In my opinion it's unreasonable to think anything can truly be deleted in a federated system. Even if the official codebase is updated to do complete deletion & overwrite, it's impossible to prevent some bad actor from federating in a fork that just ignores deletion requests.
Seems sensible to just not post anything that you don't want to be available for the lifetime of the internet.
Just as it's impossible to stop scrapers from archiving data on traditional websites. "Deleted" data is probably in a database somewhere, being sold by someone. As you said, you lose some degree of control over your data as soon as you post it. Data is valuable, and if there is a will there is a way.
In my opinion it’s unreasonable to think anything can truly be deleted in a federated system.
yeah like. this is just a byproduct of how federation works currently. i don't even know how you'd begin to design a federated system where some of these critiques can't be levied
I don't expect my data to be fully deleted in a centralized system either. even if it was deleted from the central server someone might have made an archive of it
and reddit is definitely guilty of this since they were bringing back peoples deleted comments and accounts
First - we're all using alpha/beta software (Lemmy is 0.17.4, Kbin is 0.10.). None of these services are "production quality" software yet, so let's keep that in our minds - we're all early adopters.
The points mentioned in the OP are a bad look. Naturally. User should have expectation of their data being deleted on request - especially since this request might be regulatory privacy request (GDPR related). It's a clear failure from the software and should be improved and iterated upon.
The expectation shouldn't be "oh well it's on the Internet, live with it". While Facebook might keep mining your data after deletion request, our software shouldn't behave like that, we should strive to be better with this stuff.
And finally, ensuring privacy in federated system is hard. Mastodon suffers from same problems. We shouldn't give up on the idea though.
It is an early stage software and such things can be worked out, you're right. But on the other hand, such basic elements should be based on a thorough concept before a single line is coded, and implementing something like a delete button with "Let's just make it delete the most visible stuff for now, we can always improve that later when there is time" is recipe for disaster.
The more important part for privacy: Mail address is optional, and IP addresses are not stored in the database. A correctly configured instance (at least for EU legislation) also will not log IP addresses in the web server - with that you can have profiles that can't be tied to an actual human, and you don't have location and movement data.
The data deletion is pretty much a nice to have - it's on the level of the Exchange feature to recall Emails: Sure, you can ask nicely, but outside of your own server pretty much nobody will care. Lemmy is federated over multiple jurisdictions, so even with full deletion implemented there'll almost certainly be instances which will ignore the deletion request - and it will be completely legal for them to do so. More important is education about what you publish, and a basic understanding of the technical and legal realities you'll have to deal with if you later decide you want that information gone.
I already had that discussion with my 6 year old when she wanted to publish some videos - and she understood the problems quite well.
So, I was born in the late 90's - I don't know if they still have "computer literacy" as a core course in schools these days, but they did when I was going through K-12 (or, well K-9.. once you were in high school they assumed you knew the basics of how to use a computer, and had more advance courses).
One of the very first things we learned about the internet is that once you put something on the internet, there is no way to take it back. At the time, uploading pictures to the "cloud" and such wasn't really a thing so we learnt this by using email: Once you've sent an email to someone, you cannot "unsend" it. You can kindly ask the other party to delete the copy of the email without opening it, but you cannot guarantee that the email wasn't saved on another computer, or saved somewhere else along the route between your computer and the receiver's computer. Clicking the send button was taught to us as "etching your letter into stone".
Because of this, I've always (or at least, as far as I can remember) made sure that anything I put on the internet, or even "put into digital form" (such as even writing something in a file on your computer - you can recover deleted files from a hard drive unless you really put in the effort to actually erase it... there is a huge difference between erasing a file, and marking it as "deleted") is something that I'm okay being tied with me forever. I'm sure if you looked hard enough, you could find me participating on message boards as a young teenager - and to that I just say "Oh well". Is some of it probably very cringe-inducing and embarrassing? I have no doubt.
