- cross-posted to:
- foss@beehaw.org
- technology@beehaw.org
- cross-posted to:
- foss@beehaw.org
- technology@beehaw.org
As someone who deleted an account on one server to create an account on another, I can say that my comment remained but my username did NOT. I’m not particularly opposed to the comments remaining for the sake of thread continuity.
Personally, I’d like a 2FA option, but the post on Raddle about privacy does not ring true to me. I can’t speak to the admin side of things, however.
Lemmy is a service for the purpose of publishing your posts & comments to servers that are outside of your control or the control of your local server’s operator.
That is literally what it is for. That is not a bug; it is not just a feature; it is the whole design.
The ability of servers to go their own way is why it’s a federated service and not a centralized one.
When you send an email from
you@aol.com
tothem@ox.ac.uk
, you cannot take it back. The content of your email is sent from your computer, to AOL’s server, to Oxford’s server, to the recipient’s email client on their computer. Oxford can back it up as part of regular server backups. The recipient can print it out on their printer and put it in a filing cabinet and show it to someone ten years later. For that matter, AOL is under American jurisdiction and Oxford is under British jurisdiction.That’s literally what SMTP email is for. It’s for sending a message to someone else in a different zone of control. As a result, you can’t take it back.
Same goes here. ActivityPub is a lot like email, Usenet, and other classic federated protocols; a major difference is that it’s implemented on top of HTTPS and JSON rather than raw TCP and line-based classic-IETF-style protocols.
What does post/comment permanency have to do with privacy? The linked post is an opinion, with no facts backing up their extreme claims.
It’s true that if you delete a comment, your username remains, but is that a matter of privacy? Was it acceptably private before deletion? Why does that change afterwards?
I’m extremely skeptical of the poster sharing partial truths with opinion and no sources.
Edit: I read some of the comments. Poor jorgesumle4, yeesh!
What does post/comment permanency have to do with privacy?
Some folks consider “the right to be forgotten” to be a privacy right.
There are cases where this makes sense. For instance, suppose you’re a schoolteacher in Florida today. But a dozen years ago, you were in college and you did a drag performance. Today, the fascist DeSantis regime might label you a “groomer” and fire you or even prosecute you. A dozen years ago, you felt okay putting a video of your drag performance on YouTube … but today you would really like to make sure that the most frothingly fascist parent of your students could not find that video.
It’s easy to say “well, the problem is that Florida has fascists in charge” but that doesn’t help the schoolteacher.
To be clear: This is not an easy issue. All quick snappy answers are wrong.
I feel you. Thanks for the comment. “Right to be Forgotten” was the phrase I needed to see for that to click.
I think your analogy is off the mark only in that, in the situation you describe in the lemmy platform, the teacher’s video disappears, but everyone can still see that they posted something.
I do hope that in time, lemmy devs remove the username next to deleted posts.
As I said to OP in another comment, lemmy gets a lot right when it comes to privacy, and much more right than most social media platforms. For me, I won’t let perfect be the enemy of good.
This sort of thing has been talked about many times before. Everything you do publicly (post, comment, and even vote) on lemmy is federated to every instance where a user has subscribed to where the community is hosted, meaning possibly thousands of servers. Once federation happens you have no control over it. You can “delete” it, but that just sends a federated message to those same servers saying “this user wanted to delete that post”. There is no guarantee they honor that request or mechanism to force compliance. Servers could even pretend to delete it, but just hide it and keep a copy forever if they wanted.
The internet is forever, especially in the fediverse. If you post anywhere on the internet someone can make an archive link that shows the post, your username, and any media forever.
Deleted comments remain on the server but hidden to non-admins, the username remains visible
This makes a lot of sense to keep a copy of what was deleted in case it is needed for all manner of things such as reporting to police or validating a pattern of a user’s bad behavior even if they are deleting their messages.
The username thing is potentially a problem, but I think is just part of the federation protocol. The protocol has to identify who is doing the delete (so not just anybody can delete anyone else’s comment), and that delete message basically takes the place of the deteled content. There may be a better way of handling that specifically in lemmy or the UI, but there is no guarantee other servers will behave the same, that is information that is out there.
Deleted account usernames remain visible too
Basically the same as above.
Anything remains visible on federated servers!
By design.
