- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.
tbh I just assume that despite GDPR or CCPA any images I put up are there forever, it’s not like the tech is that different in the fediverse from anywhere else. nowhere is going to be scrubbing their storage drive blocks on delete if it even can be deleted
I take it you’ve never run a community instance. The problem is, laws vary by jurisdiction, and can have a very real effect on how you run your server when shit hits the fan.
We recently ran a story about a guy building his own Fediverse community and platform, who just happened to be a bit naive about the network. He’s off in his corner, doing his own thing, people find his project and assume it’s some kind of weird scraper. After disinformation came out about it, someone remote-loaded child pornography to his server, for the purpose of filling a report with the police.
The guy is based on Germany. Local jurisdiction requires one year of prison time minimum. It matters.
This shit is exactly why I don’t understand why the default is to cache every image locally. If you’re building a scraper for local use I can sort of understand, but this is such an easy feature to abuse.
Well, yeah…
If you upload a picture to Lemmy, it’s going to get saved by a shit of federated instances.
That’s how federation works, but once it happens, it’s hard to get all of them to delete it.
The fix is easy:
Upload somewhere else (theres a bunch of images hosts) then make your post point to that image host. Federated instances just have to host the link, so it’s good for them too.
I’d love to see something like the RES feature where Lemmy can still show an expandable thumbnail for non-hosted images. RES pulled it off fine years ago, not sure how hard it would be.
But that would fix all these issues
Yeah it’s like trying to delete a torrent that you created lol, deleting stuff from the Internet is not so easy. Even websites that claim to allow you to delete stuff may still be backed up by The Wayback Machine or similar, or even just a random user who liked your post and downloaded it.
I would like improvements here, but you should probably still be careful about anything you post if you’re worried about being able to delete it, no matter what site you’re on.
I have to say, I think the article actually does address what you’re saying, in particular here:
There are a couple of reasons as to why this is so surprising. Firstly, the Trust & Safety aspect: a few months ago, several Lemmy servers were absolutely hammered with CSAM, to the point that communities shut down and several servers were forced to defederate from one another or shut down themselves.
Simply put, the existing moderation tooling is not adequate for removing illegal content from servers. It’s bad enough to have to jump through hoops dealing with local content, but when it comes to federated data, it’s a whole other ball game.
The second, equally important aspect is one of user consent. If a user accidentally uploads a sensitive image, or wants to wipe their account off of a server, the instance should make an effort to comply with their wishes. Federated deletions fail sometimes, but an earnest attempt to remove content from a local server should be trivial, and attempting to perform a remote delete is better than nothing.
I also just want to point out that the knife cuts both ways. Yes, it’s impossible to guarantee nodes you’re federating with aren’t just ignoring remote delete requests. But, there is a benefit to acting in good faith that I think is easy to infer from the CSAM material example the article presents.
Upload somewhere else (theres a bunch of images hosts) then make your post point to that image host. Federated instances just have to host the link, so it’s good for them too.
Those images are still cached as well as the thumbnails.
So, to be clear, the story the article links to is specifically a case of local content that didn’t actually federate. It was an accidental upload, he cancelled the post, it sat in storage, and even his admin was stumped about how to get it out.
I agree that with federation, it’s a lot more messy. But, having provisions to delete things locally, and try to push out deletes across the network, is absolutely better than nothing.
The biggest issue I have is that there’s really not much an admin can do at the moment if CSAM or some other horrific shit gets into pict-rs, short of using a tool to crawl through the database and use API calls to hackily delete things. Federation aside, at least make it easy for admins and mods to handle this on their home servers.
Couldn’t images and videos just be loaded from the instance they were uploaded to instead of getting copied to each instance? It would work almost the same as uploading it to a file hoster but it would be a lot easier usability wise and illegal content would still only have to be deleted at a single point.
Lemmy’s Image Problem
I see what you did there…
that’s not a bug
…image hosting is actually handled as an auxiliary service called pict-rs, which runs alongside a given Lemmy instance. While pict-rs itself works fine for handling uploads, downloads, and modifications to pictures, the devs neglected to add anything to Lemmy’s interface to handle deletions. In fact, the platform as a whole lacks any tooling for moderating images whatsoever.
