Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.

  • onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    97
    arrow-down
    11
    ·
    10 months ago

    I don’t agree with the tone of the Lemmy devs, but they are right: it’s opensource being worked on mostly in the free time of people. Do not treat the devs like they are paid to do your bidding, because they aren’t. If you donated and have expectations, you don’t understand the meaning of a donation.

    Imagine if the author had a woodworking workshop on their compound where they made things out of wood; figurines, furniture, tools, sculptures, and so on. Say they opened it up to the public so that guests could have a look, play around, spend some free time there, and maybe even use the equipment there. But then guest started demanding the author buy newer equipment, make sculptures more to the guest’s liking, made the workshop more accessible to invalids, put up the national flag, play the radio, and a host of other things. All the while not footing the bill for anything, not helping clean up, not volunteering to help in any fashion.
    Then the author refused and invited the guests to help. But instead, the guests went off and made a blog saying the author was selfish, cold, self-centered, egoistic, rude, and what not.

    This is what the author of this article and people in that github discussion come over as. If those people came into my workshop and told me how to do things without helping out in any way, I’d rightfully tell them to fuck right off.

    Articles like these that are practically demanding change will not and do not improve the dialogue. They are actually bad for opensource as a whole because they give people who don’t understand opensource the feeling that they have the right to complain, the right to demand, the right to expect, the right to be entitled to an opinion and an outcome.

    That’s a thumbs down from me dawg.

    CC BY-NC-SA 4.0

    • Maalus@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      10 months ago

      I have a better example. What if a small company made pills or medical devices. Do they get to be noncompliant with the EU law, and tell their patients “we won’t get a medical license, there is too few of us to do it”? If you aren’t okay with that, you aren’t okay with lemmy being noncompliant GDPR-wise

      • onlinepersona@programming.dev
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        4
        ·
        10 months ago

        Beautiful example of a commercial company selling products to customers 👍 My questions to you:

        • are the lemmy devs a commercial entity who paying clients are dependent on for making a closed source solution that nobody can modify?
        • who is non-compliant for failing to remove personal data form the database and filesystem? the admins who have access to the database and filesystem or the lemmy devs who don’t?
        • if the people complaining are so concerned, why do they not contribute the code to fix their perceived issues?

        CC BY-NC-SA 4.0

        • Maalus@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          3
          ·
          10 months ago

          Are lemmy admins handling EU information? Yes. Do they offer services? Yes. It doesn’t matter if free or not. Hosting a lemmy instance that allows EU users is therefore illegal.

          • rglullis@communick.news
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            10 months ago

            Let’s play it out. I have a commercial instance based on the EU, I have a handful of European citizens who I have processed data.

            If any of them tells me they want to delete their data, I can run a script that delete all their data from the database. If they want me to tell you what data I collected from them, it’s another data query away.

            Please do tell me exactly what is illegal about it.

            • Maalus@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              10 months ago

              Your instance is tiny and it is manageable. For large instances, it’s not “just a single query”. You also can’t miss anything, so photos and similar - if they have uploaded something.

              Also, does your instance have a cookie prompt? If not, then that’s a paddlin.

              • rglullis@communick.news
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                2
                ·
                edit-2
                10 months ago

                For large instances, it’s not “just a single query”. You also can’t miss anything, so photos and similar - if they have uploaded something.

                So, you went from “all instances are liable” to “big instances won’t be able to handle it”. Not only you just moved the goalposts, you are also missing the point of the Lemmy devs: if compliance with GDPR is problematic only for instances that are so big to the point that the volume of requests can not be manually processed, then it’s not something that should be a concern for the developers of the main software and the cost to implement such a thing should be born by the admins themselves!

                Also, does your instance have a cookie prompt?

                Cookie prompts are only required if you have tracking cookies, which I don’t have on my website or any of the instances I run. Cookies used for authentication or basic functionality (let’s say to store the user preference for dark mode) are not tracking the user across multiple sites and therefore do not fall into the requirements for disclosure.

                Edit: downvoting without a response serves only to show how lost you are in your argument. You spent the best part of the last two days fueling the mob and throwing accusations at the devs and basically making them criminally irresponsible and now you can’t even support the premise that EU instances are somehow not able to comply with the law.

          • onlinepersona@programming.dev
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            4
            ·
            10 months ago

            Ah, I see. You’re answering your own questions with the answers you like. Do you even need me to agree with yourself?

            Let me guess: “no”.

            If you want to read your opinion typed by somebody else, I suggest you get a secretary. I’m not here to indulge in your fantasy.

            CC BY-NC-SA 4.0

            • QuaternionsRock@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              2
              ·
              edit-2
              10 months ago

              Of course the Lemmy devs aren’t liable for GDPR violations; the admins are. That doesn’t eliminate the problem, though: if the Lemmy devs wish to see their software used as it is now in the long term, they need to introduce GDPR compliance tools. We should consider it gravely concerning that bad actors (e.g., a Reddit employee) can set up Lemmy admins for a massive GDPR suit at any moment.

              Edit:

              if the people complaining are so concerned, why do they not contribute the code to fix their perceived issues?

              I know it’s a stereotype around here, but not everybody on Lemmy is a programmer with free time.

            • Maalus@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              3
              ·
              10 months ago

              Ah, so now that it is really plainly explained and you have no arguments (since you never did) you start complaining and poisoning the discussion. Good job.