I found a way to retrieve the text of comments deleted by user or mod. I don’t think it is an issue of federated instances not respecting the deletion.

Is it a bug?

Or is “deleting” always really just “hiding”?

  • thetaT [none/use name]@hexbear.net
    link
    fedilink
    English
    arrow-up
    10
    ·
    7 months ago

    in general, on the fediverse assume that nothing you delete will actually be deleted. once your post/comment is viewed on another instance and thus copied over to that instance, it’s possible that whatever you tried to delete will just stay on another instance until that instance vanishes.

  • WhyEssEff [she/her]@hexbear.net
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    7 months ago

    Because of how easy it is to delete things on lemmy, deletion is basically just a temporary override of content. The way to perma-delete, or ‘purge’ i.e. how it’s listed in the mod tools is editing a comment to overwrite it preceding a deletion. If you need to remove something for opsec reasons, this is the way to go. If I were more involved in dev and had the capacity to make that decision, I wouldn’t be opposed to hiding an option to purge one of your own comments in a streamlined manner behind the dropdown and an explicit confirm dialogue.

    • glans [it/its]@hexbear.netOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      A long time ago I heard that the most effective way to delete reddit comments was to edit the comment to have no real content, then wait a while (days/weeks/months) so that any reddit mirroring/scraping service would have time to pick it up. Then delete it.

      The premise being that such services would only retain the most up to date version of the comment.

      With federation in the mix I don’t know what would be expected.

      • ElGosso [he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        5
        ·
        7 months ago

        Reddit itself used to not archive previous edits of comments, which is why this was recommended. Whether scraping or mirroring services don’t depends on the service I would assume.

      • chickentendrils [any, comrade/them]@hexbear.net
        link
        fedilink
        English
        arrow-up
        4
        ·
        7 months ago

        That probably worked for some, I pushshift’s API returned just the latest revision and a timestamp it was edited at. For forums I archive, I store every event. If it’s a small enough edit (using difflib I think) then I store the deltas. If it overwrote most of the comment I store the latest non-overwritten one and mark it as having been overwritten with the last event time on the comment.

        Text is tiny, and with federation it’s trivial to scrape but even centralized forums barely impede data archival.

        • glans [it/its]@hexbear.netOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          Ya but it’s unusual to be doing that.

          In tests I was able to retrieve the text of comments deleted a year ago, when I had never even participated in lemmy. Certainly I have no archive of anything and if I did it wouldn’t extend so far back.

          I think it’s fair to allow people to get rid of the low-hanging fruit if they want. Even though the internet is forever. Depending on the threat model, it might be good enough.

  • YearOfTheCommieDesktop [they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    7 months ago

    deleted by mod still shows in the modlog so probably no security concerns there. deleted by user stuff should really not be returned but its possible (ugh) that they’re just doing that on the frontend. but deleted comments are definitely not removed from the db. Account deletion used to and might still overwrite the content of all your comments in addition to marking them deleted

    • BountifulEggnog [she/her]@hexbear.net
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      deleted by user stuff should really not be returned but its possible (ugh) that they’re just doing that on the frontend.

      They definitely are, I can read deleted comments on boost.

    • glans [it/its]@hexbear.netOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      Ya I went into old threads to test and found comments which were apparently deleted about a year ago still available.

  • jared
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    Used to be able to click source in jerboa and others to show deleted comments.

  • Rivalarrival@lemmy.today
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    7 months ago

    I don’t know when we stopped teaching this concept. When I started using the Internet some 30 years ago, there was a broad understanding that once something has been published, it can never be truly deleted. The individual was expected to know this, and avoid publishing information they might want to conceal.

    That’s not just for Lemmy or the fediverse, but for everything on the internet. When you “delete” a Reddit post, Facebook post, X-cretion, or any other published content, it remains available to anyone who had a copy of it, as well as anyone with access to the service’s data. Including any cloud provider they might use, and whatever backups they might make.

    True “deletion” is only possible on a machine that you fully control, and only if you deliberately render that content unrecoverable. Anything less is just “hiding” it away. Hiding it away may be “good enough” for practical purposes, but there is a significant difference between true deletion and what a service provider calls deletion.

    With Lemmy, the original you upload to your own instance is copied to every other federated instance. There are provisions for your instance to inform other instances that you would like that comment deleted. But, there is no enforcement mechanism. They can’t be digitally compelled to remove your content. They can ignore that deletion request; they can even use that deletion request to flag your content for blackmail purposes, if they want to.

    Privacy laws like the GDPR can provide a legal obligation to delete your data, much in the same way that a speed limit sign can provide a legal obligation to drive less than 35mph. A legal obligation to delete is obeyed about as much as a legal obligation to not harass people about their car’s extended warranty.

    • glans [it/its]@hexbear.netOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      I and most other people understand this.

      It doesn’t mean websites can’t do their best to help their users out.

      No reason to make things easier for an adversary.

      I feel like I’m here talking about treating municipal drinking water and you just wrote a long post explaining that not all diseases are transmissible via water. 30 years ago everyone knew that you can get the flu or cancer or eczema no matter how clean the water is… But all this eternal September riff raff thinks if you just clean the tap water all other problems magically vanish. Sigh.