- cross-posted to:
- fediverse@kbin.social
- fediverse@lemmy.ml
- cross-posted to:
- fediverse@kbin.social
- fediverse@lemmy.ml
Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.
You must log in or register to comment.
I don’t agree with the tone of the Lemmy devs, but they are right: it’s opensource being worked on mostly in the free time of people. Do not treat the devs like they are paid to do your bidding, because they aren’t. If you donated and have expectations, you don’t understand the meaning of a donation.
Imagine if the author had a woodworking workshop on their compound where they made things out of wood; figurines, furniture, tools, sculptures, and so on. Say they opened it up to the public so that guests could have a look, play around, spend some free time there, and maybe even use the equipment there. But then guest started demanding the author buy newer equipment, make sculptures more to the guest’s liking, made the workshop more accessible to invalids, put up the national flag, play the radio, and a host of other things. All the while not footing the bill for anything, not helping clean up, not volunteering to help in any fashion.
Then the author refused and invited the guests to help. But instead, the guests went off and made a blog saying the author was selfish, cold, self-centered, egoistic, rude, and what not.This is what the author of this article and people in that github discussion come over as. If those people came into my workshop and told me how to do things without helping out in any way, I’d rightfully tell them to fuck right off.
Articles like these that are practically demanding change will not and do not improve the dialogue. They are actually bad for opensource as a whole because they give people who don’t understand opensource the feeling that they have the right to complain, the right to demand, the right to expect, the right to be entitled to an opinion and an outcome.
That’s a thumbs down from me dawg.
I have a better example. What if a small company made pills or medical devices. Do they get to be noncompliant with the EU law, and tell their patients “we won’t get a medical license, there is too few of us to do it”? If you aren’t okay with that, you aren’t okay with lemmy being noncompliant GDPR-wise
Beautiful example of a commercial company selling products to customers 👍 My questions to you:
- are the lemmy devs a commercial entity who paying clients are dependent on for making a closed source solution that nobody can modify?
- who is non-compliant for failing to remove personal data form the database and filesystem? the admins who have access to the database and filesystem or the lemmy devs who don’t?
- if the people complaining are so concerned, why do they not contribute the code to fix their perceived issues?
Are lemmy admins handling EU information? Yes. Do they offer services? Yes. It doesn’t matter if free or not. Hosting a lemmy instance that allows EU users is therefore illegal.
Ah, I see. You’re answering your own questions with the answers you like. Do you even need me to agree with yourself?
Let me guess: “no”.
If you want to read your opinion typed by somebody else, I suggest you get a secretary. I’m not here to indulge in your fantasy.
Of course the Lemmy devs aren’t liable for GDPR violations; the admins are. That doesn’t eliminate the problem, though: if the Lemmy devs wish to see their software used as it is now in the long term, they need to introduce GDPR compliance tools. We should consider it gravely concerning that bad actors (e.g., a Reddit employee) can set up Lemmy admins for a massive GDPR suit at any moment.
Edit:
if the people complaining are so concerned, why do they not contribute the code to fix their perceived issues?
I know it’s a stereotype around here, but not everybody on Lemmy is a programmer with free time.
Ah, so now that it is really plainly explained and you have no arguments (since you never did) you start complaining and poisoning the discussion. Good job.
This is what i would’ve wrote if i had the patience
This link has been posted and discussed on Reddit too.
Of course, we shouldn’t care about what people on Reddit think (and I noticed this post by chance since I log on there very rarely now), but some users in the thread genuinely ask about joining Lemmy and so I guess it’s useful to know about possible obstacles to trying it that they may perceive.
That OP has been crying everywhere about the Lemmy devs being mean to him. Saw a few threads of his here on Lemmy.
Ya, reading the GitHub issue sounds entirely like burnt out devs being abused by users. It’s a massive issue in open source.
The Late Night Linux and Linux Dev Time podcasts talked about exactly this in a recent episode. It can be extremely demoralizing to do all this work for free for a project only to be inundated by ungrateful people demanding you fix something or implement a feature they want. Many open source projects have died because of that.