At this point, most of the solutions the ecosystem has relied on have been third-party tools, such as db0’s fantastic Fediseer and Fedi-Safety initiatives. While I’m sure many people are glad these tools exist, the fact that instances have to rely on third-party solutions is downright baffling.
I’m not sure I see the issue here, what’s the point of an open ecosystem if you don’t make use of any third party tools? Fedi-safety in particular feels like it should not be part of the core project
There’s nothing wrong with having good third-party tools, that was not my point. db0 in particular has done some amazing, amazing work.
What’s fucked, however, is having a project:
- whose core infrastructure only offers the most threadbare tools
- there’s zero consideration from development on privacy, user safety, or basic controls to handle when shit hits the bed
- the devs are stone silent when waves of CSAM crash through instances
- they openly mock people or say they’re “too busy to do this” when it comes to meeting the most basic expectations of how a social platform ought to work.
Like, this is not an attack on Lemmy itself, I think the platform can be a real force for good in the Fediverse. But let’s be honest, this project is not going to live very long if nothing changes.
Basic things like having the ability to easily remove images from storage should be part of the core platform. The fact that this still isn’t a thing even four years into the project is insane.
The first time some random user files a sue in court the admins of their instance will be in trouble.
Lemmy devs are not affected, but instance admins are and according to the GDPR they are considered “data controllers” and are responsible for the processing of users’ data.
As far as I understand it, this lacking feature is an open “challenge” to existing regulation and legislators, maybe also to open people’s eyes about the fact that privacy claims are often not enforced even by those who claim to do so.
I’m nog sure what they’ll be sued for. The GDPR is very much written so that DPAs take action, not individual users.
Even then, instances need to break the law first. If someone asks a server to delete or alter personal information, the instance has a full month to respond. If deletion or alteration cannot take place within a month (doubtful, but theoretically possible), the the change may take even longer.
You can send a GDPR death letter to an instance admin and the worst you’ve done is annoy an admin who needs to run a bunch of SQL scripts for an one afternoon.
Lemmy doesn’t process that much personal information. It republishes content on your request, but that’s not necessarily PII. There are a few identifiers (your username, user ID, the private/public key pair used to sign your messages when dealing with federation) but like on many other platforms, those can be changed, with great difficulty. Of course, changing that information WILL break shit on other servers, but you can try!
When it comes to other servers, you’re kind of screwed. That’s not really a problem, though. You don’t expect Gmail to make everyone you’ve ever emailed delete the stuff they’ve received from you, that’s just not how that works. You could argue that email is more private, but then mailing lists exist that basically do what the Fediverse does but on a larger scale.
Some counter points
- the software isn’t a finished product yet. We’re on 0.19 for a reason
- that’s how ActivityPub works. There is one network I know of that can do this (Circles), but this works through encryption and breaks down if anyone you’ve shared your posts with gets hacked
- I don’t know what you’d expect from them here. Should they have posted something like “Please don’t post illegal content, thanks”?
- They are busy. There are basically two people developing this software for a laughably small amount of money. Software takes time, planning, and “I want this now” is not a reason to alter course.
You’re not wrong to feel irked by this. However, if that’s the case, the Fediverse may not be for you. You’re probably better off over some place else, like Reddit or Bluesky, where decisions are taken centrally, investor money is driving development, and there’s a manager to complain to.
I agree that there should be a way to delete kmages… and there is. It’s a simple API call with an admin token that any server admin worthy their salt can execute. The user who uploaded the image also gets a token, but that disappears after you posted your image, unless you use an app that keeps it (there’s one on Android that does this!).
I think it wouldn’t be a bad idea to implement persistent storage of these tokens, so if you have the time to fix this issue, please open a pull request!
the Fediverse may not be for you. You’re probably better off over some place else,
Just going to leave this here. Pretty sure this user knows about the fediverse quite a bit more than you’re assuming.
