MrKaplan

joined 10 months ago
MODERATOR OF
[–] MrKaplan 6 points 4 weeks ago* (last edited 4 weeks ago)

Deleting posts or comments is a best effort attempt at removing it from public view.

Due to the federated nature of Lemmy, any time content is posted and sent to other instances, we lose control over what happens next. When content is marked as deleted on our end, this sends a "please delete this" message to other instances, but there is no way to enforce this, as that content is no longer stored on our infrastructure. Once content is publicly accessible on the internet, there is no way to ensure that it gets removed again. Even if all fediverse instances are cooperating and honoring deletion requests, there may be federation issues causing the deletion request being lost, or external actors that just scrape Lemmy or the larger internet to collect as much data as they can, with no chance of the original creator being able to get it purged. Depending on the data, this may no be legal in some jurisdictions, such as EU having the "right to be forgotten" and similar laws.

Additionally, the Lemmy version we are currently using has a bug, where under some circumstances contents of deleted and removed comments are still being displayed to users. While this is expected for mod-removed comments to be visible in the modlog, this is neither expected for deleted comments nor should the comments still be displayed normally. We are looking forward to address this with the next Lemmy update we will be deploying, but we will likely have to build some custom patch for Lemmy to ensure that this does not significantly reduce our moderation experience, as the solution implemented in Lemmy essentially prevents anyone, including site admins and community moderators from seeing removed and deleted comments entirely.

This is further extended by Lemmy having a scheduled task (already in the version we are using here), which runs daily to overwrite deleted posts and comments to remove their contents once they are older than 30 days.

As is right now, if you have sensitive information that you accidentally shared in a comment or post, we recommend editing the contents prior to deletion and removing that.

edit: typo

[–] MrKaplan 4 points 4 weeks ago (1 children)

We will be posting an announcement explaining the current plans and issues in the coming days.

[–] MrKaplan 1 points 4 weeks ago
[–] MrKaplan 10 points 4 weeks ago

I wouldn't say usually, but they can happen from time to time for a variety of reasons.

It can be caused by overly aggressive WAF (web application firewall) configurations, proxy server misconfigurations, bugs in Lemmy and probably some more.

Proxy server misconfiguration is a common one we've seen other instances have issues with from time to time, especially when it works between Lemmy instances but e.g. Mastodon -> Lemmy not working properly, as the proxy configuration would only be specifically matching Lemmys behavior rather than spec-compliant requests.

Overly aggressive WAF configurations tend to usually being a result of instances being attacked/overloaded either by DDoS or aggressive AI service crawlers.

Usually, when there are no configuration changes on either side, issues like this don't just show up randomly.

In this case, while there was a change on the lemmy.ml side and we don't believe a change on our side fell into the time this started happening (we don't have the exact date for when the underlying issue started happening), while the behavior on the sending side might have changed with the Lemmy update, and other instances might just randomly not be affected. We currently believe that this is likely just exposing an issue on our end that already existed prior to changes on lemmy.ml, except the specific logic was previously not used.

[–] MrKaplan 80 points 4 weeks ago (38 children)

this comment section is not a place to rant about other instances

[–] MrKaplan 26 points 4 weeks ago (2 children)

I don't believe it is.

There weren't any network related changes from 0.19.6 to 0.19.7 and we haven't seen this behavior with any of the 0.19.6 instances yet.

The requests are visible with details (domain, path, headers) in Cloudflare, but they're not showing on our proxy server logs at all.

[–] MrKaplan 4 points 4 weeks ago (1 children)

at this point we don't believe that this will allow anyone to act as someone else, but we are aware of the issue. it's still unclear what is actually causing this, as the pages are not supposed to be cacheable when there is authentication attached.

are you sure about the username? i can't even find a user remotely matching that name.

[–] MrKaplan 10 points 4 weeks ago (1 children)

some of the issues introduced in 0.19.4 or 0.19.5 include

No software is ever free of bugs, especially not one starting with a zero version number.

nobody is talking about it being free of bugs, but we try to go for versions that at least don't have any major bugs.

ther must be no avoidable delay in the deletion request of user data

is there a definition for "no avoidable delay" as interpreted by courts? your definition and mine clearly don't overlap here.

That said, there is no communication of news and roadmaps. Maybe on proprietary Discord but not here.

there is no additional information about roadmaps on discord.

https://lemmy.world/post/20234434 is one of the places this was discussed previously.

we currently don't have any announcements about this. afaik we've only been doing these for when we actually plan to do something with an actual estimated timeline, but i agree that it would be good to have this information more accessible by having a post in our announcement community rather than just comments on posts in other communities.

[–] MrKaplan 11 points 1 month ago (3 children)

your calculations seem to be off.

0.19.7 is only 4 versions ahead of 0.19.3, not 8.

there were significant issues with 0.19.4, which resulted in 0.19.5. there are still some issues that are important for us, although they may not be as important for smaller instances, that were an issue in 0.19.5.

0.19.6 was released 10 days ago and already had a followup release 0.19.7 to fix some new issues that were introduced in 0.19.6. there are still pending issues like https://github.com/LemmyNet/lemmy/issues/5208, so i imagine it might not take too long for a 0.19.8 release.

we're aiming to provide a stable experience and also try to avoid regressions resulting in reducing moderator capabilities.

most of the issues we saw reported for versions above 0.19.3 however have been fixed in the newer versions since, so there aren't as many issues remaining that would prevent an upgrade to 0.19.8 or a 0.19.7 with extra patches, but at this time 0.19.7 hasn't seen widespread use yet, which tends to be what brings up more bug reports if there are new issues.

LW is currently still violating privacy laws because users cannot delete uploaded media.

this statement is ridiculous. while you cannot currently delete them yourself, this is in no way violating any laws. if people want to have their uploaded media deleted they can just raise a support ticket or send a message to @[email protected] and we'll take care of it.

if there are any laws stating that this is required to be possible as self-service i'd love to see references for that, because for all i know this is not the case.

[–] MrKaplan 7 points 1 month ago (1 children)

no, there are currently no options to customize the viewing experience, such as custom css.

as others already mentioned, forcing light mode on people is generally not well received anyway.

[–] MrKaplan 5 points 1 month ago

trending communities are going away in the next release iirc due to the current implementation not really being useful.

view more: ‹ prev next ›