167

Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it's visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server
top 50 comments
sorted by: hot top controversial new old
[-] ffmike@beehaw.org 90 points 1 year ago

In my opinion it's unreasonable to think anything can truly be deleted in a federated system. Even if the official codebase is updated to do complete deletion & overwrite, it's impossible to prevent some bad actor from federating in a fork that just ignores deletion requests.

Seems sensible to just not post anything that you don't want to be available for the lifetime of the internet.

[-] dudeami0@lemmy.dudeami.win 42 points 1 year ago

Just as it's impossible to stop scrapers from archiving data on traditional websites. "Deleted" data is probably in a database somewhere, being sold by someone. As you said, you lose some degree of control over your data as soon as you post it. Data is valuable, and if there is a will there is a way.

[-] alyaza@beehaw.org 37 points 1 year ago

In my opinion it’s unreasonable to think anything can truly be deleted in a federated system.

yeah like. this is just a byproduct of how federation works currently. i don't even know how you'd begin to design a federated system where some of these critiques can't be levied

load more comments (2 replies)
[-] yourgodlucifer@kbin.social 21 points 1 year ago* (last edited 1 year ago)

I don't expect my data to be fully deleted in a centralized system either. even if it was deleted from the central server someone might have made an archive of it

and reddit is definitely guilty of this since they were bringing back peoples deleted comments and accounts

load more comments (5 replies)
[-] russjr08@outpost.zeuslink.net 71 points 1 year ago

So, I was born in the late 90's - I don't know if they still have "computer literacy" as a core course in schools these days, but they did when I was going through K-12 (or, well K-9.. once you were in high school they assumed you knew the basics of how to use a computer, and had more advance courses).

One of the very first things we learned about the internet is that once you put something on the internet, there is no way to take it back. At the time, uploading pictures to the "cloud" and such wasn't really a thing so we learnt this by using email: Once you've sent an email to someone, you cannot "unsend" it. You can kindly ask the other party to delete the copy of the email without opening it, but you cannot guarantee that the email wasn't saved on another computer, or saved somewhere else along the route between your computer and the receiver's computer. Clicking the send button was taught to us as "etching your letter into stone".

Because of this, I've always (or at least, as far as I can remember) made sure that anything I put on the internet, or even "put into digital form" (such as even writing something in a file on your computer - you can recover deleted files from a hard drive unless you really put in the effort to actually erase it... there is a huge difference between erasing a file, and marking it as "deleted") is something that I'm okay being tied with me forever. I'm sure if you looked hard enough, you could find me participating on message boards as a young teenager - and to that I just say "Oh well". Is some of it probably very cringe-inducing and embarrassing? I have no doubt.

(This is also why you should take extreme caution when talking about say, your friend, on the internet - if you post something about them on the internet, you're condemning them to this same exact thing)

Now funnily enough, as far as I understand the ActivityPub protocol, it is for all intents and purposes the exact same as email in this regard. Once you've sent something, there are no "take backs". All you can do is kindly ask others to delete their copy, and that comes with zero guarantees. If I had a mastodon server, and someone deletes their toot - I could take down my server and my server would never receive that delete request. Or, just simply change the source code of the Mastodon instance on my server to straight up ignore deletion requests.

Would it be nice for Lemmy to have a way to actually delete your content? Sure. But that's not technically feasible, and personally (as controversial as it may seem) I would rather Lemmy not try to give you the false sense that everything was completely gone forever. I'm not saying that you shouldn't be able to delete your account off a Lemmy instance, but it shouldn't come with an option that says "Check here to remove your data/media from all federated instances" because Lemmy/no one can promise that, and I really hate it when software (or really anyone/anything) attempts to make a promise in bad-faith knowing that they can't possibly ever uphold it.

Anyone who thinks Reddit is "better" than Lemmy in this regard probably doesn't realize that Reddit is making a claim they can't keep. The most obvious example of this is all of these subreddits that have gone dark? You can bring up most of their posts on the Wayback Machine or Google Cache. That would be the case regardless of whether they were set to private, or even if they were just straight up "deleted".

