Sensationalist title yes, but this is something that is partially true.

TLDR; I am not spreading FUD. This space can be more safe than many, for the privacy aspect it was actually designed to maintain, which is the complete opposite privacy principle to where most new people are coming from. A monolith platform provides a measure of control over how public your engagement is while leaving you open to being tracked; open federated protects you from being tracked with a cost of having less control over how public your engagement is (and will remain). Some people do not understand this and will change the way they engage if they understand.

There is a lot of misinformation I am seeing (or at least glossed over information) that will potentially lead less informed to peril. I am hoping to provide clarity and maybe shift the attitude of some of the more technical among the community. Not everyone is educated in the same domains, and not every one will grasp some of these concepts easily.

Every thread started along the lines of “Discovered X in Lemmy is not private” is followed up with a comment “Eh, not really an issue. And I reviewed the code myself, an account deletion removes everything from the db”. I push my glasses up: “Ackchyually, that isn’t really true in practice. If defederation happens, or otherwise disconnected, (which always will happen in some capacity) a copy will remain in Lemmiverse, forever”. This is followed up with “well duh, that is how federation works, and everything you post on the internet is copied and there forever. It is no different than a scrape or a screenshot”.

There are nuanced but very important distinctions to a scrape or screenshot and a federated, distributed, indexed copy. Those distinctions will change the way many engage with the platform.

Most people are not having screenshots taken of every post they make, when they make them. Most don’t have to be concerned with wildly compromising material tanking their run for office. It takes a high degree of intent and effort for someone to go to external, and unauthorized sources of duplication. It may not be a complete profile history. Most archives are not going to be indexed and easily searchable on mainstream search engines. Unauthorized archives can get sued into oblivion or otherwise disappear.

Not everyone is able to grasp a platform that acts kind of like a single entity but is not a single entity, especially if they are a refugee from a monolith platform. Many just see it as a single entity initially and when they see “removed from the db” they will assume any such action means platform wide.

A federated copy is automatic and effectively instant by design. A federated copy will be a complete profile. A federated copy will show up in federated searches. A federated copy could end up readily showing up in external indexes. A federated copy may have engagement the user isn’t notified of. A user on an instance where defederation has happened may easily come across an entire profile history in a frozen state. Attention can be brought to content that the user desires censored because it will say “edited” or “deleted by user X” and a SnoopyJerkison could just switch to an instance account that has a copy with two clicks in the official app.

I have made an informed decision on how I will engage by recognizing this. I’ve accepted the folks my local are always going to see my spelling as impecab… impeccibahh… very good, while some other local may see me as the philistine that I am before an edit. I will inevitably doxx myself in some way but it might be nice to have a stalker. It’s just me and the damn dog on our private fiberglass island here and she isn’t much of a conversationalist. I am in a place in life where I’m pretty comfortable with myself and have no problem walking around here with no pants on. Not sure why I recently got onto using pant idioms at every opportunity, but I have accepted that if it follows me around with folks replying, “I know you, you’re that guy with no pants!”, I won’t be able to go back and remove the sources of the reference platform wide.

I’ve made comments I cringe a little at. Entirely benign and nothing I’m losing sleep over, but in haste they were not expressed in my usual voice nor really contributed to the discussion. If I had hesitated longer I would not have responded. Point being: I’m the one ringing alarm bells about this and I am still having to remind myself of the nature of federation.

Some people may not be comfortable with this, or could become less comfortable later. They should not be led to believe that it is a simple matter of “the internet doesn’t forget, but you can delete it from the platform” and understand they need to be very cognizant and thoughtful in how they engage because federation is very unforgiving and really doesn’t forget. This is a feature, not a bug. At its core, federation is balancing many goals. From censorship resistance, community safety, to privacy. It can actually provide an extreme level of privacy. But people will make mistakes, that will remain here, right in their face, if they aren’t extra careful. It won’t be in some dark archive. It won’t be in a screenshot never taken and never posted. The reminder of an accidental slip up will be here to perpetually haunt them. They will leave (likely traumatized by it for years to come).

