https://github.com/LemmyNet/lemmy/issues/4433

Should i repost this to any other /c/'s meant for this kind of things ?

EDIT: In case anyone don’t understand what this is it is an issue raised by someone on lemmy git that when an account is deleted or banned it should also delete the data the data posted by the user. And one of the main dev nutomic is blowing it of like it won’t affect me and maltfield is remainding him that it is illegal under the EU law and it also affects lemmy and moreover it is not ethical or moral . And i thought that was what lemmy was built on privacy, ethics and morals now i am dissapointed.

EDIT : For everyone saying there is no way i am not really ap roggrammer or anything but couldn’t this work :

They could just roll it out on a new version and i think most instances won’t mod it to remove that maybe some oddball ones will but not most. I know saved copies will be there but who cares no one is saving my 1000 comments but that is not the case with this .

It is copy pasted from one of my replies.

EDIT: Also it is not my intention to point finger to lemmy devs and i can differentiate their political stance and their work my only intention was to see that if this post gained enough traction they will reply or fix the issue.

EDIT : Relevant comment from @NeatNit@discuss.tchncs.de about what if other instance don’t delete your data.

So maybe those instances are breaking the law, but Lemmy by default should comply. You could say the exact same thing about any social media - scrapers can and do archive everything they can - but that doesn’t absolve the original platforms (e.g. Twitter) from having to follow the law.

EDIT : As just a person i can’t do anything about it but i am certain if everybody pitch in the lemmy devs will listen and even though everyone seems to hate lemmy devs political stance i can differentiate with politics and their work and i find @Dessalines@lemmy.ml to be very responsive so i am gonna mention him and see what he thinks about it instead of trashing lemmy devs on speculation (i don’t know nutomic’s id) even though i don’t agree wuth nutomic’s response in this case i don’t share the views of many people in the comments and don’t associate this post with them.

EDIT : I just want an option to purge my data when deleting an account that you can enable or disable.

EDIT:Ok i just woke up and am catching up with some of these replies and i wanna say i don’t share any of their views nor am i affliated with them i never wanted to trash on the dev and that is one of the main reason i posted this on casual conversation i didn’t think this would get this uncasual . All i wanted to so was draw attention to this problem so devs will act on it faster but since then i have learned lemmy politics does’nt work like that and as i am not the mod or anyththing i can’t do anything about some of the comments except make it clear i have no affliations with them. Just keep it casual people. I too want these changes but maybe geemtting on the nerve if devs isn’t the best way to achieve it.

Something @tyler@programming.dev chimed in .Your comments can be public, but your data is yours. That’s the whole point of GDPR. Think of an art gallery. The gallery does not own the art a lot of the time, they simply show it. The art is owned by the artist. If they want to take it down they can. The same thing applies here. Your data, you get to choose what happens to it in the eyes of the law.

EDIT:

I accidently left this part out so uploading it.

  • originalucifer@moist.catsweat.com
    link
    fedilink
    arrow-up
    80
    arrow-down
    6
    ·
    edit-2
    10 months ago

    dunno. if i was all that concerned about that kinda stuff i wouldnt be using a publicly, anonymously federating communication platform like lemmy

    clearly people need to stay within legal requirements, and a user wanting to delete their account should be able to do so… but youre not recalling your remotely-transmitted posts anymore than you can recall the words you shout on a street corner.

    e. ahh i see, this is about a bug they dont want to fix on lemmy because they dont feel they are gdpr targets

    so, its definitely a bug. its definitely already on their bug list, but they arent acting on it for ‘reasons’. and now that you pointed it out, they will definitely never act on it.

    • Turun@feddit.de
      link
      fedilink
      English
      arrow-up
      29
      arrow-down
      1
      ·
      10 months ago

      but youre not recalling your remotely-transmitted posts anymore than you can recall the words you shout on a street corner.

      That is true, but the user must still have the ability to delete all their comments. The fact that someone could have scraped the data is irrelevant.