We really should not be setting the belief for people that there exists a way to completely nuke a piece of data off the internet, because you cannot make a guarantee of that being the case.

load more comments (5 replies)
[-] 0xtero@kbin.social 65 points 1 year ago* (last edited 1 year ago)

First - we're all using alpha/beta software (Lemmy is 0.17.4, Kbin is 0.10.). None of these services are "production quality" software yet, so let's keep that in our minds - we're all early adopters.

The points mentioned in the OP are a bad look. Naturally. User should have expectation of their data being deleted on request - especially since this request might be regulatory privacy request (GDPR related). It's a clear failure from the software and should be improved and iterated upon.

The expectation shouldn't be "oh well it's on the Internet, live with it". While Facebook might keep mining your data after deletion request, our software shouldn't behave like that, we should strive to be better with this stuff.

And finally, ensuring privacy in federated system is hard. Mastodon suffers from same problems. We shouldn't give up on the idea though.

[-] aard@kyu.de 14 points 1 year ago

The more important part for privacy: Mail address is optional, and IP addresses are not stored in the database. A correctly configured instance (at least for EU legislation) also will not log IP addresses in the web server - with that you can have profiles that can't be tied to an actual human, and you don't have location and movement data.

The data deletion is pretty much a nice to have - it's on the level of the Exchange feature to recall Emails: Sure, you can ask nicely, but outside of your own server pretty much nobody will care. Lemmy is federated over multiple jurisdictions, so even with full deletion implemented there'll almost certainly be instances which will ignore the deletion request - and it will be completely legal for them to do so. More important is education about what you publish, and a basic understanding of the technical and legal realities you'll have to deal with if you later decide you want that information gone.

I already had that discussion with my 6 year old when she wanted to publish some videos - and she understood the problems quite well.

load more comments (6 replies)
[-] YMS@kbin.social 13 points 1 year ago* (last edited 1 year ago)

It is an early stage software and such things can be worked out, you're right. But on the other hand, such basic elements should be based on a thorough concept before a single line is coded, and implementing something like a delete button with "Let's just make it delete the most visible stuff for now, we can always improve that later when there is time" is recipe for disaster.

load more comments (1 replies)
load more comments (3 replies)
[-] NightOwl@lemmy.one 53 points 1 year ago

Did anyone use reddit thinking it was private? With stuff like push shift and way back machine people shouldn't be posting stuff they aren't comfortable sharing anyways on a wide open message board.

Always weirded me out the people who'd treat their reddit accounts like Facebook.

[-] arandomthought@vlemmy.net 16 points 1 year ago

Yes. "The internet never forgets" is actually a thing.

[-] CheshireSnake@iusearchlinux.fyi 16 points 1 year ago

With stuff like push shift and way back machine

So much this. I don't get why people don't remember this first thing when it comes to data storage.

load more comments (1 replies)
[-] lowleveldata@programming.dev 51 points 1 year ago* (last edited 1 year ago)

It is reasonable that people should be able to delete their posts / comments. However I don't see how is this related to "privacy". How can something you post on a public forum be private?

[-] Lols@lemm.ee 18 points 1 year ago

its the principle behind the 'right to be forgotten'

if you posted something to a public forum and changed your mind, deciding it shouldnt be public after all, you should have that option

load more comments (1 replies)
[-] rstein@discuss.tchncs.de 15 points 1 year ago

You can’t delete a mail you sent me, nor put your hand written letter to me in the bin. I can keep both and I can keep your name and addresses in my little black book. So there isn’t even that level of privacy in the real old fashioned communication.

And communication over the Internet was always the subject of storage. Your mail may be on the backup tape of a mail server. Your usenet posting is on archive.

So the assumption that the fediverse can forget….

[-] GiantBasil@beehaw.org 14 points 1 year ago* (last edited 1 year ago)

There's long dead people's very private letters and diaries in museum's and public archives. Really available on the internet now. So that's not even a failing of the internet, if you write something people find interesting, they'll find a way to preserve it.