A federated copy will have the perception of being more legitimate, true or not. The common, non-technical, person won’t understand if they find something you post hosted on a site you are ideologically opposed to, which it will be. Imagine my embarrassment at the next Pantless-Meeting-Pantless event when I get stopped at the door and shown the posts they believe I have actively made on “never-nude.social”. “But… but… federation!”. “Ok Captain Kirk. Here’s your pants. Now scram!”

Some want to have assurance they can remove content platform wide for other reasons. Revoking support for a platform is one that seems to be in vogue right now. I’ve seen posts like “that site we hate is restoring our retracted posts!”. But I’ve seen cases right here on Lemmy where a user has censored all their content, only to come across that same content on other widely used instances completely intact.

This loss of edit access happens fast. Every user at this local will be aware of the high profile cases of defederation. This is a feature by design, and one you can expect more of I suspect. There are also simply errors in federation at times. I’ve lost access to copies on a popular instance the second I posted them.

Maybe this will change. It will be a monumental challenge. And it isn’t the case now. Users have to fully understand this.

“So what, screw the normies. Let them find out the hard way. It’s getting too crowded here anyway. Like you pantless sinnerdotbin! Git outta here if you don’t like it here in the wwwild-wild-west”.

Yet another aspect some are failing to recognize: many of the instances exist in places where they do take privacy very seriously. There are laws about disclosing collection, use and retention of data. One day you may visit your trusty local and you may find a blank page with a single statement: “I keep having very expensive embodied suits appear on my doorstep holding crisp manilla envelopes. I may be breaking the law. I am shuttering immediately”. Hope I didn’t want a reputation of wearing buttless-chaps instead of no pants ‘cause I ain’t got access to modify any of it now.

I’ve seen admins advising others to block EU in their firewall because they are aware of this liability and the lack of a privacy policy. That is a big part of the world that will have limited contribution to this movement.

Policies go a long way to establish user trust. I have gained a high level of confidence in some admins. They are competent, capable, and thoughtful about their users. People have been investigating hardening beyond what I would expect from any admin. They could showcase this level of care and intent by explaining it in their policies.

Privacy policy frameworks can also help new admins navigate responsibilities that keep their users, and the wider platform, safe.

Don’t hand wave this aspect away with “don’t post anything you don’t want public on the internet”. This is a totally different beast. Educate those not as fortunate as you to understand how this actually works. It is designed for your actual traceable information to be kept safe by the gatekeepers, the admins. Users must be highly aware: everything else you do here is public in a way you may never have experienced before.

Don’t hand wave the concern about post/profile/vote/message privacy, explain how the privacy goal is different here and how one might mitigate the aspects they are not comfortable with.

I have started a project where I intend to provide basic policy frameworks that one might use as a point of reference and I would very much like further input on it.

https://github.com/BanzooIO/federated_policies_and_tos/

These policies are going to be terrifying for the uninitiated. I have drafted an optional privacy policy preface that may help admins express the clear distinctions between their responsibility, their users’ responsibility, and the actual real privacy goals in this emerging space.

https://github.com/BanzooIO/federated_policies_and_tos/blob/main/optional-privacy-policy-intro.md

  • End transmission, engage pantalon. Zip
  • VexCatalyst@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    Saving this to read later, when I have time. So my apologies if this is not relevant.

    When using any sort of social media you are effectively shouting, at the top of you lungs, in the middle of town square. What privacy are you expecting? If you want privacy, join me in “bed”. For “pillow talk.”

    I do expect my account to be secure, in that no one should be able to pretend to be me. But privacy? Not in town square, while standing on the bullpup. Holding a megaphone.

    • sinnerdotbin@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      1 year ago

      When you shout in a town square, does everything else you’ve ever shouted, everything you’ve ever voiced your support for, everything you follow closely echo and remain in that square?

      Again, this is a feature. But one people really have to understand before they engage here.

      • VexCatalyst@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Yes.

        You must have either grown up post-internet or in one of the bigger cities. I assure you, in small towns like where I grew up, (particularly before the internet) old miss Busy Body down the street would never let ANYONE forget every embarrassing moment anyone ever had. The more scandalous or embarrassing the moment, the more likely it was to be retold. And retold. And retold. Till EVERYONE knew.

