You can’t delete any text in comments or posts either - or at least not reliably, as any federated instance could choose to ignore deletions.
You should basically consider what you write or post here public, and probably public for good. But here’s the thing - same goes for the entire rest of the Internet as well, basically.
You should generally think similarly about anything you post anywhere on the internet that has open access. If it’s viewable anonymously, anyone could save and mirror it.
The only difference is it’s almost guaranteed on a federated platform.
I feel like, after over a decade of smartphones and snapchat and such, a younger generation needs to be thought better what putting content on the Internet means on a fundamental level, and those of us old enough to remember the more open web need to be reminded.
If you don’t want everyone to see it, and I mean everyone, then you shouldn’t put it online. For all intents and purposes, once you hit send, it’s now a part of the internet. You might get lucky and be able to remove it, but that’s the exception, not the rule.
I agree with your core concept.
But this is a pretty wild flaw. The fact that even an admin can’t reliably delete photos from their own instance? That’s begging to be exploited by bad actors. What happens when it’s porn (whether kids or unconsenting adults)? It’s core functionality that you have to have.
Admins can definitely delete photos from their own instance. The problem is deleting it from all instances; that is hard.
It’s also hard for admins to delete it from their own instance:
This is just a feature request to do it via the web interface, you can still do it manually on the server without too much effort.
I didnt know about that. This is a bit scary to be honest, and the first time I feel a bit taken aback with lemmy
You also know that all votes are technically public and can be viewed by any instance admin that’s federated with the server a community is on, right? There’s no way to see that in the Lemmy UI at the moment but the data is there on the server.
The votes are directly visible from Kbin for users as well.
I don’t know if this works on Lemmy, but Reddit used to be like this and a solution was to edit your comment to different text first (something like ‘I like turtles’), wait about a week to allow the new text to be archived, and then delete it.
‘I like turtles’ wasn’t special, but makes it easy to scroll through your comments later when deleting things.
In Lemmy, your username will still show up with deleted comments, but in theory the edited text will replace the original comment you want to delete in archived views. This method doesn’t work with post images, though.
Someone correct me if I’m wrong here, please.
e: I’ve edited this comment thrice in 2 hours. Can anyone tell, and can you differentiate my 3 edits?
On the front end this still theoretically works, but it’s unclear when (if ever) reddit respected it on the back end. They might have an archive of all the text ever put on the site.
Under GDPR you can just send a request for them to send you all of the data that they’ve stored about you on their backend.
I don’t know how their backend works, but as a former db admin, it seems wasteful to maintain that many layers of change for every user. I would certainly do that in a mission-critical system, but for millions of pseudo-anonymous users, many of whom are shitposters, that would be an insane waste of server space.
That may be true, but I would be a bit surprised if there were a change-log like that.
e: keep in mind, systems like this don’t just work like that – you’d have to do extra work to build it that way on purpose. And you’d be doing that extra work, maintenance, and hosting for a user base who aren’t paying you, in a system you’re giving away for free, in Lemmy’s case.
Knowing how comments get changed is immensely interesting data. And if you design a system from the ground up, adding the functionality to save edits in the backend does not take much effort at all.
Sure, and I can see keeping the last edit (which it obviously does), but every edit? That seems ridiculous if only for the hosting costs.
Really? What do you expect is the edit rate on sites like Lemmy and reddit? One in ten comments? I think more like one in 30 or something. That would increase the storage costs by 3% and a small amount of processing power.
Hosting costs are dwarfed by media storage anyway.
If that’s the case then I need to say this: “Penis ass butt cock fart”
- @[email protected], 2024
Never forget
Backed up on 3 cloud servers and 2 computers locally.
Not enough. We need a new voyager disc.
Damnit. I wish I known that an hour ago. I guess my butthole pic will live on with the internet for an eternity.
It really is a nice butthole
Great, now you made me want to check their profile to see if they did indeed uploaded a picture of their butthole.
I am saved by my ultra slow internet and going to have to take your word for it.
“That’s America’s butthole.”
Seems that one of the problems with regards to this post has been recently fixed and will be included in the next release :)
Looks like we forgot to add this option in the frontend.
I thought they failed to add the checkbox:
We failed to add a checkbox for this parameter to lemmy-ui.
… What’s the big difference? They failed to add it cause they forgot, no?
Probably language barrier. That figure of speech is not the easiest for Germans to grasp.
The first thing coming to mind is “we tried to add a checkbox, but failed, it just wouldn’t work”
To my German mind, failing means “trying and not managing it, giving up in the end.”
