This article will describe how lemmy instance admins can purge images from pict-rs.
 |
|---|
| Nightmare on Lemmy Street (A Fediverse GDPR Horror Story) |
This is (also) a horror story about accidentally uploading very sensitive data to Lemmy, and the (surprisingly) difficult task of deleting it.
You must log in or register to comment.
I haven’t had a deletion request come around yet, but I’ve had the pict-rs documentation in my back pocket just in case. My instance allows NSFW, so I made sure I knew how to do this before deploying.
I agree with the author, though, it definitely shouldn’t be so hard to delete images. Hopefully the Lemmy devs tackle these issues quickly.
Impossible to be done if not every servers plays by the rules.
Sort of non news too, “don’t put sensitive data on display, especially on the internet”.
With federation it’s kinda like complaining archive.org doesn’t have a good way to purge page snapshots in case you post something on your website you regret later. Or search engine caches. Or the local scammers replicating your page with curl for a phishing scam.
The author pretty freely admits he shares some blame, having PII on the same phone he uses Lemmy, using Lemmy while not paying attention/being half asleep. I’m sure he does know better and agrees with your statement. And yet, when mistakes happen and people prove to be fallible, Lemmy proves it is not capable of handling the problem.
I also can’t believe the Lemmy developers would be so indignant about being presented with such an oversight. GDPR or no GDPR, federated to other servers or not, the idea of PII being hard/impossible to delete from a social media platform is an embarrassment to the developers.
I think you don’t understand how federation works.
It’s like you show something sensitive on TV, and you want to “erase” that from everyone seeing it.
Lemmy isn’t centralized like Reddit or Facebook.
Unfortunately, the Lemmy devs literally said it would take years to fix this issue. If you think this should be a priority for them, please advocate for them to prioritize it on GitHub:
Thanks for sharing.
Sad to see such communication from the Lemmy devs
I agree the whole issue was lemmy devs being an arse to maltfield
You clearly put a lot of effort into writing this blog post, creating the header image and sharing it across dozens of Lemmy communities and Github issues. I only wish you would put even a fraction of this effort into actually resolving some of the mentioned issues. After all you are a programmer and many of them are relatively easy to resolve with a bit of time.
What you dont seem to realize is that Lemmy only has two fulltime developers (Dessalines and me). We are both working every day to fix bugs and implement new features in Lemmy, but there are only so many hours in a day. Whenever we resolve one issue, a new one gets reported so its impossible to resolve all of them. The repos for lemmy and lemmy-ui currently have 750 issues. So there is no other way but to strictly prioritize what we work on, and ignore things we dont have time for. Obviously people will disagree with the exact priorities, that is inevitable.
The only solution is to get more contributors who help work through the issue backlog. Or if you are not willing to do that, switch to a different platform which is backed by venture capital and can pay dozens of developers to work on it.
Did you read the article and the feedback that you’ve received from your other users?
Any FOSS platform has capacity issues. I run my own FOSS projects with zero grant funds and where I’m the only developer. I understand this issue.
What we’re talking about here is prioritization. My point is that you should not prioritize “new features” when existing features are a legal, moral, and grave financial risk to your community. And this isn’t just “my priority” – it’s clearly been shown that this is the desired priority of your community.
Please prioritize your GDPR issues.
I bet your project doesnt have 50.000 monthly users so its not comparable at all. Out of all these users only you and one or two others care so much about GDPR (yet not enough to make actual contributions yourself). We really cant change our priorities for a single user out of thousands.