        The only thing that has changed is the detail of the retelling. The tales still seem to get bigger and more scandalous with each retelling.

          • VexCatalyst@lemmy.fmhy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Quite. But she is usually sweet and was often the first to help pick you up when you fell. ‘Cause god knows she was probably there watching.

            But now that I’ve actually had time to read your post, I stand by my original comment except to add this:

            What in God’s name makes you think that you aren’t being tracked on the Fediverse! It’s an open damned platform! Everyone can see everything! Whether they care or not is another matter entirely.

            • sinnerdotbin@lemmy.caOP
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              If you self host, or find an admin you have incredible trust in, you should remain untraceable if you manage your engagement responsibly.

              Though another thing I highlight in the policies is this is experimental software. Leaks can and will happen. We have a voice and can play an active part in preserving that privacy.

              Recorder is always on by default with your engagement; recorder is always off by default when it comes to things that automatically identify you. It is the opposite in a monolith service.

              • VexCatalyst@lemmy.fmhy.ml
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 year ago

                Only if your home server remains unfederated. Even then other users of the server will be able to see everything. And will be more likely to remember, like miss Busy Body.

                As for this being experimental software. Yes? So? So is the internet. It has really only been under strain for 20 years. (It older then that, I know. I grew up using dialup to BBSs. Then USENET. Then AOL.) We are still making this shit up as we go along. But it’s best not to forget human nature.

                As for your last statement, yea…… I’m going to just let that one be…

                • sinnerdotbin@lemmy.caOP
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  edit-2
                  1 year ago

                  You’re almost there.

                  Only if your home server remains unfederated. Even then other users of the server will be able to see everything. And will be more likely to remember, like miss Busy Body.

                  Uh, a, if not the primary point in my post?

                  Your IP, your email, will remain private at your local if your admin is responsible. If you act to your comfort level in your engagement, you will remain private in the public sphere.

      • Morcyphr@lemmy.one
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        @[email protected] is using a metaphor to convey social media interaction. In this context, yes, everything echos and remains in that square. It’s no different that Reddit, or Facebook or any others. The mechanics of it on Lemmy may be different, but the end result is the same.

        • sinnerdotbin@lemmy.caOP
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          1 year ago

          I explain the distinction in the post. It is very different on a platform designed to distribute at instant of hitting submit.

          Also…

          I do expect my account to be secure, in that no one should be able to pretend to be me.

          Surprise! They very easily can here.

          • Morcyphr@lemmy.one
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            But I could pretend to be you anywhere. People do and have done that since forever on many social media platforms (and IRL for that matter). Sure, it’s a problem but not unique to Lemmy. As I said, the mechanics are different but that doesn’t really matter, does it?

            • sinnerdotbin@lemmy.caOP
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              It does to many, thus the awareness of how it works here, that is all.

              If you don’t think it matters, or you understand enough to be sure never to expose yourself in a way that you are uncomfortable with that is awesome! Many are waking up to a realization of the nature of things here they were previously not aware of, and some are growing very uncomfortable with that now that they can’t adapt their previous engagement to that knowledge.

              • Morcyphr@lemmy.one
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Understood, and I’m not saying it doesn’t matter. I’m just saying ‘welcome to our world’, basically. I’ve said plenty of stuff online that I’m not super proud of but it’s a ‘cost of doing business’ and I won’t lose any sleep over it. Hell, our phones know more about us and how to exploit us than Lemmy ever will. I do appreciate your post but I just think that it’s a product of the ‘connected’ world we live in.

                • sinnerdotbin@lemmy.caOP
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  Hell, our phones know more about us and how to exploit us than Lemmy ever will. I do appreciate your post but I just think that it’s a product of the ‘connected’ world we live in.

                  Yeah, awesome. That is another thing I am raising awareness of. What this actually protects you from, being tracked and profiled. That is an amazing feature of federation getting lost in data safety.

      • Umbrias@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Not by default, but it can. Generally in public, especially shouting in town square, you have no expectation of privacy against say, recording.