We’re not talking about a user demanding you release a flatpak build targeting their personal linux distribution running in a VM’d WSL, we’re talking about a consumer facing social app that doesn’t include the functionality for a user to delete something they added.
You know what the acronym used for describing the most basic functional web app api is?
CRUD - Create, Read, Update, Delete
we’re talking about a consumer facing social app
What we’re talking about is a complete free and open source project that’s built and maintained completely through volunteer labour.
There are zero obligations towards the people actively using the software.
While I agree that the functionality should exist, the devs can literally do whatever they want. Nobody is paying them.
Edit: you’re also seeing only a single instance of a conversation. I can guarantee that the devs have been dealing with asinine and demanding users for a while now. There comes a point where your patience wears thin.
There are zero obligations towards the people actively using the software.
Yes, there are, and that obligation is to not publish something as production ready if it is illegal to use because of how it’s built.
I’m a software developer, I understand exactly how frustrating user demands are, that was still a completely and utterly unacceptable way to respond to a very politely worded request for software that literally just doesn’t break privacy laws to run.
As the commenter pointed out, if you don’t want to fix it, fine, but then you absolutely have a moral, ethical, and professional obligation to document that clearly in your README.md.
Yes, there are, and that obligation is to not publish something as production ready if it is illegal to use because of how it’s built.
No, there really isn’t. Do I feel that project owners should follow good practices for maintaining clean code that also allows users to keep things legal? Absolutely I do.
But that is not the same thing as an obligation. If there was a single cent exchanged between the devs and anyone else (donations do not count) then this conversation would be entirely different.
I don’t agree with the devs’ stance. But it is 100% their prerogative to say no. It’s their project, not ours.
I’m a software developer, I understand exactly how frustrating user demands are
As am I.
that was still a completely and utterly unacceptable way to respond to a very politely worded request
I agree.
As the commenter pointed out, if you don’t want to fix it, fine, but then you absolutely have a moral, ethical, and professional obligation to document that clearly in your README.md.
No, you absolutely do not. Although I do somewhat agree on the professional part, but it’s still not an obligation. It’s completely unprofessional, but that’s different than it being an obligation.
The word obligation is not as narrow as you’re using it:
obligation /ŏb″lĭ-gā′shən/
noun A social, legal, or moral requirement, such as a duty, contract, or promise, that compels one to follow or avoid a particular course of action. “Are you able to meet your obligations?” “I have an obligation to attend their wedding.”
Does he have a contractual obligation? No, no contracts were signed. Does he have a legal obligation? No, the license file in the project absolves him of legal liability.
But he absolutely has a moral, social, and professional obligation to do so.
You seem to know what you are talking about. Have you made a pull request yet?
Have you learned how to program to fix the problem?
It doesn’t seem worth my time to learn Rust just to submit a PR to devs who behave like that, they’ll just reject it and be pithy, like they are when a user asks them to comply with EU privacy law.
It doesn’t seem worth my time to learn Rust just to submit a PR to devs who behave like that
Ya, this is exactly the attitude that burns out devs and kills projects. Congrats for being super entitled towards a free project.
It is not entitled to expect a published project to comply with basic privacy legislation and not be illegal to use.
If your bar for this project is that much below basic consumer expectations, then this project was always going to fail.
Is it entitlement if it’s making using the entire thing illegal everywhere? Since there is no tooling to block traffic from the EU / not federate with instances that don’t comply with GDPR?
while i think there are people like that i think this particular issue is a serious issue that should be handled properly. i think the conversation should have been much professional from both sides, but nonetheless this issue addresses a serious problem.
Why should it be handled professionally? I don’t necessarily disagree, but what makes you say that? This isn’t a paid job. They aren’t working for a corporation. And all of their work is voluntary for a free project.
