- cross-posted to:
- technology@beehaw.org
- fediverse@lemmy.ml
- cross-posted to:
- technology@beehaw.org
- fediverse@lemmy.ml
Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.
You must log in or register to comment.
Instead of playing the blame game, let me see if I can help with a solution: I am fairly certain that I can take the “admin” functionality that I built for fediverser and use it as the basis for a “moderation dashboard”. It’s a Python/Django application that can communicate with the Lemmy server both through the API and the database. The advantages of it being a “sidecar system” instead of being built “into” the Lemmy code itself is that I am not blocked by any of the Lemmy developers and the existing instance owners do not need to wait for some fork to show up.
I can propose a deal: at the time of writing, there are ~200 people who upvoted this article. If I get 20 people (10% of the upvoters) to either sponsor me on Github or subscribe to my Europe-based, GDPR-subject suite of fediverse services, then I will dedicate 10 hours per week to solve all GDPR-related issues.
How does that sound? To me it sounds like a win-win-win situation: Instance admins get proper tooling, Lemmy devs get this out of their list of concerns and users get a more robust application for the fediverse.
I wish you the best of luck on this and I truly hope you do this, but this is what the lead dev of Sublinks tried to do. That’s the missing piece here. He tried making an external mod tooling system. Maybe you’ll have better luck than he did. I really hope you do.
Oh hey it’s the article that drove me to become a sponsor of the lemmy project, for every demand and complaint there are many of us who are in solidarity with Lemmy devs and I’m happy to provide material support. This isn’t a business and this is a website to use for fun. There is no way GDPR would ever apply to this, it would require a complaint with merit and the instance owners to refuse to cooperate. There are no enforcement actions on GDPR against private individuals that don’t also include criminal charges in the EU. You can literally look up every GDPR enforcement action.
Also it’s March not February
GDPR applies to any entity that processes personal data. That includes instance owners. In fact of you look up GDPR enforcements you can that it’s also enforced against private persons.
suck my balls
Maybe you should reread what you wrote? You said there’s no way GDPR would ever apply. I said it does. You said there are no enforceable actions, there are. the part you thought makes you right is the “criminal charges” part but that makes zero sense to begin with because GDPR, as an EU wide regulation, imposes only fines and no criminal charges.
GDPR absolutely applies to Lemmy, it’s just that nobody has looked at it / there wasn’t a complaint. When that happens, lemmy will be in trouble.
It isn’t that it doesn’t “apply” it is that there won’t be any enforcement. These are different concepts. The world involves risk assessment and this is a risk I’d take.
There will be enforcement if one asshole reports instances. Are you certain nobody will get disgruntled and report it?
The fact that Lemmy’s core team is taking a fairly laissez faire position on moderation, user safety, and tooling is problematic, and could be a serious blocker for communities currently hosted on Lemmy.
At this point, most of the solutions the ecosystem has relied on have been third-party tools, such as db0’s fantastic Fediseer and Fedi-Safety initiatives. While I’m sure many people are glad these tools exist, the fact that instances have to rely on third-party solutions is downright baffling.
Honestly, what? Why would be baffling to have third party tools in this ecosystem? It would be baffling if that was the case for Facebook. Also the devs did work on some moderation features, but they probably have tons of other stuff to work on, all for an amount of money which is a low salary for one developer.
This link has been posted and discussed on Reddit too.
Of course, we shouldn’t care about what people on Reddit think (and I noticed this post by chance since I log on there very rarely now), but some users in the thread genuinely ask about joining Lemmy and so I guess it’s useful to know about possible obstacles to trying it that they may perceive.
That OP has been crying everywhere about the Lemmy devs being mean to him. Saw a few threads of his here on Lemmy.
Ya, reading the GitHub issue sounds entirely like burnt out devs being abused by users. It’s a massive issue in open source.
The Late Night Linux and Linux Dev Time podcasts talked about exactly this in a recent episode. It can be extremely demoralizing to do all this work for free for a project only to be inundated by ungrateful people demanding you fix something or implement a feature they want. Many open source projects have died because of that.