You’re not wrong to feel irked by this. However, if that’s the case, the Fediverse may not be for you. You’re probably better off over some place else, like Reddit or Bluesky, where decisions are taken centrally, investor money is driving development, and there’s a manager to complain to.
Thanks for the laugh, I’ve been on the network for almost the entirety of its lifetime and witnessed every development and major change. I’ve even helped run a major project in the early days.
In that case, none of the things you mention should be surprises, or even abnormal, really. These problems have plagued all of the Fediverse at some point, and they have never been solved.
Perhaps you could enlighten me on what Fediverse software does take “privacy, user safety, or basic controls to handle when shit hits the bed” into consideration, because I can’t think of any; they all just expect every other server in the network not to be malicious.
I also don’t remember hearing anything from the Mastodon devs when the Lemmy communities that Mastodon users were following were uploading child porn to their local image caches, let alone anything user-facing. The CSAM spam may have targeted Lemmy, but on the rest of the Fediverse the “solution” seemed to be “defederate from all of Lemmy for a while” at best. The recent Japanese spam wave could just as well have been CSAM instead of pictures of cans of spam and the wave proved that the Fediverse in its current form just can’t cope with malicious actors.
Perhaps you could enlighten me on what Fediverse software does take “privacy, user safety, or basic controls to handle when shit hits the bed” into consideration, because I can’t think of any; they all just expect every other server in the network not to be malicious.
Friendica, Hubzilla, Streams, tentatively Bonfire, Pixelfed, PeerTube, Akkoma. Off the top of my head.
In what way are those better? Don’t they still suffer from the privacy problems that come with federation? In fact, Peertube’s P2P nature makes it one of the least private and secure Fediverse implementations I know of. From what I can see experimenting with Pixelfed, PeerTube, and Akkoma, they’re suffering from the same privacy and user safety issues Lemmy suffers from. Like on Bluesky, the user-facing controls are in no way enforced when activities cross federation in any way, so they only work in whitelist-based, tight-knit communities or defederated instances.
I find Friendica’s “expiration” to be quite disingenuous, because the language on the front page implies privacy features that can’t be attained in real life. That also goes for their controls, promising private chats that are only as private as the participating servers are willing to make them.
Hubzilla and Streams seem very interesting. I’ll have to dig into those, they seem very promising.
In what way are those better? Don’t they still suffer from the privacy problems that come with federation?
Yes, the issue is that Lemmy does not even attempt to allow you to delete the image. There is no control for the user to do this. It’s literally not possible.
Hubzilla and the zot protocol are a really promising alternative to ActivityPub, just not as much traction.
Its simply not true that we have zero consideration for privacy or user safety. But that is only one aspect of Lemmy, we also have to work on many other things. And we werent silent during the CSAM wave, but most of it was handled by admins and all the related issues are long resolved. Lemmy has 50k active users, its obvious that we are too busy to work on every single thing that some individual user demands.
There is a reason that Lemmy still has version 0.x. If you have such high demands then you shouldnt use it, and switch to another platform instead. And yes you are clearly stoking an attack against Lemmy, I wonder why you hate our project so much.
There is a stark difference between closing an issue and actually resolving the problem. You’re right; lots of those issues are closed. The identified problems remain and don’t go away merely because you close an software repo issue on it.
Look, no one is ungrateful for the work you and Dessalines are doing. I get it - I helped run a large-scale federated open source social network over a decade ago. It’s an amazing, incredible experience - but, it’s also grueling, demanding work, and community members and users can be incredibly fickle. Especially when it comes to living off of donations, and having to carve out a technical stack all by yourself. That shit is hard.
Here’s the thing: your users, your community, your efforts in general, pretty much ride or die by the people who run instances of your software, advocate for your platform, and develop apps and tools for your ecosystem. If something is broken at a foundational level, it’s ultimately your responsibility to decide what to do about it.
Code is not the only fruit of someone’s labor here. Your community is doing a lot of labor for you too, and making even less money doing so. At some point, if people don’t think their needs are being met to keep running their communities and stave off the worst of the worst, it’s going to tank people’s confidence. People will leave. And they’ll talk on the way out. Optics matter.
