Was there even a mass exodus? I largely avoid Reddit now, but I do kind of doubt that they’ve been hurt in any meaningful way by all the protests and people leaving…

  • superkret
    link
    fedilink
    1061 year ago

    I doubt it, and if it does get successful, there’s unfortunately lots of ways it can be taken down by lawsuits if the big players want to.
    It’s currently impossible to follow a GDPR information delete request for example, because you can’t delete the info from other instances.
    And if any user uploads copyrighted material, the instance admin is liable.
    Same with illegal material.

    For these reasons, the Fediverse is incredibly vulnerable to a constant death and creation of instances which will make creating a collection of valuable info (like on reddit) impossible.

    But I’m enjoying it while it lasts.

    • @[email protected]
      link
      fedilink
      431 year ago

      But if that were the case, wouldn’t GDPR already be used to take down TOR or torrents or any other p2p tech? All it would take is someone’s personal information being on them, right? (I’m really asking I have no idea)

      • superkret
        link
        fedilink
        291 year ago

        TOR nodes and torrenters are taken down or charged all the time.
        The fediverse itself can’t be taken down, but if you take down instance admins often enough, you force users to keep making new accounts and new communities. Something that prevents establishing a real social network.

        • @[email protected]
          link
          fedilink
          17
          edit-2
          1 year ago

          Then you adapt to that threat with user exports or built in auto migration methods.

          The distributed nature makes it much harder to down the fediverse with legal claims than it does reddit/twitter/whatever already. Just being hosted in different countries makes these claims a stunning pain in the ass, as many countries do not require any compliance with the DMCA.

          • @[email protected]
            link
            fedilink
            01 year ago

            Sure if you want to play in a sandbox alone and have nothing but privacy and lqbgt content (nothing against them in the least bit).

      • Zeeroover
        link
        fedilink
        171 year ago

        That’s a good point. Right now if I send something out, even if the company I submitted it to deletes it from their servers, doesn’t mean other users will delete copies of the data I want to have deleted. Only the party I submitted it to will have to delete it.

        Just take a screenshot of a tweet or a LinkedIn profile or whatever someone posts here in the Fediverse, anyone can capture a copy of it.

    • @[email protected]
      link
      fedilink
      251 year ago

      It’s currently impossible to follow a GDPR information delete request for example, because you can’t delete the info from other instances.

      What makes it impossible? Why would any given instance maintainer be responsible for the data on someone else’s instance? Would it not fall on the GDPR requester to make that request of each individual instance?

      • superkret
        link
        fedilink
        141 year ago

        The requester can have no idea where his data ended up. That’s why the admin who receives the data is responsible for who he gives it to. And he also has to forward the delete request to whoever he gave it to.
        Otherwise, customers of an online service that sells their data would have to request deletion from everyone who bought it, which is impossible cause they don’t know who that is.
        The regulation was written to give people more control over their data, but it has no provision for something like federation, and it also doesn’t allow for a “do whatever you want with my data” box the users could check.

        The regulation was written to give private users control over what big corporations can do with their data. It doesn’t fit for non-commercial (but also not private) use by a loose group of admins. But legally, it still applies.

        • @[email protected]
          link
          fedilink
          441 year ago

          So then if someone requests that Gmail delete all their email data, is Google then responsible for making sure any emails sent out from it’s server to another is also deleted from those external servers?

          • @Fapper_McFapper
            link
            431 year ago

            Just in case you guys are wondering, there’s probably dozens of us enjoying the fuck out of this conversation. Thank you for asking questions I wouldn’t think of asking. On behalf of all three of us lurking.

          • @[email protected]
            link
            fedilink
            101 year ago

            I don’t have the answer but I think of it like this.

            Email is essentially a direct conversation between you and someone in the same room but you may extend (cc) to those people in the house. There is an implicit “I am including you in the conversation”

            Lemmy on the other hand is more akin to talking to someone in a crowded bar but the conversation is recorded and anyone over the world has the ability to listen to the conversation at any given time.

            Apples and oranges.

            • Blaze (he/him)
              link
              fedilink
              91 year ago

              Interesting perspective, but then cannot we consider that Lemmy users are aware that they are including all of the Fediverse in their conversation? That way Lemmy instances could be treated in the same way email providers are

          • @[email protected]
            link
            fedilink
            51 year ago

            Essentially yes, it’s called the Right to Erasure or the Right to be Forgotten. If the user is in a country that adheres to GDPR and the company controlling the data operates in a country that also uses GDPR, then that right applies.