        • Guntrigger@feddit.ch
          link
          fedilink
          English
          arrow-up
          21
          arrow-down
          2
          ·
          10 months ago

          That’s not how GDPR works. You’re legally allowed to request your data and request that it is deleted by the entity that is collecting it and in both cases the company is obliged to act on it.

    • THE_MASTERMINDOP
      link
      fedilink
      English
      arrow-up
      29
      arrow-down
      19
      ·
      10 months ago

      But him blowing it off like that was spezy we should be better than reddit and let users delete their data if they want to .

      • rdyoung@lemmy.world
        link
        fedilink
        English
        arrow-up
        36
        arrow-down
        9
        ·
        edit-2
        10 months ago

        That would be ideal but reality is that because of the way the fediverse works there is no way to control what we post to instances that aren’t our home one and we definitely can’t undo the thousands of copies of those comments/posts that get copied across the fediverse.

        This is a concept that was understood in the early days of the internet and seemed to have gotten forgotten over the years. The basic concept of not being able to unring a bell.

        Basically even if a local instance lets us delete our account and all comments/posts, it would be up to every other federated instance to honor that delete transmission, we have no way to enforce that.

        • pixxelkick@lemmy.world
          link
          fedilink
          English
          arrow-up
          15
          arrow-down
          11
          ·
          10 months ago

          there is no way to control what we post to instances that aren’t our home one

          This doesn’t give the home instance a get out of jail free card for also failing to comply.

          This is pure whataboutism.

          • rdyoung@lemmy.world
            link
            fedilink
            English
            arrow-up
            8
            arrow-down
            9
            ·
            10 months ago

            First off. That’s not the definition of whataboutism. Second. It’s simply the reality we live in. It’s clear in posts like this who actually understand code and software at their core and who wouldn’t be able to name even 1 coding language aside from an oldy like cobal.

            I’m not justifying anything or saying that the right to be forgotten isn’t a worthwhile goal to strive for. What I am doing is attempting to explain reality and the unlikelyhood of OPs dream happening in the fediverse any time soon, if at all.

            I’ll close by pointing out that it’s clear you nor OP read or understood what I said about someone scraping an instance and having a copy of everything posted up to that point and the undeniable fact that you can’t delete anything from that data even if every single instance respected the delete command.

            • pixxelkick@lemmy.world
              link
              fedilink
              English
              arrow-up
              7
              arrow-down
              1
              ·
              10 months ago

              The fact you bring up scraping at all indicates you have no idea what this is about.

              Data privacy and protection isn’t about that.

              “Some third party could just…” is indeed trying to whataboutism it, it’s completely irrelevant.

              Other instance owners are completely irrelevant.

              You’ll need to wrap your head around the fact that legally lemmy has to support the takedown request per instance, not federation wide.

              If I truly wanted my data gone I’d have to make the request to each individual server. That’s fine.

              Data privacy and protection compliance means that I can request specifically server A take down my data, and still be fine with server B retaining a copy.

              If I wanted both to drop the data, I’d have to request it from both individually.

              Scrapers aren’t involved here.

              The protection isn’t about “oh no people on the internet can see my posts”

              It’s more about “oh man it came to light Server B’s owner is selling people’s data and I don’t want my data included in that”

              This is a legal requirement, id recommend lemmy instance owners check in with their local lawyers about this, because a lack of compliance could get individual instance owners in hot water, and if multiple large instance owners realize this, it should put more pressure on the debs to fix that shit.

              • rdyoung@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                7
                ·
                10 months ago

                You really are having a hard time here. I’m too tired to deal with this level of idiocy. You have a nice day now.

        • THE_MASTERMINDOP
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          9
          ·
          10 months ago

          They could just roll it out on a new version and i think most instances won’t mod it to remove that maybe some oddball ones will but not most. I know saved copies will be there but who cares no one is saving my 1000 comments but that is not the case with this .