        This is incredibly relevant for politicians, as many times political events, rallies, protests, all involve actions that they were recorded doing in public by the public. So while the difference of “recorded forever by default” is important to understand, I do also feel it important to temper that by pointing out that this idea of non-privacy isn’t unique to forum posts.

        • curiosityLynx@kbin.social
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          The difference is that rather than just having no expectation of privacy against recording (Reddit model), in federated space you are guaranteed an official subtitled hologram with sound is recorded by design and shipped to other town squares all over the world and shown. And you have no expectation that you’ll be able to convince those town squares to delete theirs once they have it and basically no chance to if your own town square is bulldozed or your town has gotten into a feud with theirs since you did your townsquare shouting.

          • Umbrias@beehaw.org
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Sure but practically this has always been true. Internet archive, ceddit, removedit, reveddit, whatever and they have been archiving information. Sure it’ll get trickier without api access, but it’s never been something you should reasonably expect anyway. I mean, what ever happened to the advice “once it’s on the internet it’s there forever.” It’s not strictly true, even for federated systems, but it’s good advice.

            Ultimately people just have this fantasy notion of privacy on the internet. A false idea of control over their data. I’m pretty privacy minded, but you can sure as hell bet that anything I willingly post on the internet I’m expecting it to stay there forever out of my control. But data harvesting? Manipulative posting and amplifying? These are genuine privacy problems not borne of simple impracticality.

            You’re not doing it, but the number of people I see who complain about privacy on lemmy, and then turn around and use every data harvested service known to man, from tik tok to google to reddit itself, I’m not sure I can take their complaints seriously. And ultimately this comes down to different conceptions of privacy, sure, but one of these conceptions is suspiciously impossible to fix yet simultaneously deflective of the other, that other being directly beneficial to companies and any seeking to control mass populations.

            • sinnerdotbin@lemmy.caOP
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              ceddit and others you have noted historically have broken for a variety of different reasons, and the others are are currently not functioning as the API they used was banned May 1st. Pushshift, which these services often used, had a mechanism to remove sensitive data you accidentally posted or otherwise wanted removed.

              Archive.org is not searchable, not indexed in mainstream search engines. Also would be responsive to legal requests. It is hard to get a complete profile history on someone.

              All of these external sources require a great deal of extra effort from someone to pry.

              The concern to be aware of here isn’t that it could be scraped, which yes it can. The concern is that it is duplicated by design, wide and broad, on a platform that somewhat functions as a single entity, the instant you hit submit.

              People make mistakes. The Unabomber got caught by doxxing himself with a single phrasing of an idiom. Not complaining, simply saying “be very, very, very, very, very, very, very, very, very careful here”

              And ultimately this comes down to different conceptions of privacy, sure, but one of these conceptions is suspiciously impossible to fix yet simultaneously deflective of the other, that other being directly beneficial to companies and any seeking to control mass populations.

              Exactly. The privacy goal on federation is different. If people are educated, they can be safer.

              You can’t eat your cake and have it too.

              • Umbrias@beehaw.org
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                The point I’m making is that there’s no reasonable way to expect that level of privacy in the first place. Those public facing services do it, anyone with a small server could do it (and they are, check out datahoarder). My explicit point here is that federated services just make this more obvious. In practice, federated servers will likely respond to and willingly comply with delete requests. A server that intentionally doesn’t can be easily defederated. Even moreso those servers which refuse delete requests on principle would undoubtedly run into legal trouble especially with GDPR. This parallels the fact that, in practice, most random comments on other social medias probably wont have a lot of interest in being backed up by anyone at all.

                The idea that this nonprivacy is unique to lemmy, and not the base assumption people should have been making the whole time they’ve been using the internet, is the absurd part.

                lemmy could be scraped

                Indeed it could, but the level of scraping is very very different. Other social media scraping isn’t just your public facing content submissions, but everything else about your usage of the media too. Dwell time, what links you click on, what posts you look at and read longer, private message information, who knows what data ads can scrape just existing, etc. etc. On the other hand, lemmy has three vulnerabilities for scraping/privacy like other social medias that I can see:

                1. Public facing information, which anyone can scrape any time they want

                2. Private facing information, which servers could scrape from their own users, but that could be noisy to other servers. Things like direct messages, clicks, etc.

