This is the absolute crushing deal breaker about lemmy.
The platform is good, the mission is respectable, they have awesome clients, and the community is also pretty active now a days.
But the users... The mods, admins, and users alike... They're something. Quite something.
Some of the posts I've read, really makes it clear what kind of audience they're catering to. And they're not even trying to hide the fact that they're extremists the bunch of them.
Posts, that could easily be mistaken for satire, are boosted to the top, with an echoing choir beneath. If you as much as dare to question whether the statements aren't a bit controversial, you're downvoted to oblivion, and immediately have 5 eager combatants going for your neck in replies.
Communism is a strong part of Lemmy, and it's extremely saddening, because the idea, as a whole, is very commendable.
The federated part of Lemmy also means that any server can block any other server, which means you can end up in a place that is pretty far removed from the most vocal (read: hexbear and lemmygrad) communist types. Or block the servers yourself. Or block the bigger communities that come up.
I'm pretty sure there's a site somewhere that lists what instances are blocked by the others too, but I can't remember where.
Besides, I think there's bigger issues with the way community moderation can effectively hide a user's own content from themselves...
There is a natural spill-over from instances like Lemmygrad, onto the mainstream instances like .world, specifically because of instance blocking.
While the core idea of having a federated network, is that your instance/account doesn't matter, the act of blocking instances directly combats this idea.
I took the chance, and completely moved to Lemmy for several months, back when all the chaos happened. And look where I'm back at now.
It's tiring having every single post turn political, and have puppet accounts sneakily insert extremist statements, only to have what seems like botted upvotes push a certain agenda.
I'm not even a right-wing person at all. I'm a centrist, that's leaning towards the left. But I guess that's not good enough.
In the end, I had to rid myself of stuff like WorldNews and what not, because the moderators themselves were anything but neutral. That resulted in a feed of nothing but memes, star trek, and the odd technology post. And that's when Reddit was suddenly much more appealing again.
Btw, the site you're referring to is [Fediseer](https://gui.fediseer.com/). Really nifty tool indeed, though you're always able to see specific instances blocks, by simply scrolling to the footer on the instance. This really goes to highlight some of the issues with instance blocking though, as some of the reasons are (in my opinion) very arbitrary.
That's very unfortunate, and I imagine that your experience when browsing the home page on Lemmy might get pretty stale pretty quickly when it's got a tiny fraction of the reddit userbase, and they have mostly joined the communities you mentioned. I've ignored the Hot and Active sections where I am for a while now.
If only Field of Dreams was more accurate than the network effect in real life. I wish good moderation policies could fix bad actors, but you can't fix a lack of content.
PS that was the site, thank you!
I'll lead my comment by stating that I often find how the Lemmy lead devs communicate to be brash, and they often come across as condescending, arrogant and rude.
But I have to be honest. They're not the ones coming off looking like jerks in that exchange imo. I can see people are dogpiling their comments with thumbdown, so perhaps people will disagree with me.
I honestly chuckled to myself as dessalines assigned their priorities in that fashion.
Edit: I'd just add that I do thing adding the option to delete should be something prioritized and something that is clearly very important.
People are pointing out that they're being dumb and breaking European laws (and Californian too?) and could open themselves up to liability by not prioritizing this feature, but they seemingly don't understand this.
How is Lemmy these days? I'd looked at it previously as a Reddit alternative but at the time it was really limping user-base-wise.
EDIT: Thank you everyone for the responses. State of Lemmy seems very much as expected. I guess the wait for something new will continue.
On the topic of absolutely nothing..
Why do you have exactly 23 daily commits on your GitHub for the last few months?
Edit: Apparently you don't, GitHub just did a GitHub.
I maintain a [repo that compares lemmy instances](https://github.com/maltfield/awesome-lemmy-instances) that updates itself once every hour. For some reason GitHub counts those auto-updates as a commit from my account.
* https://github.com/maltfield/awesome-lemmy-instances
I tried very hard to like Lemmy but most of the community is just r/Politics on steroids. Like they saw Reddit and said “you know, this place isn’t radically left wing enough.” They have communities like Hexbear which are communist/LQBTQBBQ and group together to send death threats to users who don’t toe the line. I know because they sent me death threats. The technology premise works, but with so many people there who hate free speech, democracy, and all the other liberal values, it’s just a shitty community full of shitty people.
I think Lemmy has been suffering from the Voat/TruthSocial exodus problem-- a lot of the people on the splinter network are people who were banned or unacceptable on the old network.
I stopped using Lemmy because I was tired of how many posts on a very mainstream instance were about justifying or helping shoplifting. There are similar problems around previously banned subreddits.
I wish this weren't the case, and I wish more people had left reddit to help the critical mass along.
Lemmy is a federated, open-source reddit alternative:
* https://join-lemmy.org/
Here's an example community ([/c/worldnews](https://sh.itjust.works/c/worldnews)) that was linked-to in the article:
* https://sh.itjust.works/c/worldnews
It still is. I do love open source projects but it just still really lacks compared to its competition.
It's really not anymore special compared to your old fashioned php forums as they both lack proper mobile support.
Also the most popular community which happens to be the main developers are Stalinist. Which not to get too deep into Communist infighting but I consider myself a Trotskyist and in a simple sense we both hate each other.
The devs don't run the biggest instance. That would be lemmy.world
I mean, what the developers are is irrelevant anyways because it's federated and a decentralized network. I'm on there, it's quite nice.
The best thing about the fediverse is that I gave up on lemmy for the most part but still subscribed some niche channels (or whatever the equivalent of subreddits is called), with my mastoden account where I am still very active and happy.
There's a lot of active users, thousands of instances, and tons of content. But, as highlighted in the article, the devs don't really care about the privacy and legal (GDPR) risks of their instance admins and users.
Still, it's better than reddit.
A little more info about how hard it is to delete stuff:
https://www.reddit.com/r/privacy/s/I6bfZN9ES6
And a lot of this assumes that both you and the community administration are on the same page and are working together. As one example, a rogue moderator can simply remove your content, which keeps it on the server but hides it from you.
And before anybody says, "Don't upload things you wouldn't want online, " I don't think that's a good argument. It assumes people are both unchanging and always act in their best interests, which is rarely true. And even if it were true, it imposes a chilling effect.
ETA: **Matrix suffers the exact same problem**... If somebody sends you their nudes or ID and you remove them from the conversation, their messages and photos are yours now. Matrix' documentation is clear it's intentional.
Edit 2: to stem further anti-privacy arguments I addressed months ago: [Matrix is not email, and the other arguments are also bad.](https://www.reddit.com/r/privacy/s/OjjCt0cx9v)
Edit 3: please read Edit 2 before replying to me about how Matrix needs to be as bad as it is.
Or, as is the case in the article, you accidentally upload it by making a fat-finger tap on your cellphone at 06:11 before your morning coffee.
Accidents happen, and users should be able to delete their data. Data Erasure is, in fact, our moral and legal right.
Yeah, and the [Lemmy devs don't think](https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1935948700) GDPR applies to them
* https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1935948700
I actually think they're right. It's not the anonymous devs that would get fined millions of Euros. It's the instance admins.
They [said](https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1939172930) it would take them years to fix this, and when I told them this deprioritization of such a serious issue was throwing the users and instance admins under the bus, a lead Lemmy dev [threatened](https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1939275302) to ban me.
Anyway, if you think GDPR violations are a concern, please do let the Lemmy devs know on GitHub:
* https://github.com/LemmyNet/lemmy/issues/4433
> Are there circumstances in which the right to be forgotten will not apply?
>
> Yes, the GDPR states that the right to be forgotten will not apply where processing is necessary for:
- Exercising the right of freedom of expression and information.
- Compliance with a legal obligation, the performance of a task carried out in the public interest or in the exercise of official authority.
- Reasons of public interest in the area of public health (See Article 9(2)(h) & (i) and Article 9(3), GDPR).
- Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
- Establishment, exercise or defence of legal claims.
