- cross-posted to:
- technology@beehaw.org
- fediverse@lemmy.world
- cross-posted to:
- technology@beehaw.org
- fediverse@lemmy.world
Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.
I’m not sure I see the issue here, what’s the point of an open ecosystem if you don’t make use of any third party tools? Fedi-safety in particular feels like it should not be part of the core project
There’s nothing wrong with having good third-party tools, that was not my point. db0 in particular has done some amazing, amazing work.
What’s fucked, however, is having a project:
Like, this is not an attack on Lemmy itself, I think the platform can be a real force for good in the Fediverse. But let’s be honest, this project is not going to live very long if nothing changes.
Basic things like having the ability to easily remove images from storage should be part of the core platform. The fact that this still isn’t a thing even four years into the project is insane.
The first time some random user files a sue in court the admins of their instance will be in trouble.
Lemmy devs are not affected, but instance admins are and according to the GDPR they are considered “data controllers” and are responsible for the processing of users’ data.
As far as I understand it, this lacking feature is an open “challenge” to existing regulation and legislators, maybe also to open people’s eyes about the fact that privacy claims are often not enforced even by those who claim to do so.
I’m nog sure what they’ll be sued for. The GDPR is very much written so that DPAs take action, not individual users.
Even then, instances need to break the law first. If someone asks a server to delete or alter personal information, the instance has a full month to respond. If deletion or alteration cannot take place within a month (doubtful, but theoretically possible), the the change may take even longer.
You can send a GDPR death letter to an instance admin and the worst you’ve done is annoy an admin who needs to run a bunch of SQL scripts for an one afternoon.
Lemmy doesn’t process that much personal information. It republishes content on your request, but that’s not necessarily PII. There are a few identifiers (your username, user ID, the private/public key pair used to sign your messages when dealing with federation) but like on many other platforms, those can be changed, with great difficulty. Of course, changing that information WILL break shit on other servers, but you can try!
When it comes to other servers, you’re kind of screwed. That’s not really a problem, though. You don’t expect Gmail to make everyone you’ve ever emailed delete the stuff they’ve received from you, that’s just not how that works. You could argue that email is more private, but then mailing lists exist that basically do what the Fediverse does but on a larger scale.
Some counter points
You’re not wrong to feel irked by this. However, if that’s the case, the Fediverse may not be for you. You’re probably better off over some place else, like Reddit or Bluesky, where decisions are taken centrally, investor money is driving development, and there’s a manager to complain to.
I agree that there should be a way to delete kmages… and there is. It’s a simple API call with an admin token that any server admin worthy their salt can execute. The user who uploaded the image also gets a token, but that disappears after you posted your image, unless you use an app that keeps it (there’s one on Android that does this!).
I think it wouldn’t be a bad idea to implement persistent storage of these tokens, so if you have the time to fix this issue, please open a pull request!
Just going to leave this here. Pretty sure this user knows about the fediverse quite a bit more than you’re assuming.
Thanks for the laugh, I’ve been on the network for almost the entirety of its lifetime and witnessed every development and major change. I’ve even helped run a major project in the early days.
In that case, none of the things you mention should be surprises, or even abnormal, really. These problems have plagued all of the Fediverse at some point, and they have never been solved.
Perhaps you could enlighten me on what Fediverse software does take “privacy, user safety, or basic controls to handle when shit hits the bed” into consideration, because I can’t think of any; they all just expect every other server in the network not to be malicious.
I also don’t remember hearing anything from the Mastodon devs when the Lemmy communities that Mastodon users were following were uploading child porn to their local image caches, let alone anything user-facing. The CSAM spam may have targeted Lemmy, but on the rest of the Fediverse the “solution” seemed to be “defederate from all of Lemmy for a while” at best. The recent Japanese spam wave could just as well have been CSAM instead of pictures of cans of spam and the wave proved that the Fediverse in its current form just can’t cope with malicious actors.
Friendica, Hubzilla, Streams, tentatively Bonfire, Pixelfed, PeerTube, Akkoma. Off the top of my head.