Does them working on the project voluntairly, makes them be able to steal code from non-opensource projects, ignore licenses and do other shit like that? If the answer is no, why does working on the project voluntairly lets them break the law in other ways?
steal code from non-opensource projects, ignore licenses and do other shit like that
That’s a lot of incorrect assumptions there.
They didn’t steal any code. They didn’t ignore licenses either. In fact, the only reason they had a judgment ruled against them is because they were taking monetary donations. Which was interpreted as “profiting”.
They reverse engineered a process without stealing anything. They didn’t even circumvent DRM, which is actually protected by law on the grounds of creating personal backups and data/software preservation.
You’re either very ignorant on the subject or you just ate up Nintendo’s BS.
I was talking hypothetically. Are they allowed to do that? If not, then they cannot be noncompliant with GDPR, simple as.
there is a lot of difference between a random internet forum and an issues forum. also that particular issue was made with good faith even though both of them might have gone overboard. people suck a lot and might even make stupid arguments or issues. people stick to your work because they like it and they hope it will continue without dying next day, even though you do it voluntarily. this gives more weight here since their work is more like an internet forum where people voice out their thoughts. given such weight, i think they should have handled it properly, if they did it would not have been made a post or an article. i have no biased opinion for any party here, but since I respect lemmy a lot and doesn’t want lemmy to have a bad name, i think their developers should not give in and be unprofessional and give lemmy a bad reputation.
That’s how a Minecraft server I ran died. Too many people telling me how to run it and trying to break things when I was asleep.
Ya, I know exactly what you experienced. It sucks and it’s why we can never have nice things.
What I truly don’t understand is why the negative eggs that you WILL ALWAYS HAVE NO MATTER WHAT, read it again, ALWAYS HAVE NO MATTER WHAT, gets so much mental attention than the many more people who are actively applauding you and saying their thanks and giving you their praises.
I will never understand the focusing on the negative I guess. It’d be easy as fuck for me to ignore people’s assholeishness while still taking their badly typed criticism and improving (if I reasonably can).
Shit, it makes me feel like the fucking champ when some random persons says thanks for something I did, and I laugh and ignore the ones who don’t like what I do.
But hey, if focusing on the few negatives instead of the mountains of praise is what you want to do, it’s all yours.
Imagine you get approval to build a new park and playground for your neighbourhood. You spend hundreds of hours designing the plan and layout and you spend incredible amounts of your own money to get the resources.
You get to work and things are going well. As you near the end of months upon months of work, the park finally opens for families and kids to use.
As you’re standing there proud of your work, some people come over to you. Do they say “thank you!” or “you did amazing work”? No, they come over to complain about things that are missing, tell you what you should have done better, that you didn’t accommodate their each specific needs, etc.
You would very quickly get bitter and demoralized.
Like I mentioned before: this is a massive problem in the open source development world and has killed many great projects. This has nothing to do with “mental attention” and everything to do with users abusing the devs and their time.
In your analogy, the park didn’t follow any safety guidelines and people are dying on the rides and falling into a lake with piranhas.
the park didn’t follow any safety guidelines and people are dying on the rides and falling into a lake with piranhas.
In my analogy it’s a park with trees, bushes, rocks, and slides. I said “park in your neighbourhood” not “mega-extreme rollercoaster park”. I also said “you got approval” which is generally from the city or other governing municipal/county/regional body. And that also requires a plan to be submitted before approval is stamped.
So no, what you did is make up a bunch of crap to strawman my argument and try to make what I said wrong in some way.
Nice try.
They by definition didn’t “get permission” if they are noncompliant with GDPR.
No space for muh centrism
lol
The fact that Lemmy’s core team is taking a fairly laissez faire position on moderation, user safety, and tooling is problematic, and could be a serious blocker for communities currently hosted on Lemmy.
At this point, most of the solutions the ecosystem has relied on have been third-party tools, such as db0’s fantastic Fediseer and Fedi-Safety initiatives. While I’m sure many people are glad these tools exist, the fact that instances have to rely on third-party solutions is downright baffling.