I'm not sure how they think the fesiverse will be the one to solve that.

load more comments (10 replies)
[-] heartlessevil@lemmy.one 46 points 1 year ago

What does this have to do with Mastodon?

The same privacy issues also exist with Mastodon and all distributed systems.

[-] knova@links.dartboard.social 42 points 1 year ago

BTW, the OP on Raddle was spamming that message around Reddit last week and directing people to Raddle. I think he has a bone to pick with the developers' politics more than anything.

load more comments (3 replies)
[-] rubywingedflier@possumpat.io 41 points 1 year ago

I understand the impulse but the way some people get so hung up on trying to make a way to permanently and universally delete posts made on public facing social media and framing it as a "privacy" issue feels kinda like saying something you regret on mic at a town hall and being mad that you can't permanently delete the memory of it from the minds of everyone present, and claiming that they violated your privacy by remembering it

load more comments (9 replies)
[-] loving_kindness@midwest.social 39 points 1 year ago

Anything put on the internet is forever. No one should be publicly posting anything with the expectation that they have any control of it after it goes out. If it’s not held by the server, there’s the way back machine or even just folks taking screenshots.

load more comments (14 replies)
[-] communist@beehaw.org 36 points 1 year ago

https://github.com/LemmyNet/lemmy/issues/2977

It's not like they're doing it on purpose, there's a lot of things being worked on, and this is one of them.

[-] retronautickz@beehaw.org 35 points 1 year ago* (last edited 1 year ago)

The illusion of Privacy is Mastodon (or social media in general)

There's a reason why when you go to "private mentions" on Mastodon, this appears:

Private mentions. Post on mastodon are not end-to-end encrypted.Do not share any sensitive information over Mastodon

While yes, we should be able to delete our content if we want, but it's a bit naive to think there could be true privacy in any decentralised social media platform.

There's a reason why one of the think people tell you when you come to the fediverse is not to share personal and sensible information.

The only decentralised social media that has some level of privacy is Matrix, and that's why it has it's own protocol and only federates within/between its own servers.

[-] KitemanHellYeah@lemm.ee 23 points 1 year ago

In general I think we should go back to separating personal identities from internet identities on discussion forums like these. There are already platforms for promoting your personal identity that are way better than these types of forums

load more comments (5 replies)
[-] BitOneZero@beehaw.org 14 points 1 year ago

While yes, we should be able to delete our content if we want, but it’s a bit naive to think there could be true privacy in any decentralised social media platform.

Especially an email or "reddit" threaded conversation systems where quoting of messages is routine. Here I am, quoting you.

You are putting a billboard up in public, on a bulletin board in the center of the Internet, the assumption should be that anyone can photograph it.

load more comments (1 replies)
load more comments (1 replies)
[-] db0@lemmy.dbzer0.com 33 points 1 year ago

The same is true for raddle. They kid themselves if they think anyone can't record anything in there forever.

Anyway it's also inaccurate. Deleted accounts are purged from the DB, so they're definitelly not visible anymore

Likewise you you edit your comment, it's edited in the DB.

load more comments (8 replies)
[-] kool_newt@beehaw.org 30 points 1 year ago* (last edited 1 year ago)

The fediverse is the real internet, it's not a company providing a service. On the real internet, once something gets out there, there can never be a guarantee that it's taken back. Even on Reddit, once you post something, Reddit might fully delete it but someone out there may have copied it.

[-] Zetaphor@zemmy.cc 17 points 1 year ago* (last edited 1 year ago)

I had years worth of posts and comments that I deleted via the interface a while ago. Then as part of the reddit exodus I decided to run a removal tool that used the API, and it turns out 11 years worth of "deleted posts" were all still sitting out there, they were just hidden from me.

