- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
Lemmy is a service for the purpose of publishing your posts & comments to servers that are outside of your control or the control of your local server’s operator.
That is literally what it is for. That is not a bug; it is not just a feature; it is the whole design.
The ability of servers to go their own way is why it’s a federated service and not a centralized one.
When you send an email from
you@aol.com
tothem@ox.ac.uk
, you cannot take it back. The content of your email is sent from your computer, to AOL’s server, to Oxford’s server, to the recipient’s email client on their computer. Oxford can back it up as part of regular server backups. The recipient can print it out on their printer and put it in a filing cabinet and show it to someone ten years later. For that matter, AOL is under American jurisdiction and Oxford is under British jurisdiction.That’s literally what SMTP email is for. It’s for sending a message to someone else in a different zone of control. As a result, you can’t take it back.
Same goes here. ActivityPub is a lot like email, Usenet, and other classic federated protocols; a major difference is that it’s implemented on top of HTTPS and JSON rather than raw TCP and line-based classic-IETF-style protocols.
As someone who deleted an account on one server to create an account on another, I can say that my comment remained but my username did NOT.
Personally, I’d like a 2FA option, but the post on Raddle about privacy does not ring true to me. I can’t speak to the admin side of things, however.
This sort of thing has been talked about many times before. Everything you do publicly (post, comment, and even vote) on lemmy is federated to every instance where a user has subscribed to where the community is hosted, meaning possibly thousands of servers. Once federation happens you have no control over it. You can “delete” it, but that just sends a federated message to those same servers saying “this user wanted to delete that post”. There is no guarantee they honor that request or mechanism to force compliance. Servers could even pretend to delete it, but just hide it and keep a copy forever if they wanted.
The internet is forever, especially in the fediverse. If you post anywhere on the internet someone can make an archive link that shows the post, your username, and any media forever.
Deleted comments remain on the server but hidden to non-admins, the username remains visible
This makes a lot of sense to keep a copy of what was deleted in case it is needed for all manner of things such as reporting to police or validating a pattern of a user’s bad behavior even if they are deleting their messages.
The username thing is potentially a problem, but I think is just part of the federation protocol. The protocol has to identify who is doing the delete (so not just anybody can delete anyone else’s comment), and that delete message basically takes the place of the deteled content. There may be a better way of handling that specifically in lemmy or the UI, but there is no guarantee other servers will behave the same, that is information that is out there.
Deleted account usernames remain visible too
Basically the same as above.
Anything remains visible on federated servers!
By design.
When you delete your account, media does not get deleted on any server
Not sure about this, there are layers of caching involved and those do get auto purged by default after a maximum of 6 months or something. This is a pretty common thing where if someone posts something to social media you can find a CDN link that will keep working for e.g. a photo even if the post holding the photo is deleted. It could probably be improved by servers finding and purging that item from their cache when they get a delete message.
the operator and developer of lemmy has very problematic politics
This whole section is basically fear-mongering. Lemmy is just one implementation of a federating server and these “problems” have basically always existed. Yes, the developer of Lemmy is a communist. If that causes mistrust don’t use lemmy.ml (the only server the dev runs AFAIK). If you don’t trust the software written by a communist for some reason, then use Kbin (if you want a reddit-like view of the fediverse) or Mastodon/Pleroma/Akkoma/Misskey/GNU Social/PeerTube/Pixelfed/Friendica/etc (various twitter/facebook/youtube/instagram styled fediverse softwares).
What does post/comment permanency have to do with privacy? The linked post is an opinion, with no facts backing up their extreme claims.
It’s true that if you delete a comment, your username remains, but is that a matter of privacy? Was it acceptably private before deletion? Why does that change afterwards?
I’m extremely skeptical of the poster sharing partial truths with opinion and no sources.
Edit: I read some of the comments. Poor jorgesumle4, yeesh!
Edit2: and won’t be going anywhere near raddle, either. Oof! “My echo chamber isn’t echoing right! I must now yell and spew some ad hominem hate! Ahh, much better.”
Edit3: To @[email protected], I would say your OP question, “is there truth to this?” is being asked about an opinion. Can opinion be true or false? I don’t really understand the premise. If you’re posting on the public internet, that’s not private. Full stop. Any platform on the public internet, no matter how you can or cannot delete your contributions, is not private.
What does post/comment permanency have to do with privacy?
Some folks consider “the right to be forgotten” to be a privacy right.
There are cases where this makes sense. For instance, suppose you’re a schoolteacher in Florida today. But a dozen years ago, you were in college and you did a drag performance. Today, the fascist DeSantis regime might label you a “groomer” and fire you or even prosecute you. A dozen years ago, you felt okay putting a video of your drag performance on YouTube … but today you would really like to make sure that the most frothingly fascist parent of your students could not find that video.
It’s easy to say “well, the problem is that Florida has fascists in charge” but that doesn’t help the schoolteacher.
To be clear: This is not an easy issue. All quick snappy answers are wrong.
I feel you. Thanks for the comment. “Right to be Forgotten” was the phrase I needed to see for that to click.
I think your analogy is off the mark only in that, in the situation you describe in the lemmy platform, the teacher’s video disappears, but everyone can still see that they posted something.
I do hope that in time, lemmy devs remove the username next to deleted posts.
As I said to OP in another comment, lemmy gets a lot right when it comes to privacy, and much more right than most social media platforms. For me, I won’t let perfect be the enemy of good.
I’m kinda new to all these reddit alternatives, someone linked me to that post when I was recommending lemmy so I was truly wondering.
It’s a worthwhile question. I’ll just caution you against getting your answers from such emotionally-charged sources.
And my earlier question to you was honest and in all seriousness. If privacy means to you that you can delete a comment you made, leaving no trace, then lemmy is not private.
It was off-putting, the first comment I made in the wrong community (lemmy bug) and subsequently deleted when I saw my name still present as the comment author.
To me though, when I think of my online privacy, I think more in terms of if my clicks are being correlated and assigned value in some heuristic system, or sold to third parties. Is the app phoning home to graph.facebook.com with a list of all my other apps installed, time spent on each, IMEI, etc?
All I see here is an apparent admin of the site making a bunch of bad faith arguments and threatening to ban people who disagree with them.
Here is a link to another discussion on this topic.
ActivityPub has deletion protocols that at worst need to be implemented. Overall any shortcoming in the Lemmy code base can be fixed, and as always nothing is truly private on the public internet. It’s like expecting privacy using the sidewalk or the public park. We should try to have instances respect deletion requests though, but all that can be done is to ask servers nicely through an API.
Glad to see raddle is still a cesspool of purity-testing and knee-jerk takes… =w="
I used to really like it, too. I was active and supportive for a couple years (even back when it was raddit!), but wow this reminds me about why I don’t miss it. I’m already liking Lemmy so much more, and I’ve only been here a couple weeks!
My issue with this is that it feels like kinda an issue with federated software
I’m not gonna say lemmy couldn’t try of add federated delete functions but I feel ultimately federation comes with risk, I dont like the fact lemmy is ran by tankies, I really wish KBin had apps but I feel like this could be an issue no matter what