          • Nomecks@lemmy.ca
            link
            fedilink
            English
            arrow-up
            11
            ·
            10 months ago

            It’s not an issue until it’s an issue. Someone will need to attempt to exercise their GDPR rights to get a change made. As others have said, it’s not so black and white as removing posts from something like Spezddit or Shitter, so the EU may need to weigh in if/when it becomes a legal issue.

          • rdyoung@lemmy.world
            link
            fedilink
            English
            arrow-up
            10
            arrow-down
            12
            ·
            edit-2
            10 months ago

            A new version of what? This is open-source software, anyone can modify and compile their own version and stay federated so long as it stays compatible. Basing compatibility on the deletion of posts/comments/accounts is way more complex than you may think and would only lead to all kinds of unforeseen issues down the road.

            All of this also doesn’t stop anyone from scraping and storing a local copy of any public available instance. Somewhere in my collection of software I have one from a couple of decades ago that does exactly that, it pulls down an entire site just based on a url, it will basically mirror a site.

            I think we would be better off focusing on 2 slightly at odds concepts.

            1. Getting used to whatever we say is out there forever and learning to be comfortable with that and not saying anything that we would be bothered by friends and coworkers seeing.

            2. Teaching people to be truly anonymous on the webs and being careful to not share enough info to be identified by their collective posts (which is easier than people realize).

            • THE_MASTERMINDOP
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              7
              ·
              10 months ago

              I get that but why do you think any of the instance admin do that ? It is aldready very costly for then to host an instance unless they are selling our data i don’t see the need to and in that case there’s nothing we can do about it.

              • rdyoung@lemmy.world
                link
                fedilink
                English
                arrow-up
                4
                arrow-down
                6
                ·
                10 months ago

                Do you not see how this comment is a polar opposite of your initial post and other comments?

                No, you probably don’t and that’s what I have had to deal with online for over 30 years.

      • Sgagvefey@lemmynsfw.com
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        6
        ·
        10 months ago

        It’s not possible.

        By design, everything you posted is shared to hundreds of other servers, all of which are capable of doing anything they want with it. I can guarantee you that there are several that are archiving anything and everything that gets federated to them and will not remove that content when the original server does.

        • NeatNit@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          13
          ·
          10 months ago

          I can guarantee you that there are several that are archiving anything and everything that gets federated to them and will not remove that content when the original server does.

          So maybe those instances are breaking the law, but Lemmy by default should comply. You could say the exact same thing about any social media - scrapers can and do archive everything they can - but that doesn’t absolve the original platforms (e.g. Twitter) from having to follow the law.

            • maynarkh@feddit.nl
              link
              fedilink
              English
              arrow-up
              7
              ·
              edit-2
              10 months ago

              Pseudonymisation means something different from what you think in the context of the GDPR. Usernames are not pseudonyms, they are personal data (see art 4/1. “online identifiers”). Pseudonyms are something the processor introduces to disassociate data from the username like an user database ID.

              And pseudonymisation is only a method introduced to further protect data, you still need a reason to keep it. If you have no legitimate basis to keep that data, and the data subject requests a deletion, pseudonymous data also needs to be deleted.

              Also, legal practice has confirmed that social media posts absolutely do qualify as personal data.

            • NeatNit@discuss.tchncs.de
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              1
              ·
              10 months ago

              But some people do use pseudonyms that are easy to tie to their real identity. Or sometimes, just their name. (I haven’t encountered it on Lemmy but there’s absolutely nothing to stop it from happening)

    • THE_MASTERMINDOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      5
      ·
      10 months ago

      I don’t understand why won’t they because i pointed it out ? Also it was not treated as a bug by nutomic and i think it is more of a missing feature .also what reasons ?

