• 0 Posts
  • 27 Comments
Joined 1 year ago
cake
Cake day: June 1st, 2023

help-circle





  • Why should someone who has doxed someone get away with it by deleting their account?

    Doxxing is not illegal in many places - the US included. Cyberstalking and harassment may be illegal, depending on location. That’s beside the point, but this is an extremely specific example.

    Ultimately users should, in my opinion, be in control of their data. Tildes, for example, preserves deleted comments for (I think) 30 days and then permanently removes them. It seems like that approach is a compromise that would work for your situation while still respecting privacy long term.


  • Deleted comments remain on the server but hidden to non-admins, the username remains visible

    This is a negative behavior by Lemmy, in my opinion. Deleted comments should be purged after some time. Tildes does the same thing - I think with 30 days?

    Deleted account usernames remain visible too

    These should be replaced with some random string of characters or something like DeleteUser<numberhere> or something.

    Anything remains visible on federated servers!

    This is just a concession of federation.

    When you delete your account, media does not get deleted on any server

    This is an issue, too, in my opinion.


  • I don’t think there is a legal requirement that you store that data, just that you make the data you store available, or in some situations, you add logging for valid law enforcement requests.

    Apple for example does not have access to end-to-end iCloud data that is encrypted to my knowledge. They wouldn’t be able to provide the contents of my notes application to law enforcement necessarily - and that is currently legal.








  • It respects your privacy just as much as the alternative, which again, is reddit.

    The alternative isn’t Reddit. It’s Tildes, Lobste.rs, Lemmy forks, etc…

    News aggregation isn’t a binary choice with Reddit on one side. I think if you are saying your software/platform “respects privacy as much as Reddit” that should really be a red or yellow flag. The way Reddit treats user data shouldn’t really be an aspiration.

    If you edit your post, the previous version isn’t saved.

    I haven’t dived into how Lemmy handles edits specifically yet, but my understanding is that a version of the edit is saved into a log. This also brings up the point - if I can edit my post with a period to “delete” it, why doesn’t the delete work that way too?

    You are posting on a public website, you can’t expect that level of privacy, nothing ever gets deleted on the internet.

    I didn’t say I expected it. I said I wanted it. Just because Twitter is terrible for privacy doesn’t mean Lemmy can’t aspire to better than Reddit or Twitter for privacy.


  • No, because lemmy ISN’T PRIVATE FUNDAMENTALLY, it’s a PUBLIC FORUM I do not know what else needs to be said, don’t post public things if you want privacy.

    A public form doesn’t mean it can’t respect privacy. Why even allow delete at all in Lemmy if this is your argument? Make comments immutable. It would be easier to code.

    Lemmy is also aware of your IP address - should it make that information available since it’s a public form? Of course not, that would be absurd. When I click delete the post should be deleted because that aligns with what the user would expect to happen.

    You have no way of knowing what tildes actually does, you just know what the code on github says it does, unless you’re running tildes yourself, you have no way of knowing.

    Yep, but that’s also true for pretty much all Lemmy instances including the one you use - right? You have to place some level of trust in the maintainers and administrators.

    I think the way Tildes handles deleted posts (removed 30 days later) is a benefit when compared to how Lemmy handles deleted posts. I’m fine if the delete isn’t instant.

    This is not a fundamental issue, this is a growing pain, and it’s solved by just linking somebody to an instance instead of explaining all of that, this is opt-in complexity, not a fundamental problem.

    I agree that it isn’t a fundamental issue, but it does seem to be a reoccurring issue in federated software. The process for getting people onto the software tends to be focused on tech savvy people. That’s why a lot of these platforms end up dominated by IT/software developers.

    Yeah, that would be better, or you can just link non-technical users instances and explain none of that.

    That requires ‘recruiting’ someone to a specific instance instead of them finding it on their own. That’s not an organic process. Nobody recruited me into Reddit - I found it myself.

    If I Google Lemmy my top three links are:

    1. Wikipedia entry for Lemmy Kilmister
    2. Join-Lemmy.org
    3. Lemmy Github repo

    None of these are specific instance someone could join. There isn’t a single instance in the first page of results. There are some variations of words that I can use that direct me to lemmy.ml first, but the signup page for that instance literally asks you to go to joinlemmy before signing up.

    We need to improve this process if we want people to continue migrating to federated services.


  • If it’s not preventable, why do you care if lemmy does it? Does this actually matter at all?

    Are you really going to use the nothing to hide argument? I care because we should design software to respect privacy. What Lemmy does with user data is within the span of control of Lemmy. Lemmy should treat user data with respect and value user privacy to the extent it doesn’t break the fundamental usage of the product.

    Why do you expect privacy on a public forum? You’re assuming something that’s impossible to get, reddit doesn’t give you privacy, tildes doesn’t give you privacy, you don’t know that your content is actually being deleted their either, again, you’re forgetting that you’re comparing lemmy to something, not an imagined perfect choice.

    Lemmy is open source. Tildes is open source. I know what both of them do, in theory, when I click the delete button. I know that Lemmy doesn’t actually delete the post. Reddit is closed source - I edit and then delete my posts there. You are correct, I don’t know what happens after that. I’m not arguing in favor of Reddit.

    I don’t expect privacy, but I want privacy. I use Signal for messaging for privacy. I use a smaller third party email provider for privacy. If Lemmy can be more verifiably respectful of privacy I think that will draw more users into the platform over time.

    Why do you assume they need to know how it works in order to use it?