Failing to so somehing by forgetting doesn’t really make sense. :) How can you fail something you’ve never attempted.
It’s just a figure of speech, I know.
deleted by creator
How exactly does Lemmy remain in compliance with laws regarding, for example, a user’s right to have all data associated with their account deleted (right to erasure, etc), or ensure that it is only kept for a time period reasonable while the user is actively using your services (data protection retention periods, etc)?
It’s not a big deal for me, just strange to think Lemmy of all places would be built to be so anti user’s data rights. The user is ultimately the one that decides what is done with their information/property, after all.
Lemmy is not a singular software or website, every instance on its own need to ensure compliance with their respective laws where they are domiciled.
But if instance A is domiciled in the EU, and the content mirrored to instance B in Zimbabwe, where no right to be forgotten exists, then a user of instance A can’t invoke any laws beyond what the local admin can control.
That’s amazing for high availability of content - it’s essentially mirrored in perpetuity - but a nightmare for privacy advocates. AFAIK there haven’t been any court cases related to deletion requests, so that’s still virgin territory.
Instances located in Zimbabwe still have to comply with the GDPR, as the law applies to any entity that processes EU citizen’s personal data, regardless of where this happens. Instance B would also have to comply with a deletion request, or whatever EU member state the citizen is from will impose a fine and seize assets if necessary.
This is the stupidest claim GDPR makes. It’s completely unenforceable and it’s attempting to enforce EU law in countries outside of the EU, which goes completely against any norms in international relations.
It absolutely is enforceable, and the EU has already enforced it several times.
The EU can of course try to seize assets, but in many cases they have signed a treaty with other countries stating they have the right to enforce the GDPR within their borders. Think a bit in the sense of an extradition treaty. For the US, this is the EU-US Data Privacy Framework for example.
This means the EU absolutely can, will and has the means to enforce the GDPR abroad.
redacted
Isn’t this in violation of the gdpr?
If that were the case, wouldn’t the entire Fediverse be against it? Since they can’t really be deleted because it gets sent everywhere.
Yes and no.
let’s say I have a website that hosts user generated content like a forum or something. Some other person just hosts a mirror of my website that is not under my control. If some user requests me to delete his data, I can do that. i cannot delete the data from the mirror site.
Nothing else is happening in the fediverse. The only difference is, that in the fediverse the license and technology is set up to encourage mirroring content.
While being compliant with GDPR depends on the instance that pulls your data (which is the premise), the Fediverse isn’t in any way close to being private if you can’t delete your own data everywhere.
Things you post publicly online just aren’t private
While I don’t disagree with what you say, it’s always safe to assume that once something had been online, anybody can copy/screenshot the content.
“Traditional” social media is not meant to be private, what you post always has been public knowledge, and stays that way.
There are certainly advantages and drawback to this open approach. So use a chat app if you want private social media, like signal story.
I can’t upload any image so I’m way ahead of you
How? I want to block my app from being able to upload images.
Join lemm.ee and you would be golden
oh, I got too excited. The instance sidebar says image uploads are available 4 weeks after account creation, though :(
Let me try sending you something
Edit: I got error 413 that I don’t have that functionality. Don’t you see it can never be.
What exactly is a KYC selfie? Is it a photo of an ID card? I figured out WUI is WebUI. The author uses some strange acronyms I never heard before.
It’s very American that they can steal your identity with just one photo. My European state issued ID has data on both sides, so if someone would take a photo of it won’t be enough for anything. Also if you loose it you just get a new one and noone can use the old one for anything.
Author here. A “KYC Selfie” is a selfie photo where you hold-up a State-issued photo-identity document next to your face. This is not a US-specific thing; it’s also used in the EU.
I used to work for a bank in Europe where we used KYC seflies for authentication of customers opening new accounts (or recovering accounts from lost credentials), including European customers. Most KYC Selfies are taken with a passport (where all the information is on one-side), but if your ID has data on both sides then the entity asking you for the KYC seflie may require you to take two photos: showing both sides.
Some countries in the EU have cryptographic authentication with eIDs. The example I linked-to in the article is Estonia, who has made auth-by-State-issued-private-key mandatory for over a decade. Currently MEPs are deciding on an eID standard, which is targeting making eIDs a requirement for all EU Member States by 2016.