We’re not talking about a user demanding you release a flatpak build targeting their personal linux distribution running in a VM’d WSL, we’re talking about a consumer facing social app that doesn’t include the functionality for a user to delete something they added.
You know what the acronym used for describing the most basic functional web app api is?
CRUD - Create, Read, Update, Delete
we’re talking about a consumer facing social app
What we’re talking about is a complete free and open source project that’s built and maintained completely through volunteer labour.
There are zero obligations towards the people actively using the software.
While I agree that the functionality should exist, the devs can literally do whatever they want. Nobody is paying them.
Edit: you’re also seeing only a single instance of a conversation. I can guarantee that the devs have been dealing with asinine and demanding users for a while now. There comes a point where your patience wears thin.
What I truly don’t understand is why the negative eggs that you WILL ALWAYS HAVE NO MATTER WHAT, read it again, ALWAYS HAVE NO MATTER WHAT, gets so much mental attention than the many more people who are actively applauding you and saying their thanks and giving you their praises.
I will never understand the focusing on the negative I guess. It’d be easy as fuck for me to ignore people’s assholeishness while still taking their badly typed criticism and improving (if I reasonably can).
Shit, it makes me feel like the fucking champ when some random persons says thanks for something I did, and I laugh and ignore the ones who don’t like what I do.
But hey, if focusing on the few negatives instead of the mountains of praise is what you want to do, it’s all yours.
Imagine you get approval to build a new park and playground for your neighbourhood. You spend hundreds of hours designing the plan and layout and you spend incredible amounts of your own money to get the resources.
You get to work and things are going well. As you near the end of months upon months of work, the park finally opens for families and kids to use.
As you’re standing there proud of your work, some people come over to you. Do they say “thank you!” or “you did amazing work”? No, they come over to complain about things that are missing, tell you what you should have done better, that you didn’t accommodate their each specific needs, etc.
You would very quickly get bitter and demoralized.
Like I mentioned before: this is a massive problem in the open source development world and has killed many great projects. This has nothing to do with “mental attention” and everything to do with users abusing the devs and their time.
In your analogy, the park didn’t follow any safety guidelines and people are dying on the rides and falling into a lake with piranhas.
the park didn’t follow any safety guidelines and people are dying on the rides and falling into a lake with piranhas.
In my analogy it’s a park with trees, bushes, rocks, and slides. I said “park in your neighbourhood” not “mega-extreme rollercoaster park”. I also said “you got approval” which is generally from the city or other governing municipal/county/regional body. And that also requires a plan to be submitted before approval is stamped.
So no, what you did is make up a bunch of crap to strawman my argument and try to make what I said wrong in some way.
Nice try.
They by definition didn’t “get permission” if they are noncompliant with GDPR.
Was going to say “another one of these?” but, wow, the article really further highlights the childish nature of the Lemmy devs… Can’t wait for Sublinks to reach feature parity and become main stream, so we can leave this dark phase behind.
I disagree strongly that they are childish. They are 100% correct in what they are saying here. Also this article doesn’t “highlight” their behavior, it’s actually “cherry-picking” behavior that puts them in a bad light. Similar to tabloids read by the lowest iq crowds.
You don’t demand anything from open source devs. You feel gratitude for what you have.
It’s honestly mind-blowing. At every turn, for no reason at all, they act like a bunch of dicks. It’s like they decided to run a community project based on engineering prowess alone, and nothing else.
Except the engineering isn’t all that good, either.
You’re being dense, the reason is devs get burned out and you’re asking them to do work for free.
The reason that an open source developer might experience burnout are myriad, but can include:
- Lack of compensation
- Insufficient tooling or project infrastructure
- A high ratio of operators to maintainers
- Lack of a concrete roadmap, quality documentation, tests, essential resources
- Lack of an onboarding process for new contributors
- Inability to reconcile differences with contributors, leading to hard forks or exodus of contributors
- Intractable architectural issues that require substantial engineering effort, possibly more than the maintainer can actually contribute
As someone who has done Community Management for an open source, decentralized communication platform (Diaspora), I am familiar with all of these things. This shit is hard, and I am not denying that Lemmy devs have done a lot of good work.