In what way are those better? Don’t they still suffer from the privacy problems that come with federation? In fact, Peertube’s P2P nature makes it one of the least private and secure Fediverse implementations I know of. From what I can see experimenting with Pixelfed, PeerTube, and Akkoma, they’re suffering from the same privacy and user safety issues Lemmy suffers from. Like on Bluesky, the user-facing controls are in no way enforced when activities cross federation in any way, so they only work in whitelist-based, tight-knit communities or defederated instances.
I find Friendica’s “expiration” to be quite disingenuous, because the language on the front page implies privacy features that can’t be attained in real life. That also goes for their controls, promising private chats that are only as private as the participating servers are willing to make them.
Hubzilla and Streams seem very interesting. I’ll have to dig into those, they seem very promising.
Yes, the issue is that Lemmy does not even attempt to allow you to delete the image. There is no control for the user to do this. It’s literally not possible.
Hubzilla and the zot protocol are a really promising alternative to ActivityPub, just not as much traction.
Its simply not true that we have zero consideration for privacy or user safety. But that is only one aspect of Lemmy, we also have to work on many other things. And we werent silent during the CSAM wave, but most of it was handled by admins and all the related issues are long resolved. Lemmy has 50k active users, its obvious that we are too busy to work on every single thing that some individual user demands.
There is a reason that Lemmy still has version 0.x. If you have such high demands then you shouldnt use it, and switch to another platform instead. And yes you are clearly stoking an attack against Lemmy, I wonder why you hate our project so much.
Look, no one is ungrateful for the work you and Dessalines are doing. I get it - I helped run a large-scale federated open source social network over a decade ago. It’s an amazing, incredible experience - but, it’s also grueling, demanding work, and community members and users can be incredibly fickle. Especially when it comes to living off of donations, and having to carve out a technical stack all by yourself. That shit is hard.
Here’s the thing: your users, your community, your efforts in general, pretty much ride or die by the people who run instances of your software, advocate for your platform, and develop apps and tools for your ecosystem. If something is broken at a foundational level, it’s ultimately your responsibility to decide what to do about it.
Code is not the only fruit of someone’s labor here. Your community is doing a lot of labor for you too, and making even less money doing so. At some point, if people don’t think their needs are being met to keep running their communities and stave off the worst of the worst, it’s going to tank people’s confidence. People will leave. And they’ll talk on the way out. Optics matter.
I’m not saying you have to drop everything to accommodate some random concern right away. But some of the responses you’ve given to people that had reasonable asks, that had reasonable use-cases in ensuring smooth operations of instances in compliance of laws…some of your reactions are terrible.
If your default when someone asks you about GDPR compliant features is to scream at people, demand that they do the work for you, make excuses that you’re too busy, or belittle someone because you disagree with someone, you’re doing community management ass-backwards, and you’re burning away community goodwill every time you do it. It’s hostile and demoralizing, and people will come to resent you for it.
See, this is exactly what I’m talking about. Someone asks for something, points out problematic behavior, gives feedback on how something could be better, and you lean into the myopic belief that this is somehow an attack or an effort to undermine you. My brother in Christ, if there is any ill-will towards how you do things, it is because of your own behavior, not on the merits of your project, your political alignment, or who you are as a person.
I don’t hate your project, but you need to pull your head out of your ass, and realize that you’re dropping the fucking ball on trust and safety. People hosting instances aren’t going to stick around forever if you keep defaulting to hostility.
There is a stark difference between closing an issue and actually resolving the problem. You’re right; lots of those issues are closed. The identified problems remain and don’t go away merely because you close an software repo issue on it.
There’s no guarantee on third party tools continuing to work with Lemmy. Something as critical as deleting images, which can cause problems like revenge porn and such, must be given priority by the official project.
We will never block third party tools, and will always have an open API.
One of the PRs I’ve been working on, is an interface to view your image uploads and delete them. This is not trivial, but will probably be in the next release.
Thank you for your service
Lemmy providing an open API does not mean that third parties maintain compatibility forever. (Edit: for example, what happens if the third party app gets taken away by a malicious maintainer? Or becomes buggy, or un-maintainable, project dies, etc.)
I don’t want to upset you, but I think I have to say this for the sake of the community. The attitude like “we provide an API, so third parties will follow,” is what is causing instance admins’ distrust in the first place.