I did find it strange when I received a reply to a years old comment that my profile page said was deleted, but I just thought it was a caching issue. Turns out all of that content was still out there with my name attached, I was the only one who couldn't see it.

load more comments (2 replies)
load more comments (4 replies)
[-] teawrecks@sopuli.xyz 28 points 1 year ago* (last edited 1 year ago)

This demonstrates a fundamental misunderstanding of digital privacy. You can never be guaranteed that data is deleted, just like you can never be guaranteed that someone has "forgotten" something. It doesn't matter what any entity claims they are doing under the hood, you have to assume they can't be trusted. That's not an expectation you can have, and not something privacy advocates are asking for.

I'm posting this comment publicly, and there's nothing stopping any random user (or non-user) from scraping this lemmy instance and archiving the data themselves. I know that when I post it. Same for reddit, raddle, any mastodon instance, etc. I can copy the text and usernames of everyone involved in that raddle thread and do whatever I want with it, there's nothing anyone can do to stop me.

To think otherwise reminds me of that first day on the internet kid meme. "I deleted my comments off of their servers, hah, they'll never get them now!"

What I can demand is: if I send a message directly to another party, I want to be able to verify that that party and ONLY that party can read the message (end-to-end encryption). I can also demand that they not require me to dox myself to them, that they not run weird js-based fingerprinting/port scanning processes on my system/network, and that I am allowed to connect to their services through a VPN should I so choose.

load more comments (2 replies)
[-] nerodessertking@beehaw.org 28 points 1 year ago

i mean raddle is a site that has an anti doctor post pinned in the mental health community ... like c'mon I and many others need medicine to survive and you are encouraging anti-psychiatrist posting, Church of Scientology levels of anti-medicalist posting

load more comments (1 replies)
[-] BitOneZero@beehaw.org 24 points 1 year ago

Given the beta status of Lemmy, I don't even think it's a great idea to give the appearance of privacy. I think the core purpose of a webapp like Lemmy is public messages.

I think it's a can of worms for server operators to get into the business of thinking they can safely hold private messages between users/strangers. None of the Lemmy instances I've joined have had a "terms of service" or anything like that on SIgn Up, I really think the message should be sent far and wide that Lemmy is about posting IN PUBLIC and that messages are being FEDERATED to peers, even people that you don't know could be collecting the data for a search engine.

With small-time server operators opening up hundreds of Lemmy instances, without giving away their experience or human identity, how can you have any confidence that someone is properly securing a server they only have part-time job to update and operate? Major corporations are having their database stolen, Valve, Sony, Nintendo, health care companies, mobile network companies (AT&T)... you think a low-budget shoestring server by a hobbyist running Lemmy should be held to the same standards as a corporation who has an entire team and services to defend their data?

load more comments (1 replies)
[-] ManeraKai@programming.dev 23 points 1 year ago* (last edited 1 year ago)

Opposite to Instagram or Facebook, on Lemmy or Mastodon you can create an anonymous account. Yes it will be logged (normal public internet), but you won't be treacable. The UI doesn't have any tracking scripts, and many instances don't require an email even to sign up. Use the Tor browser to spoof your IP.

load more comments (1 replies)
[-] tmpod@lemmy.pt 22 points 1 year ago* (last edited 1 year ago)

I didn't know anything about Raddle besides the name until now. But gosh, is that a toxic pit. There's a poor guy there getting completely beaten up by an admin and some others which seem to be enjoying their time-wasting public bullying. Oh well...

[-] lohrun@fediverse.boo 20 points 1 year ago

It’s no different than me sending an email to someone and then sending a request to delete it. There likely is still a copy on the email provider’s server and the recipient could have potentially backed up their emails to something outside of the email ecosystem.