I’m not saying you have to drop everything to accommodate some random concern right away. But some of the responses you’ve given to people that had reasonable asks, that had reasonable use-cases in ensuring smooth operations of instances in compliance of laws…some of your reactions are terrible.
If your default when someone asks you about GDPR compliant features is to scream at people, demand that they do the work for you, make excuses that you’re too busy, or belittle someone because you disagree with someone, you’re doing community management ass-backwards, and you’re burning away community goodwill every time you do it. It’s hostile and demoralizing, and people will come to resent you for it.
If you have such high demands then you shouldnt use it, and switch to another platform instead. And yes you are clearly stoking an attack against Lemmy, I wonder why you hate our project so much.
See, this is exactly what I’m talking about. Someone asks for something, points out problematic behavior, gives feedback on how something could be better, and you lean into the myopic belief that this is somehow an attack or an effort to undermine you. My brother in Christ, if there is any ill-will towards how you do things, it is because of your own behavior, not on the merits of your project, your political alignment, or who you are as a person.
I don’t hate your project, but you need to pull your head out of your ass, and realize that you’re dropping the fucking ball on trust and safety. People hosting instances aren’t going to stick around forever if you keep defaulting to hostility.
There’s no guarantee on third party tools continuing to work with Lemmy. Something as critical as deleting images, which can cause problems like revenge porn and such, must be given priority by the official project.
We will never block third party tools, and will always have an open API.
One of the PRs I’ve been working on, is an interface to view your image uploads and delete them. This is not trivial, but will probably be in the next release.
Thank you for your service
Lemmy providing an open API does not mean that third parties maintain compatibility forever. (Edit: for example, what happens if the third party app gets taken away by a malicious maintainer? Or becomes buggy, or un-maintainable, project dies, etc.)
I don’t want to upset you, but I think I have to say this for the sake of the community. The attitude like “we provide an API, so third parties will follow,” is what is causing instance admins’ distrust in the first place.
I endorse the Lemmy developers banning this entitled fucking loser.
I find it very questionable that you publish this sort of hit piece against Lemmy without even bothering to ask for a comment from our side. This is not how journalism should work.
Effectively you are blowing the complaints of a single user completely out of proportion. It is true that we didnt respond ideally in the mentioned issue, but neither is it okay for a user to act so demanding towards open source developers who provide software for free. You also completely ignore that this is an exception, there are thousands of issues and pull requests in the Lemmy repos which are handled without any problems.
Besides you claim that we dont care about moderation, user safety and tooling which is simply not true. If you look at the 0.19.0 release notes there are numerous features in these areas, such as instance blocking, better reports handling and a new moderator view. However we also have to work on improvements to many other features, and our time is limited.
Finally you act like 4000€ per month is a lot of money, however thats only 2000€ for each of us. We could stop developing Lemmy right now and work for a startup or corporation for three or four times the amount of money. Then we also wouldnt have to deal with this kind of meaningless drama. Is that what you want to achieve with your website?
Then we also wouldnt have to deal with this kind of meaningless drama.
The day to day drama in corporate software development is MUCH more meaningless than what you’re dealing with.
Wow, when are you going to realize that you work for your users?
This isn’t “one user” being “so demanding”. Its a trend. Read what others have said. Learn from your mistakes. Your community of instance admins are pissed because you’re constantly throwing them under the bus. And, yes, your moderation tools are crap. Thats objective.
And 2000€ per month is a ton of money. Most open source devs get nothing. Stop being so ungrateful and disrespectful to the community that you work for.
Stop being so ungrateful and disrespectful to the community that you work for.
Fam, this is Free Software. Capitalism is that way → www.reddit.com .
I love lemmy, having been here since the very earliest hexbear days. In my view, the devs are doing the best they can. They’re a tiny team surviving on grants, trying to produce software that the users, for some reason, expect to have feature parity with reddit, a large corporation with a large paid dev team. It’s weird to say the least.