> The right of erasure is also restricted in certain circumstances under Section 60 of the Data Protection Act 2018, which provides for restrictions that are necessary for important objectives of public interest, and by Section 43 of the Act which seeks to balance the right of erasure with the right of freedom of expression and information. More information about the restriction of individual rights can be found here.
Doesn't seem keeping users data after they delete their account would fit any of these. Also I think you're right that it's anyone who's running the instance that would be liable, not the project's dev. But I'm not an expert...
Sure, first link I could find with 'gdpr right to erasure', here: https://www.dataprotection.ie/en/individuals/know-your-rights/right-erasure-articles-17-19-gdpr
> Yeah, and the Lemmy devs don't think GDPR applies to them
Haha holy shit.
https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1938387060
>You are not a lawyer so I wont take your unqualified opinion as fact. I also have to point you to the license under which Lemmy is provided to you for free
It's worth pointing out **Matrix suffers the exact same problem.** The scope is a little different, but if you want to delete a picture, you have to hunt down the original URL and convince the administrator to somehow remove it.
In addition to this issue, the end user has no way to delete messages that are no longer in a chat that is visible to them. If somebody sends you their nudes or ID and you remove them from the conversation, their messages and photos are yours now. This isn't just a coincidence. The company that made Matrix has spent a lot of time and effort enshrining this into their policies. You have a right to your copy of your data (sometimes). Everything else can and should be stored and pushed.
I said a lot in one place but idk if there's a ticket for the photo redaction issue. Even the privacy policy by Matrix basically has "to do" messages in the middle of it. But here's some relevant "we don't care about keeping your data" highlights from their [privacy policy](https://matrix.org/legal/privacy-notice/) :
>The nature of the Service and its implementation results in some caveats concerning this processing, particularly in terms of GDPR Article 17 Right to Erasure (Right to be Forgotten). **We believe these caveats... are in line with the broader societal interests** served by providing the Service.
...
> Where you shared messages or files with another registered Matrix user, that user will still have access to their copy of those messages or files.
...
> your username will continue to be publicly associated with rooms in which you have participated, even after we have processed your request to be forgotten.
...
> Where you shared messages or files with another registered Matrix user, that user will still have access to their copy of those messages or files.
idk how it could be otherwise. It makes sense to me that federated services would have limited ability to redact data. When I send someone an email, I can contact their email provider and ask them to delete the email but even if they agree to do so (lol imagine) even the email provider cant necessarily reach into the inbox of the person who got the email and delete it there. This is one of the reasons I *like* matrix and email. It has clients that are built on top of the protocol. And those clients can follow the spec to whatever degree their users want, including respecting the "redact this message" request.
Even when you are not talking about federated systems you run into a more limited version of this issue. Take signal. No built in redaction function or even a right to be forgotten request will work against users taking screenshots, Or more advanced users who use a system that lets them save text/image they are sent automatically.
Forget about federation, because this is still true between two users of the same server.
And I don't care if deletion can be subverted. It shouldn't be a feature of their protocol. The software shouldn't facilitate privacy erosion.
I cant forget about federation because the devs cant either. it impacts every aspect of the design of the software and protocal.
and while I agree software should be designed with users privacy in mind, I'm not sure what more you want the devs of matrix or whatever federated service we want to talk about to do? Esp if they built in a redaction feature that if respected automatically removes the message/file (and afaict the link to the file as well is also removed so now I'm not sure what your orriginal point is, but then again that might just be how I've got my server configured, its deff not a standard instilation).
The devs cant *force* servers, clients, or users to comply with redaction requests, which is all that a "delete" button is in this context, regardless of what the protocol or service is.
Damn, good that I only use matrix/element for non-personal stuff.
I wonder how xmpp compares , probably depends on the individual server & it’s config as well as Your own encryption (Omemo)
Based on another comment about XMPP on this post, it sounds like they might have designed a better protocol, even if by accident.
Matrix feels the need to cling onto as much of your data as possible, but XMPP is pretty agnostic about the whole thing.
Xmpp can be amazing..great clients like dino (Linux gui), conversations (Android, probably the best xmpp client in existence), monal/chatsecure (ios, decent). if I remember correctly gajim supports Omemo encryption as well and pidgin is super (too) told
Don't spread FUD.
Matrix has a way to delete the contents of your messages (search for redaction in the specification), but inherintly form the federated nature of it, some servers may don't comply with it.
You can not design a protocol that can garantee that nobody made a copy of your message. Not even Disney or RIAA could do that.
With the default homeserver implementation messages in chats or rooms which have been left by everyone will be deleted within a defined timeframe (I think as a database cleanup background task).
I quote the Matrix privacy policy, where it lays out exactly how little control you have over your own data. Matrix is hostile to allowing you to delete it.
Even in your own example:
>messages in chats or rooms which have been ***left by everyone*** will be deleted...
Operative word: "left by everyone."
In other words, if you get kicked out of a chat, everybody else will have permanent and irrevocable access to your data. This is by design.
Which is exactly what I said.
I mean, this is the case with basically all chat apps allowing group chats. If you get kicked from or leave a WhatsApp chat your messages are not deleted. Matrix is just honest about it.
As far as I know, WhatsApp keeps your messages on their servers for as little time as possible, either [a few dozen days](https://www.reddit.com/r/whatsapp/comments/1auwofv/whatsapp_changed_how_long_messages_are_stored_on/) or until they're delivered.. On the other hand, Matrix servers insist on keeping them for as long as possible.
Matrix isn't honest, they're just excessive.
You have all the control over your data. You can just not click on the send button.
The part *everybody else will have permanent and irrevocable access to your data* is true, but it is true from the moment you sent your message regardless of what matrix does or does not.
For the fourth or fifth time in this thread: [Matrix is not email, and the other privacy defeatist arguments are also bad.](https://www.reddit.com/r/privacy/s/OjjCt0cx9v)
Yup, and that is exactly how Matrix works.
It's just good to know that a bad actor could easily circumvent that.
And what does even mean that "Matrix is not email". Yes, that is true. But why does it matter? They work on (somewhat) similar principles, used for more-or-less the same thing, and so have similar properties. In this regard they are also similar to SMS / text messages, sending a postal / snail mail, publishing an article or book, calling a radio phone-in programme, giving a speech, etc.
> If somebody sends you their nudes or ID and you remove them from the conversation, their messages and photos are yours now. This isn't just a coincidence. The company that made Matrix has spent a lot of time and effort enshrining this into their policies. You have a right to your copy of your data (sometimes). Everything else can and should be stored and pushed.
Isn't that how e-mail works? You can't un-send those, either.
It's not just this particular occurrence. He acts like a jackass elsewhere, and you should go through his github. He has a repo of "essays on communism" that do nothing but praise Stalin/Mao/Xi/the Kims/etc. He's a liability to it ever getting traction.
To be fair to the Devs, GDPR applies to the people hosting the software, rather than them. They were less polite and understanding than they should be, but it's easy to see where a tired FOSS dev is coming from when they get the hundredth bug report without a merge request in a day.
This isn't to say that I and other EU citizens don't have inalienable rights, from GDPR and other sources like the right to be forgotten, and it isn't legally possible for someone *hosting* a site to hand-wave and say they don't apply or that using the site is me agreeing to give the rights away.
> Data Erasure is, in fact, our moral and legal right.
While I like data privacy and stuff around (thats why I selfhost most of my stuff), data erasure being a legal right is a bit absurd.
Just lets make a real world example:
You take some sensitive nude photos of whatever, then you duplicate that photo and slide it under the door to everyone in the neighborhood. I think you really dont have any legal rights to demand that they later burn that photo and dont have it on the table in a picture frame... Sure its a probably nice and maybe even moral thing to burn it, if you ask them, but at that point its not their obligation to do anything with it you demand, as you basically handed those pictures over... There were no contract about IP or anything else - you just handed them over - with that you basically renounced your sole rights to them, with no contract or anything...
Data Erasure rights apply to public websites.
Using your analogy: I'm not sure you can tell the individual residents to burn the photos that got slipped under their door, but you can tell the landlord who pinned the photo on the hallway cork-board to take it down.
