this post was submitted on 15 Jan 2024
669 points (98.1% liked)

Fediverse

28566 readers
402 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] guy 16 points 10 months ago (2 children)

That's a bit misleading to say like that. Go to the website, scroll to the footer and click on "Legal". Your instance, feddit.de, has a legal notice, with a privacy contact person, mentioning you can request data erasure, and detailing where your data goes. Mine, lemmy.world, has a number of in depth legal documents attached there.

However, yes, other instances they are federated with might not take it as seriously though, and if all your data is going there too, then that's a hole in your data privacy.

[–] [email protected] 7 points 10 months ago (1 children)

But if I request it there, after its federated everywhere, what happens?

[–] [email protected] 3 points 10 months ago (2 children)

I imagine that this calls for a feature that can erase your data on every other federated server. If the activitypub protocol can send data from one server to another, it should be able to delete it or find a way to disable viewing said data.

[–] [email protected] 8 points 10 months ago (1 children)

Giving servers the ability to delete each others shit would be interesting to watch when an online war breaks out

[–] [email protected] 1 points 10 months ago

That already exists. The person who created a post or comment can delete it. But it only works sometimes, since federation is constantly not working correctly.

[–] [email protected] 1 points 10 months ago

Eh, that's a mixed bag. Absolutely, one could setup shared delete requests, to federate a delete request, but it would be a bit of a lie as anyone could simply.... update their instance to simply ignore delete requests.

For now, simply not having a delete feature is a more honest to the realities of the fediverse. There'll never be a "true" delete, even if they do eventually support one that's "good enough".

[–] [email protected] 1 points 10 months ago

There are two issues with that:

  • The GDPR notice on feddit.de is not GDPR compliant, and the link isn't even visible on mobile.
  • If you request deletion, they can't guarantee that the data is deleted on federated servers. They can send deletion messages, but federation is constantly not working correctly, other instances can decide themselves whether they do delete stuff, and if an instance is unreachable for a while, the deletion message will be dropped.

Lemmy, or even ActivityPub are designed to be non-GDPR compliant. (Probably not on purpose, but the way it works makes it basically impossible to be GDPR compliant.)