Unfortunately the only way to be absolutely sure that there isn’t information you don’t want on the internet is to not share it at all. There will always be an issue of making sure every system actually deletes content when you request it. Like I said, that doesn’t stop anyone from backing up the data to another system. (E.g. Reddit archives from 2005 to now are available to download, even content that has already been deleted)

load more comments (2 replies)
[-] Dee_Imaginarium@beehaw.org 20 points 1 year ago

Damn, Raddle seems worse than Reddit when it comes to toxic attitudes. I never looked much into it since it's just another centralized platform like Reddit with different management, but boy oh boy are those comments just awful. Great community you folks got over there 😬

[-] Prunebutt@feddit.de 19 points 1 year ago* (last edited 1 year ago)

I find all the "privacy isn't possible on the clearnet, lol" Commets quite troubling. Yes, the internet doesn't forget and we should always behave on the internet as if our moms could read it.

But that kind of "privacy realism" fosters an additude that doesn't care about privacy at all; no matter how it could be improved (even if it's never perfect). Just because anyone on the street can follow me home and therefore can find my home address, I'm not carrying a sign with my address when going to a protest.

According to this comment, privacy is worse than with mastodon. And while data always can be scraped, it still isn't too much to ask to properly federate deletions.

Yes, the internet is a public place and reddit is bad and you might not like raddle, but come on, people. Have you all given up on improving things already? And do only tech-savvy people with the knowledge and resources to run their own servers have a right to privacy on the internet?

load more comments (1 replies)
[-] roofuskit@kbin.social 19 points 1 year ago

Anyone who has open discussions on the Internet and thinks they're somehow private is a fool. Short of end to end encrypted chat I'm not sure what they expect.

[-] buckykat@lemmy.fmhy.ml 18 points 1 year ago

I didn't even give this shit an email address

[-] FrostBolt@kbin.social 16 points 1 year ago

Use a pseudonym that you don’t use anywhere else and don’t dox yourself in your posts or comments

load more comments (5 replies)
[-] static@kbin.social 16 points 1 year ago* (last edited 1 year ago)

Mastodon's privacy issues are just the same as the rest of the fediverse/threadiverse.

With federation there is more openness, transparency and accountability. Take care of your privacy, use alts.

[-] furrowsofar@beehaw.org 15 points 1 year ago

It is all public just as most forums on Reddit. No real difference. No difference with Usenet either. Relax.

[-] binwiederhier@discuss.ntfy.sh 15 points 1 year ago

The privacy stinks you say? Did you know that Likes and Dislikes are public too? That was the most shocking to me. Because it is very much not like Reddit or others.

It's still a fantastic piece of software, with all its flaws, though.

[-] poVoq@slrpnk.net 12 points 1 year ago

It's impossible to federate these without making them public in this way.

The up-votes are also mapped to favourites in Mastodon etc, so that was always public anyway.

You could argue that this should not be hidden in the Lemmy UI, but there are also good reasons to not highlight that much who voted on a post.

load more comments (5 replies)
[-] Thorny_Thicket@sopuli.xyz 14 points 1 year ago

I assume anything I post online to remain there forever anyways. That's why I regularly make a new account so atleast everything isn't behind one username

[-] tiny_electron@beehaw.org 13 points 1 year ago

This is a big issue because in the EU you have the right to remove your data. It could make Lemmy illegal in the EU

load more comments (2 replies)
[-] iuseit@iusearchlinux.fyi 13 points 1 year ago

Personally when I want to share what I'm saying with the world I write a letter, burn it, and snort the ashes. This is the only truly private way to do this.

[-] Stimmed@reddthat.com 12 points 1 year ago

If you think anything on the Internet can ever be forgotten... Your going to have a bad time. Passwords, one of the most protected data types, are compiled from beaches into huge databases so that hackers can use them to try to log into website. There are literally dozens of not hundreds of those password databases on the public Internet to be downloaded, not to mention private or dark web collections. If passwords are not safe, what makes you think publicly available social media would be any different?

Even if somehow the whole federation agreed to purge all post every year, things like the Internet archive and Google cache of pages would retain the data.

[-] Penguincoder@beehaw.org 12 points 1 year ago

In order for me to be offended, I'd first have to care about that opinion. I don't.

load more comments
view more: next ›
this post was submitted on 19 Jun 2023
167 points (100.0% liked)

Technology

37717 readers
392 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS