This is an opportunity for any users, server admins, or interested third parties to ask anything they’d like to @nutomic@lemmy.ml and I about Lemmy. This includes its development and future, as well as wider issues relevant to the social media landscape today.
Note: This will be the thread tmrw, so you can use this thread to ask and vote on questions beforehand.
I asked in the other thread about GDPR.
Nobody thinks it’s very interesting but if instances don’t follow gdpr, the entire network is at risk of legal consequences.
So please bring this up, even though it’s not very fun.
Neither @nutomic@lemmy.ml or I are too familiar with the GDPR, so we don’t know everything that it requires. Lemmy doesn’t do any logging of IPs or other sensitive info, but of course instance runners could be doing their own logging / metrics via their webservers.
We have a
Legal
section under admin settings, that’s an optional markdown field, that can probably be used for it. We’d need someone with GDPR expertise though to help put things together. Lemmy is international software, not european-specific, so we have to keep that in mind when supporting GDPR.As a person who oversaw the implementation of GDPR in a large software house (which wasn’t EU specific, but had to in order to operate legally in the EU), the requirements were:
- Allow users to request data deletion or a copy of their data.
- If the former, delete all data of their data on the server, send it to them, and then (this was the important part) forward the data deletion request to every single partner we were working with.
For us, this was multiple ad companies. We had to e-mail each one, ask them about their GDPR implementation (most of them were somewhere between “we’re thinking about it” and “we have an e-mail address you can send something automated to and we’ll get to it sometime within the next month”), and then build an automated back-end system to either query their APIs for automated deletion, or craft/send e-mails for the more primitive companies.
As far as the data being deleted, it was anonymized IDs that were tied to their advertising IDs from their mobile phones. I used to try and argue that “no, it’s anonymous” - but we also had some player data (these were games) associated with that, so we ended up just clearing house and deleting everything on request.
So, legally, this means every instance - in order to be GDPR compliant - would have to inform every instance it federates with that a user wants their data deleted. If you’re not doing that, you’re not fully compliant.
Kind of shitty, but that’s how it went for me. (this was back when GDPR was first being released)
Edit: Also, the one month thing was relevant: you have 30 days to delete GDPR stuff after receiving a data clear request. I don’t recall what the time was for a “see my data” request. Presumably, though, on Lemmy the latter is superfluous as all your data is already present on your profile page. An account export option would be enough to satisfy that.
There a different levels of personal data but a unique identifier for a user is one of them because it allows linking information together about a single person, and from there you can try to identify the real person. So an option would be to overwrite all the occurrences of this identifier with random data so you can’t link data together anymore, as long as it’s not also personal data.
Sure, but you’d still have to delete all their written posts - which is really what all this is about.
You actually would not. The content of the post can stay but the username/identifier has to be removed. Written text is not PII to my knowledge and every social platforms I’ve actively used only delete the identifier (Reddit, GitHub).
Written content can contain pii, but it’s rarer. Written content isn’t, by default, pii, but if someone tells anything reasonably pii the entire text can be consisted pii even when anonymized.
Yeah as someone who had to deal with GDPR in a professional capacity, it’s probably better to just assume that content written by users contains PII since you really have no way of telling whether it does or doesn’t.
Naturally you can just ignore that and leave the content as-is, but then you run the risk of some data protection authority ruining your day.
So, I wonder if Lemmy instances would be responsible for the instances that federate with them. It’s my understanding that the Lemmy instance doesn’t send the user’s data to other instances, rather it is just posted, and the other instances copy it onto their local instance.
It’s almost like those reddit services that would show deleted content. A user can delete their profile on Reddit, but Reddit isn’t required (that I know of) to go to these services and make sure the user’s data is being wiped out.
It’s often too expensive to support GDPR for Europeans and disable it for other people. Most services just support GDPR for everyone.
Im not a lawyer so I dont know about GDPR. Do you know how similar platforms such as Mastodon handle it?
Hard to say exactly what Mastodon does, but mastodon.social’s privacy policy should give you some direction in how they handle data: https://mastodon.social/privacy-policy
As mastodon.social is based in Germany, they will know about GDPR and have to follow it to the letter.