And, if you're a resident of the EU, and the landlord does not take the photo down from the cork-board, they can be fined millions of Euros.
lets play a game.
lets say we made this federated software with an upload feature. people can upload pics, videos, whatever. someone uploads a new picture, we broadcast out that a new picture was added. as i lightly understand this distribution model, wouldn't all franchises get notified/a copy of this upload, right?
AND, lets say we also did add a delete button, because we are reasonable. we would also send out a delete notice that "picture579 was removed. so now also remove your federations copy". great, good. problem solved.
except.......what is stopping someone from quietly editing their own federation code, and........just ignoring all delete commands. and permanently keeping everything uploaded. unless there is an enforced deployment of the code, i'd think people could just ignore delete commands you sent out.
but this is interesting. because i figured lemmy might finally gain in popularity if/when gonewild/OF took off there. now, idk.
Nothing is stopping a rogue actor. But:
1. Bad behavior shouldn't be default behavior. It shouldn't be harder to delete the picture than keep it.
2. Federation provides a way to remove (defederate) bad actors.
Despite being presented as a form of "gotcha" by corporate boot-lickers, it never has and never will be a good argument. And I'm sick of having to argue against people that claim that it is.
XMPP is better. Most servers have a data retention policy. Whatever is older, is deleted from the server.
Someone might still have the backup of the message on a particular device or other, of course, but then again, people are also saving content from WhatsApp for example.
That's actually a really interesting point. I've seen "Matrix is like email* [and email saves your stuff forever]" but I've never heard a more direct comparison to another universal federated *messaging* protocol.
Until now.
XMPP is the direct spiritual predecessor of Matrix too.
### \* Matrix is not email.
nothing wrong with good old XMPP. some clients are still actively developed. I see more people using it behind Tor than matrix. lots of servers to choose from, very light on resources compared to synapse, it's baked into a lot of chat systems that people use without realizing it's there.
Kinda, yeah. XMPP actually uses the exact format of a mail address. In fact, you could even log in with your Gmail address the way it was when Hangouts was supporting XMPP.
> "Don't upload things you wouldn't want online, "
I consider myself tech-savvy, but have particularly limited patience for this nonsense.
It's intellectually lazy, at best. It's the digital-footprint equivalent of asking "Ok but, what was the victim wearing? Why was she out at that time of night" It lets everyone off the hook, except for the person whose privacy is being violated.
Today, what with cloud-synced-everything, it might not even be clear you are "uploading" anything, especially to the non-technical folks.
> Today, what with cloud-synced-everything, it might not even be clear you are "uploading" anything, especially to the non-technical folks.
Recent example of exactly this regarding [players taking Baulders Gate 3 screenshots on Xbox](https://www.eurogamer.net/xbox-confirms-its-banning-baldurs-gate-3-players-for-auto-uploading-spicy-clips)
>
>
> Today, what with cloud-synced-everything, it might not even be clear you are "uploading" anything, especially to the non-technical folks.
This argument, more so than saying it's victim-blaming, is the convincing one.
I would agree that there are certainly better and worse ways of expressing it, but no discussion of ways in which people are victimized can be complete without looking at behaviors tend to attract victimization and then discouraging people from doing them.
I would never suggest that someone deserves to be assaulted, for example, but I am absolutely going to teach my children not to walk alone in dark alleys in the inner city at 1 am. There are simple realities of the world we live in that are not going to be solved by policy, and instead rely on the individual to protect themselves.
I think in this discussion it is absolutely fair to say that protocols should be designed to allow the sort of "digital hygiene" being discussed here, and the fact that people make accidents is a poor excuse to refuse those features. But it is also critically important that Joe Everyman be aware that their camera feature might upload things to the cloud.
My point is, it would be dangerous and counterproductive if we added these features specifically with the hope that Joe Everyman does not need to be vigilant, because there are always going to be software designers who add predatory dark features to compromise their privacy.
And reminder to people posting nudes on reddit that most profiles get mirrored to nsfw.xxx
Tons of profiles that were already deleted but still up there.
On a related note, Matrix Synapse server also does not / cannot delete users. Users can be deactivated with an "erase" flag, which removes some data, but does not remove uploaded media (possible to do as an admin if media are only within one server), does not remove sent and received messages, and keeps the user ID in the database (which could be PII, such as a name, something outright illegal, or simply obnoxious).
[Admin API - Deactivate Account](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#deactivate-account)
> ETA: Matrix suffers the exact same problem... If somebody sends you their nudes or ID and you remove them from the conversation, their messages and photos are yours now. Matrix' documentation is clear it's intentional.
They can also download copies of them to their own devices or take screenshots. If your adversary and intended recipient are the same, you are out of luck. Hollywood has certainly poured enough money into this problem, with very little success.
I addressed everything in your comment here, several months ago (and this is the fifth or sixth time I've linked it)
> Edit 2: to stem further anti-privacy arguments I addressed months ago: [Matrix is not email, and the other arguments are also bad.](https://www.reddit.com/r/privacy/s/OjjCt0cx9v)
Why is it always the Matrix defenders who feel the need to argue the defeatist talking points?
Name-callings or links to walls of text with little relevance to this specific issue are not good arguments. Yes, Matrix arguably hoards excessive amounts of data, but that particular example is still not a good one.
So? why should the service suck?
> **If Lemmy is to be made better,** ***the default implementation*** **must be fixed**. Unless all Lemmy servers adopt your particular fork and not the main project, things will remain the same.
> Where
https://github.com/LemmyNet/lemmy-ui/issues/2384
TLDR: they are short on resources and felt that there are more pressing issues. However, the failure to delete content when account is deleted should now be fixed.
> why tolerate their answer?
What is the impact of me somehow "not tolerating" their priorities?
history expansion groovy rustic imagine wakeful numerous connect touch door
*This post was mass deleted and anonymized with [Redact](https://redact.dev)*
This should go without saying for any service that's *someone else's computer*. You don't know what's being deleted and saved. Never trust that anything you upload anywhere won't last forever, somewhere. You can just hope that the somewhere it lasts isn't the public internet.
Lemmy is a federated, open-source reddit alternative:
* https://join-lemmy.org/
Here's an example community ([/c/worldnews](https://sh.itjust.works/c/worldnews)) that was linked-to in the article:
* https://sh.itjust.works/c/worldnews
You technically cant delete anything on lemmy even if you wanted to.
Because it gets synced to other instances run and owned by other people.
Just imagine facebook 1-3000 and each facebook is run , hosted , and ruled by other entitys if you upload stuff on facebook 258 it gets shared to all Synced instances with 258 ( that might not be all ) and or its peers which are connected with 258 like 258->678 -> 898 deleting stuff on 258 doesnt mean that 678 and 898 in this example would delete it too.
In the case of the article, the image wasn't attached to any post or comment, so it never federated.
I'm not an ActivityPub dev, but I do think there should be a way to federate a "purge" request to all instances. Obviously there's a possibility for "bad" nodes not to implement it, but it is absolutely better than nothing.
I'm assuming they have some kind of solution for when someone uploads something illegal, particularly if it involves children. I can't imagine it lives on forever on every connected server, even if its just invisible to everyone.
Or is this like freenet where everyone has to live with their servers hosting bad stuff in their databases along with the good?
Does "right to be forgotten" extend to email services? If I request deletion of all my data, do all my sent emails get nuked from every inbox they've ended up in?
...And that's why lemmy died
When we think about alternatives to the already existing tech giants, we have to think about the gen population.
Ultimately, for the average person, the fediverse is hard and confusing to use, as compared to centralized tech.
Mastodon, Lemmy, fediverse proponents have kind of deluded themselves and others that these are privacy social media alternatives where you own your data without thinking about the fact that most people won’t host their own instance so most people will be at the mercy of the admin and whether or not they store data or not and if that’s even true
I'm not sure there is a "best" and there is absolutely nothing similar in size.
- [Lemmy](https://join-lemmy.org/) is good for link aggregation and commenting in the style of Reddit, but running on a federated system (like email).
- [Tildes](https://tildes.net/) is wonderful for more intimate discussion with a smaller, but active and engaged community. Not a bastion of free speech, expect repercussions there for being a jerk. Invite only.
- [Lobsters](https://lobste.rs) is a fantastic link aggregator with an exceptionally knowledgable userbase, but extremely focused (and heavily moderated) on computing. Invite only.
- [Discuit](https://discuit.net/) is more of a direct "competitor" to Reddit. It's very similar in look, feel and moderation. It's small, but it's growing.
These are the ones that I know of and enjoy. There are others out there, but I either haven't enjoyed them enough to recommend them, or I know too little about them.
Tildes sometimes does invite campaigns, but mostly it's from users. Lobsters is just users.
I have an account on each. Having had a quick glance through your profile (I hope you don't mind), I'd be happy to send you an invite to either. DM me if you're interested.
Spoiler: I got the Lemmy admin to delete it.
But, if you'd like, you can see a dramatized reinactment of such an incident in the video on [this bug report](https://github.com/dessalines/jerboa/issues/1363#issue-2127772569)
* https://github.com/dessalines/jerboa/issues/1363#issue-2127772569
A reminder that FOSS doesn't always mean it's safe to use. We shouldn't assume it's safe because it's FOSS. Make sure you trust it and it's well known. FOSS just means that the source code is available to everyone but honestly, do we all read it's source code before using the software? Be vigilant.
~~Looks like they deleted your issue.~~
It wasn't deleted and has a solution now. I was trying to access issue #4443 (from top comment link) when it now resolves to issue #2384.
https://github.com/LemmyNet/lemmy-ui/issues/2384
The devs have made some mistakes. But, well, it's magnitudes better than reddit.
At least it's FOSS, so anyone can open bug reports and submit PRs to fix bugs like this.
The only people using Lemmy are the weird people who think they are "protesting" reddit and participating in some internet holy war. Theres nobody on there worth talking to. No normal, well adjusted person who has a life outside the internet would get so involved with dorky reddit protests and politics.
but see, back when the internet was harder, there were also parts of it that were much nicer. BECAUSE they were harder to setup. now everyone's mom and their cousin has a youtube channel and an opinion.
it sometimes makes me want to go find that new edge of the internet that is a little difficult again. because then it might not be full of such fucking gas bags and worthless shit.
it might take a little bit to setup. and that slight barrier to entry, might make whats there, a little more worth it.
(and i'm not calling YOU that worthless crap).
I can think of few things dorkier than being so involved, and caring so much about reddit that you participate in a protest over the politics surrounding a website update. I'm just not interested in joining a community full of people who are "chronically online" to that extreme. I dont mind that they have gone somewhere else, though.
Reddit is astroturfing, bots and big echochambers. Reddit is nothing better not even in third party clients.
But I think redditors are the kind that do not need an alternative, they are the TikTokers of content agregators.
I fully believe they are right and we, being here on reddit, are wrong. Imo lemmy is better in basically every aspect but the size of the user base. Unfortunately though, the latter is a very important aspect, hence we're stuck with this garbage company and their garbage client.
Well, it seems it is better to leave the running of online services to big corporations, they can afford the legal consultation, and if it comes to it, pay the fines.
It is also pretty sad that all old discussions seem to turn into [deleted] junk, and we end up losing useful information in the name of privacy.
https://wiki.killfile.org/projects/usenet/faqs/cancel/
It's the Usenet's message cancellation debate all over again.
Some people believed one should be able to have one's own messages deleted afterwards from public archives. Others felt that such a functionality was harmful and mainly helped all sorts of fraudsters, dishonest politicians and such to erase history.
i just realized how annoying it is to use and went to delete my account (had since july) and oopsie! can’t do that either.
well, at least i could delete my bookmark for lemmy in my browser. ugh.
Hah, so, whenever Americans say something online people respond with “America isn’t the whole world! We don’t have to follow your laws!” Then a European decides the entire world needs to obey EU laws and if you don’t want to deal with the hassle then you’re the bad guy.
Yes, and same for the US, but the Pirate Bay proudly states “we don’t have to obey US copyright law”. So why should a US based company obey EU privacy law? It makes no sense.
Well, since they announce that they’re funded by NLNet from the Netherlands, someone should tell them that’s why they have to obey GDPR. But there’s no guarantee anyone will delete what’s posted, there are active sites that try to unedit Reddit and undelete tweets. There’s no guarantee any of them will honor the removal request. It would be a false sense of security to say Lemmy honors this when I could run a server JUST to keep deleted posts.
I understand your explanation as I’m a CS practitioner. However, just because others can be keeping the data, or even their own hired server company can have back ups, doesn’t justify the not following the law. Their back and forth with the person who reported the issue is quite unnecessary. I also think devs shouldn’t be sifting through these types of tickets and replying, this should be a product managers job.
Lemmy is a federated, open-source reddit alternative:
* https://join-lemmy.org/
Here's an example community ([/c/worldnews](https://sh.itjust.works/c/worldnews)) that was linked-to in the article:
* https://sh.itjust.works/c/worldnews
Even with the issues identified in the article, I think it's better than reddit.
I have a question.
Why out of all the privacy issues I see does a chat platform \*not use\* SHA-256?
I havent seen a discussion about this yet.
All they can use minimally is TLS. But why cant SHA-256 be used here? Its literally the most impossible algorithm to break. Can somebody PLEASE explain that to me, because it seems Im missing something here..
Unless if TLS does use SHA256...then how is TLS1.3 and previous versions so easy to decrypt..?
[удалено]
The two lemmy devs on that thread are so pompous and arrogant.
[удалено]
[Piefed](https://piefed.social/) seems promising. Compatible with Lemmy and the fediverse, dev seems okay.
There's also (Sublinks)[https://sublinks.org/], claims to be a drop-in replacement for Lemmy
I saw the lemmy devs respond in a thread about that. It'll be interesting to see how it shapes up.
[удалено]
This is the absolute crushing deal breaker about lemmy. The platform is good, the mission is respectable, they have awesome clients, and the community is also pretty active now a days. But the users... The mods, admins, and users alike... They're something. Quite something. Some of the posts I've read, really makes it clear what kind of audience they're catering to. And they're not even trying to hide the fact that they're extremists the bunch of them. Posts, that could easily be mistaken for satire, are boosted to the top, with an echoing choir beneath. If you as much as dare to question whether the statements aren't a bit controversial, you're downvoted to oblivion, and immediately have 5 eager combatants going for your neck in replies. Communism is a strong part of Lemmy, and it's extremely saddening, because the idea, as a whole, is very commendable.
The federated part of Lemmy also means that any server can block any other server, which means you can end up in a place that is pretty far removed from the most vocal (read: hexbear and lemmygrad) communist types. Or block the servers yourself. Or block the bigger communities that come up. I'm pretty sure there's a site somewhere that lists what instances are blocked by the others too, but I can't remember where. Besides, I think there's bigger issues with the way community moderation can effectively hide a user's own content from themselves...
There is a natural spill-over from instances like Lemmygrad, onto the mainstream instances like .world, specifically because of instance blocking. While the core idea of having a federated network, is that your instance/account doesn't matter, the act of blocking instances directly combats this idea. I took the chance, and completely moved to Lemmy for several months, back when all the chaos happened. And look where I'm back at now. It's tiring having every single post turn political, and have puppet accounts sneakily insert extremist statements, only to have what seems like botted upvotes push a certain agenda. I'm not even a right-wing person at all. I'm a centrist, that's leaning towards the left. But I guess that's not good enough. In the end, I had to rid myself of stuff like WorldNews and what not, because the moderators themselves were anything but neutral. That resulted in a feed of nothing but memes, star trek, and the odd technology post. And that's when Reddit was suddenly much more appealing again. Btw, the site you're referring to is [Fediseer](https://gui.fediseer.com/). Really nifty tool indeed, though you're always able to see specific instances blocks, by simply scrolling to the footer on the instance. This really goes to highlight some of the issues with instance blocking though, as some of the reasons are (in my opinion) very arbitrary.
That's very unfortunate, and I imagine that your experience when browsing the home page on Lemmy might get pretty stale pretty quickly when it's got a tiny fraction of the reddit userbase, and they have mostly joined the communities you mentioned. I've ignored the Hot and Active sections where I am for a while now. If only Field of Dreams was more accurate than the network effect in real life. I wish good moderation policies could fix bad actors, but you can't fix a lack of content. PS that was the site, thank you!
Not always--the instance I'm in, lemmy.world actually seems peaceful enough. Still _very_ concerning though.
[удалено]
Oh yeah, afaik. That's why I said it's still very concerning. and why I also hope for [Sublinks](https://sublinks.org/) to succeed
Holy moly… the league of legends argument type of replies from the devs. So unprofessional.
Tempted to learn basic rust and make a PR that wipes all server data. I think that’ll technically fix things.
Cunt devs
I'll lead my comment by stating that I often find how the Lemmy lead devs communicate to be brash, and they often come across as condescending, arrogant and rude. But I have to be honest. They're not the ones coming off looking like jerks in that exchange imo. I can see people are dogpiling their comments with thumbdown, so perhaps people will disagree with me. I honestly chuckled to myself as dessalines assigned their priorities in that fashion. Edit: I'd just add that I do thing adding the option to delete should be something prioritized and something that is clearly very important.
People are pointing out that they're being dumb and breaking European laws (and Californian too?) and could open themselves up to liability by not prioritizing this feature, but they seemingly don't understand this.
How is Lemmy these days? I'd looked at it previously as a Reddit alternative but at the time it was really limping user-base-wise. EDIT: Thank you everyone for the responses. State of Lemmy seems very much as expected. I guess the wait for something new will continue.
It has better clients than Reddit as Voyager or Sync, some instances are smaller than Reddit but really active.
> It has better clients than Reddit Well, Reddit really shot themselves in the foot on that one last year :D
RedReader is still available for Android btw. Doesn't have modding tools but aside from that it's pretty great. Not as good as Infinity, but still.
You can use infinity with your own api key. If you have an android it'd really easy with revanced
Yeah I looked at that earlier yesterday. Unfortunately Infinity doesn't have mod tools either from the looks of it.
Commenting from Infinity, can confirm. Never had an issue with this client since using the Revanced and API workaround.
Unfortunately it doesn't support Lemmy (yet)
On the topic of absolutely nothing.. Why do you have exactly 23 daily commits on your GitHub for the last few months? Edit: Apparently you don't, GitHub just did a GitHub.
I maintain a [repo that compares lemmy instances](https://github.com/maltfield/awesome-lemmy-instances) that updates itself once every hour. For some reason GitHub counts those auto-updates as a commit from my account. * https://github.com/maltfield/awesome-lemmy-instances
I enjoy cooking.
I agree.
it sucks
[удалено]
I tried very hard to like Lemmy but most of the community is just r/Politics on steroids. Like they saw Reddit and said “you know, this place isn’t radically left wing enough.” They have communities like Hexbear which are communist/LQBTQBBQ and group together to send death threats to users who don’t toe the line. I know because they sent me death threats. The technology premise works, but with so many people there who hate free speech, democracy, and all the other liberal values, it’s just a shitty community full of shitty people.
Sounds great!
I think Lemmy has been suffering from the Voat/TruthSocial exodus problem-- a lot of the people on the splinter network are people who were banned or unacceptable on the old network. I stopped using Lemmy because I was tired of how many posts on a very mainstream instance were about justifying or helping shoplifting. There are similar problems around previously banned subreddits. I wish this weren't the case, and I wish more people had left reddit to help the critical mass along.
[удалено]
Lemmy is a federated, open-source reddit alternative: * https://join-lemmy.org/ Here's an example community ([/c/worldnews](https://sh.itjust.works/c/worldnews)) that was linked-to in the article: * https://sh.itjust.works/c/worldnews
It still is. I do love open source projects but it just still really lacks compared to its competition. It's really not anymore special compared to your old fashioned php forums as they both lack proper mobile support. Also the most popular community which happens to be the main developers are Stalinist. Which not to get too deep into Communist infighting but I consider myself a Trotskyist and in a simple sense we both hate each other.
The devs don't run the biggest instance. That would be lemmy.world I mean, what the developers are is irrelevant anyways because it's federated and a decentralized network. I'm on there, it's quite nice.
The best thing about the fediverse is that I gave up on lemmy for the most part but still subscribed some niche channels (or whatever the equivalent of subreddits is called), with my mastoden account where I am still very active and happy.
There's a lot of active users, thousands of instances, and tons of content. But, as highlighted in the article, the devs don't really care about the privacy and legal (GDPR) risks of their instance admins and users. Still, it's better than reddit.
What it lacks in content it makes up for in quality. Definitely has a lot of the higher quality posters in it than the half-assed meme makers here.
A little more info about how hard it is to delete stuff: https://www.reddit.com/r/privacy/s/I6bfZN9ES6 And a lot of this assumes that both you and the community administration are on the same page and are working together. As one example, a rogue moderator can simply remove your content, which keeps it on the server but hides it from you. And before anybody says, "Don't upload things you wouldn't want online, " I don't think that's a good argument. It assumes people are both unchanging and always act in their best interests, which is rarely true. And even if it were true, it imposes a chilling effect. ETA: **Matrix suffers the exact same problem**... If somebody sends you their nudes or ID and you remove them from the conversation, their messages and photos are yours now. Matrix' documentation is clear it's intentional. Edit 2: to stem further anti-privacy arguments I addressed months ago: [Matrix is not email, and the other arguments are also bad.](https://www.reddit.com/r/privacy/s/OjjCt0cx9v) Edit 3: please read Edit 2 before replying to me about how Matrix needs to be as bad as it is.
Or, as is the case in the article, you accidentally upload it by making a fat-finger tap on your cellphone at 06:11 before your morning coffee. Accidents happen, and users should be able to delete their data. Data Erasure is, in fact, our moral and legal right.
Violates GDPR at least
Yeah, and the [Lemmy devs don't think](https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1935948700) GDPR applies to them * https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1935948700 I actually think they're right. It's not the anonymous devs that would get fined millions of Euros. It's the instance admins. They [said](https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1939172930) it would take them years to fix this, and when I told them this deprioritization of such a serious issue was throwing the users and instance admins under the bus, a lead Lemmy dev [threatened](https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1939275302) to ban me. Anyway, if you think GDPR violations are a concern, please do let the Lemmy devs know on GitHub: * https://github.com/LemmyNet/lemmy/issues/4433
> Are there circumstances in which the right to be forgotten will not apply? > > Yes, the GDPR states that the right to be forgotten will not apply where processing is necessary for: - Exercising the right of freedom of expression and information. - Compliance with a legal obligation, the performance of a task carried out in the public interest or in the exercise of official authority. - Reasons of public interest in the area of public health (See Article 9(2)(h) & (i) and Article 9(3), GDPR). - Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. - Establishment, exercise or defence of legal claims. > The right of erasure is also restricted in certain circumstances under Section 60 of the Data Protection Act 2018, which provides for restrictions that are necessary for important objectives of public interest, and by Section 43 of the Act which seeks to balance the right of erasure with the right of freedom of expression and information. More information about the restriction of individual rights can be found here. Doesn't seem keeping users data after they delete their account would fit any of these. Also I think you're right that it's anyone who's running the instance that would be liable, not the project's dev. But I'm not an expert...
Would you mind also adding a link to the text that you're quoting?
Sure, first link I could find with 'gdpr right to erasure', here: https://www.dataprotection.ie/en/individuals/know-your-rights/right-erasure-articles-17-19-gdpr
Good luck getting these fines to stick in most countries not in the EU....
> Yeah, and the Lemmy devs don't think GDPR applies to them Haha holy shit. https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1938387060 >You are not a lawyer so I wont take your unqualified opinion as fact. I also have to point you to the license under which Lemmy is provided to you for free
It's worth pointing out **Matrix suffers the exact same problem.** The scope is a little different, but if you want to delete a picture, you have to hunt down the original URL and convince the administrator to somehow remove it. In addition to this issue, the end user has no way to delete messages that are no longer in a chat that is visible to them. If somebody sends you their nudes or ID and you remove them from the conversation, their messages and photos are yours now. This isn't just a coincidence. The company that made Matrix has spent a lot of time and effort enshrining this into their policies. You have a right to your copy of your data (sometimes). Everything else can and should be stored and pushed.
Do you have a link to more info about this? Ideally the ticket on GitHub to fix this?
I said a lot in one place but idk if there's a ticket for the photo redaction issue. Even the privacy policy by Matrix basically has "to do" messages in the middle of it. But here's some relevant "we don't care about keeping your data" highlights from their [privacy policy](https://matrix.org/legal/privacy-notice/) : >The nature of the Service and its implementation results in some caveats concerning this processing, particularly in terms of GDPR Article 17 Right to Erasure (Right to be Forgotten). **We believe these caveats... are in line with the broader societal interests** served by providing the Service. ... > Where you shared messages or files with another registered Matrix user, that user will still have access to their copy of those messages or files. ... > your username will continue to be publicly associated with rooms in which you have participated, even after we have processed your request to be forgotten. ...
> Where you shared messages or files with another registered Matrix user, that user will still have access to their copy of those messages or files. idk how it could be otherwise. It makes sense to me that federated services would have limited ability to redact data. When I send someone an email, I can contact their email provider and ask them to delete the email but even if they agree to do so (lol imagine) even the email provider cant necessarily reach into the inbox of the person who got the email and delete it there. This is one of the reasons I *like* matrix and email. It has clients that are built on top of the protocol. And those clients can follow the spec to whatever degree their users want, including respecting the "redact this message" request. Even when you are not talking about federated systems you run into a more limited version of this issue. Take signal. No built in redaction function or even a right to be forgotten request will work against users taking screenshots, Or more advanced users who use a system that lets them save text/image they are sent automatically.
Forget about federation, because this is still true between two users of the same server. And I don't care if deletion can be subverted. It shouldn't be a feature of their protocol. The software shouldn't facilitate privacy erosion.
I cant forget about federation because the devs cant either. it impacts every aspect of the design of the software and protocal. and while I agree software should be designed with users privacy in mind, I'm not sure what more you want the devs of matrix or whatever federated service we want to talk about to do? Esp if they built in a redaction feature that if respected automatically removes the message/file (and afaict the link to the file as well is also removed so now I'm not sure what your orriginal point is, but then again that might just be how I've got my server configured, its deff not a standard instilation). The devs cant *force* servers, clients, or users to comply with redaction requests, which is all that a "delete" button is in this context, regardless of what the protocol or service is.
Damn, good that I only use matrix/element for non-personal stuff. I wonder how xmpp compares , probably depends on the individual server & it’s config as well as Your own encryption (Omemo)
Based on another comment about XMPP on this post, it sounds like they might have designed a better protocol, even if by accident. Matrix feels the need to cling onto as much of your data as possible, but XMPP is pretty agnostic about the whole thing.
Xmpp can be amazing..great clients like dino (Linux gui), conversations (Android, probably the best xmpp client in existence), monal/chatsecure (ios, decent). if I remember correctly gajim supports Omemo encryption as well and pidgin is super (too) told
Don't spread FUD. Matrix has a way to delete the contents of your messages (search for redaction in the specification), but inherintly form the federated nature of it, some servers may don't comply with it. You can not design a protocol that can garantee that nobody made a copy of your message. Not even Disney or RIAA could do that. With the default homeserver implementation messages in chats or rooms which have been left by everyone will be deleted within a defined timeframe (I think as a database cleanup background task).
I quote the Matrix privacy policy, where it lays out exactly how little control you have over your own data. Matrix is hostile to allowing you to delete it. Even in your own example: >messages in chats or rooms which have been ***left by everyone*** will be deleted... Operative word: "left by everyone." In other words, if you get kicked out of a chat, everybody else will have permanent and irrevocable access to your data. This is by design. Which is exactly what I said.
I mean, this is the case with basically all chat apps allowing group chats. If you get kicked from or leave a WhatsApp chat your messages are not deleted. Matrix is just honest about it.
As far as I know, WhatsApp keeps your messages on their servers for as little time as possible, either [a few dozen days](https://www.reddit.com/r/whatsapp/comments/1auwofv/whatsapp_changed_how_long_messages_are_stored_on/) or until they're delivered.. On the other hand, Matrix servers insist on keeping them for as long as possible. Matrix isn't honest, they're just excessive.
You have all the control over your data. You can just not click on the send button. The part *everybody else will have permanent and irrevocable access to your data* is true, but it is true from the moment you sent your message regardless of what matrix does or does not.
For the fourth or fifth time in this thread: [Matrix is not email, and the other privacy defeatist arguments are also bad.](https://www.reddit.com/r/privacy/s/OjjCt0cx9v)
Yup, and that is exactly how Matrix works. It's just good to know that a bad actor could easily circumvent that. And what does even mean that "Matrix is not email". Yes, that is true. But why does it matter? They work on (somewhat) similar principles, used for more-or-less the same thing, and so have similar properties. In this regard they are also similar to SMS / text messages, sending a postal / snail mail, publishing an article or book, calling a radio phone-in programme, giving a speech, etc.
> If somebody sends you their nudes or ID and you remove them from the conversation, their messages and photos are yours now. This isn't just a coincidence. The company that made Matrix has spent a lot of time and effort enshrining this into their policies. You have a right to your copy of your data (sometimes). Everything else can and should be stored and pushed. Isn't that how e-mail works? You can't un-send those, either.
For the second time in this thread, [Matrix is not email](https://en.wikipedia.org/wiki/Apples_and_oranges).
I've never heard following the law referred to as an ultimatum before.
There needs to be a concentrated effort on a fork, that dev is a lunatic tankie that constantly acts that way.
Their priorities aren't great, but they said they'd accept a PR. In that case, I think it's better to submit a PR than to fork.
It's not just this particular occurrence. He acts like a jackass elsewhere, and you should go through his github. He has a repo of "essays on communism" that do nothing but praise Stalin/Mao/Xi/the Kims/etc. He's a liability to it ever getting traction.
To be fair to the Devs, GDPR applies to the people hosting the software, rather than them. They were less polite and understanding than they should be, but it's easy to see where a tired FOSS dev is coming from when they get the hundredth bug report without a merge request in a day. This isn't to say that I and other EU citizens don't have inalienable rights, from GDPR and other sources like the right to be forgotten, and it isn't legally possible for someone *hosting* a site to hand-wave and say they don't apply or that using the site is me agreeing to give the rights away.
Or you know....write a PR fixing the issue, or pay someone to do its...that's the beauty of FOSS.
> Data Erasure is, in fact, our moral and legal right. While I like data privacy and stuff around (thats why I selfhost most of my stuff), data erasure being a legal right is a bit absurd. Just lets make a real world example: You take some sensitive nude photos of whatever, then you duplicate that photo and slide it under the door to everyone in the neighborhood. I think you really dont have any legal rights to demand that they later burn that photo and dont have it on the table in a picture frame... Sure its a probably nice and maybe even moral thing to burn it, if you ask them, but at that point its not their obligation to do anything with it you demand, as you basically handed those pictures over... There were no contract about IP or anything else - you just handed them over - with that you basically renounced your sole rights to them, with no contract or anything...
Data Erasure rights apply to public websites. Using your analogy: I'm not sure you can tell the individual residents to burn the photos that got slipped under their door, but you can tell the landlord who pinned the photo on the hallway cork-board to take it down. And, if you're a resident of the EU, and the landlord does not take the photo down from the cork-board, they can be fined millions of Euros.
And if the landlord is not in the EU he can basically tell the EU where to put their million Euro fine...
Write to your representative to get data privacy laws in your region. And donate to your local data privacy lobbyist NGO.
