Could it be a subdomain, though? What if a spammer started a “Lemmy instance as a service” on “legit.ml”, and started creating instances on “lemmy.u<number>.legit.ml”? What if some of the instances were actually legitimate, while thousands of others weren’t? What if… oh well, the rabbit hole goes deep on this one.

You tell me, you sent me away.

I think data protection, retention, access, rectification and deletion laws are going to hit anyone hosting an instance. The EU is also in the process of introducing a “data migration” law, that is mostly targeted at “large” social media, but we’ll see what ends up getting approved.

I’m not a compliance expert, but what I know about these laws makes me fear setting up an instance just to get hit by whatever fines.

I know how to program, I also know how to wonder how many instances are running off the docker-compose with publicly exposed postgres… that would make import/export really easy, wouldn’t it? 🙄

Anyway, would you say this isn’t the right place to discuss this stuff?

That’s kind of wrong though, isn’t it? What about stuff like GDPR data exports? Users should be able to export their data, then import it into another instance, effectively migrating instances.