The problem is actually much simpler than you’re making it out to be. For a social platform, which depends on interconnected self-hosted communities to succeed, you absolutely have to build in the tools and utilities necessary to deal with all the crazy shit that comes with the territory. Ignoring this causes a cascade of problems that gradually get worse the longer they remain unaddressed.
The devs are surviving on crowdfunding and grants, and doing the best they can with that. That’s commendable! They probably need more of both to have their needs fully covered. But don’t get it twisted: receiving proceeds for your work is not the same thing as working for free.
receiving proceeds for your work is not the same thing as working for free.
Accepting donations is not the same as entering into a contract agreement where the person giving a few bucks per month entitles them to dictate how the work should be done. If people want to enter in a relationship where they get exactly what they want for the money they are giving, then they will be better off by going to a commercial provider, so that the nature of the transaction is explicit and mutually agreed.
About the grants: AFAIK they got the grant to make federation work, which was completed to everyone’s satisfaction. If they had received a big grant from NLNet, got the money but didn’t deliver on what they promised on the application, then you could argue that they did not hold their end of the bargain. But do you it’s fair that because they got money from one part of the work that they should be responsible for all subsequent deliveries?
I’m really trying to understand where you are coming from with this. You mentioned your work on Diaspora, and I don’t know how much you were involved on it, but I do feel that one of the things that doomed Diaspora was that the founders mistook the attention and money they got in 2010 as an indication that they were all alone responsible in “saving us from Facebook”. If Ilya had learned to say “it’s not my responsibility to build everything to win a fight against a multi-billion corporation”, perhaps he would still be around.
Accepting donations is not the same as entering into a contract agreement where the person giving a few bucks per month entitles them to dictate how the work should be done. If people want to enter in a relationship where they get exactly what they want for the money they are giving, then they will be better off by going to a commercial provider, so that the nature of the transaction is explicit and mutually agreed.
With respect, this is a framing issue and depends on your point of view. Does a donation mean someone contracted you to do something specifically? Not really. But, will mismanagement of expectations and hostility convince someone to stop donating to a project? You’d better believe it. If you’re working full-time on a project, donations are your lifeblood. They literally put food on your table. You literally can’t afford to disregard the needs of users and admins. But of course, you are at discretion to decide what those needs actually are, and how critical they are. Nevertheless, the relationship is more transactional than it appears to be.
About the grants: AFAIK they got the grant to make federation work, which was completed to everyone’s satisfaction. If they had received a big grant from NLNet, got the money but didn’t deliver on what they promised on the application, then you could argue that they did not hold their end of the bargain. But do you it’s fair that because they got money from one part of the work that they should be responsible for all subsequent deliveries?
Overall, I think their grant from NLNet was a good thing, and I think they did good work on that. As long as their work was in scope of the grant, I don’t see a problem with that.
I’m really trying to understand where you are coming from with this. You mentioned your work on Diaspora, and I don’t know how much you were involved on it,
Community Manager, circa 2011 to 2013. I was basically an air traffic controller for GitHub issues, acted as a developer liaison, served as a face of the project to the community, and engaged on the network every single day to get a pulse on what was going on. A lot of it involved smoothing things over with people who were upset about things, resolving conflicts, drumming up volunteer coders, and indicating to core team what varying needs were across the user and developer communities. I lived and breathed it every day.
I do feel that one of the things that doomed Diaspora was that the founders mistook the attention and money they got in 2010 as an indication that they were all alone responsible in “saving us from Facebook
This is somewhat inaccurate, and here’s why: Diaspora never advertised itself as an Anti-Facebook. They were building a federated network that focused on user freedom, and it was a combination of timing and insanely good luck that their Kickstarter campaign picked up as much as it did. The whole “we’re going to save you from Facebook” thing was an invention of the media to get people to click headlines. What really doomed Diaspora was that the core team wanted to be a startup, the community wanted it to be a project, and getting the company into yCombinator had the team focus on things further and further away from their original goals.