That sounds like its something for instance admins to handle, nothing we as developers need to care about. Maybe we should add a privacy policy for lemmy.ml but thats it.
Yea it is ultimately on the admins, but Lemmy just needs to not make it hard to comply with GDPR. So it’s up to admins to raise issues when Lemmy is seen as an obstacle to compliance, and it’s up to devs to listen and implement compliance features.
That’s my take on it as well - GDPR is for the individual instances to deal with, as they’re the ones who hold the data on their users and anything coming to them.
The software, of course, can have some design which purges data automatically or whatever, but ultimately the control is whoever is hosting Lemmy so no matter what Lemmy does, people can override it (though some sane defaults are always good, of course).
Wouldn’t it be prudent to build features into Lemmy that make it easy for admins to manage user data though?
deleted by creator
You don’t have to bother with GDPR until you’re a certain size company
That’s what I thought too until I looked it up. It applies to individuals as well.
If an individual runs a web server and processes personal data of individuals within the European Union, then they are subject to the requirements of GDPR. GDPR applies to anyone, including individuals, who processes personal data of EU residents, regardless of whether they are operating as a business or on a personal basis. It’s important for the individual running the web server to comply with GDPR’s data protection principles and obligations to safeguard the personal data they process.
As someone not residing in the EU, I don’t see how they could possibly enforce that. Best they could do is block my instance I suppose. Have they done that for any small site?
I mean, I would delete/provide all data of any user who requests me to do so for themselves. But I’m likely not following every facet of the GDPR.
They don’t work like that, they have no technical capabilites. I think it would work more like a company being ordered to pay a fine if a user on your instance finds out that his data is not deleted if he asks.
But this is complicated so I hope someone else has good input on this topic. Someone must have run a website with registered users in Europe before without being a corporation.
The fediverse brings a new touch to all of this also, since the posts and comments are replicated across instances. Will that matter to the EU law? Maybe, maybe not.
What does “processing” data mean though?
Basically, anything that involves the data being present somewhere in information systems that you control. Taking decisions based on it, displaying it on a webpage, make decisions based on it, even just storing it, all counts as processing under GDPR.
Asking chat gpt, so take it with a bit of salt, but it’s usually correct about these things.
In the context of data protection and GDPR, “processing” refers to any operation or set of operations performed on personal data. This includes collecting, recording, organizing, storing, adapting, altering, retrieving, using, disclosing, transmitting, and deleting personal data.
Processing can be done both manually and automatically. It covers a wide range of activities related to personal data, such as capturing information through web forms, analyzing data for marketing purposes, storing customer records in a database, or even just viewing or accessing personal data.
Under GDPR, any entity or individual involved in processing personal data is required to comply with the regulation’s principles and obligations to protect the rights and privacy of the individuals whose data is being processed.
That’s not true. You might be thinking about the German network enforcement act. Every little ecommerce website, even when it’s a one-man operation, has to follow GDPR guidelines when they aim at people in the EU.
How do you see Lemmy working with duplicate communities on different instances? For example if Lemmy.World and Lemmy.ml have a PersonalFinance community, are people expected to cross-post? Or have you conceived of a system to allow people to find the right community efficiently?
Its a problem, and at the same time a feature. For example, you can have two communities named
!news
, that pertain to completely different topics based on their instance:This also isn’t unique to lemmy, since reddit too had tons of duplicate communities for the same topics.
Just like on reddit, the network effect will run its course here: unavoidably there will be a lot of cross-posting on duplicated communities, until people center around their favorites, based on quality of content.
There are a few tools out there too, like https://lemmyverse.net/communities , that can help people find communities to subscribe to.
Overall tho, I’m against the concept of “combining / merging communities” that are run on different sites by different people. These should be curated and controlled by the people who created them.
Hi there! Looks like you linked to a Lemmy community using a URL instead of its name, which doesn’t work well for people on different instances. Try fixing it like this: !news@startrek.website
Classic bot. Don’t you know who you are talking to!
absolutely brilliant bot misfire 😂
Is this link supposed to work?
No, it’s a fictional instance used to make a point.
I appreciate both the information and your username 🐦⬛
Are there any plans for a “multi-community” (pka multi-reddit) to allow users to combine multiple communities into one? This could give users a neat way to browse/participate in similar communities across instances without having to navigate to each one manually.
