It is reasonable that people should be able to delete their posts / comments. However I don't see how is this related to "privacy". How can something you post on a public forum be private?
this post was submitted on 19 Jun 2023
4 points (100.0% liked)
Technology
39612 readers
300 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
That is generally true, with exceptions like leaking someone else's private information.
But it implicates the adjacent "right to be forgotten" rather than narrowly defined "privacy". This could be a real legal issue in the EU.
It is. GDPR in the EU dictates that every user which requests their information has to get it in 30 days, and every user who removes their information has to be able to get it removed (I think the time span for that is even shorter, so more pressure for the server admins)
load more comments
(1 replies)
After reading some more comments, I think I came up with a good analogy to explain this issue, and I wanted to share.
Think of websites like a bar that also has an open mic.
Now, when I go to a bar, I don't want to have to give the bouncers and staff my full name as well as my address. I also wouldn't want them to know that I just came, for example, from a store where I was looking for a vacuum, and then have them warn a vacuum seller about it. A vacuum seller who is then going to sit next to me, while I'm trying to have a drink, and show me a pamphlet regarding the "amazing vacuum" he has for sale.
Ideally, I can also look for a bar that will allow me to come in costumed and not show my face. Or I could ask the bar to delete footage of me at some point, and to not store my ID if I do have to show it to a bouncer at the entrance.
All of that is relatively feasible and within the realm of reason; and all of that are things that privacy advocates might advocate for.
However, what is not feasible, or within the realm of reason, or what privacy advocates tend to advocate for, is the ability for me to willingly go up on stage, say something on the mic which I immediately regret, and then ask everyone present to forget it ever happened and delete any footage they might have of it. No reasonable person would ask for something like that, because it is not a reasonable request.
That is how regular websites work. With federated websites, that becomes enhanced; it's like if the bar you're in has a camera pointed at the microphone, and transmits both video and audio directly into several other bars. So when you go up to that mic, you better make sure you're okay with what you are saying being made public and available to anyone.
load more comments
(1 replies)
First - we're all using alpha/beta software (Lemmy is 0.17.4, Kbin is 0.10.). None of these services are "production quality" software yet, so let's keep that in our minds - we're all early adopters.
The points mentioned in the OP are a bad look. Naturally. User should have expectation of their data being deleted on request - especially since this request might be regulatory privacy request (GDPR related). It's a clear failure from the software and should be improved and iterated upon.
The expectation shouldn't be "oh well it's on the Internet, live with it". While Facebook might keep mining your data after deletion request, our software shouldn't behave like that, we should strive to be better with this stuff.
And finally, ensuring privacy in federated system is hard. Mastodon suffers from same problems. We shouldn't give up on the idea though.
The more important part for privacy: Mail address is optional, and IP addresses are not stored in the database. A correctly configured instance (at least for EU legislation) also will not log IP addresses in the web server - with that you can have profiles that can't be tied to an actual human, and you don't have location and movement data.
The data deletion is pretty much a nice to have - it's on the level of the Exchange feature to recall Emails: Sure, you can ask nicely, but outside of your own server pretty much nobody will care. Lemmy is federated over multiple jurisdictions, so even with full deletion implemented there'll almost certainly be instances which will ignore the deletion request - and it will be completely legal for them to do so. More important is education about what you publish, and a basic understanding of the technical and legal realities you'll have to deal with if you later decide you want that information gone.
I already had that discussion with my 6 year old when she wanted to publish some videos - and she understood the problems quite well.
but outside of your own server pretty much nobody will care. Lemmy is federated over multiple jurisdictions, so even with full deletion implemented there’ll almost certainly be instances which will ignore the deletion request - and it will be completely legal for them to do so
Lemmy also seems to federate your matrix_user_id, that is clear personal data. It does not matter how the data gets to the federated server, this is still user data within the scope of the GDPR. It does not matter that that server does not have an agreement with the user, the instance that would ignore a GPDR related deletion request would be in direct violation of the GDPR. Maybe it can do that without consequences, though.
I completely understand that making Lemmy fully GPDR compliant will probably be impossible, however I don't like the approach of "we will not succeed, so we don't make any attempt". Instances should actually delete data when that is requested, or instance hosts can get fined. For now, Lemmy has bigger issues to solve, but eventually they should do at least a best effort attempt to respect user data.
load more comments
(1 replies)
load more comments
(1 replies)
Am I missing something or isnt it that no matter what Lemmy does all those same problems would still exist, just from the internet archival sites instead. Sure the privacy could be better to deter some of it, but none of those issues are fully solveable so long as thise archival sites run. I guess the media not deleting is likely the biggest thing you could effect that archives would be less likely to store in the first place.