If Ilya had learned to say “it’s not my responsibility to build everything to win a fight against a multi-billion corporation”, perhaps he would still be around. This is a little disingenuous. Ilya had a big heart and was an amazing person, but he struggled with depression, anxiety, and mental illness. There was an enormous amount of pressure, sky-high expectations, and media vultures that picked apart every little hiccup the team went through, but I don’t think it’s fair to say it was those things alone that made his passing happen. They didn’t make life any easier for him, though.
If you’re working full-time on a project, donations are your lifeblood.
This is where we fundamentally disagree. This is only true if the developers puts the project above themselves, which is the wrong attitude on multiple levels. Developer owe nothing to those donating, they owe nothing to the project and they should never be compelled to accept anything because other people are putting a metaphorical gun to their heads.
And like I said before, even successful projects are barely getting by with donations they are getting. Instead of putting themselves on some imaginary treadmill (one more feature, and we will get people to like us!) it is healthier for everyone if we dropped the pretense that “community is enough” and established beforehand what all parties want to get in order to get something done.
So, here’s the thing: these guys are working full-time on the project. Their only source of income, grants aside, are donations via fundraising. Effectively, they are putting the project above themselves.
The common model for this nowadays is the Patreon / OpenCollective / LiberaPay, where donations are usually given continuously over an indefinite period. It’s closer in form to crowdfunding than it is traditional institutional donations.
This is going to sound shitty: just as the expectation is set that no one should make demands of work done for free, so too is the expectation that development work technically isn’t owed a single penny. Any donor can stop giving, for any reason, at any time.
If I as a donor feel my needs aren’t being met, I can stop donating. As a collective action, a bunch of dissatisfied supporters can do the same all at once.
I’m not saying either side should threaten each other. But let’s not pretend that this is some hoity-toity Utopian model where donors selflessly hand over money with no expectations, and the developer just works on whatever. If your livelihood depends on it, if you can’t put bread on your table without it, then you’ve got to keep your backers happy.
You don’t understand how open source works. You are not entitled to any features. Let the devs go on their own pace. A lot of open source projects shut down because of similar reasons.
You don’t know how social networks work. They only survive based on network effects, if they don’t have the most basic functionality that users expect (like complying with privacy legislation), then they will fail to reach critical mass and be outcompeted and die.
If the devs don’t want to provide the most basic functions that any user of a social network would expect, they’re welcome to be downvoted to hell and have their project go back to being one of the millions of forgotten and unviewed personal github projects.
Open source projects die because it takes both technical talent and attention to your users to make a project successful, and for-profit companies often pay different people to do those.
The entire point of the “fediverse” is to combat the network effect. Don’t like Lemmy? Move to another app and still communicate with people on Lemmy. Plus it’s all open, can’t find an app you like? Build one or wait for someone to build one you like.
Likewise, an open source project can totally die if they refuse to engage with the needs of the users. The lack of moderation and content management tools have been a longstanding criticism of Lemmy, and instances will migrate to alternatives that address these concerns. It is a genuine legal liability for instance operators if they are unable to sufficiently delete CSAM/illegal content or comply with EU regulations.
But opensource projects are more likely to get dropped by devs than losing their userbase from what I’ve seen. I could be wrong. Both our points are true. That’s the best part of fediverse. If one doesn’t like lemmy, they are free to choose an alternative. I just don’t agree with demanding features from open source developers. There is a distinct line between demanding and requesting. I’m not saying lemmy is perfect. Maybe Sublinks would be better. Let’s wait. But even Sublinks won’t be sustainable if users do not respect developers time and patience.
We can expect them to follow the law. And yes this means implementing required features to comply with the law.
Nothing here is breaking any laws. I don’t know why OP thinks the GDPR applies here, it doesn’t.
It does apply, but not to the Lemmy devs, but to the instance admins.