I agree that community structure should not change to handle duplicates. If anything, having a feature similar to hashtags or topics that can aggregate a stream of posts from multiple communities would be nice.
What do you mean by combining in this context? If they mutually agree to combine because they have aligned interests I don’t see anything wrong with that. An external entity combining them I agree would lead to a bunch of problems.
I’d imagine it would be the same way it worked on Reddit when there were multiple communities with identical topics/similar names:
One gets a bit larger, therefore shows up in feeds more, appears higher in search results, etc.
Unless the other community has some kind of differentiation, it will wither and die.
And everything will be fine.
I keep seeing people being this up as if it’s some huge problem. There’s tons of /c/memes out there, but !memes@lemmy.ml is clearly the place to go. It’s not confusing, IMO.
For me it’s a problem for the exact reason you think it’s fine: I don’t want centralization. If I did, I’d go to reddit. I do want each topic of discussion to be spread out amongst different instances and communities. But for that to be viable, you need a way to get all the content as easily as if it was all in one place.
Aside from any impracticality that could arise in implementation, I like the idea of federated communities between servers. I mean why not extend the possibilities of federation even further? Community mods or users could de/federate from communities on other servers with the same names or core themes should they so choose. In consideration of difficulties with moderating spam and other materials from other communities generated with the same name, I think it makes sense for that kind of community federation to be opt-in rather than opt-out.
If it goes the Reddit route, one of those communities will definitely border on dead and the risk for moderators/servers having too much power/influence within the larger communities continues.
Any plans for improving SEO? One of Reddit’s biggest strengths was being able to get very relevant results with a simple internet search. In time can you see something similar for Lemmy, even with its decentralized nature? I really you for doing this, thank you for your time!
Lemmy-ui supports SEO, and also has opengraph tags. If there’s anything else needs to be added, we’re open to PRs.
Side note: For me personally, as @FrostySpectacles@lemmy.ml suggested, SEO shouldn’t be a focus. SEO is such a gamed system, catering to a few giant search companies, and results are increasingly becoming unusable, especially in the past few years. I can barely find the things I want to search for, and almost always have better luck using internal sites search engines. So I’d rather focus on improving lemmy’s search capabalities and filtering, than catering to google.
Would you please consider having only local post/community/users indexed by search engines? A lemmy.ml user complained that their username is first result on Google with lemmynsfw.com domain name. Also implementing this would decrease chance of duplicate content.
It can resolved with a simple noindex meta tag.
I’d be open to a PR for that, sure.
I hate Inferno (specifically class components) but I’ll check what I can do 🙏
I do too now (I created lemmy-ui when react was king), which is why the new UI will be written in leptos, using signal-based reactivity, and functional components.
edit: This start bit is wrong; Lemmy does SSR so Javascript-free/spiders should see at least some comments.
Lemmy is currently pretty terrible at SEO, in large part because the comments don’t load until the JS has run.This isn’t just a problem for search engines, it affect things like archive.org and offline reading. Earlier today I loaded a page from an instance that had dropped offline - while they had Cloudflare Always Online enabled, the page loaded without comments so it was almost useless.I think it’s a mistake to consider all the SEO-related concerns as irrelevant just because you don’t care about Google, etc. Most of the things necessary for good SEO are just good practices, with benefits for all users, especially in the areas of accessibility and third-party tools.
Lemmy-ui uses isomorphic rendering so comments do come loaded (just not all of them) on the first page you visit, no javascript needed. Did you mean it should serve all comments?
Hmm, I’ve just tested an that does seem to be the case, at least as far back as 0.17.4. Do you know when this was added? Or if it’s something that can be disabled?
Looking into Cloudflare Always Online, it uses the Internet Archive’s backup instead of keeping on itself which could explain me seeing zero comments (i.e. IA scraped the page after posting but before any comments). I can’t figure out which page in my history was the post in question, so I can’t be sure.
Sadly I dont know when it was added or if it can be turned off, Im not very familiar with it.
Seconding this. In addition to the accessibility, etc benefits, just think about the sheer amount of traffic/users that came from people googling a completely unrelated topic and having reddit pop up. Those are users that might not have otherwise found the platform.
