I found it interesting how the maintainers reacted to these issues.
Would you mind if we set some of your priorities also? You’re asking us to do free labor for you, that you’re unwilling to do yourself. Do not put ultimatums and demands on people making FOSS, or I won’t hesitate to block you from these repos.
https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1939275302
The lemmy devs are communist, isn’t doing free labor their whole thing?
deleted by creator
Except you don’t get to ignore GDPR by saying “don’t expect our site to be private”.
GDPR is really designed to target software controlled by a single entity, but this isn’t that. The instances are responsible for their content, full stop. There’s no way of forcing an instance to delete content, and even if there were, since the admins are running it, there’s nothing stopping them from removing such a feature.
There’s also nothing stopping admins from deleting content from their servers (it’s just a database, after all).
Well then, once the EU knows about Lemmy, it’ll be screwed. Again, you don’t get to make excuses when dealing with GDPR. The book will be thrown at you once you have EU citizen’s data, which lemmy obviously does. Saying “we made this application without it ever being possible to comply with GDPR” will only get you a bigger fine, or worse.
“Lemmy” (the software) doesn’t have any data. It all resides on servers owned by people other than Lemmy’s developers. They have the user data and would absolutely be subject to GDPR.
Again, no matter what Lemmy’s devs put in place, it doesn’t matter because the instance admins can do whatever they want.
Way to go being pedantic about it.
Once they know about one server, they will know about most large instances. Since Lemmy doesn’t implement any GDPR features (i.e. cookie notices, a button for deletion, etc) every larger instance will get hit.
Only those based in the EU.
How would tracking pixels work via lemmy? I don’t see how you could gain individual ip addresses if the instance simply store the image in their cache.
deleted by creator
Ah, interesting. I thought my instance cached images.
deleted by creator
This post made my curious about the instance he’s on, monero.town, and the first post I see is Covid antivax shit
Yikes. Played it for shits and giggles and it leads off with saying the vaccines or even being around people who took the vaccine causes you to emit a Bluetooth MAC address lmfao.
I’m gonna find this guy’s image …
https://monero.town/pictrs/image/00000000-0000-0000-0000-000000000000.jpeg … nope
https://monero.town/pictrs/image/00000000-0000-0000-0000-000000000001.jpeg … nope
https://monero.town/pictrs/image/00000000-0000-0000-0000-000000000002.jpeg … nope
https://monero.town/pictrs/image/00000000-0000-0000-0000-000000000003.jpeg … nopeMmm, I’m sure it won’t take long. Just have to remember to do it all again for .jpg, .webp, and .png.
Anyway, I’ll let you know when I get it.
Its been a few hours, did you find it yet?
Not quite, no. I know what it isn’t at least.
I’ll keep going - I’m sure the article’s author is someone who genuinely uploaded some confidential info and then became really involved with privacy/GDPR etc, and not someone who was always been really involved with privacy/GDPR issues and now has a story to fit.
Removed by mod
a check every month enough to pay their full time salaries
I would usually agree because often FOSS projects are used commercially but I don’t think this standard doesn’t apply here because the Lemmy instances are also non-commercial projects.
Removed by mod
So why should they be expecting commercial-level support?
“Users should be able to delete stuff they uploaded” is only something for commercial services?
Removed by mod
“You get what you pay for”
“Open source respects your privacy! Lolnope, jk!”
Well, the bare minimum you need to do, is refuse traffic from the EU then. The devs don’t want to do that, but they also don’t want to implement the changes which is illegal and carried huge fines (yes, they can fine you in the US too)
Removed by mod
The fines are only proportional for big corporations. Organizations without revenue can still be fined:
Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: (a) the basic principles for processing, […] pursuant to Articles […] 7 […];
https://gdpr-info.eu/art-83-gdpr/
In this case, the processing of data hinges upon the data subject’s consent, which is detailed in article 7.
Also, this is not an issue for the developers, but for the admins.
Imagine a car manufacturer building cars without brakes and then saying ‘This isn’t a problem for the engineers, but for the retailers’. Of course the developers can’t be sued for this. But that’s not the point! The point is that this bug or missing feature or whatever you want to call it jeopardizes the admins upon which this whole ecosystem hinges. I can’t believe that that’s in the devs’ best interests.
They are also proportional to the size of the leak. Small businesses get some leeway, but the approach that devs have had so far is “we don’t care” when it was brought up.
It’s an issue for both. If a software you run can get you fined in both the US and the EU, then devs need to adapt or nobody will be using it. Right now, lemmy is too small for big wigs to notice. It takes one disgruntled user to report the breaches though, and everything can change veeeery quickly.
Removed by mod
Your point is “don’t make our devs do things that are essential for using it in Europe”
I wasn’t talking about some issues on github, I was talking about GDPR. If lemmy is to be used in any way, it can’t behave like some student project thrown together from random bits. Legal is part of that. And there is a lot of it to go through. I get it, it’s not fun at all to code that and they’d rather do some cool new feature instead. But it needs to be done, even if nobody wants to do it. Or, at least people could simply accept the risk of it going really bad.
Removed by mod
Yeaaah, except I don’t care about this platform enough to invest money into it. It has huge flaws, no people, etc. The fact of the matter is though, and I keep repeating this, once it gets noticed, it will be hit by fines. And by that time, it will be a huge scandal, with both admins and devs wishing they actually coded the “uninteresting” parts of the app.
I would actually consider using normal reddit a nightmare, lemmy like the rest of the fediverse softwares mostly just feels like a community theater play put on by people who really passionately care about what they are making but have zero budget and so long as you go into not expecting a blockbuster movie it is awesome.
Do uploaded images get federated? If they do, this is a pointless losing battle
Yes
deleted by creator
