King 1 year ago • 100%
The GPDR doesn't require Lemmy to remove personal data from the entire internet. But when a Lemmy instance gives data to other Lemmy instance, there are legal responsibilities.
https://gdpr-info.eu/art-17-gdpr/ Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
==========
Maybe this is open to interpretation, but I feel that the same Federation protocol that federates out my personal data (my posts and comments), should also federate out my delete requests. I'm unsure why this would be controversial.
King 1 year ago • 100%
Archive.org (wayback machine) has a request page for removal. I don't have any knowledge of how they do it.
https://help.archive.org/help/how-do-i-request-to-remove-something-from-archive-org/
King 1 year ago • 0%
Oh my, you are correct. Images are being federated some of the time.
Like most everything else, the intended behavior isn't documented anywhere.
King 1 year ago • 100%
I checked Mastodon briefly. It appears they are currently not in compliance. There are open issues on GitHub, but nothing looks close.
King 1 year ago • 100%
The CCPA (USA version) and GDPR (EU) both specify Personal Data, not Personally Identifiable Information. So the contents of my posts are my personal data, even if my username doesn't identify to a real person. If I want my personal data removed from Lemmy, the GDPR allows for me to request it to be deleted.
Lemmy is still in the early stages. I'm not asking for changes to be made right away, or even this year. But I do feel that my personal data should be under my control. Lemmy should be programmed to federate out the the deletion of all my personal data, if I make such a request.
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data
(*) Note the CCPA has a ton of exceptions, and only really applies to the larger social media sites.
King 1 year ago • 100%
Wouldn't it be easier to fix the delete federation bug so Lemmy could comply with GDPR ?
King 1 year ago • 100%
Are those times milliseconds?
King 1 year ago • 100%
Media isn't federated. The media should just be referenced with a link to the original source.
Normally, the largest use of disk space is the Activity table. It is stored for six months, and only useful for debugging. Below is the Issue, along with SQL commands to check and purge this debugging table. Let us know if this was the issue
King 1 year ago • 100%
The law specifically names "online identifier".
The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons. In practice, these also include all data which are or can be assigned to a person in any kind of way. For example, the telephone, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data.
King 1 year ago • 100%
Just say, we don’t provide or target EU individuals and you’re free.
Don't allow users from the EU to sign up? Is that your plan?
King 1 year ago • 100%
See https://gdpr-info.eu/issues/right-to-be-forgotten/
Once the "controller has made the personal data public", they have legal obligations. Gmail doesn't make my data public, generally.
King 1 year ago • 100%
See https://gdpr-info.eu/issues/right-to-be-forgotten/
Once the "controller has made the personal data public", they have legal obligations. When you send an email, you are not making it public.
King 1 year ago • 100%
See https://gdpr-info.eu/issues/right-to-be-forgotten/
Once the "controller has made the personal data public", they have legal obligations.
King 1 year ago • 100%
Unfortunately, as one of those 3.8k daily users, I'm still using Reddit mostly. Lemmy has a long way to go before I drop Reddit all the way.
King 1 year ago • 100%
This is a reported bug. Looks like they are testing some fixes, not sure when they will go live. https://github.com/LemmyNet/lemmy/issues/3588
In any event, those old deletes will never get federated out. You will need a local mod or admin to remove the items from lemm.ee
King 1 year ago • 100%
Just curious, why not?
I created a post - on my home server https://lemm.ee/post/1274899 - on this community https://bulletintree.com/post/818905 - and can view it on a subscribed server https://lemmy.world/post/1578281 I deleted the post. It removed it from lemm.ee, but the post remains on the other two sites. Let me make another test.
King 1 year ago • 100%
Comments on each server
https://lemm.ee/comment/1104139 <- comment deleted from user home
https://lemmy.world/comment/1264479 <- comment still exists on subscribed server
https://bulletintree.com/comment/759622 <- comment deleted from community home
King 1 year ago • 100%
From lemm.ee, comment https://lemm.ee/comment/1102902 was added, edited, then deleted
Comment was correctly federated to community server at https://bulletintree.com/comment/758923 for adding, editing and deleting
Comment was federated to subscribed server at https://lemmy.world/comment/1263136 ✅Added ✅Edited ❌Deleted
This is consistent with my other tests. The community server is not federating out Delete activities
King 1 year ago • 100%
From lemm.ee, comment https://lemm.ee/comment/1102902 was added, edited, then deleted
Comment was correctly federated to community server at https://bulletintree.com/comment/758923 for adding, editing and deleting
Comment was federated to subscribed server at https://lemmy.world/comment/1263140 ✅Added ✅Edited ❌Deleted
This is consistent with my other tests. The community server is not federating out Delete activities
King 1 year ago • 100%
King #2 comment One edit
King 1 year ago • 100%
King #1 comment one edit
King 1 year ago • 100%
good job
King 1 year ago • 100%
There is no easy way to do this. Each Lemmy instance uses their own autoincrement ID for posts. So post 12345 here might be post 54321 on another instance.
It has been suggested that each post gets a universal ID (UUID is an example). Then the local server could just examine the URL and redirect the user to the local post. This suggestion hasn't gotten any traction. The dev team is more focused on fixing the huge performance issues right now.
King 1 year ago • 50%
But when you first subscribe, you’d expect to be missing old posts
OP didn't expect to be missing old posts, hence his question. I had the same surprising discovery. Not sure how the UX could be improved to convey to the user what is actually happening.
King 1 year ago • 100%
Somewhat related, but why are we federating votes? Why not just federate the upvote count and downvote count? Does each server need to track the identity of every voter on a subscribed community?
Each server will track votes from their own users, preventing duplicate votes.