Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    11 months ago

    Yeah, the Fediverse is terrible for privacy. By design, I should add.

    I’m pretty sure running a Lemmy server (or Mastodon server) in Europe in blacklist federation mode is illegal, as you’re exchanging data with external processors without any kind of validation about privacy arrangements. No DPAs, no competency decesions taken into account, data shared all over the world.

    Lemmy lacks proper delete functionality (you can edit to replace the contents with an empty string, though). In theory you could exercise your rights and demand thst the administrator deletes all your PII, and instructs any data processors that PII was hared with to do the same. If they do not or cannot comply, that should be grounds for a complaint with your local DPA.

    I’m not aware of any international privacy law, but this is going to be A Thing now that Meta and Tumblr and Foursquare are joining the Fediverse. My guess is that they’ll consult at least one DPA (probably the Irish one, they’re usually located there for tax reasons) for guidelines. I wouldn’t be surprised if data they severely restrict Fediverse activity within EU/EEA borders because of privacy laws.

    Even more interesting will be what would happen if a user sued the instance admins of a European server that’s more than just a person. Several Fediverse instances are backed by organisations, which means they need to comply with the terms of the GDPR if they operate within Europe, and the way the open Fediverse operates just isn’t compatible.

    This is one of the reasons I don’t see the Fediverse lasting long. Unless you add some kind of validation system to verify that you’re exchanging data within certain borders, the entire system as it stands simply cannot be run legally by anything bigger than private individuals.

    However, it’s important to note that privacy law generally only applies to PII. Your works (blog posts, comments, etc.) are probably not covered by privacy laws. Your username probably is, though.

    I think the fact there’s a privacy oriented community on Lemmy is pretty hilarious. Of course, privacy is irrelevant if you choose to share information willingly, but the entire protocol is a giant privacy violation.

    As an added bonus: this applies to most other federated protocols as well (Bluesky, Matrix, XMPP, you name it) unless those servers are configured to only communicate with known-compliant servers.