When you delete your account, media does not get deleted on any server
Not sure about this, there are layers of caching involved and those do get auto purged by default after a maximum of 6 months or something. This is a pretty common thing where if someone posts something to social media you can find a CDN link that will keep working for e.g. a photo even if the post holding the photo is deleted. It could probably be improved by servers finding and purging that item from their cache when they get a delete message.
the operator and developer of lemmy has very problematic politics
This whole section is basically fear-mongering. Lemmy is just one implementation of a federating server and these “problems” have basically always existed. Yes, the developer of Lemmy is a communist. If that causes mistrust don’t use lemmy.ml (the only server the dev runs AFAIK). If you don’t trust the software written by a communist for some reason, then use Kbin (if you want a reddit-like view of the fediverse) or Mastodon/Pleroma/Akkoma/Misskey/GNU Social/PeerTube/Pixelfed/Friendica/etc (various twitter/facebook/youtube/instagram styled fediverse softwares).
All I see here is an apparent admin of the site making a bunch of bad faith arguments and threatening to ban people who disagree with them.
Here is a link to another discussion on this topic.
ActivityPub has deletion protocols that at worst need to be implemented. Overall any shortcoming in the Lemmy code base can be fixed, and as always nothing is truly private on the public internet. It’s like expecting privacy using the sidewalk or the public park. We should try to have instances respect deletion requests though, but all that can be done is to ask servers nicely through an API.
“Wants to post on a social media website” “Wants pure privacy on the social media website”
I’m not sure what the issue is here… Did you know that your ISP has a record of every website you’ve ever been to on a server you don’t control and they can look at it whenever they want?
Did you know you leave a record of your device on any network you join, leaving a unique ID behind that can be mapped back to you? This record is stored on severs you don’t control and the operatora can view this record whenever they want?
Did you know that the admins of raddle have access to all your comments and DMs?! And they can read them at any time?!
I’m not sure what the issue is here… Did you know that your ISP has a record of every website you’ve ever been to on a server you don’t control and they can look at it whenever they want?
This is pretty much entirely incorrect.
It is part of the purpose of HTTPS that your ISP does not have the URLs of pages you visited, nor the content of the data sent in either direction. That information is all encrypted from your browser to the web server and vice-versa.
Encryption became standard in browsers in two waves: first, with the commercialization of the Web in the late 1990s and the need to encrypt financial credentials (e.g. credit card numbers) to do e-commerce; and second, after the Snowden NSA scandal that led to almost all non-commercial web sites adopting HTTPS as standard, followed by most browsers flagging unencrypted sites as “insecure”.
Classically, your ISP would have the domain names (e.g.
lemmy.world
) as you’d usually be using your ISP’s DNS server; and even if you were using a remote DNS server the DNS traffic would be unencrypted through your ISP’s network.But these days, they might not even have the domain names, as DNS over HTTPS is used in many browsers today.
Even today though — unless you’re using a VPN, Tor, or some other form of encrypted tunneling — your ISP can certainly discover the IP addresses of hosts you communicate with.
Yes there is a distinction between webPAGE and webSITE. Which is why I used site and not page. I never said they have the URLs, that was you.
I build and maintain networks for a living, so I know what the network operators do and do not have access to.
As a user of any network, you should be walking around under the assumption that every network is hostile.
Regardless, my point still stands. You should have no expectation of privacy when you don’t control the system your using. Especially these self hosted federated systems. Let alone a public webform where your sharing your thoughts and ideas and other PII.
- Don’t use repeat usernames across services
- Don’t include your full name
- Don’t include your photo
- Ditch your account periodically and make a new one
- Maintain separate accounts for different interests, especially NSFW content.
If you leave a trail of breadcrumbs, you will be found.
Unless the DMs are encrypted using your own keys, your DMs are one SQL query away from being nightly reading material for any instance admin.
That’s the leading privacy concern with these systems. You might think your DMs are private, but unless their encrypted, any DBA can read them. You better hope the Admins of your instance have no voyeuristic intentions.
Glad to see raddle is still a cesspool of purity-testing and knee-jerk takes… =w="
I used to really like it, too. I was active and supportive for a couple years (even back when it was raddit!), but wow this reminds me about why I don’t miss it. I’m already liking Lemmy so much more, and I’ve only been here a couple weeks!
My issue with this is that it feels like kinda an issue with federated software
I’m not gonna say lemmy couldn’t try of add federated delete functions but I feel ultimately federation comes with risk, I dont like the fact lemmy is ran by tankies, I really wish KBin had apps but I feel like this could be an issue no matter what