Hey folks! Just realized something that makes Lemmy different from Reddit. Because of the federation, your votes are not technically anonymous on Lemmy. At least, I think.

Although there’s no UI to look at a user’s voting history yet, one could conceivably be built by an instance. Perhaps coincidentally, I hear there’s instances out there populated by mostly bots?

  • CorrodedCranium@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    2
    ·
    1 year ago

    But the implications are still interesting. One might (big might) trust Reddit as an organization not to use this data for evil, but with federation, there’s nothing stopping an instance from simply releasing all users’ voting history to be public.

    Another potential privacy issue is that deleted content stays server and I believe it’s similar with posted images.

    • o_o@programming.devOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      1 year ago

      I think this issue is overblown. Instances of Lemmy might run modified code and choose to save things that the user intended to delete, of course, but the default setup of Lemmy seems reasonable to me in terms of how it treats deletion.

      Currently it keeps deleted posts forever to allow users to un-delete if they choose, but deleting your account clears everything. And I believe there’s work in progress to discard deleted posts after 30 days. Details here: https://github.com/LemmyNet/lemmy/issues/2977

      • CorrodedCranium@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Thank you for pointing this out. I was looking into privacy on Lemmy and came across this post where I got the wrong idea I guess. I couldn’t find much else online

        And I believe there’s work in progress to discard deleted posts after 30 days.

        That would be a nice addition

      • sinnerdotbin@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        1 year ago

        This keeps on being asserted but it is far from true. If defederation happens or your local goes offline, posts/comment history/profile/votes will remain on other widely used instances and out of your control.

        A large instance has already defederated with 2 other larger instances. If you run a personal instance I feel it will become very, very common to be be locked out of managing your data.

        You can expect defederation to happen all the time as that is a deliberate part of the open federated model.

        And that is to say nothing about federation simply breaking sometimes.

        I already have been locked out of content that exists on other instances that will remain forever and I’ve only been around a short while. I don’t care personally, but people keep asserting this claim that only bad actors or scrapers will dupe your data. Federated data is very different than a non-federated copy for many reasons and that matters to some people. Everyone should understand deleting your account, or modifying your content will often not remove your content outside your instance, and many people engage outside their local. It will likely exist in federated, Lemmy searchable form forever in some capacity (in the current iteration anyway).

        Not trying to spread FUD, but if we want to maintain users they have to be educated as they will find out eventually and not be happy.

        I have some working drafts on policies for admins to help them navigate and explain their responsibilities to their users.

        It is a bit of a weird read outside of the context, but this is an optional primer I have drafted that will hopefully help explain the distinctions:

        https://github.com/BanzooIO/federated_policies_and_tos/blob/main/optional-privacy-policy-intro.md

        • o_o@programming.devOP
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          1 year ago

          Yes, that’s a fair point. Just because you send a “I have deleted this message” signal out into the universe doesn’t mean that everyone will receive or obey it.

          I assumed that was understood.

          But that’s very different from instances intentionally and malevolently keeping data despite indicating to users that it was deleted, which is what I think folks’ privacy concerns are about.

          EDIT: What I mean is that the federation model is inherently non-private in a certain sense (but in the same sense that someone could take a screenshot of your Reddit comment and your deleting your comment won’t delete their copy). But Lemmy is not egregiously misusing data.

          • sinnerdotbin@lemmy.ca
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            1 year ago

            This is largely assumed by someone like yourself or I who understands the implications. I am finding it evident that a lot of people are not aware.

            There is also a distinction to a potential screenshot, a scrape or archive no one visits, and a federated copy on a widly used instance you have lost access to.

            I edited my comment above to include a project I am working on to hopefully help admins get this across and educate users on how to appropriately engage to their comfort level.

            • o_o@programming.devOP
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              I appreciate your commitment to this privacy consideration. I personally don’t think it’s the hill I’d prefer to die on, but I welcome your contributions.

              • sinnerdotbin@lemmy.ca
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                1 year ago

                Thanks! I’m for mass adoption and want admins to succeed. That starts with keeping users educated (and admins covered).