2
[Discussion] privacy issues regarding Lemmy - I use arch linux FYI
iusearchlinux.fyiI want to preface this with the fact that I’m quite new to lemmy and using the
fediverse as a whole (this is my first account on a fediverse server), but I
have had my eyes on the concept for a while now. What I want to address is some
of the issues regarding Lemmy and I want to discuss solutions to addressing
those. I do want to note that I haven’t looked into the source for lemmy and my
personal source of information is this thread on mastodon
[https://mastodon.social/@HistoPol/110522257089980041] which also talks about
the political issues with this platform (I’m going to be sidestepping the
political/humanitarian views the devs seem to have for this thread as I want to
keep discussion here purely about the privacy of the platform) the issues I want
to address here are related to how lemmy deals with “deleted” content. 1.
comments deleted by users are still visible to admins 2. deleted user accounts
still have their data remain on the instance. both of these are serious issues
concerning user privacy and also violate several laws around the world regarding
privacy (most notably the EU’s GDPR). additionally these seem to be easy (if not
trivial) to address from a code perspective so I don’t see why these changes
could not be made by someone familiar with the project and then used by
instances before they get merged in the main project (if they will ever do so).
I want instance admins to be aware of this particular issue (not just for my
home instance, but as many as we can) and thus want this thread to be one of
open discussion about how we would go about this. I’m just a random guy on the
internet; but I want to know what we can do about this at the very least and
maybe actually make some sort of difference.
thought I’d post it here as well for visibility
my problem doesn’t lie in having to trust an instance to not store your data; but rather the platform itself keeping this data without a clear way of turning it off when setting up your instance (aside from modifying the source)
I agree that there’s always trust needed and who you trust in the end is up to you so you as the end user should make an informed decision if you care about this.
I think part of the reason why i don’t care that much, is because i’m looking at it from a software developper’s perspective.
Even without touching the source code, which would require quite a bit of effort simply to familiarize yourself with the codebase, the moment you get full access to the database it becomes ‘trivial’ (as long as you know some SQL) to do absolutely anything with the data.
Also, a somewhat common thing when working with databases is to never truly, permanently delete data, especially when the deletion comes from user-controlled actions. You can’t trust users to not delete data they didn’t want to delete and user accounts can also be compromised. Depending on the data itself, allowing total and permanent deletion can be very harmful and irrecoverable. When you don’t fully delete the data but simply ‘mark it as deleted’, it’s a lot easier to revert such problems. Even with the GDPR and the right to be forgoten, i don’t have any stats on this but i’m pretty sure there’s a lot of sites that simply mark things as deleted instead of a true permanent deletion.
edit: Forgot to mention that since bugs are also a thing, not actually deleting data can save your butt more than once.