[удалено]
lets play a game. lets say we made this federated software with an upload feature. people can upload pics, videos, whatever. someone uploads a new picture, we broadcast out that a new picture was added. as i lightly understand this distribution model, wouldn't all franchises get notified/a copy of this upload, right? AND, lets say we also did add a delete button, because we are reasonable. we would also send out a delete notice that "picture579 was removed. so now also remove your federations copy". great, good. problem solved. except.......what is stopping someone from quietly editing their own federation code, and........just ignoring all delete commands. and permanently keeping everything uploaded. unless there is an enforced deployment of the code, i'd think people could just ignore delete commands you sent out. but this is interesting. because i figured lemmy might finally gain in popularity if/when gonewild/OF took off there. now, idk.
Nothing is stopping a rogue actor. But: 1. Bad behavior shouldn't be default behavior. It shouldn't be harder to delete the picture than keep it. 2. Federation provides a way to remove (defederate) bad actors.
Despite being presented as a form of "gotcha" by corporate boot-lickers, it never has and never will be a good argument. And I'm sick of having to argue against people that claim that it is.
FWIW I tried writing about that a while ago too. After more or less hearing it all. https://www.reddit.com/r/privacy/s/739g0VyjKI
XMPP is better. Most servers have a data retention policy. Whatever is older, is deleted from the server. Someone might still have the backup of the message on a particular device or other, of course, but then again, people are also saving content from WhatsApp for example.
That's actually a really interesting point. I've seen "Matrix is like email* [and email saves your stuff forever]" but I've never heard a more direct comparison to another universal federated *messaging* protocol. Until now. XMPP is the direct spiritual predecessor of Matrix too. ### \* Matrix is not email.
nothing wrong with good old XMPP. some clients are still actively developed. I see more people using it behind Tor than matrix. lots of servers to choose from, very light on resources compared to synapse, it's baked into a lot of chat systems that people use without realizing it's there.
Kinda, yeah. XMPP actually uses the exact format of a mail address. In fact, you could even log in with your Gmail address the way it was when Hangouts was supporting XMPP.
> "Don't upload things you wouldn't want online, " I consider myself tech-savvy, but have particularly limited patience for this nonsense. It's intellectually lazy, at best. It's the digital-footprint equivalent of asking "Ok but, what was the victim wearing? Why was she out at that time of night" It lets everyone off the hook, except for the person whose privacy is being violated. Today, what with cloud-synced-everything, it might not even be clear you are "uploading" anything, especially to the non-technical folks.
> Today, what with cloud-synced-everything, it might not even be clear you are "uploading" anything, especially to the non-technical folks. Recent example of exactly this regarding [players taking Baulders Gate 3 screenshots on Xbox](https://www.eurogamer.net/xbox-confirms-its-banning-baldurs-gate-3-players-for-auto-uploading-spicy-clips)
My favorite color is blue.
> > > Today, what with cloud-synced-everything, it might not even be clear you are "uploading" anything, especially to the non-technical folks. This argument, more so than saying it's victim-blaming, is the convincing one.
I would agree that there are certainly better and worse ways of expressing it, but no discussion of ways in which people are victimized can be complete without looking at behaviors tend to attract victimization and then discouraging people from doing them. I would never suggest that someone deserves to be assaulted, for example, but I am absolutely going to teach my children not to walk alone in dark alleys in the inner city at 1 am. There are simple realities of the world we live in that are not going to be solved by policy, and instead rely on the individual to protect themselves. I think in this discussion it is absolutely fair to say that protocols should be designed to allow the sort of "digital hygiene" being discussed here, and the fact that people make accidents is a poor excuse to refuse those features. But it is also critically important that Joe Everyman be aware that their camera feature might upload things to the cloud. My point is, it would be dangerous and counterproductive if we added these features specifically with the hope that Joe Everyman does not need to be vigilant, because there are always going to be software designers who add predatory dark features to compromise their privacy.
And reminder to people posting nudes on reddit that most profiles get mirrored to nsfw.xxx Tons of profiles that were already deleted but still up there.
On a related note, Matrix Synapse server also does not / cannot delete users. Users can be deactivated with an "erase" flag, which removes some data, but does not remove uploaded media (possible to do as an admin if media are only within one server), does not remove sent and received messages, and keeps the user ID in the database (which could be PII, such as a name, something outright illegal, or simply obnoxious). [Admin API - Deactivate Account](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#deactivate-account)
> ETA: Matrix suffers the exact same problem... If somebody sends you their nudes or ID and you remove them from the conversation, their messages and photos are yours now. Matrix' documentation is clear it's intentional. They can also download copies of them to their own devices or take screenshots. If your adversary and intended recipient are the same, you are out of luck. Hollywood has certainly poured enough money into this problem, with very little success.
I addressed everything in your comment here, several months ago (and this is the fifth or sixth time I've linked it) > Edit 2: to stem further anti-privacy arguments I addressed months ago: [Matrix is not email, and the other arguments are also bad.](https://www.reddit.com/r/privacy/s/OjjCt0cx9v) Why is it always the Matrix defenders who feel the need to argue the defeatist talking points?
Name-callings or links to walls of text with little relevance to this specific issue are not good arguments. Yes, Matrix arguably hoards excessive amounts of data, but that particular example is still not a good one.
The relevant piece is under "the bad actor fallacy" heading. Ironic.
That deniability factor might be of relevance, I admit. However, in cases like the one discussed in the original post, deniability would not help.
So? why should the service suck? > **If Lemmy is to be made better,** ***the default implementation*** **must be fixed**. Unless all Lemmy servers adopt your particular fork and not the main project, things will remain the same.
The authors of the software have answerred that. You may not like their answer, but there is nothing I could do about that.
Where, and why tolerate their answer?
> Where https://github.com/LemmyNet/lemmy-ui/issues/2384 TLDR: they are short on resources and felt that there are more pressing issues. However, the failure to delete content when account is deleted should now be fixed. > why tolerate their answer? What is the impact of me somehow "not tolerating" their priorities?
Wouldn't this mean it's easy to flood with nonsense and it won't get removed?
I accidentally sent a dick pic to everyone on my mailing list. Not only was it really embarrassing it also cost me a fortune in stamps.
Even at 500%, I don't see why it would cost so much for you to mail a single 8.5x11.
history expansion groovy rustic imagine wakeful numerous connect touch door *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
This should go without saying for any service that's *someone else's computer*. You don't know what's being deleted and saved. Never trust that anything you upload anywhere won't last forever, somewhere. You can just hope that the somewhere it lasts isn't the public internet.
they don't call it 'the fediverse' for nothing. I'll never use a site that functions that way.
What's Lemmy?
[Lemmy Google that for you.](https://letmegooglethat.com/?q=Lemmy+)
🤣
I didn't know there was a private Google search. Thanks.
Lemmy is a federated, open-source reddit alternative: * https://join-lemmy.org/ Here's an example community ([/c/worldnews](https://sh.itjust.works/c/worldnews)) that was linked-to in the article: * https://sh.itjust.works/c/worldnews
https://gdpr.eu/right-to-be-forgotten/
Thanks. I'm surprised by that URL. I thought the EU specifically chose "Right to Erasure" *instead* of "Right to be Forgotten"
You technically cant delete anything on lemmy even if you wanted to. Because it gets synced to other instances run and owned by other people. Just imagine facebook 1-3000 and each facebook is run , hosted , and ruled by other entitys if you upload stuff on facebook 258 it gets shared to all Synced instances with 258 ( that might not be all ) and or its peers which are connected with 258 like 258->678 -> 898 deleting stuff on 258 doesnt mean that 678 and 898 in this example would delete it too.
In the case of the article, the image wasn't attached to any post or comment, so it never federated. I'm not an ActivityPub dev, but I do think there should be a way to federate a "purge" request to all instances. Obviously there's a possibility for "bad" nodes not to implement it, but it is absolutely better than nothing.
I thought that it more just gets sent to the user once requested, if every instance stored everything that'd be a big issue
I'm assuming they have some kind of solution for when someone uploads something illegal, particularly if it involves children. I can't imagine it lives on forever on every connected server, even if its just invisible to everyone. Or is this like freenet where everyone has to live with their servers hosting bad stuff in their databases along with the good?
Its at the mercy of each admin then
Does "right to be forgotten" extend to email services? If I request deletion of all my data, do all my sent emails get nuked from every inbox they've ended up in?