Honestly, what? Why would be baffling to have third party tools in this ecosystem? It would be baffling if that was the case for Facebook. Also the devs did work on some moderation features, but they probably have tons of other stuff to work on, all for an amount of money which is a low salary for one developer.
That’s not the argument being made. What’s baffling is to pretty much only rely on the efforts of third party devs to fill in the missing gaps. It’s a profoundly bad strategy.
It’s like with Bethesda releases a shitty half-finished game, and leans on the modding community to actually put in half the things that would actually make it in any way fun to play. Except Bethesda actually makes money, and the community works for peanuts. Here, Lemmy makes some money, but a huge chunk of the user community shoulders the cost out of pocket. A big chunk of the Fediverse is actually unpaid labor that brings in negative dollars month over month.
The devs have a vested interest in ensuring their project continues to grow, they continue to get funded for their work, and features on their own roadmap get planned and developed. They can’t do that if the tooling is too brittle, shitty, or threadbare to actually handle the deeply fucking intense problem of managing and maintaining a server and community on the open Internet, where literally anything and everything goes. Factor in a myriad of local jurisdictions and laws about data and content, and a lot of these things end up becoming severe liabilities.
Look at it this way: with federation, a handful of volunteers themselves are doing labor for free, for the devs, by propping up their platform, client ecosystem, and reputation in the space. If this gets bad enough, people will literally say “fuck it” and walk away.
That’s not the argument being made. What’s baffling is to pretty much only rely on the efforts of third party devs to fill in the missing gaps. It’s a profoundly bad strategy.
I literally quoted the article:
At this point, most of the solutions the ecosystem
I mean, there are some moderation features in Lemmy, for sure with gaps, but there are many gaps on other aspects as well, and if people can’t run the instances due to other technical issues, there is also nothing to moderate, so obviously prioritization is complex when resources available (dev) are so limited.
That said, I really don’t see the problem of third parties. We rely on third parties for one of the most fundamental features, which is community discovery (lemmyverse.net), for example. What’s the problem with that? I think that’s literally one of the benefits of making an open platform, where other people can build other tools in the ecosystem. We are not purchasing a service, we are not talking about an organization who has a substantial revenue and tons of people and can’t deal with basic functionalities. We are talking about a project with a team that is smaller than the team that in Facebook deals with which colors to make buttons, and it’s “paid” 1/20th of that. So I still don’t understand, what is “baffling”? Because from where I stand, all things considered, it’s totally normal that a project with these resources and that gained popularity less than a year ago has still tons of gaps and a long roadmap, and that tools in the ecosystem address some of these gaps.
It’s like with Bethesda releases a shitty half-finished game
No it’s not. Bethesda is company that sells you a proprietary product while having a revenue in the order of hundreds of millions. The relationship between Bethesda customers and Lemmy users has absolutely nothing in common.
Here, Lemmy makes some money
Lemmy makes no money. Considered the opportunity cost, Lemmy loses money. A single dev with a full time job can easily double the amount that Lemmy devS earn. Not to talk about the fact that the money they make are donations, without a contract bounding them to anything and also not granting them anything (tomorrow everyone could cancel donations and the income would disappear).
They can’t do that if the tooling is too brittle, shitty, or threadbare to actually handle the deeply fucking intense problem of managing and maintaining a server and community on the open Internet, where literally anything and everything goes. Factor in a myriad of local jurisdictions and laws about data and content, and a lot of these things end up becoming severe liabilities.
Sure, but again, if those were the only problems and the devs would be sipping cocktails in Hawaii splurging on those 4k/month, I would agree with you. If they think priorities are elsewhere, or are also elsewhere, they might have their reasons. In fact, in the article there is a complaint about them answering in a “hostile” manner, but I also understand that the issue in question is probably the 100th issue in a week/month in which other people tell them what they should do. This is a regular problem in OSS (See https://mastodon.uno/@bagder@mastodon.social - the maintainer of curl - for plenty of examples). After they understood better what’s the problem, their stance changed as well, which is also reasonable.