Fair enough. I’m currently focused on creating my own Lemmy web UI, but later I might have room to submit some SEO-related PRs. While I’m not yet sure what needs to be done, instance owners can get tailored recommendations from Google. I have a hunch that Lemmy is currently being penalized for duplicate content, which we might be able to mitigate by adding `` to federated posts.
I’m fully with you on not wanting to cater to Google. On the other hand, if someone writes a helpful Lemmy post, I would like people who don’t know Lemmy to be able to find it.
and results are increasingly becoming unusable, especially in the past few years. I can barely find the things I want to search for,
This is one of the most true statements I’ve read in the past years. Internet search is unusable.
It’s also all about to change as soon as Google drops the new generative search feature.
I second this. I know SEO is a controversial term with Lemmy’s core audience, but being able to find posts through a search engine is pretty darn helpful. It’ll also help more people find their way to Lemmy, which will diversify the range of communities.
If you’re not sure where to start, Google’s free Search Console can give you insight into how your site ranks, how people are finding you and which factors are preventing instances from appearing in search.
To a certain extent lemmy is inherently at a disadvantage because of how Google ranks things. Google gives a lot of weight to site trust which works on a per host basis, and lemmy is distributed meaning the trust of the system as a whole is diluted across instances. It’s a really stupid system that just helps big sites get bigger. It’s made even worse because big blog sites are actually only owned by a small handful of companies and since single companies own many properties that can collude between them to funnel their page ranks between their network of sites.
Right now, instances with transphobic and racist content like exploding-heads are still listed on join-lemmy.org. Are you planning to implement a Server Convenant like on joinmastodon.org? To be listed on joinmastodon.org, an instance needs “Active moderation against racism, sexism, homophobia and transphobia”.
I’m gonna be asking hard questions, I think, sorry about that. I hope you consider it tough love considering our past interactions.
As an instance admin, I have some questions:
-
How are you doing? I know there was a lot of pressure when things blew up and it seems to be calming down a bit now.
-
How is Lemmy doing financially?
-
Considering past releases and their associated breaking bugs (including 0.18.3), what measures are you taking to help prevent that?
-
Can we consider the possibility of downgrades being supported?
-
Why are bugs affecting moderation not release blockers? Does anything block releases?
-
Are there plans to give instance administrators a voice in shaping the future of Lemmy’s development?
As someone who is trying to help with Lemmy’s development, I have some other questions:
- What do you think are the biggest problems with Lemmy as a software project and what are your priorities for Lemmy?
- Considering fairly low amounts of developers contributing to Lemmy, how are you working to help new people get into the project?
- Do you worry about the message it sends to potential contributors when the main developers are working on a different project which competes with the former? (Example: Lemmy-ui vs Lemmy-ui-Leptos)
- Considering most work is done voluntarily, how are you trying to organize and prioritize work?
- Do you believe you are stretching yourself too thin between Lemmy, Lemmy-ui, Lemmy-ui-leptos, Jerboa and Lemmy.ml? If so, what are you doing to help you focus?
-
deleted by creator
I’m personally a hard copyleft developer, so I’d prefer that people making apps and tools for the lemmy eco-system, open source them, to benefit the community as a whole. Nearly all lemmy projects have adopted that standard, and are using the GPL and other hard copy-left licenses, and sharing their code freely with the community.
One example: various devs of lemmy apps have asked me how we build comment trees. Because lemmy’s source code is open, I was able to share the exact code from lemmy-ui (typescript) and jerboa (kotlin). This is not something closed source developers are able / willing to share.
So I continue to recommend that developers heed calls to open source their applications. I developed my ThumbKey android keyboard, specifically because my requests to the MessageEase developers to open-source their codebase, after development had stopped, went unheeded for years.
Side note, but I’ve seen a lot of the discourse around Sync confuse FOSS, with making money. Of course developers deserve to get paid for their labor time! The thing is, FOSS makes no demands on how you monetize your software: “free as in freedom, not free as in beer”, is the saying. So its entirely possible to open source your app, and still charge for it if you like. And If someone wants your app for free (say via an unlocked APK), they’ll get it, whether its closed source, or not.
