Skip Navigation

Mastodon thinks Lemmy’s privacy stinks. What say you?

Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it's visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server

You're viewing a single thread.

122 comments
  • First - we're all using alpha/beta software (Lemmy is 0.17.4, Kbin is 0.10.). None of these services are "production quality" software yet, so let's keep that in our minds - we're all early adopters.

    The points mentioned in the OP are a bad look. Naturally. User should have expectation of their data being deleted on request - especially since this request might be regulatory privacy request (GDPR related). It's a clear failure from the software and should be improved and iterated upon.

    The expectation shouldn't be "oh well it's on the Internet, live with it". While Facebook might keep mining your data after deletion request, our software shouldn't behave like that, we should strive to be better with this stuff.

    And finally, ensuring privacy in federated system is hard. Mastodon suffers from same problems. We shouldn't give up on the idea though.

    • The more important part for privacy: Mail address is optional, and IP addresses are not stored in the database. A correctly configured instance (at least for EU legislation) also will not log IP addresses in the web server - with that you can have profiles that can't be tied to an actual human, and you don't have location and movement data.

      The data deletion is pretty much a nice to have - it's on the level of the Exchange feature to recall Emails: Sure, you can ask nicely, but outside of your own server pretty much nobody will care. Lemmy is federated over multiple jurisdictions, so even with full deletion implemented there'll almost certainly be instances which will ignore the deletion request - and it will be completely legal for them to do so. More important is education about what you publish, and a basic understanding of the technical and legal realities you'll have to deal with if you later decide you want that information gone.

      I already had that discussion with my 6 year old when she wanted to publish some videos - and she understood the problems quite well.

      • but outside of your own server pretty much nobody will care. Lemmy is federated over multiple jurisdictions, so even with full deletion implemented there’ll almost certainly be instances which will ignore the deletion request - and it will be completely legal for them to do so

        Lemmy also seems to federate your matrix_user_id, that is clear personal data. It does not matter how the data gets to the federated server, this is still user data within the scope of the GDPR. It does not matter that that server does not have an agreement with the user, the instance that would ignore a GPDR related deletion request would be in direct violation of the GDPR. Maybe it can do that without consequences, though.

        I completely understand that making Lemmy fully GPDR compliant will probably be impossible, however I don't like the approach of "we will not succeed, so we don't make any attempt". Instances should actually delete data when that is requested, or instance hosts can get fined. For now, Lemmy has bigger issues to solve, but eventually they should do at least a best effort attempt to respect user data.

        • I had a look into the wording of the gdpr (more specifically the Data protection act as it is implemented in the UK) it seems to refer to organisations. I think most, if not all, instances are not hosted by organisations. (Just some group or individual hosting it on personal or rented hardware). Laws such as this are designed with centralization in mind, and kind of don't make sense in the context of decentralisation.

    • It is an early stage software and such things can be worked out, you're right. But on the other hand, such basic elements should be based on a thorough concept before a single line is coded, and implementing something like a delete button with "Let's just make it delete the most visible stuff for now, we can always improve that later when there is time" is recipe for disaster.

122 comments