As it stands, you can’t legally host a Lemmy server in either the EU or the US (or places they can reach) and federate with the 'verse at large without fear that the authorities will come after you.
This is not true at all, you can host a instance in the USA for free and not be subjective to the GDPR. You’re not selling anything, or marketing anything or doing any data collection to be sold. It %100 does not apply.
GDPR article 3, and the EU-US Data Protection Umbrella Agreement concluded in the US in December 2016 which makes it US law disagree.
I don’t agree with the tone of the Lemmy devs, but they are right: it’s opensource being worked on mostly in the free time of people. Do not treat the devs like they are paid to do your bidding, because they aren’t. If you donated and have expectations, you don’t understand the meaning of a donation.
Imagine if the author had a woodworking workshop on their compound where they made things out of wood; figurines, furniture, tools, sculptures, and so on. Say they opened it up to the public so that guests could have a look, play around, spend some free time there, and maybe even use the equipment there. But then guest started demanding the author buy newer equipment, make sculptures more to the guest’s liking, made the workshop more accessible to invalids, put up the national flag, play the radio, and a host of other things. All the while not footing the bill for anything, not helping clean up, not volunteering to help in any fashion.
Then the author refused and invited the guests to help. But instead, the guests went off and made a blog saying the author was selfish, cold, self-centered, egoistic, rude, and what not.This is what the author of this article and people in that github discussion come over as. If those people came into my workshop and told me how to do things without helping out in any way, I’d rightfully tell them to fuck right off.
Articles like these that are practically demanding change will not and do not improve the dialogue. They are actually bad for opensource as a whole because they give people who don’t understand opensource the feeling that they have the right to complain, the right to demand, the right to expect, the right to be entitled to an opinion and an outcome.
That’s a thumbs down from me dawg.
I have a better example. What if a small company made pills or medical devices. Do they get to be noncompliant with the EU law, and tell their patients “we won’t get a medical license, there is too few of us to do it”? If you aren’t okay with that, you aren’t okay with lemmy being noncompliant GDPR-wise
Beautiful example of a commercial company selling products to customers 👍 My questions to you:
- are the lemmy devs a commercial entity who paying clients are dependent on for making a closed source solution that nobody can modify?
- who is non-compliant for failing to remove personal data form the database and filesystem? the admins who have access to the database and filesystem or the lemmy devs who don’t?
- if the people complaining are so concerned, why do they not contribute the code to fix their perceived issues?
Are lemmy admins handling EU information? Yes. Do they offer services? Yes. It doesn’t matter if free or not. Hosting a lemmy instance that allows EU users is therefore illegal.
Let’s play it out. I have a commercial instance based on the EU, I have a handful of European citizens who I have processed data.
If any of them tells me they want to delete their data, I can run a script that delete all their data from the database. If they want me to tell you what data I collected from them, it’s another data query away.
Please do tell me exactly what is illegal about it.
Your instance is tiny and it is manageable. For large instances, it’s not “just a single query”. You also can’t miss anything, so photos and similar - if they have uploaded something.
Also, does your instance have a cookie prompt? If not, then that’s a paddlin.
For large instances, it’s not “just a single query”. You also can’t miss anything, so photos and similar - if they have uploaded something.
So, you went from “all instances are liable” to “big instances won’t be able to handle it”. Not only you just moved the goalposts, you are also missing the point of the Lemmy devs: if compliance with GDPR is problematic only for instances that are so big to the point that the volume of requests can not be manually processed, then it’s not something that should be a concern for the developers of the main software and the cost to implement such a thing should be born by the admins themselves!
Also, does your instance have a cookie prompt?
Cookie prompts are only required if you have tracking cookies, which I don’t have on my website or any of the instances I run. Cookies used for authentication or basic functionality (let’s say to store the user preference for dark mode) are not tracking the user across multiple sites and therefore do not fall into the requirements for disclosure.
Edit: downvoting without a response serves only to show how lost you are in your argument. You spent the best part of the last two days fueling the mob and throwing accusations at the devs and basically making them criminally irresponsible and now you can’t even support the premise that EU instances are somehow not able to comply with the law.