And yes, if an instance decided to insert ads, or becomes full of blog/cryptospam, I’d def recommend other instances defederate from them. I’d rather not lemmy become the ad-machine that other social media has become.
I definitely didnt expect it, nor did I expect that there would suddenly be more than a dozen different apps. But its not a problem, the more choices users have the better. Those who like such clients can use them, thout it affecting anyone else. Plus monetization of apps could potentially help to fund development of Lemmy itself.
For instances with ads its pretty much the same, more choice for users. But I really doubt that model can have any success considering how many free instances are around which are run by volunteers. Defederation should be unnecessary assuming that ads are only shown to local users.
Hope multiples are ok …
- As platform developers, do you have any thoughts about ActivityPub? Positive/negative critiques, needed developments (in your opinions), usage gripes or tips for other platform devs, future predictions?
- As devs of (now) the second largest platform next to mastodon (by some metrics), which are probably as distinct platforms can be in terms of format, do you have any views on interoperability between platfroms over ActivityPub, where a common critique (AFAIK), from *diaspora devs for example, is that sharing posts/information of different formats just doesn’t work well over AtivityPub and so is one of its major flaws?
- Arguably the fediverse has so far sought to replicate the corporate big-social platforms … should new design evolution occur now and if so how?
- Much has been made by some of how the lack of user-friendliness of the fediverse really isn’t anything to celebrate and should be taken more seriously by users and devs alike (see, eg, Erin Kissane who focuses on mastodon). However much this applies to lemmy (where issues of user mobility probably do apply), do you think the fediverse needs a better story around catering to user needs?
- Do you have any thoughts on the server-based architecture of the fediverse (where all user accounts are bound to a particular user) and whether alternative architectures have a future or could be better (p2p, more single-user based for instance)?
- Should lemmy and the fediverse seek to grow with any and all users or seek to stay relatively small and limited to ensure a healthy cutlure?
- Journalism and journalists … should they be on the fediverse (like the BBC recently with their own mastodon instance) … and if so, how?
- What are the biggest or proudest moments you’ve had with Lemmy so far, and the worst or most embarrassing?
- How does it feel to have so many users using and developing against your software?!
Haha youre a very curious one :D
- See https://lemmy.ml/comment/2348893
- It sure isnt perfect, partly because Mastodon makes no efforts to be compatible and expects everyone else to cater to their way of doing things. Regardless, the fact that you can interact between different platforms is a huge improvement over current social media platforms. And Im certain that interoperability will only get better over time.
- Its already happening, look at Kbin combining the concepts of Reddit and Twitter into one. Or mitra which adds cryptocurrency integrations. There are probably others which Im unaware of.
- Sure usability needs to improved, this will happen naturally over time as more users join and suggest improvements.
- Its really genius because it combines the best aspect of centralized (simple login with username/password and an admin who manages technical stuff) with those of p2p (no central point of failure). Real p2p is great in theory, but it requires way too much technical knowledge for the average user, so its unlikely to ever gain mass appeal.
- Personally I think the Fediverse is really the future of social media, so it will grow whether we want it or not. And its much healthier than the corporate platforms with their tracking, advertising and manipulating algorithms, so the more people leave them behind, the better. I dont see a way to influence this growth, we just need to adapt and deal with it.
- Basically my previous reply, I dont know enough about journalism to give a more specific answer.
- The biggest and proudest was definitely when tens of thousands of Reddit users suddenly came here, and most of them actually liked it. Cant say there was anything bad or embarrassing, the experience for me is really positive.
- It feels great, I never expected this when I started contributing to Lemmy.
- … I never expected this when I started contributing to Lemmy.
Honestly heart warming to hear!
Any plans to improve the sorting algorithm so that there’s a good balance of fresh posts at the top that’s also fairly active? And to help promote smaller communities that would have otherwise been dominated by the posts from bigger instances.
Any concerns about duplicate communities across multiple instances? People have made the argument that it’s like having different flavors of subreddits on Reddit, but it’s a flawed analogy. Individual instances have incentive to make their own communities flourish, whether or not there’s a duplicate already available.
As some instances grow, server costs are becoming significant. Right now, servers are only funded through donations. Do you see the development of anything else to help fund server costs?
