I’ve been sent this article about privacy on Lemmy and I would like to have more opinions about it.

I come from the Matrix world where there is no history deletion neither but at least everything is encrypted.

Can we hope anything about privacy on Lemmy ?
Especially with all the attention it’s getting right now.

  • Cambionn@feddit.nl
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Lemmy is not worse than the rest of the internet. But understanding hów it works is important. Lemmy isn’t 1 place, it’s hostibg software. There a bunch of different servers ran by different people.

    I’m gonna write a bunch here, but no worry. I’ll get to the part mentioned in that article. It’s just all a bit more complex than “Lemmy does X”.

    Lemmy, as software, doesn’t track shit. It’s open source and anyone can check this.

    Lemmy instances, are bound to whatever law is applicable to them. A US server aimed to US people is not GDPR restricted. A EU server is. An international server aimed at everyone incl. Europe also is.

    If a server tracks you, depends on the server. They cóuld run an altered version of Lemmy software. It’s up to you to choose a server who you trust and falls under a juristriction you want. If not, you can always host your own.

    Also know that even the GDPR’s often qouted “right to be forgotten” only covers the place you have your account at + the places that they share data with themselves. This is an important nuance. Furthermore being forgotten means it has to be anonymised, but any non-personal things can stay online. You have no right to ask to have your every word deleted by these laws, just to have any informatjon tracable to you or your account removed.

    As I said, they are responsible for deleting data from places théy send data to. But federation works the other way around. Other places grab from each other. They can only grab stuff you put in public. This is comparable to say:

    • You post something on Reddit.
    • Someone reposts it on 4chan.
    • you remove the Reddit post.
    • your post is still on 4chan.

    You can try to ask 4chan to remove it, but they likely won’t. They just took some public stuff and screenshotted it. It wasn’t supplied by Reddit (which requires Reddit sending it to them), but taken by 4chan from a public place. Therefor Reddit is not responsible. Since 4chan isn’t in Europe and doesn’t actively market themselves to Europeans, they aren’t bound hy GDPR. At best, you can try to make a copyright claim, which turns it into a whole other issue.

    Lemmy instances are like that. They are all different websites grabbing data from each other, not sending them actively to each other. They just run the same software. But that doesn’t mean shit. Most websites run on Linux servers, but that doesn’t make Linux responsible. Most servers run Apache or Nginx, but neither of those are responsible. NextCloud also isn’t responsible to what files people upload yo their self hosted cloud on their NAS.

    In that, Lemmy isn’t less private than the rest of the internet. You should, at all times, be careful what you post online. Assuming that whatever you post will be public forever isn’t a bad habbit, as you cannot block people from copying it and reposting it elsewhere. Even stuff with “friends only” settings can appear otherside like this, let alobe public posted stuff like Lemmy posts.

    With that, as far as removing content goes and what admins can see, I dunno. But the way federation works, posting on a federated server already means purposefully posting something to be copied. It’s fully compliant with privacy laws, but indeed hard to delete forever. But that can be the casr for anything on the interbet, especially public stuff.

    So, td;dr. Lemmy isn’t less safe than the rest of the web. Best advice is don’t be too stupid and think before you do shit in public.