    Do they need to know how email works in order to use it? This is a wrong assumption. Yes, centralized services are easier to explain how they work fundamentally, but if you told someone lemmy was centralized, what incorrect assumptions would the end user actually make to actually impact their experience? Virtually nothing, once the issue trackers for instance-agnostic linking and automatically staying on your federated instance are resolved.

    I don’t even know how to respond to this. Why does someone need to know how something works to use it?

    Here is the flow for Reddit:

    1. Search join reddit
    2. Click top link ( https://www.reddit.com/register/ )
    3. Create account

    < 5 clicks

    Here is the flow for Lemmy:

    1. Search join Lemmy
    2. Click top link ( https://join-lemmy.org/ )
    3. Read page, maybe click “Join server”? Or do I want to host a server? The call to action on this page isn’t clear. Lets assume join.
    4. Instances page. Talks about “lemmyverse” and “server/instance” top result is vlemmy.net for 19 users / month? I guess that one? Click join.
    5. I’m now on vlemmy.net, which looks like the reddit homepage. It didn’t take my to sign up. Click sign up.
    6. Create account

    This process forces the user to make more choices (probably uninformed choices) and requires more navigation.

    The join-lemmy page should probably be centered around non-technical users with an emphasis on joining and instance (not hosting one). Hosting an instance should be towards the bottom of the page. It should explain the benefits in plain and easy to understand text.


  • I literally have never worked with a company that didn’t use their own email server, I don’t know what you’re talking about.

    You’ve never worked with a company using Google Workspace or Office 365/Exchange Online?

    Nothing, but you not caring about that contradicts your argument of not caring about archive.org, that’d still be an external server downloading your data, it’s no different.

    How Lemmy instances interact is a function of the Lemmy software and federation. Archive.org is not federated with a Lemmy instance. It’s literally scraping content and saving a local copy of it. This isn’t preventable without being a login to view any content.

    I don’t think there are any cons EXCEPT that developing a federated option is more complicated, but there are no cons for end-users, all of the cons you listed have much bigger equivalents problems for centralized services.

    I just can’t agree with this. My parents are going to understand how to use Twitter and how Twitter works much faster than they’d be able to figure out how Mastodon works. They’d also be able to figure out how Tildes or Reddit works faster than Lemmy.

    https://join-lemmy.org/ for example has a distinctly technical first aesthetic. The first page talks about “selfhosted” and has a screenshot of a code example and the technology it is built with. The page appears geared towards software engineers. When you navigate to the join a server page it’s got a broken page for sopuli.xyz, it lists random user counts, etc…

    This isn’t impossible for a non-technical user to understand, but it does have a higher hurdle for understanding compared to traditional centralized services.

    The federation concepts are first and foremost in the presentation, instead of the user experience.


  • Matrix is catching on and growing rapidly for a reason. Also, email is still widely used in offices for a reason, have you ever had a job that didn’t send you emails? I haven’t. Have you ever had a job that didn’t utilize emails heavily? I haven’t.

    Centralized messaging is used for instant messaging, which is a different usecase than email. I’m sure matrix will overtake the corporate world just like email did, because of the strengths of federation, a company can have an internal messaging client and not have to worry about leaks, and trusting microsoft/whatever company to run their shit well.

    Every company I’ve worked with in the past five years is communicating primarily through Microsoft Teams, Zoom, or Slack. Email is typically reserved for meeting invites or communication outside of the company. I run a team of software engineers and we probably use email less than once a month outside of accepting or declining meeting invites. I do hope Matrix catches on and continues to grow.

    To follow along with this argument though, if companies wanted federation - wouldn’t they run their own email servers internally instead of outsourcing that out to Microsoft or Google? I don’t think I’ve worked with a company in the last decade that ran it’s own mail servers.

    You’re right, reddit does the same thing, though. You can host your own lemmy instance, and then you’ll be in control of the data. On any other platform, you have no choice beyond trusting the benevolent dictatorship.

    If anything that’s a reason to fight for federation, not a reason to fight against it.

    Do you actually control your data if you host your own Lemmy instance? What’s stopping another Lemmy instances from caching, storing, or using the data for it’s own purposes?

    Again, I’m not against federation, I’m literally on Lemmy right now. I’m on Mastodon too. I think federation has benefits. It’s important to be honest and transparent about the pros and cons.


  • Yet nearly everyone has an email, and nobody is suggesting we centralize it, because that would be a significantly worse experience for everyone. All of the issues you complain about would also exist in a centralized instance, especially the “use a megacorporation” one, are you suggesting reddit isn’t a megacorporation?

    People are actively migrating to centralized communication platforms away from email. Pretty much every messaging application or chat service with mass adoption at the moment is centralized.

    I am not suggesting anything, just saying that I don’t know if email is a great example of federation without issues. I think it’s important to be transparent about the downsides of federation as part of the discussion.

    Why on earth do you expect your data to be private on a public forum?

    Do you not know about archive.org?

    There is a difference between expecting something to be private on the internet, and the application you are using respecting your privacy. Archive.org is not run by Lemmy - it is a third party outside of our ability to control. Lemmy can control how it handles deleted and edited content within it’s system. I don’t like how Lemmy handles deleted content for example. I think a delete should be a delete - it should be gone, or anonymized within Lemmy specifically.

    Even on reddit, they EXIST to sell your data, privacy is completely nonexistent on public forums, and it never will be, you’re essentially asking users to trust in a benevolent dictatorship on their data.

    I have not made that argument. There is also nothing, as far as I can see, that would prevent the owner of a Lemmy instance (or a fork of the Lemmy software) from doing anything you list here. The software license allows for commercial use and doesn’t seem to include any mandates for how instance maintainers interact with user data.