If lemmy is working as intended (many small, connected servers), hosting costs should be small: like < $10 USD / month. (images are another issue, but I’ll answer that in other comments).
Of course we don’t plan on adding any monetization directly into lemmy or its UI, including ads, or required payments. Right now at least the best way is to put donation links in your site sidebar.
I’m on an incredibly small instance that self reports costs at about $18 USD/month, which is above your costs.
Beehaw reports costs at over $500 USD/month.
I would imagine lemmy.world is in the thousands.
I know the idea is that there should be more instances, but we are already beginning to see server costs that are higher than what you think. User numbers seem to be settling down now, but who knows when the next spike will happen.
It depends where and how you are hosting. Hetzner or OVH have small VPS which can host hundreds of active users for those 10 usd. Of course if you host on AWS or Digitalocean its much more expensive. lemmy.ml is bigger than beehaw, and only costs 80 euros per month for a dedicated server. Hosting costs will also go down as the code gets more optimized.
Yep. As ppl have mentioned, while our performance bottleneck is currently the unoptimized postgres operations, we haven’t even come close reaching postgres’s actual internal limits. So code and DB optimization will be the biggest factor reducing costs.
I’m on an incredibly small instance that self reports costs at about $18 USD/month
If I really wanted to shoestring it, I could definitely get it lower. But I did want some headroom to grow, and to operate semi-professionally. With the recent upgrades we should be good for a while.
(Also if anyone wants to jump to a small instance, thelemmy.club has some room :)
I run an instance on a spare computer that I had lying in my house. If I had to guess, I would say running my instance probably costs less than a dollar per month.
What kind of internet connection do you have?
I have a 1 Gbps up and down fiber connection.
deleted by creator
We will never have ads or in-app monetization or crypto scams, no. We’ll always be 100% funded by donations and open source grants.
I’m not asking anything because I’m a potato when it comes to software. I just wanted to drop by and say: thank you both for Lemmy. The platform is amazing, and it’s clear that you guys are pouring some heavy love (and labour hours) in it, as it’s improving at an amazing pace.
First of all, I’d like to say thank you and that I appreciate your work. Lemmy is great and I’ve found a new home (at least for the foreseeable future). I first joined lemmy.ml once I learned about lemmy, and I have to say I had a good experience there. You guys even responded directly to my noob questions, and I honestly felt welcome which helped me decide to stay.
My questions are about account migration. As you may have already seen, I’m not with lemmy.ml anymore. The reason is I saw you guys stickied a post encouraging users to use different instances (since the server was having trouble with the influx of redditors at that time). I figured I’d help by first moving to a smaller instance. I have no regrets, although switching was a bit tricky since I had to start from scratch.
What are your thoughts on account migration? Is it in the works or is it something that’s a little far into the future? No pressure since I know you guys are busy with other stuff.
I asked this in the original thread but I’ll repeat it here:
-
Are there any limitations with the ActivityPub protocol you find limiting? Do you have recommendations for future versions of the protocol?
-
Do you have any thoughts on the AT Protocol (a potential competitor to AP)?
-
Hi! This isn’t really a question, but I was a former admin on Lemmy.ml and I just want to say that I really appreciated the opportunity to be on your team and it was a really valuable experience for me! I’m no longer an admin due to inactivity and personal life events causing me to no longer have the time to serve such a role, but I enjoyed the time I was and I really hope I was able to make a positive contribution to the instance!
Thank you for your continued work developing this project and running your instance comrades! This is still by far my favourite fediverse platform, actually, favourite social media in general. I intend to continue using both Lemmy.ml and Lemmygrad and I hope I can continue to contribute by using Lemmy when I have the chance!
First, just want to say thanks for building and maintaining Lemmy. It’s an incredible project, and it provides an incredibly valuable public forum that’s completely open. This is the way internet was always meant to work before it got hijacked by corporations.
The questions I’d like to ask would be whether the platform is developing in the way you originally envisioned, what surprised you in terms of how the platform ended up being used in the wild, and what were the biggest technical and non technical problems that came from the rapid growth after the Reddit migration. And finally, how would you like the platform to evolve going forward, and what your long term vision is.
Comrade Dessalines, you rock. Your audiobooks and essays are great. No questions.