My understanding is that nutomic and dessalines survive solely on that 4000 euros per month, because all of their time goes to lemmy. How do you want them to survive? They need to eat and pay rent, you know. The real world exists and they’re humans in it, needing food and sleep and shelter.
It seems to me you want magic. You don’t want the lemmy devs to be humans, you want them to be magic coder gods who are infinitely patient, with boundless time and energy. But that’s completely unrealistic, you surely must see that, right?
Micheal Douglass breakfast sandwich-ass
Sorry if you were just making a joke, my sarcasm detector is not really working anymore (/s at the end would help). But if not, this comment really perfectly captures the entitlement in open source.
Now imagine you spend months (or even years) of your free time to build something for people to use freely, and the result is that you get endless comments from random strangers, telling you that you work for them and that you need to respect and be grateful to them. I honestly am impressed that open source still exists at all at this point.
I think it’s a question of philosophy. If I take donations for something, is it really still my hobby projects I build in my free time?
Not really IMO. The moment I make money off it, it’s more than that.
And if I have a community of people who use that project, I should be transparent with them and engage with them. Maybe the Lemmy devs are doing this in some place where I’m not (like on their matrix), but I have never seen them explain why they are working on certain features and not on others. Their development updates are awesome and I appreciate them, but it’s very much a communication of “we are doing this, see you next time”. The recent AMA was a good example of engagement that gives the possibility to explain things better and get into contact. My advice would be to work on communication and feedback channels.
But everyone is free to see that differently.
This is your brain on consumerism.
What do you want for nothing, your money back?
Fuck off lol you do it then if it’s such a trivial task.
“Ungrateful” yea they should be super grateful for making a little over 10 bucks an hour to listen to this kind of self important bullshit.
2000€ is rent for a 1 bedroom apartment lol.
Also this is not reddit. If you don’t like something, you can change it yourself. That’s how open source works.
Stop being so ungrateful and disrespectful to the community that you work for.
Real “don’t talk to the help” energy coming off you, man.
Also big vibes lol. Telling others to stop being ungrateful and disrespectful, while being ungrateful and disrespectful themselves.
Yea takes an impressive level of self awareness to go from “you work for us” to “no you don’t deserve more money” to “why arent you personally catering to me more” in that amount of time
You mean to all if the instance admins
Wow, when are you going to realize that you work for your users?
Do you pay their salary and have an employment contract with the developers of Lemmy? If not, they do not work for you.
And 2000€ per month is a ton of money. Most open source devs get nothing. Stop being so ungrateful and disrespectful to the community that you work for.
This is not a typical open source side project. The developers work full time on it, it’s basically their job. That 2000 Euros is their monthly gross salary. Average monthly salary in France is 2340 euros net as of 2022. The developers of Lemmy are earning well below average.
The thing that really gets me with these, is that we are 2-4 devs working on software used by over 40k ppl. It is absolutely impossible to please everyone, and fix every issue, there just isn’t enough of us.
Oftentimes we ask for ppl to do the open source thing, and contribute a PR, and many of them do.
Anyone can look at our github profiles and see how busy we’ve been, and how many moderation related issues we’ve been working on, this is all out in the open. Yet writers of these articles somehow never bother to look, or reach out to us for questions. The amount of entitlement and second-hand rumors is really dissapointing.
When we talk about Open Source, we’re not just talking about code. We’re talking about a way of approaching software, of designing it, developing it, distributing it, spreading it, making it something that benefits everyone. So being a developer in this context means thinking of software as a common good and then contributing means making it better and if by better we mean more useful, more accessible, more secure, more powerful, more stable and easier to use, then it’s clear that we are not just talking about writing code.
I’ve reviewed both your and @Nutomic’s comments, your latest blog updates, and GitHub PR’s, and added a section accordingly: https://wedistribute.org/2024/03/lemmy-image-problem/#giving-credit
Thank you for your hard work, and for taking necessary steps to improve something that is essential for instance operators.
Thanks that is a bit better. Unfortunately people who have already read the article wont see the update, and even people who read it now may not read all the way to the end, and still leave with a negative impression. Still its better than nothing.