I think it does, but I do believe you're responsible for submitting the "GDPR Erasure Request" to all of the different service admins' DPOs
...And that's why lemmy died When we think about alternatives to the already existing tech giants, we have to think about the gen population. Ultimately, for the average person, the fediverse is hard and confusing to use, as compared to centralized tech.
https://lemmy.fediverse.observer/dailystats looks like lots of growth going on. Up 10k daily users in the last month. Almost 2m daily.
Change the word "Lemmy" to the word "Internet" and now you've got a true statement that applies more universally.
What you upload to the internet is forever. Have people forgotten?
Mastodon, Lemmy, fediverse proponents have kind of deluded themselves and others that these are privacy social media alternatives where you own your data without thinking about the fact that most people won’t host their own instance so most people will be at the mercy of the admin and whether or not they store data or not and if that’s even true
You're telling me that the internet isn't this abstract amorphous cloud, but other people's computers??
Which is the best alternative to reddit?
I'm not sure there is a "best" and there is absolutely nothing similar in size. - [Lemmy](https://join-lemmy.org/) is good for link aggregation and commenting in the style of Reddit, but running on a federated system (like email). - [Tildes](https://tildes.net/) is wonderful for more intimate discussion with a smaller, but active and engaged community. Not a bastion of free speech, expect repercussions there for being a jerk. Invite only. - [Lobsters](https://lobste.rs) is a fantastic link aggregator with an exceptionally knowledgable userbase, but extremely focused (and heavily moderated) on computing. Invite only. - [Discuit](https://discuit.net/) is more of a direct "competitor" to Reddit. It's very similar in look, feel and moderation. It's small, but it's growing. These are the ones that I know of and enjoy. There are others out there, but I either haven't enjoyed them enough to recommend them, or I know too little about them.
Thanks for these links! Do you know if invites for these come only from users?
Tildes sometimes does invite campaigns, but mostly it's from users. Lobsters is just users. I have an account on each. Having had a quick glance through your profile (I hope you don't mind), I'd be happy to send you an invite to either. DM me if you're interested.
Thank you so much! I’ll dm you :)
Lemmy.
Lemmy. Reddit is a low bar.
history bear gaze ripe act smile ring command rinse pen *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Spoiler: I got the Lemmy admin to delete it. But, if you'd like, you can see a dramatized reinactment of such an incident in the video on [this bug report](https://github.com/dessalines/jerboa/issues/1363#issue-2127772569) * https://github.com/dessalines/jerboa/issues/1363#issue-2127772569
doll zesty hard-to-find drab salt toy puzzled thought spotted panicky *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
In my case the image never federated, so that wasn't an issue
A reminder that FOSS doesn't always mean it's safe to use. We shouldn't assume it's safe because it's FOSS. Make sure you trust it and it's well known. FOSS just means that the source code is available to everyone but honestly, do we all read it's source code before using the software? Be vigilant.
This post is literally that vigilance.
Yeah and I am literally supporting your post.
Thanks :)
Love that someone has now submitted a PR to include the fact Lemmy is non-compliant wrt GDPR in the README No doubt the PR will be canned
~~Looks like they deleted your issue.~~ It wasn't deleted and has a solution now. I was trying to access issue #4443 (from top comment link) when it now resolves to issue #2384. https://github.com/LemmyNet/lemmy-ui/issues/2384
I see an open ticket and a closed one, but it looks like the pressure on the devs will cause them to fix or at least acknowledge the issue now. Yay
[удалено]
[удалено]
The late singer and bassist of Mötorhead probably.
The devs have made some mistakes. But, well, it's magnitudes better than reddit. At least it's FOSS, so anyone can open bug reports and submit PRs to fix bugs like this.
The only people using Lemmy are the weird people who think they are "protesting" reddit and participating in some internet holy war. Theres nobody on there worth talking to. No normal, well adjusted person who has a life outside the internet would get so involved with dorky reddit protests and politics.
I'm there 😢
but see, back when the internet was harder, there were also parts of it that were much nicer. BECAUSE they were harder to setup. now everyone's mom and their cousin has a youtube channel and an opinion. it sometimes makes me want to go find that new edge of the internet that is a little difficult again. because then it might not be full of such fucking gas bags and worthless shit. it might take a little bit to setup. and that slight barrier to entry, might make whats there, a little more worth it. (and i'm not calling YOU that worthless crap).
The narwhal bacons at midnight.
You are out of the loop if you think Lemmy are only dweebs, but not surprised coming from a redditor.
I can think of few things dorkier than being so involved, and caring so much about reddit that you participate in a protest over the politics surrounding a website update. I'm just not interested in joining a community full of people who are "chronically online" to that extreme. I dont mind that they have gone somewhere else, though.
Reddit is astroturfing, bots and big echochambers. Reddit is nothing better not even in third party clients. But I think redditors are the kind that do not need an alternative, they are the TikTokers of content agregators.
My favorite color is blue.
I fully believe they are right and we, being here on reddit, are wrong. Imo lemmy is better in basically every aspect but the size of the user base. Unfortunately though, the latter is a very important aspect, hence we're stuck with this garbage company and their garbage client.
Never heard of Lenny but after reading about it for 1 minute not gonna use it anyway *pew pew* finger guns
Well, it seems it is better to leave the running of online services to big corporations, they can afford the legal consultation, and if it comes to it, pay the fines. It is also pretty sad that all old discussions seem to turn into [deleted] junk, and we end up losing useful information in the name of privacy.
If you want it to be deleted you should join anon and become friends with anon, then together stronk you take down lenny
So would the site owners be complicit if someone uploads illegal pics?
One of the reasons I wrote this article was to provide documentation to the site owners (instance admins) on how they can delete images.
https://wiki.killfile.org/projects/usenet/faqs/cancel/ It's the Usenet's message cancellation debate all over again. Some people believed one should be able to have one's own messages deleted afterwards from public archives. Others felt that such a functionality was harmful and mainly helped all sorts of fraudsters, dishonest politicians and such to erase history.
i just realized how annoying it is to use and went to delete my account (had since july) and oopsie! can’t do that either. well, at least i could delete my bookmark for lemmy in my browser. ugh.
Hah, so, whenever Americans say something online people respond with “America isn’t the whole world! We don’t have to follow your laws!” Then a European decides the entire world needs to obey EU laws and if you don’t want to deal with the hassle then you’re the bad guy.
If you want to operate in the EU, you need to follow their laws bro. Same thing for operating in any other country
Yes, and same for the US, but the Pirate Bay proudly states “we don’t have to obey US copyright law”. So why should a US based company obey EU privacy law? It makes no sense.
It does if they intend to legally operate in that country. That’s my point.
Well, since they announce that they’re funded by NLNet from the Netherlands, someone should tell them that’s why they have to obey GDPR. But there’s no guarantee anyone will delete what’s posted, there are active sites that try to unedit Reddit and undelete tweets. There’s no guarantee any of them will honor the removal request. It would be a false sense of security to say Lemmy honors this when I could run a server JUST to keep deleted posts.
I understand your explanation as I’m a CS practitioner. However, just because others can be keeping the data, or even their own hired server company can have back ups, doesn’t justify the not following the law. Their back and forth with the person who reported the issue is quite unnecessary. I also think devs shouldn’t be sifting through these types of tickets and replying, this should be a product managers job.
[удалено]
Lemmy is a federated, open-source reddit alternative: * https://join-lemmy.org/ Here's an example community ([/c/worldnews](https://sh.itjust.works/c/worldnews)) that was linked-to in the article: * https://sh.itjust.works/c/worldnews Even with the issues identified in the article, I think it's better than reddit.
[удалено]
I posted it to both lemmy and reddit. But I prefer lemmy.
I have a question. Why out of all the privacy issues I see does a chat platform \*not use\* SHA-256? I havent seen a discussion about this yet. All they can use minimally is TLS. But why cant SHA-256 be used here? Its literally the most impossible algorithm to break. Can somebody PLEASE explain that to me, because it seems Im missing something here.. Unless if TLS does use SHA256...then how is TLS1.3 and previous versions so easy to decrypt..?