                3. Unlimited signups and federated servers allow for the potential of bot manipulations. Different servers will have different approaches to dealing with this, but it likely wont be encouraged by most servers. (Could be by some, though, and people need to watch out for that.)

                Even so, neither of these approach the level of data scraping that other social medias perform constantly. Now that said, I would like to see changes to number 2 to make sure that attempts to do so are noisy, but whether that’s even possible is another question, given the nature of servers. Nonetheless that’s the point of having to entrust your information to a given server, you have to trust them. So you should only provide information you trust any server admin to have.

                This focus on the other conception of privacy focusing on public facing content is detracting from discussions and effort to focus on these other two vulnerabilities.

                • sinnerdotbin@lemmy.caOP
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  I feel you didn’t read the original post. It isn’t about expecting privacy, it isn’t a criticism of the fundamentals of Lemmy as a minority seem to be taking it (there are many ways I explain how it is more private from being tracked and profiled).

                  It is designed for your actual traceable information to be kept safe by the gatekeepers, the admins. Users must be highly aware: everything else you do here is public in a way you may never have experienced before.

                  It is about understanding how privacy is maintained on a federated platform.

                  Many users coming from other platforms do not understand the mechanisms here and how they are different.

                  Take a look for the comment here about vote privacy (the highest voted comment here) or dozens of the other posts where people are coming to this awareness. Many assumed was private due to coming from a platform where this was.

                  It is designed for your actual traceable information to be kept safe by the gatekeepers, the admins. Users must be highly aware: everything else you do here is public in a way you may never have experienced before.

      • VexCatalyst@lemmy.fmhy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        That’s a new reference for me. I had to look that up. :-)

        I may have gotten to word wrong. I’m afraid speak only two languages. Horrible English and even worse Spanish.

        I meant the box that old timey politicians used to stand on so they could be seen by a crowd while they spewed nonsense out of their mouths.

  • kamiheku@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    I don’t personally have that big of a problem with my posts/comments being “persistent”, as I have a fairly high threshold for commenting and refrain from commenting anything too incendiary. And anyway, posts/comments, as I see it, are public and should be considered as such.

    However, what I’m still a bit unclear on is the privacy of my votes/saves in the Fediverse. Should I start exercising the same caution in what I upvote or save? I understand that my home instance admins will have access to this data, but is that it?

    • sinnerdotbin@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      1 year ago

      Votes are entirely public, Lemmy just made a UI choice not to show them. They show up if someone views it from kbin and ultimately something that could be mined from a self hosted admin.

      I think this information may make some of those who profess everything is saved on the internet and why care change their tune.

      Saves I am not sure about yet. Think that may be locals only.

      • kamiheku@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Well that’s pretty unfortunate. I quite liked Reddit’s “anonymous likes” approach.

        • sinnerdotbin@lemmy.caOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Yeah. I can see a case made on either side.

          This is the point I am trying to drive home. Even with zero comments, zero posts, you could doxx yourself accidentally with votes alone. You came here from another platform and had a certain expectation of how privacy works here. It does intuitively feel like it should be private.

          You are trading some privacy for censorship resistance and community safety in this case, because the goals are different here.

          If you trust your admin to keep your IP and email private, and you manage your comments and posts carefully, I encourage you to let your voice be heard and upvote every sinnerdotbin’s pantless picture post of the week (just don’t like the posts in a different, very small and niche category that can link to you publically as you are the chair of the board at never-nude.social, and there are only 5 members who always like the same posts) . If you are in a country where that support might end with you in a work camp, I’d maybe advise against it in case your local turns out to be a honeypot.

          There is a privacy component to federation that the world really would benefit from, but it will be lost if people are not informed. Incredibly private if you are aware how to navigate it. Horrible if you aren’t.

