TLDR: While Fediverse won't directly serve you ads, anonymous bad actors other than Meta can save, redistribute, and even dox you for any information you post here. Anything you post here can/will remain forever on some malicious instance that doesn't honor deletion requests.
So be careful!
So, the article isn't exactly FUD, all the things they say about how posts migrate are true. Once I hit "post" here, these words get sucked into this server, and then get sucked into other Fediverse servers. If you believe in the "right to be forgotten", then this is indeed a nightmare, since you don't really know all the places your post goes and can never really be certain you've deleted it everywhere, should you want to. And they are right that there is no real "vetting" of any entity here. Anyone can make a server for any reason. In fact, there is no reason to believe that Threads is Meta's first Fediverse service, they may have been running others to learn about the protocol, hoovering up the data, and we would never know.
But where the article misleads is that the devs understood this, and have structured federation to leak as little information as possible. Your post is public, of course, as is your username. But when your post gets copied to other federated servers, it is not tracking you at all. As I understand it, all the assets of your post get physically copied to the federation server, so key Metadata for tracking (like IP address) stay on the source server.
The insidious thing about Facebook isn't that they let people post publically, it's all the tracking that is built in, that sucks in information from your phone or browser that you don't know you are leaking. The Fediverse is much more transparent about this. It is oversharing precisely the things that participants want to share, and nothing more.
I think the best we can do here is ensure this is outlined in the privacy policy on each instance. I've tried to outline how it works, and why it works that way in my privacy policy. But it's still a bit work in progress.
I think the most important thing to stress here is that only data required for federation is shared. We don't build profiles, we don't send any other data to any third parties and all the data sent to federated servers is available via a web link to anyone publicly too.
The best we can do for users that want to be forgotten is send the delete request. We cannot force other instances to delete content.
I would argue that's the case for "big social media" too. Say for example I say to facebook "Hey under GDPR provisions I would like you to delete all data you have from my account". They are obliged to do this. Sure. But what about all the third party advertisers that already have my data through the sharing agreements? Do you think facebook even tries to remove it from them? Do you think they will do it if they ask?
So, I think that's kinda synonymous with the federation situation. So long as you make clear how it works, and as long as you make good faith attempts to delete a user's data on request. I'm not sure there's more we can be expected to do (and it's already more than the big companies will do for you).
Yep, I just wish atleast the major instances outline this clearly to the users. Fediverse definitely has its merits that outweigh these pitfalls. Everyone should still be aware of this in as transparent way as possible
Ofcourse, you can dox yourself in other text based sites like Twitter, Reddit.
But, ActivityPub has other applications like PixelFed. If someone doesn't know about these privacy implications there private pictures can be exposed to even malicious accounts/instances that are not on theit followers list. It's best for everyone to be aware of what they are getting into here.
Do they? They state outright that they are going to abuse your privacy for profit. They have financial incentive to do so as it is their business model.
Someone who is concerned about privacy deciding to use Facebook, Threads, Instagram, Twitter or whatever instead of Mastodon or Lemmy is completely ridiculous.
Do people not understand social media is the 2023 version of a community public square?
I see posting a comment or voting like shouting your comments and votes in a public square. I see no reason to expect privacy in this settings.
Your shouting in a public square and then upset that people heard you and potentially recorded you?
Sure I would agree deleting something on Lemmy has a higher risk of not actually being deleted everywhere. But again it is a public forum. Nothing is stopping anyone from keeping a record of what you said. How many people have deleted a controversial/drama filled post only to have screenshots of it posted later by third-partys?
As long as you can delete the original it is basically like any other public forum. The original is deleted any other copies are kind of out of your control. Yeah it sucks but such is life anything digital can be copied so be careful what you create.
Anything you post here can/will remain forever on some malicious instance that doesn’t honor deletion requests.
Hilarious, as if microsoft, reddit, facebook, google or any other corp would be any more trustworthy/save or would actually delete anything on request, especially now since they can train their LLMs with the data.
Unfortunately there are people who will trust you if you're well meaning.
Whether or not you have any inkling of how to do what they trust you to do.
Or any intention...
There are laws that you can enforce by suing them.