Look at it this way: with federation, a handful of volunteers themselves are doing labor for free, for the devs, by propping up their platform, client ecosystem, and reputation in the space. If this gets bad enough, people will literally say “fuck it” and walk away.
I don’t look at it in this way at all. I think the devs made it extremely clear (even given the political stance of both) that despite the happiness of seeing their project flourish, they have no interest in growth as an end. In fact, I would say that nobody is doing work for the devs. But I see that we have a fundamentally different perception on the dynamics in Lemmy, so I see no reconciliation between our opinions.
Yeah it’s open source, 3rd party tools existing is kinda the point really. If these people care so much then they should be working on making tools to address the issue, or funding someone to do so.
Lemmy devs being man children when confronted with GDPR compliance.
And if Lemmy if supposed to better Reddit in basic fucking decency then GDPR is absolutely crucial.
how are you supposed to do gdpr compliance on a federated system though?
You are responsible for data collected by your own instance. If a deletion request comes through, you are responsible for deleting it from your account, and forwarding the deletion request and responses to other instance you federate with. You are in the clear as long as you don’t keep data you legally can’t, and have sufficiently informed other instances of your obligations.
No, if you collected the data and shared it with others, simply informing the others is not enough. This is why the platform needs tools for admins to comply.
A proper method, that allows the users to nume their account could already be enough.
What I mean by informing others is that you have to explicitly forward the deletion request. Not much else you can do I think.
I get that, but this is where it gets tricky. As “there is nothing we can do” was the number one reason used under the law predating the GDPR. So in the GDPR there is a stipulation that you stay responsible or share responsibility with the other party If you share the data. Because large companies used this to send data through clearing houses allowing them to hash their hands.
GDPR is really the cranky brother of its predecessors, because there was so much fuckery going on.
And while I doubt Admins will be a prime target for privacy watchdogs, it is good that they also have to think about the privacy of their users. Since privacy is a basic human right.
Oh, that’s actually neat. But at the same time, that means every instance owner is responsible for the whole of the Fediverse.
I can imagine that would mean non-compliant instances will get defederated at some point? Or ActivityPub will get some compliance features? It’s not like the EU is unaware of the Fediverse, they are the main monetary supporters behind Lemmy.
I have no clue how jurisprudence would turn out. But keep in mind, this is not about the posts people make. The framework just needs to collect/store as little information as possible that can be considered PII. And it should have a way to remove it.
If Deleting your account results in the PII actually being removed (username, ip address, other profile info, whatever data is stored under the hood) and these removals actually get federated… there should not be an issue.
Then admins maybe have to do something if people start posting PII as messages, but that would probably be doxing and up for removal anyway.
So mainly the issus boil down to:
- is there a way for people to scrub their account
- does the scrubbing remove all the data
- is the platform clear about what data is being collected and is all collected data actually needed
- By defining all information that is processed and why.
- By not processing and storing any personal identifiable information (an IP address is PII for example) without a clearly defined need.
- When stored ONLY using data for the defined purposes. This also means shielding data that should be shielded.
- By implementing the mechanics for someone to be forgotten (delete my account, should delete all info, especially PII).
- Making sure the mechanics to federate these changes/deletions exist.
You can’t and this is a shit article…the GDPR doesn’t apply to instance outside of the EU…
The GDPR even applies if no financial transaction occurs if the US company sells or markets products via the Internet to EU residents and accepts the currency of an EU country, has a domain suffix for an EU country, offers shipping services to an EU country, provides translation in the language of an EU country, markets in the language of an EU country, etc.
Literally people using the GDPR like it’s some gotcha thing for admins. If nothing is sold or offered to be sold and their is no financial gain it’s not going to apply. On top of that good luck suing a FOSS dev.
Edit: that downvote button does jack shit on Lemmy people. If you think I’m wrong why not prove that I’m wrong…and why a bunch of law firms are wrong as well.