To get an idea how most Lemmy users feel, have a look at this thread. Practically every comment is positive about Lemmy, you can hardly find any negative sentiment. And certainly no one cares about this image deletion issue, which proves that the complaints of a few individuals are completely blown out of proportion.
As a user, I love lemmy, and I want to thank you and the other devs that work tirelessly to develop it.
Also as a user I value the ability to manage my data, and hope to see image deletion implemented when you’re able to do so.
After having read the Nightmare piece, my decision was to stop posting images directly to lemmy. To share images, I’m going to self host an Imgur like service so if I do want to delete an image, I can.
I’m not a developer, and can’t contribute code to address the problem, but, at least for myself, I’ve got a solution I can implement.
I can confirm there is a silent majority of comerads. This is the thread that drove me to be a monthly donor. Thanks for everything.
Thanks for the donation!
To chime in: Yes, people are positive about Lemmy. I like Lemmy, people like Lemmy. And Lemmy users in general want to see activity at Lemmy. Who wouldnt? That’s kind of a given… but still I want Lemmy to continue to evolve in functionality. That doesnt contradict itself?
And if someone points out that certain things arent technically possible at the moment, I as a user would expect that this isnt considered a “complaint” or a “negative sentiment”.
Especially when it’s a functionality that might have legal implications. Does “no one care” about that because people think it’s unnecessary? Or because they have never noticed before that this isnt possible? The GDPR is not a joke, and foss does not have an exemption clause for adhering to it. Additionally a lot of people on Lemmy are very privacy-conscious.
Therefore I think it’s great that this issue has been brought up now and you guys are working on a fix for that. Thanks for all of your work on this project, it’s really appreciated.
If you can take a moment to move your massive, fragile ego out of the way, you’ll realize it’s not a hit piece. It’s criticism of your behavior in reaction to what is frankly a reasonable set of requests.
Journalism is not just about serving as a propagandic mouthpiece to lionize you and your work. Sometimes, I have to report on subjects that are frankly horrible, people acting shitty, and how people in spaces react to that.
Effectively you are blowing the complaints of a single user completely out of proportion. It is true that we didnt respond ideally in the mentioned issue, but neither is it okay for a user to act so demanding towards open source developers who provide software for free.
This issue is basic fucking table stakes for user safety and data compliance, and the fact that it still does not exist after four years of being a project is wild to me. It creates liabilities for admins. The fact that it’s still a problem, right now, illustrates that these things are not direct concerns in how you design software.
I find it very questionable that you publish this sort of hit piece against Lemmy without even bothering to ask for a comment from our side.
Your comments were in the GitHub issues.
If you can take a moment to move your massive, fragile ego out of the way
Lmao do you think of yourself as a professional?
Not at all.
I think it’s a dead lock. The replies show that they can’t even understand the concern.
That’s a typical death to a project. For, there will never be a moment for the team to address the concern. Whatever you try, the team won’t move an inch.
I don’t know what instance admins are thinking, but there’s no point complaining at this point.
The fact that the issue exists after 4 years clearly shows that you are in fact blowing it out of proportion. Actual issues that affect large numbers of people running servers end up being addressed by people contributing to the project. Lemmy is an open source project that anybody can contribute to, and fix the issues that are affecting them. The fact that this hasn’t happened shows that this issue is not as high priority as you want to make it out to be.
This doesn’t mean this isn’t a real issue that should be fixed at some point, but it’s simply not the show stopper you paint to be.
So yeah, you are absolutely doing a hack job here.
massive fragile ego, frankly horrible, acting shitty
So this is how you see me, all based on two issues out of thousands and never having talked with me directly. Honestly this comment would be a good reason to ban you for harassment and violating the site’s code of conduct. But lucky for you I don’t care what random strangers on the internet think about me.
No, it’s how I see you based on pretty much any time I observe you making a public comment. Which is unfair of me, admittedly, I can’t possibly see everything you write. Most of the time, though, you come across as hostile, and read as though you’re dunking on other people and projects.