(This is also why you should take extreme caution when talking about say, your friend, on the internet - if you post something about them on the internet, you're condemning them to this same exact thing)
Now funnily enough, as far as I understand the ActivityPub protocol, it is for all intents and purposes the exact same as email in this regard. Once you've sent something, there are no "take backs". All you can do is kindly ask others to delete their copy, and that comes with zero guarantees. If I had a mastodon server, and someone deletes their toot - I could take down my server and my server would never receive that delete request. Or, just simply change the source code of the Mastodon instance on my server to straight up ignore deletion requests.
Would it be nice for Lemmy to have a way to actually delete your content? Sure. But that's not technically feasible, and personally (as controversial as it may seem) I would rather Lemmy not try to give you the false sense that everything was completely gone forever. I'm not saying that you shouldn't be able to delete your account off a Lemmy instance, but it shouldn't come with an option that says "Check here to remove your data/media from all federated instances" because Lemmy/no one can promise that, and I really hate it when software (or really anyone/anything) attempts to make a promise in bad-faith knowing that they can't possibly ever uphold it.
Anyone who thinks Reddit is "better" than Lemmy in this regard probably doesn't realize that Reddit is making a claim they can't keep. The most obvious example of this is all of these subreddits that have gone dark? You can bring up most of their posts on the Wayback Machine or Google Cache. That would be the case regardless of whether they were set to private, or even if they were just straight up "deleted".
We really should not be setting the belief for people that there exists a way to completely nuke a piece of data off the internet, because you cannot make a guarantee of that being the case.
Did anyone use reddit thinking it was private? With stuff like push shift and way back machine people shouldn't be posting stuff they aren't comfortable sharing anyways on a wide open message board.
Always weirded me out the people who'd treat their reddit accounts like Facebook.
With stuff like push shift and way back machine
So much this. I don't get why people don't remember this first thing when it comes to data storage.
What does this have to do with Mastodon?
The same privacy issues also exist with Mastodon and all distributed systems.
It is reasonable that people should be able to delete their posts / comments. However I don't see how is this related to "privacy". How can something you post on a public forum be private?
its the principle behind the 'right to be forgotten'
if you posted something to a public forum and changed your mind, deciding it shouldnt be public after all, you should have that option
You can’t delete a mail you sent me, nor put your hand written letter to me in the bin. I can keep both and I can keep your name and addresses in my little black book. So there isn’t even that level of privacy in the real old fashioned communication.
And communication over the Internet was always the subject of storage. Your mail may be on the backup tape of a mail server. Your usenet posting is on archive.
So the assumption that the fediverse can forget….
I understand the impulse but the way some people get so hung up on trying to make a way to permanently and universally delete posts made on public facing social media and framing it as a "privacy" issue feels kinda like saying something you regret on mic at a town hall and being mad that you can't permanently delete the memory of it from the minds of everyone present, and claiming that they violated your privacy by remembering it
BTW, the OP on Raddle was spamming that message around Reddit last week and directing people to Raddle. I think he has a bone to pick with the developers' politics more than anything.
Anything put on the internet is forever. No one should be publicly posting anything with the expectation that they have any control of it after it goes out. If it’s not held by the server, there’s the way back machine or even just folks taking screenshots.
I completely agree. I just don't see how there can be any realistic expectation of privacy when publishing something publicly.
I appreciate the idea of laws establishing a right to be forgotten and I think there's still some value in being able to take your data away from certain companies, but there's no guarantee it wasn't copied many times before the original location is taken down.
The Fediverse works like email. Once somebody hits send, there's no real way to claw that back.
https://github.com/LemmyNet/lemmy/issues/2977
It's not like they're doing it on purpose, there's a lot of things being worked on, and this is one of them.
The illusion of Privacy is Mastodon (or social media in general)
There's a reason why when you go to "private mentions" on Mastodon, this appears:
While yes, we should be able to delete our content if we want, but it's a bit naive to think there could be true privacy in any decentralised social media platform.