          • MagicShel@programming.dev
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            This is an aspect I’ve given a fair bit of thought to. With good app support we could create multiple identities and subscribe to different communities with each and then the app could know to always intact with a given (subscribed) community under a given identity. That would allow a smooth experience without accidentally over sharing. It would also to a degree allow a user to avoid the pain of defederation.

            • sinnerdotbin@lemmy.caOP
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              1 year ago

              I’ve had a similar idea. Want to have a race to market? (you’ll have a head start, I’m heading into the domain of managing federation block lists next).

              This is the beautiful part of an open platform, we can all steer it and contribute all sorts of wonderful solutions.

              • MagicShel@programming.dev
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                There have to be two dozen apps out there already. It makes way more sense for one of them to steal the idea than for me to create another one based on a single feature. 👍

      • sinnerdotbin@lemmy.caOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Unless a user is viewing from kbin, which interoperates here. It is entirely in view to the kbin UI (and Mastodon I believe).

  • Rentlar@beehaw.org
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    I’m always in favour of more transparency and better acknowledgement of how data is transferred so that new users are aware when posting publicly.

    I’m still in the camp of when you post publicly online, you should assume it’s there forever. Even in real life, your words travel farther and longer than you would expect.

    This platform as it stands is in a beta state, so we still rely on trust of each other and trust of admins to keep things going smoothly and cordially.

    • sinnerdotbin@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      It’s the same camp.

      I’m not making the claim other platforms are better because you might be able to slip in a ninja edit before it is captured. I am making the claim that if you are not on high alert here, more than ever, it will bite you.

      For better or worse, some people are coming here from other services expecting a measure of control of their data that you don’t get here.

      The experimental aspect of this space is the other thing I feel warrants more explicit warning about, and noted in my policy template.

  • static@kbin.social
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Use alts, switch accouts after 1 year or 1000 posts.
    As a person you evolve, the shit you said 10 years ago does not represent you right now.

  • flatbield@beehaw.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Summary. No one should assume anything publically published on the internet ever goes away. Assume Lemmy posts are public including some of your account info. Act accordingly.

  • RandomBit@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    That was an incredibly comprehensive, well articulated, and dare I say, exhaustive essay on some important issues you raised. On top of that, creating sample documents is next level.

    Privacy

    I don’t think the word “privacy” is a good word for the concept. I believe “user data control” or “right to be forgotten” is more appropriate for the “deletion issue”. However, there are few privacy issues such as instance admins having access to private messages and the potential for a hack to expose users e-mail addresses and usernames.

    I believe you are 100% correct that we need to do a much better at communicating exactly who has access to their data and what (if any) control they have over that data once it is federated. I don’t believe we will ever have an guaranteed federated delete, and we need to make that crystal clear so users can proceed accordingly.

    Legal

    Running a self-hosted service is one thing, but running a public service raises a myriad of legal issues. In the US, children under 13 must not be allowed to have accounts (COPPA). CSAM (child pornography) is another problem that can expose admins to serious repercussions. In the US, it is not enough to delete it, it must be reported to the NCMEC. Federation will make this especially treacherous. Other issues such as criminal investigations, subpoenas, and possibly even national security letters are not a matter of “if” but “when” they will occur.

    If Lemmy continues to grow, instance admins will need to be prepared for these issues. I would suggest that the public instance admins reach out to an organization like the EFF who has experience dealing with these issues. If not, I’m afraid a high profile incident may be all it takes to kill it.

    • sinnerdotbin@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I don’t think the word “privacy” is a good word for the concept. I believe “user data control” or “right to be forgotten” is more appropriate for the “deletion issue”. However, there are few privacy issues such as instance admins having access to private messages and the potential for a hack to expose users e-mail addresses and usernames.

      This has been debated, and is very dependent on the context. It is a very broad concept to try to address and the lines do get blurred on the definition of what is “private data”. The hope here is to partition the responsibilities of the admin from the user.

    • CoderKat@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      The whole CSAM issue is why I’d never personally run an instance, nor any other kind of server that allows users to upload content. It’s an issue I have no desire to have to deal with moderating nor the legal risks of the content even existing on a server I control.

