[Discussion] privacy issues regarding Lemmy - I use arch linux FYI
iusearchlinux.fyi
I want to preface this with the fact that I’m quite new to lemmy and using the fediverse as a whole (this is my first account on a fediverse server), but I have had my eyes on the concept for a while now. What I want to address is some of the issues regarding Lemmy and I want to discuss solutions to addressing those. I do want to note that I haven’t looked into the source for lemmy and my personal source of information is this thread on mastodon [https://mastodon.social/@HistoPol/110522257089980041] which also talks about the political issues with this platform (I’m going to be sidestepping the political/humanitarian views the devs seem to have for this thread as I want to keep discussion here purely about the privacy of the platform) the issues I want to address here are related to how lemmy deals with “deleted” content. 1. comments deleted by users are still visible to admins 2. deleted user accounts still have their data remain on the instance. both of these are serious issues concerning user privacy and also violate several laws around the world regarding privacy (most notably the EU’s GDPR). additionally these seem to be easy (if not trivial) to address from a code perspective so I don’t see why these changes could not be made by someone familiar with the project and then used by instances before they get merged in the main project (if they will ever do so). I want instance admins to be aware of this particular issue (not just for my home instance, but as many as we can) and thus want this thread to be one of open discussion about how we would go about this. I’m just a random guy on the internet; but I want to know what we can do about this at the very least and maybe actually make some sort of difference.

thought I’d post it here as well for visibility

  • Disa@burggit.moeMEnglish
    0·
    1 year ago

    comments deleted by users are still visible to admins

    I personally consider this to be a potential positive for moderation’ sake. Let’s say someone posts illegal content and then quickly deletes it the post. Well, the illegal content would still be uploaded on the server hodling the instance hosts potentially liable for storing such content. This feature allows for that content to be found and removed from the server.

    deleted user accounts still have their data remain on the instance.

    This one is the one which I could see the most problems with, especially if the instance requires you use an email to signup. This is something i’d like to have addressed in the software. This is definitely something to take into account when creating an account on a lemmy instance, especially those which require email or other personal information.

    • Burger@burggit.moeEnglish
      2·
      1 year ago

      Perhaps we should have it state to not use your main email if you’re not comfortable with people potentially having it on our signup form?

      • Disa@burggit.moeMEnglish
        3·
        1 year ago

        I don’t know, that almost feels implied, especially since it says (optional) in the email textbox when signing up.

    • CatherineHuffman@burggit.moeEnglish
      1·
      1 year ago

      What if the post was removed publicly, kept for 30 days, then removed from the server entirely? Similar to the way the “trash” in your trash bin works on PC.

      • Disa@burggit.moeMEnglish
        2·
        1 year ago

        This feels like something that should be configured on an instance level, if we’re talking about storing data for a certain number of days before deletion.