I recommend the Please Identify Yourself! talk at 37c3 about the state of eID legislation as of Dec 2023 (and how to learn from India, who did eID horribly wrong):
KYC = Know Your Customer, a team I just learned recently. It’s primarily related to financial transactions, to make crimes like money laundering or terrorism financing harder. Up until relatively recently this was something that primarily happened face-to-face, and it doesn’t seem like good controls have been developed for online use.
I think some ID cards are single-sided, some are double-sided. One of the big problems is most Americans only have a state-issued ID, not a federal one, and the standards vary from state to state. They’ve tried to address this some with minimum standards for state IDs (mainly driver’s licenses) under a program called Real ID (enacted after 9/11 hijackers got state-issued IDs for false identities), but it was still optional for certain purposes, at least until recently. In my state for a long time when renewing your driver’s license it was optional to do the extra paperwork for a Real ID, but then there would be a note on the top that it was not valid for federal identification purposes, such as accessing certain government facilities or boarding an airplane. Since I have a passport I’ve never bothered with it, but it looks like this year getting a Real ID is mandatory when getting or renewing a driver’s license in my state.
It’s mostly a religious thing. The “left behind” Christians believe a federal ID is the “Mark of the Beast”.
deleted by creator
Might be worth heeding with anything else sensitive too. Like bank details, emails etc. Dont dox yourself.
hey, if you type in your pw, it will show as stars ********* see!
Welcome to the hell of being a lemmy admin. There’s a reason why lemmy admins are fed up with the developers.
For context, there’s a lot that goes on behind the scenes when it comes to lemmy admin stuff especially in the matrix channels. There is a significant frustration and lack of confidence in the lemmy developers at this point. Even those who try to contribute to the project get eventually feeling pushed out.
Based on what I’ve seen on the public facing part of the developer side, I get the feeling this isn’t the kind of group that can build the kind of organization required to make this sustainable in the long run.
I’m just waiting for when Beehaw releases that they’ve given up on Lemmy and have created a new tech stack.
We already have Sublinks
It’s open source. We don’t have to depend on the original developers.
If it gets too bad, someone can just make a fork.
Afaik people are just impatient with the developers and have different short term goals.
I mention a new tech stack because Beehaw brought it up as an option and a lot of people have commented on the difficulty of development in this environment.
That’d be disappointing. Rust seems like a great foundation.
It could still be rust. Code is always the easy part. Design and organization and funding are hard
Rust seems like a great foundation.
The fact that I know you’re referring to the programming language called “Rust” doesn’t make this sentence any less funny.
In terms of new tech stack currently theres sublinks being made by devs/admins of a bunch of instances (discuss.online, lemmy.world, programming.dev, etc.)
Anything public yet and are they sticking to Rust?
Java spring for backend, Go for federation, Next.js for frontend
demo.sublinks.org has the backend with the lemmy-ui frontend to show api compatibility
Task list and progress is public on the github org https://github.com/orgs/sublinks/projects/1
Matrix space where all the devs talk is also public and you can see progress talked about in them
Not really a substantial opinion, but I have little hope that replacing a fairly well established Rust codebase with a brand new Java one will do much in terms of increasing contribution.
Theres been a bunch of activity and people joining in in the dev matrix already
Backend pretty much already has parity and the frontend is currently the main thing that an updated demo is waiting on but should be ready really soon
I’ve been designing an updated home page recently for it that I’ll be pushing out this week that looks miles better than lemmy-ui since I could do everything from scratch and thus quickly
I wouldn’t shortchange how much making the barrier to entry lower can help. You have to fight Rust a lot to build anything complex, and that can have a chilling effect on contributions. This is not a dig at Rust; it has to force you to build things in a particular way because it has to guarantee memory safety at compile time. That isn’t to say that Rust’s approach is the only way to be sure your code is safe, mind you, just that Rust’s insistence on memory safety at compile time is constraining.
To be frank, this isn’t necessary most of the time, and Rust will force you to spend ages worrying about problems that may not apply to your project. Java gets a bad rap but it’s second only to Python in ease-of-use. When you’re working on an API-driven webapp, you really don’t need Rust’s efficiency as much as you need a well-defined architecture that people can easily contribute to.
I doubt it’ll magically fix everything on its own, but a combo of good contribution policies and a more approachable codebase might.
Dear aussie.zone users,
I can delete photos. Just give me the url of the photo you need killed and I’ll happily delete it for you. But also, don’t (accidentally) upload a nude.
But won’t answer DMs about an instance bug where being temp banned from one community functions as an instance wide ban
Huh.
You are correct - there is a message in my inbox from you. I honestly didn’t realise/see it. I’ll reply privately.