      • originalucifer@moist.catsweat.com
        link
        fedilink
        arrow-up
        19
        arrow-down
        2
        ·
        10 months ago

        you triggered the spite flag.

        people are people, these people have this project theyre doin and their priorities dont match yours. it happens.

        how do you get someone to fix an issue they dont think is a priority? that can be touchy, but here i would prolly not go rolling in with big labels like legal and gdpr. maybe a lighter touch with references to moderating spam/unwanted images. i dunno… nice people can move mountains, and they arent doing the lifting.

        at the heart of the matter, you just wanted a simple call to delete images that need to go with the account.

        • THE_MASTERMINDOP
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          4
          ·
          10 months ago

          you triggered the spite flag.

          What is a spite flag ? If it is what i think it is it certainly was not my goal i thought if the post gained some traction the devs will act on it .

          • m_randall@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            19
            arrow-down
            4
            ·
            10 months ago

            I apologize but I’ll be blunt - you went way over the top with your comment.

            The guy is trying to triage some tickets, made a reasonable guess at policy and was greeted by a dissertation and accusations. You then double down by posting here like there’s cause for some huge alarm. I’m a fairly big privacy advocate and even I was rolling my eyes. These type of comments make working in open source not enjoyable.

            Unsolicited advice - Take a deep breath, have reasonable conversations with people building and maintaining software, and don’t take every small offhanded comment as the sky falling.

            • THE_MASTERMINDOP
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              1
              ·
              edit-2
              10 months ago

              Do i sound angry because i certainly am not angry. If that’s how it read i am sorry.

              • m_randall@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                2
                ·
                10 months ago

                Not angry no. Just don’t be so quick to judge a comment made off hand by a developer triaging tickets. Bolded text and jumping to conclusions that devs don’t care helps no one. Attempt to educate instead. Not everything has to be internet outrage.

                And good on you for being introspective.

                • THE_MASTERMINDOP
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  edit-2
                  10 months ago

                  I just wanted this post to get attention so devs will look into it but as things do this git out of hand and i do regret that.

          • blargerer@kbin.social
            link
            fedilink
            arrow-up
            17
            arrow-down
            3
            ·
            10 months ago

            As a dev, I’ll generally try and act on things in the order I think is best, (Or I’m told is best in projects I’m not heading) but someone being annoying about a ticket in a foss project is easily the quickest way to get me to put an issue towards the bottom of whatever priority stack its in.

              • NeatNit@discuss.tchncs.de
                link
                fedilink
                English
                arrow-up
                9
                arrow-down
                5
                ·
                edit-2
                10 months ago

                In my opinion, no, but you absolutely should say that you might have overreacted and apologize for being a bit aggressive, but say that this still matters a lot and you are worried.

                Note, I really didn’t read any context other than the image in the OP.

                • THE_MASTERMINDOP
                  link
                  fedilink
                  English
                  arrow-up
                  6
                  arrow-down
                  15
                  ·
                  10 months ago

                  If you have read nothing your opinion is invalid.

                  • NeatNit@discuss.tchncs.de
                    link
                    fedilink
                    English
                    arrow-up
                    9
                    arrow-down
                    1
                    ·
                    10 months ago

                    My advice was just to express your concern in a calm and friendly way. If you’re being too aggressive, anyone will automatically become defensive and won’t take you seriously - that’s what’s happening. If you want to have any chance for this to be addressed, you have to make it clear that you’re on their side, not an enemy.

                    I mean, look at this: “If you have read nothing your opinion is invalid” - do you see how aggressive this sounds? “Your opinion is invalid”, that’s just hurtful, you’ve basically made yourself my enemy. But I’m not your enemy, I’m on your side. You even quoted something I said in the OP.

                    It’s not just what you say, it’s how you say it.

          • originalucifer@moist.catsweat.com
            link
            fedilink
            arrow-up
            8
            arrow-down
            2
            ·
            10 months ago

            its the part where a human being gets annoyed with another human being thereby marking them from any future optional endeavors

            ie, annoying people get ignored.

            • THE_MASTERMINDOP
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              2
              ·
              edit-2
              10 months ago

              As i said it is not my goal but if they consider it like that instead of raising a problem . Oh well what can you do about it.