remember Pleroma nazis from couple of years ago?) - now, that is an instance problem that might be a GDPR issue, but good luck reporting it to anyone who cares. At best you can block and defederate, but that doesn't mean your posts are removed.
The fediverse has no privacy, it's "public Internet". Probably a good idea to treat it as such.
Oh no, that’s not even the half of it. The admin for your instance has access to literally anything on their server, including passwords afaik. If you want privacy, this ain’t it chief.
Nobody has access to passwords. They have access to password hashes, which are not the same thing. It would be the absolute most half baked of solutions to still be saving passwords in cleartext.
They have access to your password hash, effectively the “infrastructure” admin(s) as I’ll call it (not admins of the site - they need to have access to the actual system that is running the instance) have access to the same things that infrastructure admins of another site would have.
If anything, you might have such rights under copyright law, if your posts cover the threshold for copyright. In that case, you can ask server admins to delete them, and they will have to comply. But the request has to reach them (if they’re defederated, the delete button won’t teach them, and you’ll have to contact them separately).
This is definitely a con of Lemmy for me. I like to be more privacy focused but Lemmy gives you 0 privacy on whatever you do on the website. Anyone who wants more privacy on Lemmy is told you have no right to privacy, don’t expect any privacy, everything you do is public on the internet, etc. A massive boner killer for me. I think basic things like deleting your own post or comments should actually get removed from all servers, PMs should not be viewable by anyone except the recipients, and what you vote on or subscribe to should be private. Lemmy doesn’t sell your data but that’s because anyone can take the data for free. I thought this stuff was because Lemmy is still new and will get to it eventually but the push back seems to say this was a choice or is not broken. I ended up exploring different social media alternatives but I like the style of Lemmy better since it is more reddit-like with an active user base plus has different android clients. I don’t like kbin because it shows who upvoted or downvoted something to everyone - it’s not accountability when it erodes your privacy.
I used to comment on Lemmy more but then I ran into this problem when juggling multiple accounts, Liftoff sucks ass at letting you know which account you are logged into (I use Summit now and it is better at it) so I ended up getting my accounts’ wires crossed when I thought using the drop down on your accounts changed your account but no you have to go to manage instances to switch which was not intuitive. I ended up abandoning the accounts when I couldn’t figure out how to actually delete the post from the server.
Edit: man I wish I saw this sooner, might be time for me to either stop posting again or look somewhere else.
While I didn’t find any factual issues in a quick skim of that article, I really don’t agree with its tone.
The Fediverse is radically public. That’s the nature of a protocol like ActivityPub, not a bug to be fixed. Using it for anything you’re not comfortable with being public forever is a mistake.
Technically, yes. If the law is of concern, if you’re an admin, purging it from your database will be the only extend your power can reach. If privacy is of concern, while purging will not federate, delete/edit will, so edit all comment into gibberish before deleting your own account, and then ask for it to be purged. If that’s unacceptable then best not use social media at all.
Is this more a "it hurts itself in confusion" thing or a simple programming solution? The most recent idiocy is when I tested deleting my account and it apparently required admin approval? Good luck with that!
Kinda weird how all these nerds and dedicated freedom enthusiasts can't manage the absolute basics of allowing you delete your account. Perhaps these weirdos are just the same as corporate assholes?
Add comment