You can’t and this is a shit article…the GDPR doesn’t apply to instance outside of the EU…
It absolutely does, if the company processes data of EU residents. The US enforces GDPR themselves, as they have signed an agreement to do so. To be clear, this means that according to US law, if you are a US web host, you can abuse US customer data and the FBI will not come after you, but if you do so with EU customer data, US authorities will come after you on behalf of the EU.
Literally people using the GDPR like it’s some gotcha thing for admins. If nothing is sold or offered to be sold and their is no financial gain it’s not going to apply.
Yeah it does, as soon as you are providing a service, if you have a user from the EU that’s not you, it applies. And while GDPR fines are defined in a revenue percentage, there is a minimum of “up to 10 million EUR” for a violation.
On top of that good luck suing a FOSS dev.
Nobody is getting sued. EU data protection agencies don’t “sue” people and companies. They fine them. The difference is that a lawsuit is a process where at the end you might need to pay money, but you mostly settle. A GDPR fine looks like you get a letter saying you need to pay an amount, if you want to appeal, you can do so after paying.
And it’s not the devs that will be getting these fines, it’s instance admins.
And this is why misskey is a mastodon instance that just blocked access if the person is from the EU, it’s too much to ask for devs in a single digit that survive by donations or their own pocket money, this is a hobby for them.
Yeah, their main income is from a Dutch based EU fund to help Foss projects. So maybe, just maybe they can then fix issues in following dutch/eu law.
Did they defederate from all instances allowing access to EU citizens? If not, they are still liable, as they are scraping EU citizen’s data for federation. Even usernames are personal data according to the GDPR.
It absolutely does, if the company processes data of EU residents. The US enforces GDPR themselves, as they have signed an agreement to do so. To be clear, this means that according to US law, if you are a US web host, you can abuse US customer data and the FBI will not come after you, but if you do so with EU customer data, US authorities will come after you on behalf of the EU.
No it does not, the instances are free, no one is making money off user data or selling anything to the user. It does not apply period.
Yeah it does, as soon as you are providing a service, if you have a user from the EU that’s not you, it applies. And while GDPR fines are defined in a revenue percentage, there is a minimum of “up to 10 million EUR” for a violation.
No it does not, if you do not sell anything to anyone or offer any services or make any money it doesn’t apply. Stop repeating bullshit.
Nobody is getting sued. EU data protection agencies don’t “sue” people and companies. They fine them. The difference is that a lawsuit is a process where at the end you might need to pay money, but you mostly settle. A GDPR fine looks like you get a letter saying you need to pay an amount, if you want to appeal, you can do so after paying.
Good luck fining a host admin, of a foss instance. I don’t know why you think that any admins of instances will be getting fined if they’re not selling anything. You need to read up on the GDPR.
And it’s not the devs that will be getting these fines, it’s instance admins.
Again, no they will not.
No it does not, the instances are free, no one is making money off user data or selling anything to the user. It does not apply period.
As per official EU communication:
The GDPR applies to:
- a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
- a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.
Lemmy instances are entities that offer free services and are arguably monitoring the behaviour of individuals in the EU through federation. From the perspective of the GDPR, there is no difference between Facebook and a Lemmy instance regarding what they can or cannot do, or whether they get fined for something.
You need to read up on the GDPR yourself.
What personal data is being processed by a Lemmy instance, what are they processing that’s being sold in the EU? The GDPR does not apply here, stop trying to wiggle it into something it’s not.
Usernames at the very least, as online identifiers.
Art. 4 GDPR Definitions
For the purposes of this Regulation:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
And they don’t need to be sold, just retained. GDPR applies even if there is no payment anywhere, even to non-commercial entities.
Why are you trying to be an authority on GDPR without even reading about what it is?
GDPR applies to all personal data of people currently in the EU. If you have a service that uses data from a person in the EU, you need to comply with it. It’s not some “gotcha” law which goes in effect once you make money.
What personal data is a Lemmy instance holding onto?
I’m pointing out how much bullshit is being spread in this damn thread by people who don’t understand the law. You’re the same damn users who get pissy with forums and demand action be taken using a law you don’t understand.