Anyway, the article was updated somewhat to give proper credit for your recent developments and point to your fundraising efforts.
Have a nice day.
massive fragile ego, frankly horrible, acting shitty, basic fucking table stakes
you come across as hostile
Go back to reddit
I think the lack of image deletion has come up a few times now, so I can see why people are a bit annoyed by the lack of it. I think it’s frustration from a bunch of small issues all coming up at the same time.
However, I don’t have the time to fix the small issues, I know you guys don’t have the time to rework image uploads, and I’m not your boss, so I just shrug and go on with my day. If this irks me enough to not want to use Lemmy anymore, I’ll just shut down my server and use something else.
The only people who are entitled to having their wishes met, are the people who signed a contract to offer development funds, and even that is probably somewhat negotiable. These entitled people should just shut up and leave, see how much their demands are met over at Reddit or whatever they plan to use instead.
Its funny because there is no one in the world who signed any sort of development contract with us. All the money we have ever received for Lemmy have been donations which means there is no obligation for us to do anything. This includes money from NLnet which provided most of our income for the past years. And I bet the people complaining so loudly no have never even made any donation.
Hey everyone, I just wanted to thank you for the lively conversation and thought-provoking insights.
We don’t have to agree on every point (or at all), but I’ve decided to synthesize a lot of thoughts and ideas from these conversations into a blog post: https://deadsuperhero.com/2024/03/economic-musings-on-federated-networks/
…
It’s pretty fucked up you post your blogs, read people’s comments, and use those to write your next blog post.
Like, real fucked up …
Not sure I’m seeing what’s fucked up about this. It’s not like they’re using people’s comments as their own work. They link back to this thread. It just seems like a place where they can dump a bunch of their own thoughts related to a topic without posting it here since it’s not necessarily in line with this thread’s topic anymore. And I thought it was an interesting read and appreciated them posting it ¯\_(ツ)_/¯
Dude has a 4 year Lemmy account with 160 comments…
Supposedly some kids of developer, but from his last two blog posts he doesn’t seem to know much about how it works, and that last article he just rants about Lemmy admins, Devs, and users…
I dunno, I blocked them.
I’m a long-time contributor to the space, and have been here for over 15 years. I was on the Fediverse when it was literally one or two platforms, and I witnessed the whole thing grow and evolve. I’ve seen the entire thing take shape, and change with every subsequent wave of platform, user migration, and major pivot.
I also ran community management for one of the large-scale early projects here.
A huge motivating factor of mine has been to write about a nascent and evolving space that I’m passionate about, often because no one else has been writing about it. I grew my own publication, We Distribute, out of it, and it’s my responsibility to report on different aspects of what happens in the space. Sometimes, the news is ugly.
My personal blog at my domain is unrelated to that, and is more just random brain droppings based on whenever I feel like putting out personal thoughts based on my experiences. There’s nothing malicious about that.
If your are going to act so entitled just because the devs get 2k euro a month (which is under the average income in france and germany) you should just go back to reddit
I generally think these guys are being a bunch of assholes.
However, some people in the comment threads challenged my point of view, and stated that users have no rights to demand anything from developers who give away their work for free.
Just wow that is how they start it
They’re not wrong. On multiple occasions the devs have acted like assholes, this one as well. Especially the part where they initially didn’t think GDPR would apply because they aren’t a commercial entity (paraphrasing) is comically depressing.
Having said that, I won’t be cancelling my donations anytime soon. Assholes though they might be, I still want to pay back to the Lemmy community, and I can’t think of a better way than this.
TL;DR: it came out that some devs of one of the biggest platforms in their respective space neglected to bring in some very basic functionality regarding the ability for users, mods, and admins to delete images that were uploaded. When a user asked about having this functionality, especially in the context of GDPR compliance, the devs acted like a bunch of entitled dicks, effectively bellowing at the person for daring to make such demands of their time.
I generally think these guys are being a bunch of assholes.
Software engineer full-time ~70k/year, lemmy dev 24k/year. You should look into the mirror.