      While I’d like to hope that law enforcement would be reasonable and understand “oh, you’re just some small time host, just delete that stuff and you’re good”, my opinion on law enforcement is in the gutter. I wouldn’t trust law enforcement not to throw the book at me if someone did upload illegal content (or if I didn’t handle it correctly). Safest to let someone else deal with that risk.

      And even if you can win some case in court, just having to go to court can be ludicrously expensive and risk high impact negative press.

  • gaael@beehaw.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Thanks for this.

    I’m still refining my mental model of “federation” - it’s so different from my usual centralized reference frame that even if I understand the vulgarization/explanation when I read them, the images and reflexes my mind has about social media are changing slowly.

    Privacy kind of matters to me, so I’m grateful for content that helps me understanding better how it works and doesn’t work in a federated setting.

    I also think that, as pointed in comments, educating ourselves (the users) and reminding ourselves that privacy is also our job and responsibility is something important.

    Anyway, not brining anything new to the discussion, this is mostly an appreciation comment.

    • sinnerdotbin@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I appreciate that you are reflecting on how you want to manage your own privacy in this space!

  • Azure@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Maybe im so normie i don’t get it, but isnt it about the same personal advice we would have given for any platform?

    Im sorry I’m from the forum days when you always knew you were responsible for how safe you are. I’m laughing because people can’t get their data deleted from corporate companies either, is it really still news anything you post is public and will probably not be removable?

    I appreciate the care, i do, but on some level some of this is trying to bubble people who aren’t being responsible. If admins really wanted to protect people from themselves, then we’d remove most personally identifiable things interesting and unique about posts.

    I’d also argue stalking has more to do with the mental health issues of the stalker than the victim being to blame for how they interacted with the world. We don’t tell a student not to participate in lectures because someone may latch onto something they said and become infatuated. We punish stalkers instead.

    Idk this is a ramble. I see so many things so often that used to be personal responsibility on online safety, that instead of teaching the skills we make tools. And i feel like not teaching good personal safety and protection is goong to doom any project ultimately.

    You can’t fix ignorance without education.

    • sinnerdotbin@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      I’d also argue stalking has more to do with the mental health issues of the stalker than the victim being to blame for how they interacted with the world. We don’t tell a student not to participate in lectures because someone may latch onto something they said and become infatuated. We punish stalkers instead.

      If someone is aware and engaging to their comfort level, no matter how open, I would not blame them, the victim, for being stalked. If someone wanted to be cautious, but they didn’t know the risks here, I would feel guilty for not educating them on how they can protect themselves.

      Idk this is a ramble. I see so many things so often that used to be personal responsibility on online safety, that instead of teaching the skills we make tools. And i feel like not teaching good personal safety and protection is goong to doom any project ultimately.

      You can’t fix ignorance without education.

      Which is the entire point of my post, to encourage education in this space (which again, again, again, is different than what many are coming from with its own unique set of risks)

  • tal@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I’ve seen admins advising others to block EU in their firewall because they are aware of this liability and the lack of a privacy policy.

    At least in the US, courts will not recognize EU jurisdiction over you and will not enforce EU policies against you unless you are actively doing business in the EU. Note that “doing business” may be a lower bar than you think – if you specifically advertise targeting people in the EU, that may qualify, say – but it is a higher bar than merely not being firewalled.

    Now, you may still want to just block the EU or God knows what jurisdiction if you’re worried about being hassled, but you shouldn’t normally need to confirm to a country’s laws just because people in that country can reach your computer on the Internet.

    IANAL.

    • sinnerdotbin@lemmy.caOP
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Also USA does have laws regarding site usage by children. This was brought over from the Mastodon policy I adapted.

  • CheshireSnake@iusearchlinux.fyi
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Great post. Imho, a fundamental thing we should not ignore is letting people know what they’re in for. I’ve seen some users glossing over the intricacies of the fediverse to get others to sign up. I understand their side, but imo that’s not a good way to have people come over. People should be educated enough of the pros and cons as much as possible, although that might mean some would get intimidated and refuse to join.

    Clear policies will be very helpful in addressing that, i think.