            The only reason Google/Gmail wouldnt delete (or wouldn’t be able to delete) some of your data would be if they had a lawful or legitimate basis for holding onto it.

            I can’t think of a reason Google would give for hanging on to your data but that doesn’t mean there isn’t one, but they’d have to notify you of that reason as part of their response to your request.

        • @[email protected]
          link
          fedilink
          11 year ago

          Yes, but “the controller” is one instance, and it’s certainly easy for one instance to allow a user to be forgotten. You can purge the user from the instance. Then they are forgotten, as far as the instance is concerned.

          As an example, just because someone makes a GDPR request on YouTube to delete a video, does not require Google to actually remove the video from the whole internet. There are plenty of websites that archive content which are unaffected by that GDPR request. It’s the exact same thing with different Lemmy instances, just because you ask lemm.ee to delete your content does not mean that lemmy.world needs to delete your content.

          • @[email protected]
            link
            fedilink
            21 year ago

            The GPDR doesn’t require Lemmy to remove personal data from the entire internet. But when a Lemmy instance gives data to other Lemmy instance, there are legal responsibilities.

            https://gdpr-info.eu/art-17-gdpr/ Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

            ==========

            Maybe this is open to interpretation, but I feel that the same Federation protocol that federates out my personal data (my posts and comments), should also federate out my delete requests. I’m unsure why this would be controversial.

    • @[email protected]
      link
      fedilink
      221 year ago

      This is a big issue of eu regulations. They are needed, but don’t account for non profit initiatives, in practice favoring big players

    • Blaze (he/him)
      link
      fedilink
      41 year ago

      I’m never to sure about GDPR. The spirit of the law is that any identifiable information has to indeed be removed.

      However, does a Lemmy username really fit that definition? If John Doe has all of his Lemmy content under CoolNick89, I’m not sure GDPR applies.

      Emails, especially if they contain first and last name, are a different story, but those would only be known by the host instance.

      • superkret
        link
        fedilink
        31 year ago

        GDPR applies to user names and even IP adresses, according to current case law.

        • Blaze (he/him)
          link
          fedilink
          11 year ago

          Interesting, thanks. I’ll research this further.

          IP addresses make more sense, because they can be used to be cross-checked with your ISP to know who you are.

          If you don’t tell anyone your username and use a VPN, there is no way for people to guess your Lemmy username

      • @[email protected]
        link
        fedilink
        3
        edit-2
        1 year ago

        The law specifically names “online identifier”.

        The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons. In practice, these also include all data which are or can be assigned to a person in any kind of way. For example, the telephone, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data.

        https://gdpr-info.eu/issues/personal-data/

        • Blaze (he/him)
          link
          fedilink
          11 year ago

          Thanks for the definition, and that brings us to the next question: I know your identifier, [email protected]. However, does that make you identifiable by me, even indirectly? I have no way to identify you using that information.

          I always think that they meant online identifier such as [email protected], where the identifier indeed directly allows to identify the person.

          • @[email protected]
            link
            fedilink
            11 year ago

            The CCPA (USA version) and GDPR (EU) both specify Personal Data, not Personally Identifiable Information. So the contents of my posts are my personal data, even if my username doesn’t identify to a real person. If I want my personal data removed from Lemmy, the GDPR allows for me to request it to be deleted.

            Lemmy is still in the early stages. I’m not asking for changes to be made right away, or even this year. But I do feel that my personal data should be under my control. Lemmy should be programmed to federate out the the deletion of all my personal data, if I make such a request.

            Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data

            (*) Note the CCPA has a ton of exceptions, and only really applies to the larger social media sites.

    • Action [email protected]
      link
      fedilink
      41 year ago

      Well, the upside and the downside of GDPR is that if you’re not a member of the EU, you can basically just tell them to go fuck themselves because they have little to no actual power to impact you since you’re not within their jurisdiction.

    • @[email protected]
      link
      fedilink
      31 year ago

      Makes me wonder if the fediverse shouldn’t be individually instanced. Like Each persons phone/browser is their own individual “instance”. Maybe a central hub/series of hubs (like instances as they are now maybe) that act like dns servers to point everyone around. No content is hosted on them, they just tell everyone’s apps where to look to the other apps for posts.

      I have no idea, I’m a moron and I don’t know how the internet actually works. I’m guessing this is a problem at scale.

      • LUHG
        link
        fedilink
        21 year ago

        You’re not a moron, you were slightly right with dns. You’re idea is actually quite sound and it’s something I’m interested in also. Basically p2p social networking.

        We used to be able to stream 1080p via torrent stream p2p. We could do it.