this post was submitted on 04 Mar 2024
30 points (82.6% liked)

Fediverse

17734 readers
34 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
 

This article will describe how lemmy instance admins can purge images from pict-rs.

Nightmare on Lemmy St - A GDPR Horror Story
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)

This is (also) a horror story about accidentally uploading very sensitive data to Lemmy, and the (surprisingly) difficult task of deleting it.

top 11 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 15 points 8 months ago* (last edited 8 months ago) (2 children)

I haven't had a deletion request come around yet, but I've had the pict-rs documentation in my back pocket just in case. My instance allows NSFW, so I made sure I knew how to do this before deploying.

I agree with the author, though, it definitely shouldn't be so hard to delete images. Hopefully the Lemmy devs tackle these issues quickly.

[โ€“] [email protected] 9 points 8 months ago (2 children)

Impossible to be done if not every servers plays by the rules.

Sort of non news too, "don't put sensitive data on display, especially on the internet".

[โ€“] [email protected] 9 points 8 months ago

With federation it's kinda like complaining archive.org doesn't have a good way to purge page snapshots in case you post something on your website you regret later. Or search engine caches. Or the local scammers replicating your page with curl for a phishing scam.

[โ€“] [email protected] -1 points 8 months ago (1 children)

The author pretty freely admits he shares some blame, having PII on the same phone he uses Lemmy, using Lemmy while not paying attention/being half asleep. I'm sure he does know better and agrees with your statement. And yet, when mistakes happen and people prove to be fallible, Lemmy proves it is not capable of handling the problem.

I also can't believe the Lemmy developers would be so indignant about being presented with such an oversight. GDPR or no GDPR, federated to other servers or not, the idea of PII being hard/impossible to delete from a social media platform is an embarrassment to the developers.

[โ€“] [email protected] 2 points 8 months ago

I think you don't understand how federation works.

It's like you show something sensitive on TV, and you want to "erase" that from everyone seeing it.

Lemmy isn't centralized like Reddit or Facebook.

[โ€“] [email protected] 4 points 8 months ago* (last edited 8 months ago) (1 children)

Unfortunately, the Lemmy devs literally said it would take years to fix this issue. If you think this should be a priority for them, please advocate for them to prioritize it on GitHub:

[โ€“] [email protected] 3 points 8 months ago (1 children)

Thanks for sharing.

Sad to see such communication from the Lemmy devs

[โ€“] [email protected] 4 points 8 months ago

I agree the whole issue was lemmy devs being an arse to maltfield

[โ€“] [email protected] 3 points 8 months ago (1 children)

You clearly put a lot of effort into writing this blog post, creating the header image and sharing it across dozens of Lemmy communities and Github issues. I only wish you would put even a fraction of this effort into actually resolving some of the mentioned issues. After all you are a programmer and many of them are relatively easy to resolve with a bit of time.

What you dont seem to realize is that Lemmy only has two fulltime developers (Dessalines and me). We are both working every day to fix bugs and implement new features in Lemmy, but there are only so many hours in a day. Whenever we resolve one issue, a new one gets reported so its impossible to resolve all of them. The repos for lemmy and lemmy-ui currently have 750 issues. So there is no other way but to strictly prioritize what we work on, and ignore things we dont have time for. Obviously people will disagree with the exact priorities, that is inevitable.

The only solution is to get more contributors who help work through the issue backlog. Or if you are not willing to do that, switch to a different platform which is backed by venture capital and can pay dozens of developers to work on it.

[โ€“] [email protected] 2 points 8 months ago* (last edited 8 months ago) (1 children)

Did you read the article and the feedback that you've received from your other users?

Any FOSS platform has capacity issues. I run my own FOSS projects with zero grant funds and where I'm the only developer. I understand this issue.

What we're talking about here is prioritization. My point is that you should not prioritize "new features" when existing features are a legal, moral, and grave financial risk to your community. And this isn't just "my priority" -- it's clearly been shown that this is the desired priority of your community.

Please prioritize your GDPR issues.

[โ€“] [email protected] 0 points 8 months ago

I bet your project doesnt have 50.000 monthly users so its not comparable at all. Out of all these users only you and one or two others care so much about GDPR (yet not enough to make actual contributions yourself). We really cant change our priorities for a single user out of thousands.