    Edit: just have to add that i haven’t opened the links yet and only read the whole post. Not at home so I’ll check them out later.

  • SkyNTP@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    There are stuff my younger self did in the real world that I am embarrassed about. Not bad, but not exemplary behaviour either. Guess what, there never was an edit/delete button for the real world. Why should we expect the online world to be any different? It’s a fiction. We live with our mistakes.

    • Quoting people from the past against their present self to say “you’re a hypocrite” is moronic behaviour and needs to die. People can–and should be able to–change their opinions when presented with new facts and arguments.
    • Teenagers (and some adults) are awkward and don’t have the life experience to always make great decisions. This is fine. Have some compassion and don’t judge them too harshly, especially when they come around to better decision making.
    • Existing social media never really gave you a real edit/delete button anyway either. It’s all anonymity theater. The reality is that your data was always being scrapped and archived, somewhere by someone. This is just a reality created by digitization and virtually free recording/copying. No specific digital medium was ever going to protect you from this.
    • In the early days of the internet, everyone knew to use pseudonyms and not share personal information. We seemed to have forgotten this lesson. Maybe it’s time to relearn this lesson. Life is full of lessons. Let this be just one more.

    Acting like being forgotten on the internet is possible is not the solution. It never has been and it never will be.

    • sinnerdotbin@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Me too! The world is different now.

      Existing social media never really gave you a real edit/delete button anyway either. It’s all anonymity theater. The reality is that your data was always being scrapped and archived, somewhere by someone. This is just a reality created by digitization and virtually free recording/copying. No specific digital medium was ever going to protect you from this.

      I explain the distinction to federated in the post. It is very different than a scrape or archive.

      In the early days of the internet, everyone knew to use pseudonyms and not share personal information. We seemed to have forgotten this lesson. Maybe it’s time to relearn this lesson. Life is full of lessons. Let this be just one more.

      Exactly. I am bringing awareness back to this.

      No one should fool themselves into thinking they can use a pseudonym and not eventually doxx themselves accidentally if they have any level of engagement. People have grown accustom to being able to somewhat reverse that mistake. Many are also not accustom to their interests, their votes, and their voice is all retained, in one, easily digested and public place.

      You are hitting on another subject I hope to investigate further myself: the shift that has to happen for society to adapt to modern, public discourse (eg. let the past slide).

  • dwindling7373@feddit.it
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Isn’t the “proper” way to deal with this just some kind of feature that ties defederation with the appropriate purging of your db?

    Even some kind of unfederatable purge feature would work.

    Of course the bottom line is malicious admins, but it’s just the same as malicious companies. Or anything else really…

    • sinnerdotbin@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Unfortunately not that easy. There is discussion on solutions. There isn’t any now. Platform currently isn’t stable enough to respect mutually federated changes all the time.

      Also I did put a disproportionate focus on this no take back component, but the scope is wider than that (see comment below about votes being public when almost everyone coming from a monolith assumes it is private)

    • baseless_discourse@mander.xyz
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I don’t really see how you can force/verify another instance has purged their DB. Like the worst case scenario, they can simply make another DB for all the deleted info.

      Such purge is harder to ensure than for large companies. Since large companies are (mostly?) Bounded by laws like GDPR. Where such law is harder to enforce on a random fedi instance on the internet.

      • adderaline@beehaw.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        doesn’t AGPL give some ability to verify? i’m pretty sure it stipulates that you have to distribute the code a network server is being run with. it would at least let people know if an instance has taken steps to keep data it shouldn’t be keeping.

        • baseless_discourse@mander.xyz
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          If a server don’t obey GDPR, it is unlikely for them to obey AGPL. If the data is useful for the company, they will just pay the fine as cost of doing business.

          • adderaline@beehaw.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            i guess? we’re talking about copyleft licenses though. GDPR might be fuzzier because technically you don’t have an account with any instances your account is federated with (i assume), but AGPL is the license for the federated service itself. if they don’t provide their code, they are violating the terms of the license. that opens them up to litigation i think. i don’t know though, legal shit is very much not my wheelhouse.