Lemmy devs being man children when confronted with GDPR compliance.
And if Lemmy if supposed to better Reddit in basic fucking decency then GDPR is absolutely crucial.
how are you supposed to do gdpr compliance on a federated system though?
You are responsible for data collected by your own instance. If a deletion request comes through, you are responsible for deleting it from your account, and forwarding the deletion request and responses to other instance you federate with. You are in the clear as long as you don’t keep data you legally can’t, and have sufficiently informed other instances of your obligations.
Hey everyone, I just wanted to thank you for the lively conversation and thought-provoking insights. We don’t have to agree on every point (or at all), but I’ve decided to synthesize a lot of thoughts and ideas from these conversations into a blog post: https://deadsuperhero.com/2024/03/economic-musings-on-federated-networks/
I know you said it is a brain dump, but your follow up still seems mostly an emotional reaction to how the devs responded rather than a reasoning synthesis process.
E.g, your “Where Fediverse Software Differs”, it seems like you want to pay off the set up you’ve placed in the previous paragraph (about the difficulty of being an open source developer), but this payoff never comes and instead you end up the argument with “The feature requests valid, and the devs responded like dicks”.
Even if we take “the feature request was valid” for granted, it does not follow that the devs must act on it right away. If the Lemmy devs acknowledged the issue and said “You are absolutely right and we strongly advise anyone hosting an instance in the EU if they are worried about GDPR”, then what? Do you think that whoever wrote the “perfectly valid feature request” should still be pushing for making it a higher priority? On what grounds?
Also:
The operators, who to some degree help the project gain visibility, support, and money, are themselves doing unpaid labor: community building, moderation (…)
shouldn’t ever be used as an excuse to justify free labor from developers. This is not Self-Loathing and Display of Low Self-Steem Olympics. Anyone that comes to me with a “I’m not gaining anything from my work” argument will promptly receive “The fact that you can not establish boundaries and are martyring yourself is not my problem” as a response.
The fact that developers of FOSS software project are able to tell users “If you want something done, you need to give us the resources or do it yourself” should be lauded, not criticized or be seen as “dicks”.
If instance owners are dealing with bad users “and not getting paid for it”, they can do two things: close down the instance, or put proper boundaries and tell what they are willing and not willing to do for free. Alternatively, they can do what I do and make the relationship explicitly transactional: I’m more than willing to work a lot to solve my customer’s problems, but this is only after they actually paid me for it. The fact that I only accept paying customers makes my instance noticeably easier to manage. Even if I’m charging way less than what some people would donate to their favorite instance, the fact that all the users from the instances are paying make for an excellent filter.
The common denominator is relatively simple to understand: good optics of a project leads to more users, leads to more communities, leads to people building all kinds of apps and tools for those communities, leads to more people being willing to donate to a project.
This “donation-based” approach needs to change. Mastodon has no problems with “optics”, and its “Founder and CEO” is reportedly making 30000€ as yearly salary. This is ridiculously low. This is less than what an intern makes at Facebook. The three Lemmy devs are sharing less than 4k€/month. You can make more money by working part-time on Uber Eats. To think that this is enough to claim “they are making some money” is frankly absurd.
If society in general is so tired of exploitative Big Tech, society needs to give a strong signal that it’s willing to pay for the alternative. If we don’t want to have the most brilliant minds of our generation working on how to optimize the amount of ads that you get to see online, then we need to show that those building better solutions can be properly rewarded. It’s not up to the developers to try to build out everything perfectly and then go around begging for people for breadcrumbs and their seal of approval.
To sum up: I’m not saying that developers need to be worshipped because they can do what others can’t. I’m also not saying that the Lemmy devs were right in how they communicate with its users, but I am saying that they are absolutely right in establishing their priorities and not let their work be dictated by someone that is not putting any Skin on The Game.
The problem sort of is capitalism right? These public good projects should have public funding. Imagine if the public funding for open source software projects was like that of the Apollo program in the 60s (2.5% of gdp).