You are the one who doesn’t understand the law.
Use this for starters https://www.eff.org/deeplinks/2022/12/user-generated-content-and-fediverse-legal-primer
Nothing in there about the gdpr… literally 0, because it’s not part of hosting a forum that doesn’t host private user data or collect non essential cookies.
deleted by creator
GDPR applies to any entity that processes personal data. That includes instance owners. In fact of you look up GDPR enforcements you can that it’s also enforced against private persons.
deleted by creator
Maybe you should reread what you wrote? You said there’s no way GDPR would ever apply. I said it does. You said there are no enforceable actions, there are. the part you thought makes you right is the “criminal charges” part but that makes zero sense to begin with because GDPR, as an EU wide regulation, imposes only fines and no criminal charges.
deleted by creator
GDPR absolutely applies to Lemmy, it’s just that nobody has looked at it / there wasn’t a complaint. When that happens, lemmy will be in trouble.
deleted by creator
There will be enforcement if one asshole reports instances. Are you certain nobody will get disgruntled and report it?
deleted by creator
Yeah uh huh, I sure do suck mr random person on the internet. The only thing you are saying is “these people won’t audit lemmy because they don’t want to”. You think that in some magical way, lemmy will be immune. Guess what, it won’t. The fines aren’t simply because people aren’t cooperating (and the devs themselves said that they don’t care about GDPR outright). You don’t know how it works, all you do is wishful thinking and insulting others.
Hey everyone, I just wanted to thank you for the lively conversation and thought-provoking insights. We don’t have to agree on every point (or at all), but I’ve decided to synthesize a lot of thoughts and ideas from these conversations into a blog post: https://deadsuperhero.com/2024/03/economic-musings-on-federated-networks/
Removed by mod
@deadsuperhero Damn…breaking GDPR is a big problem
If an entity isn’t in Europe it shouldn’t be a problem at all.
That depends and should depend on what the instance is used for and whom it is used for.
If it’s an instance open to anyone, it’s up to Europeans to not participate if they don’t want to.
Yeah unfortunately that’s not how the law works.
Actually it is :)
Not located in the EU, not targeting the EU, and under 250 employees means no GDPR to worry about.
From your link:
- a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.
A social networks core purpose is processing data, processing of data does pose risks to people.
I doubt that privacy watchdogs will pursue smaller instances, but pretending it never applies could lead to legal issues.
Eh i still dont think itd hold up.
But more reason to hate European arrogance. Imagine if i could go to say your blog, comment my name and address, and sue you for not going into your database and scrubbing it all. Just another way to benefit big companies at the expense of individuals who dont have the tech skills to comply but want to run their own personal sites.
Or the US. The US enforces GDPR on behalf of the EU. If the US catches you with misusing EU citizens’ data, they will let the EU take 10 million off your accounts and/or close your instance.
Was going to say “another one of these?” but, wow, the article really further highlights the childish nature of the Lemmy devs… Can’t wait for Sublinks to reach feature parity and become main stream, so we can leave this dark phase behind.
You don’t understand how open source works. You are not entitled to any features. Let the devs go on their own pace. A lot of open source projects shut down because of similar reasons.
Likewise, an open source project can totally die if they refuse to engage with the needs of the users. The lack of moderation and content management tools have been a longstanding criticism of Lemmy, and instances will migrate to alternatives that address these concerns. It is a genuine legal liability for instance operators if they are unable to sufficiently delete CSAM/illegal content or comply with EU regulations.
But opensource projects are more likely to get dropped by devs than losing their userbase from what I’ve seen. I could be wrong. Both our points are true. That’s the best part of fediverse. If one doesn’t like lemmy, they are free to choose an alternative. I just don’t agree with demanding features from open source developers. There is a distinct line between demanding and requesting. I’m not saying lemmy is perfect. Maybe Sublinks would be better. Let’s wait. But even Sublinks won’t be sustainable if users do not respect developers time and patience.