There's a reason why one of the think people tell you when you come to the fediverse is not to share personal and sensible information.
The only decentralised social media that has some level of privacy is Matrix, and that's why it has it's own protocol and only federates within/between its own servers.
In general I think we should go back to separating personal identities from internet identities on discussion forums like these. There are already platforms for promoting your personal identity that are way better than these types of forums
While yes, we should be able to delete our content if we want, but it’s a bit naive to think there could be true privacy in any decentralised social media platform.
Especially an email or "reddit" threaded conversation systems where quoting of messages is routine. Here I am, quoting you.
You are putting a billboard up in public, on a bulletin board in the center of the Internet, the assumption should be that anyone can photograph it.
There’s a reason why when you go to “private mentions” on Mastodon, this appears:
Lemmy carries the same warning:
The same is true for raddle. They kid themselves if they think anyone can't record anything in there forever.
Anyway it's also inaccurate. Deleted accounts are purged from the DB, so they're definitelly not visible anymore
Likewise you you edit your comment, it's edited in the DB.
The fediverse is the real internet, it's not a company providing a service. On the real internet, once something gets out there, there can never be a guarantee that it's taken back. Even on Reddit, once you post something, Reddit might fully delete it but someone out there may have copied it.
This demonstrates a fundamental misunderstanding of digital privacy. You can never be guaranteed that data is deleted, just like you can never be guaranteed that someone has "forgotten" something. It doesn't matter what any entity claims they are doing under the hood, you have to assume they can't be trusted. That's not an expectation you can have, and not something privacy advocates are asking for.
I'm posting this comment publicly, and there's nothing stopping any random user (or non-user) from scraping this lemmy instance and archiving the data themselves. I know that when I post it. Same for reddit, raddle, any mastodon instance, etc. I can copy the text and usernames of everyone involved in that raddle thread and do whatever I want with it, there's nothing anyone can do to stop me.
To think otherwise reminds me of that first day on the internet kid meme. "I deleted my comments off of their servers, hah, they'll never get them now!"
What I can demand is: if I send a message directly to another party, I want to be able to verify that that party and ONLY that party can read the message (end-to-end encryption). I can also demand that they not require me to dox myself to them, that they not run weird js-based fingerprinting/port scanning processes on my system/network, and that I am allowed to connect to their services through a VPN should I so choose.
You're talking about real privacy, the critiques above are all about exposure reduction (incorrectly framed as privacy). Good retention policies are still important for situations like trying to delete something that you regret posting.
An example I could think of from the other site is the very common occurrence of posting some relationship questions and then deleting them later so that the person they're about can't stumble onto them. In that case you want finding the thing you deleted to be nontrivial enough that it can't accidentally be found. Someone with both the skills and knowledge about what they're looking for may still find it, because it was once public, but that's a different threat.
i mean raddle is a site that has an anti doctor post pinned in the mental health community ... like c'mon I and many others need medicine to survive and you are encouraging anti-psychiatrist posting, Church of Scientology levels of anti-medicalist posting
I didn't know anything about Raddle besides the name until now. But gosh, is that a needlessly toxic pit. There's a poor guy there getting completely beaten up by an admin and some others which seem to be enjoying their time-wasting public bullying. Oh well...
Opposite to Instagram or Facebook, on Lemmy or Mastodon you can create an anonymous account. Yes it will be logged (normal public internet), but you won't be treacable. The UI doesn't have any tracking scripts, and many instances don't require an email even to sign up. Use the Tor browser to spoof your IP.
Given the beta status of Lemmy, I don't even think it's a great idea to give the appearance of privacy. I think the core purpose of a webapp like Lemmy is public messages.
I think it's a can of worms for server operators to get into the business of thinking they can safely hold private messages between users/strangers. None of the Lemmy instances I've joined have had a "terms of service" or anything like that on SIgn Up, I really think the message should be sent far and wide that Lemmy is about posting IN PUBLIC and that messages are being FEDERATED to peers, even people that you don't know could be collecting the data for a search engine.