And it’s not that the devs won’t fix the issue but there are other issues with more priorities than this. Europe is not the only continent. So just like any other FOSS projects, wait for it or smash money if it’s really important or do it yourself.
Btw based on Nutomic’s comment, it’s fixed next release if you bother to look before making 2 articles back to back.
spoiler
Unfortunately there was some miscommunication in this issue and we failed to get to the root cause. In fact the Lemmy backend has an option to delete all content when an account is deleted. This used to be the default behaviour but was changed in 0.19 so you need to set a parameter delete_content. We failed to add a checkbox for this parameter to lemmy-ui.
However the checkbox is added now in #2385 and will be included in the next Lemmy release. Other frontends and clients may also need to adjust the delete_account api call.
Top tip: don’t take nude photos of yourself. Ever.
Moderation is obviously important, but what are the realities around deletion in a federated ecosystem?
I feel like the push around this and GDPR are similar to the DMs situation in mastodon, where you might feel like you’ve deleted your stuff but it’s actually very much out there still.
I’m sure there’s a middle ground where some amount of deletion occurs and it’s better than nothing. But as with the BlueSky bridge conversation, it seems to me having a frank conversation about the kind of system we’re dealing with here is just as important.
Yeah, I agree. I think the important thing is “was the local content scrubbed?” Because at least if that was done, the place of origin no longer has it.
Federated deletes will always be imperfect, but I’d rather have them than not have them.
What might actually be interesting would be if someone could figure out this type of content negotiation: deletes get federated, some servers miss it. Maybe there’s a way to get servers to check the cache and, if a corresponding origin value is no longer there, dump it?
Maybe encryption can help? Instances only copy the encrypted image, and only the original instance provides the encryption key to client apps. This way, the original instance can de-facto delete the image copies by simply refusing to issue the key.
It also means the content is “lost” from all instances if the original server goes down, which altogether with the need to cache the key to continue to provide the service basically means you’ve just implemented DRM on top of Fedi.
Well I’m sure there are a number of nice ways of arranging federated delete, including your suggestion, but it seems to me that the issue is guaranteeing a delete across all federated servers where the diversity of software and the openness/opt-out-ness of federation basically ensure something somewhere will not respect a request out of either malice, ignorance or error.
Ultimately, it seems a weird thing to be creating and expecting fediverse platforms in the image of those designed with complete central control over all data and servers. Like we’re still struggling to break out of the mould.
Even if one platform makes a perfect arrangement for something like delete, so long as servers running that platform push to / federate with servers that run something else, where it’s ultimately impossible to tell what they’re running because it’s someone else’s server, there will be broken promises.
I’m interested to hear your response on this actually, because it increasingly seems to me like we haven’t got to terms yet with what decentralisation actually means and how libertarian some of its implications are once you care about these sorts of issues.
I suspect it gets to the point where for social activity some people may start realising that they actually want a centralised body they can hold to account.
And that feeling secure on a decentralised social media platform requires significant structural adjustments, like e2ee, allow-list federation, private spaces, where public spaces are left for more blog like and anonymous interactions.
Also, sorry, end rant.
No, you’re good, and we’re mostly on the same page! My general expectation is that your server tries its best, maybe there are still copies out there, but you shrug and say “eh, I wiped my stuff locally, good enough”.
But yeah, I agree that once something leaves your server in terms of the passage of data, there are no guarantees. And I do agree that significant structural changes are necessary and important for the network’s continued evolution!
Because of this, I never upload directly an image to Lemmy and others, using instead a sharing tool (FileCoffee, IMHO the best). With my account there I can easily delete the hosted image with which it disappear everywhere.
It’s not a bad thought, but the way some Fediverse software works, it can still get proxied and/or cached locally.
That is a general problem in the internet, not only in Lemmy, images andother content can be copied, this you can’t avoid, it would even be imposible if you could delete embedded images in Lemmy, someone could have copied and pasted it somewhere else. But by using an imagesharer where you later delete the image, you also eliminate your origin as the author, since it no longer appears in your contributions in Lemmy or other sites.