Nightmare on Lemmy Street (A Fediverse GDPR Horror Story) - Michael Altfield's Tech Blog - eviltoast
    • Maalus@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      10 months ago

      Except you don’t get to ignore GDPR by saying “don’t expect our site to be private”.

      • expr@programming.dev
        link
        fedilink
        English
        arrow-up
        5
        ·
        10 months ago

        GDPR is really designed to target software controlled by a single entity, but this isn’t that. The instances are responsible for their content, full stop. There’s no way of forcing an instance to delete content, and even if there were, since the admins are running it, there’s nothing stopping them from removing such a feature.

        There’s also nothing stopping admins from deleting content from their servers (it’s just a database, after all).

        • Maalus@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          3
          ·
          10 months ago

          Well then, once the EU knows about Lemmy, it’ll be screwed. Again, you don’t get to make excuses when dealing with GDPR. The book will be thrown at you once you have EU citizen’s data, which lemmy obviously does. Saying “we made this application without it ever being possible to comply with GDPR” will only get you a bigger fine, or worse.

          • expr@programming.dev
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            3
            ·
            10 months ago

            “Lemmy” (the software) doesn’t have any data. It all resides on servers owned by people other than Lemmy’s developers. They have the user data and would absolutely be subject to GDPR.

            Again, no matter what Lemmy’s devs put in place, it doesn’t matter because the instance admins can do whatever they want.

            • Maalus@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              2
              ·
              10 months ago

              Way to go being pedantic about it.

              Once they know about one server, they will know about most large instances. Since Lemmy doesn’t implement any GDPR features (i.e. cookie notices, a button for deletion, etc) every larger instance will get hit.

    • UndercoverUlrikHD@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      How would tracking pixels work via lemmy? I don’t see how you could gain individual ip addresses if the instance simply store the image in their cache.