With small-time server operators opening up hundreds of Lemmy instances, without giving away their experience or human identity, how can you have any confidence that someone is properly securing a server they only have part-time job to update and operate? Major corporations are having their database stolen, Valve, Sony, Nintendo, health care companies, mobile network companies (AT&T)... you think a low-budget shoestring server by a hobbyist running Lemmy should be held to the same standards as a corporation who has an entire team and services to defend their data?
Damn, Raddle seems worse than Reddit when it comes to toxic attitudes. I never looked much into it since it's just another centralized platform like Reddit with different management, but boy oh boy are those comments just awful. Great community you folks got over there 😬
I find all the "privacy isn't possible on the clearnet, lol" Commets quite troubling. Yes, the internet doesn't forget and we should always behave on the internet as if our moms could read it.
But that kind of "privacy realism" fosters an additude that doesn't care about privacy at all; no matter how it could be improved (even if it's never perfect). Just because anyone on the street can follow me home and therefore can find my home address, I'm not carrying a sign with my address when going to a protest.
According to this comment, privacy is worse than with mastodon. And while data always can be scraped, it still isn't too much to ask to properly federate deletions.
Yes, the internet is a public place and reddit is bad and you might not like raddle, but come on, people. Have you all given up on improving things already? And do only tech-savvy people with the knowledge and resources to run their own servers have a right to privacy on the internet?
I assume anything I post online to remain there forever anyways. That's why I regularly make a new account so atleast everything isn't behind one username
Anyone who has open discussions on the Internet and thinks they're somehow private is a fool. Short of end to end encrypted chat I'm not sure what they expect.
One thing that mastodon does is proxying all the media from the federated servers, lemmy does not do this.. (yet)
For example on this comment page there are 9 domains trying to connect directly to me according to ublock origin. I suggest blocking all third party requests on your instance using ublock origins advanced mode because the website works fine without them, it might be mostly avatars?
I didn't even give this shit an email address
It’s no different than me sending an email to someone and then sending a request to delete it. There likely is still a copy on the email provider’s server and the recipient could have potentially backed up their emails to something outside of the email ecosystem.
Unfortunately the only way to be absolutely sure that there isn’t information you don’t want on the internet is to not share it at all. There will always be an issue of making sure every system actually deletes content when you request it. Like I said, that doesn’t stop anyone from backing up the data to another system. (E.g. Reddit archives from 2005 to now are available to download, even content that has already been deleted)
It is all public just as most forums on Reddit. No real difference. No difference with Usenet either. Relax.
Mastodon's privacy issues are just the same as the rest of the fediverse/threadiverse.
With federation there is more openness, transparency and accountability. Take care of your privacy, use alts.
The privacy stinks you say? Did you know that Likes and Dislikes are public too? That was the most shocking to me. Because it is very much not like Reddit or others.
It's still a fantastic piece of software, with all its flaws, though.
It's impossible to federate these without making them public in this way.
The up-votes are also mapped to favourites in Mastodon etc, so that was always public anyway.
You could argue that this should not be hidden in the Lemmy UI, but there are also good reasons to not highlight that much who voted on a post.
That's a non issue. You just cannot expect to be able to delete anything you post on the internet. Even the great reddit with the awesome deletion feature cannot help you. You might be able to delete your comment there, but there is https://www.unddit.com/ https://archive.is/ https://web.archive.org/ and many others, where your comment will still be available.
Use a pseudonym that you don’t use anywhere else and don’t dox yourself in your posts or comments
Personally when I want to share what I'm saying with the world I write a letter, burn it, and snort the ashes. This is the only truly private way to do this.
Rumors, happenings, and innovations in the technology sphere. If it's technological news or discussion of technology, it probably belongs here.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.