... i am still waiting on those laws actually being created or enforced (depending on the country) for the last few decades, at least to a degree that they wont be completely ignored. 🙃
Anything you post here can/will remain forever on some malicious instance that doesn’t honor deletion requests.
That is true of literally any social media; Twitter, Reddit, Instagram, Facebook, there is nothing preventing someone from screenshotting a post, or a web crawler from archiving it, and then keeping that information after it is deleted from the original source.
Anything you post on the internet is public and you should stand behind it. If you want to be anonymous on the fediverse there's steps you can take to make sure you aren't easily doxed. use a unique username and email thats not used anywhere else. don't post photos that can possibly be geo located. Don't mention who you work for, don't mention places you visit. Pretty basic stuff.
I think this is so disingenuous. There's such a huge difference between being actively tracked and monetized in ways that are explicitly hidden from you vs all of your posts being intrinsically public and cached. To act like the first is fine and the second is risky is just big tech propaganda.
The post title should really be "The Internet is a Privacy Nightmare If You Think You Might One Day Want To Send a Takedown Request to a Malicious Site".
YSK that deletions are federated just like everything else. If you delete a post on your home instance, that deletion request is sent to all other instances that federated properly/are not malicious, and your post will be deleted from those instances as well.
YSK that images are only ever stored on your home instance. All other instances only link to the image on your home instance. So deleting an image deletes it from the server and breaks the link everywhere.
Wait..the posts i send are "stored" on other instances? Inthought they were stored on just one and just accessed by the others? There shouldbe no need to delete from other instances. Once the post is deleted from ist home instance it wont show up on others anymore (because it was never stored there). Am i misunderstanding this? Like most, im new to Lemmy amd still figuring things out.
Each remote instance stores the posts from every other instance's communities, from the point at which the first person viewed (...or subscribed to...?) that community on the remote instance. That way the instances are less dependent on each other's uptime and can optimize their queries, giving a better user experience.
Btw. this also means that there will always be some delay before posts/comments from one instance show up on another.
Yes - of necessity and by design, there is and can be no central authority in the fediverse that can be meaningfully expected to promise to protect blithering morons from the consequences of their own actions.
Whether or not people face the fact that posting publicly things they want to keep private is bash-yourself-in-the-face stupid
and make the plainly obvious sound choice to simply not do it in the first place is entirely, as it should be, their concern and their responsibility.
It's called social media, the entire purpose of its existence is for other people to see what you post. This is true for Reddit, Twitter, literally any social media site. I'm not saying, well other social media is just as bad, I'm saying, this is inherently how social media works. If you're expecting anything you post on any social media to remain private or be completely erased from existence when you delete it, you're either stupid or hopelessly uniformed.
There are some sites where you can allow only people you've friended/followed can see your posts, but that is not the default setting and doesn't prevent someone you've shared your content with from saving and distributing it.
Most social media sites ask at the very least for your phone number and birthday when signing up; Lemmy doesn't, they don't have any personal information other than an email address and only if you choose to add that for account recovery.
If this article is news to you, then so might this headline: Warning: when you drive your car from one place to another on public roads you can be seen by other people. Car users should consider this carefully before driving.
Same as reddit, same as Facebook, same and Twitter. It's the same as any website. Anything you post is most certainly getting scraped to create a profile on you. Whether that is for nefarious purposes for just to better serve you ads is irrelevant.
There is no privacy to anything you post on the internet to public forums.
Just look at the effort that went into making "work from home" viable back in 2020. The fediverse is not a unique case of being a "privacy nightmare".
For fun, try to "dox yourself" by searching on Google from a different IP and computer from what you normally use for your name, usernames, etc. to see what information is freely available to the public.
You should really just assume that anything you post to the internet has the chance to someday be public, even if it is currently private, and here's the important part. Anything you post that is public, has the chance to be on the internet forever.
Even on Reddit there were bots constantly collecting logs of every single post ever made to the website. Some people would use it to spot bot accounts and create reports, or see what kind of posts a user they were looking to ban from their sub had made and then deleted; but you could totally use it to look at comments a user had deleted for more nefarious means.
Unfortunately, the way I find the internet works for most folks. Is that the things you want to last forever go away, and the things you want to go away last forever. ):