Warning: You cannot delete posts or comments on Lemmy. It stays up forever, and is in direct violation of GDPR and other national privacy laws.
Warning: You cannot delete posts or comments on Lemmy. It stays up forever, and is in direct violation of GDPR and other national privacy laws.
Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.
GDPR is for companies/corporations to "respect" user's requests about their data.
Lemmy (ActivityPub, actually) isnt a company.
What you are saying is the equivalent of saying that the concept of writing is in direct violation of GDPR.
What you probably can do is request that an instance remove your content... And then do the same for every single other instance of any platform that implements ActivityPub (and not all of them will even have data coming from you) and is federated with your instance. And the only ones that would really need to comply are those that are based or operating in the EU.
This is still the internet, not some magical place.
Use some of the most basic fundamental internet safety rules and don't provide potentially compromising information for no reason whatsoever. Especially since this isnt a corporation such as Facebook or Google who require you do so in order to use their service.
It gets worse: everything you post to Lemmy is sent to multiple other servers automatically. Those servers may be in jurisdictions that have very different privacy laws than the server you post from, or that hosts the community you're posting to. You have no legal agreement with those servers.
We're not done though. The ActivityPub standard makes delete optional, and other servers could be running anything, not just Lemmy. Some of them are probably running somebody's janky pet project that implements half of ActivityPub, poorly, on a jailbroken smart light bulb or something.
Lemmy should implement proper post deletion, possibly with a delay to allow moderators and admins to inspect deleted posts, but expect anything you share via ActivityPub to follow the once on the internet, always on the internet rule even more than in the past.
This is a lot like spray painting a message on a public wall in a neighborhood and then complaining because the community won't paint over it (or destroy photos they took of it) when you realize how dumb it was.
You're writing on a public space for free with no business behind it. You're not the customer in this scenario.
OP is simply incorrect.
I'm coding a Lemmy alternative right now and have been testing this functionality out extensively. Deletes of posts and comments certainly federate, I've seen the AP traffic to make it happen. Also, the docs: https://join-lemmy.org/docs/contributors/05-federation.html#delete-post-or-comment
I haven't tested what happens when the 'delete account' button is clicked... Mastodon solves this by sending a 'delete this user' Activity to every fediverse instance so there's nothing about ActivityPub that makes removing an account and all it's posts in one go impossible.
All your posts on the fediverse are effectively a public blog of your thoughts that will be scraped and stored in servers you have no control over.
If you care about privacy, which I understand, you probably want to leave quickly.
Here’s a rundown from someone who got fed up with the fediverse and kinda rage quit: https://blog.bloonface.com/2023/07/04/the-fediverse-is-a-privacy-nightmare/
Another example of this is that it’s not just about lemmy. One way in which lemmy actually federated well worth microblogs like mastodon is that users can be followed from mastodon etc.
So any number of servers running a number of open source easy to run platforms could be taking up everything you specifically post.
Kilroy was here -U-
Effect of ActivityPub, not Lemmy. All federating systems function similarly, because it's a feature of the protocol.
If instances want, they can ignore delete requests and your content stays in their cache forever (remember Pleroma nazis from couple of years ago?) - now, that is an instance problem that might be a GDPR issue, but good luck reporting it to anyone who cares. At best you can block and defederate, but that doesn't mean your posts are removed.The fediverse has no privacy, it's "public Internet". Probably a good idea to treat it as such.
This is definitely a con of Lemmy for me. I like to be more privacy focused but Lemmy gives you 0 privacy on whatever you do on the website. Anyone who wants more privacy on Lemmy is told you have no right to privacy, don't expect any privacy, everything you do is public on the internet, etc. A massive boner killer for me. I think basic things like deleting your own post or comments should actually get removed from all servers, PMs should not be viewable by anyone except the recipients, and what you vote on or subscribe to should be private. Lemmy doesn't sell your data but that's because anyone can take the data for free. I thought this stuff was because Lemmy is still new and will get to it eventually but the push back seems to say this was a choice or is not broken. I ended up exploring different social media alternatives but I like the style of Lemmy better since it is more reddit-like with an active user base plus has different android clients. I don't like kbin because it shows who upvoted or downvoted something to everyone - it's not accountability when it erodes your privacy.
I used to comment on Lemmy more but then I ran into this problem when juggling multiple accounts, Liftoff sucks ass at letting you know which account you are logged into (I use Summit now and it is better at it) so I ended up getting my accounts' wires crossed when I thought using the drop down on your accounts changed your account but no you have to go to manage instances to switch which was not intuitive. I ended up abandoning the accounts when I couldn't figure out how to actually delete the post from the server.
Edit: man I wish I saw this sooner, might be time for me to either stop posting again or look somewhere else.
there's a delete button
Lemmy lack of central control is a feature. But it can still be GDPR compliant. GDPR did not make useNet illegal. GDPR does not make peer-to-peer illegal.
As an EU citizen you can still write letters to the editor of newspapers, and those letters can be published in those newspapers of record. Sending a message to Lemmy is akin to publishing publicly and opinion piece in a newspaper.
Certainly you can use GDPR to talk to an lemmy admin to remove your data on the instance you registered and account on. But due to the nature of Lemmy, it's architecture, you can't go out and retract all of the newspapers that have been published. That's a physical impossibility.
Even if you could somehow talk to every administrator of every instance, you can't prove you were that user who posted that data.
You know, I think I'm going to make some software that just siphons every ActivityPub message (ignoring delete requests except to log them) and call it "GDPR THIS". The amount of mysticism and confusion around two very basic concepts (ActivityPub works by copying profusely, and the GDPR has no weight outside of the EU) just leaves me baffled here.
That's a pretty uncharitable interpretation, especially considering Lemmy is developed in and funded in part by the EU, and the "staying online forever" thing is a consequence of Federation (and one they're working on remedying).
If you were worried about this sort of thing, perhaps you should have done your research about the platform before making an account so you could bitch about it here. You definitely don't sound like the voice of reason when you couldn't be arsed to figure this out before you made an account.
Permanently Deleted
To my knowledge, these privacy laws prevent corporations from holding onto your data after you have requested to delete it. Lemmy is not a corporation, and there is no single entity that holds onto all of your data. That's just a tradeoff of being decentralized.
Well it is pretty much impossible to delete anything on any federated service. It is technically just not possible without opening a whole other world of problems.
I always like to think of the fediverse in some way like emails. If you send an email, the moment it leaves your mail providers server it is pretty much impossible to stop.
Basically think before you post. The internet never forgets, the fediverse especially so.
I don't know where this myth came from, but you don't have a right to erase your public posts from there internet under GDPR. See, for example, https://law.stackexchange.com/questions/32361/does-a-user-have-the-right-to-request-their-forum-posts-deleted
If anything, you might have such rights under copyright law, if your posts cover the threshold for copyright. In that case, you can ask server admins to delete them, and they will have to comply. But the request has to reach them (if they're defederated, the delete button won't teach them, and you'll have to contact them separately).
Very bad indeed! This is the beginning of the end for lemmy.
Ps for those who don't know, copying a deleted comment makes it appear in your pastbin