I think there is also a distinct line between demanding, for example, a new animated avatar feature and demanding a way to delete child porn.
Reasonable.
While I think you’re correct about it ultimately being their project, and that users are in no place to demand or expect anything, this thing takes on whole other dimensions once a project is all about building a social platform. Particularly one where volunteers host part of the network themselves.
It’s one thing to look at some random demand to write everything in a P2P architecture because DNS is too centralized. When I worked on Diaspora, I literally saw people demand stuff like that, and laughed it off. I’m trying to build a platform that exists today, not some pixie dream bullshit compromised of academic circle-jerking.
But when it comes to basic table stakes for participating in a network that already exists, things change a bit. This is especially true when you’re connecting to a global network that has:
- Hate Speech
- Targeted Harassment Campaigns
- Child Pornography
- Extreme Gore and Violence
Suddenly, it makes a lot of sense to say “you know what, admins are going to want to filter this shit out, maybe it’s reasonable for them to have some tools and fixtures that are part of core.”
Unfortunately, these devs are the kind of people who scream angrily when someone says “Hey, this thing doesn’t actually respect local image deletes / GDPR stuff / content deletion on account deletion”. To me, that’s fucking insane.
You don’t know how social networks work. They only survive based on network effects, if they don’t have the most basic functionality that users expect (like complying with privacy legislation), then they will fail to reach critical mass and be outcompeted and die.
If the devs don’t want to provide the most basic functions that any user of a social network would expect, they’re welcome to be downvoted to hell and have their project go back to being one of the millions of forgotten and unviewed personal github projects.
Open source projects die because it takes both technical talent and attention to your users to make a project successful, and for-profit companies often pay different people to do those.
The entire point of the “fediverse” is to combat the network effect. Don’t like Lemmy? Move to another app and still communicate with people on Lemmy. Plus it’s all open, can’t find an app you like? Build one or wait for someone to build one you like.
The entire point of the “fediverse” is to combat the network effect.
No, it’s not.
The purpose of the fediverse is to decentralize control of the network, it does not eliminate network effects in any way shape or form. At the end of the day a social network is only as valuable as the users using it and contributing content to it. If they don’t find lemmy pleasant to use, they’re not going to say “let me jump to mastodon” they’re going to go to Reddit.
Build one or wait for someone to build one you like.
You really don’t understand network effects if you think you can just sit around and wait for basic functionality and expect your network not to die.
We can expect them to follow the law. And yes this means implementing required features to comply with the law.
Nothing here is breaking any laws. I don’t know why OP thinks the GDPR applies here, it doesn’t.
It does apply, but not to the Lemmy devs, but to the instance admins.
As it stands, you can’t legally host a Lemmy server in either the EU or the US (or places they can reach) and federate with the 'verse at large without fear that the authorities will come after you.
This is not true at all, you can host a instance in the USA for free and not be subjective to the GDPR. You’re not selling anything, or marketing anything or doing any data collection to be sold. It %100 does not apply.
GDPR article 3, and the EU-US Data Protection Umbrella Agreement concluded in the US in December 2016 which makes it US law disagree.
I disagree strongly that they are childish. They are 100% correct in what they are saying here. Also this article doesn’t “highlight” their behavior, it’s actually “cherry-picking” behavior that puts them in a bad light. Similar to tabloids read by the lowest iq crowds.
You don’t demand anything from open source devs. You feel gratitude for what you have.
deleted by creator
It’s my only account and it’s my honest opinion about this. Take that as you may.
deleted by creator
You are free to build your own platform without the “harm caused here”.
Java is horrible. And Lemmy is open source. We could just fork it and have the best of both worlds.
The core issue here is that there are too many things to do, and too few developers to do them. By the way, for a huge number of these things that need to be done, there is most likely at least one person who thinks it’s the absolute highest priority for Lemmy. Forking would not help fix this issue, it would only make it worse.
In other words: if you’re a Rust dev, you can just fix it in Lemmy anyway, so there is no benefit from forking. If you’re not a Rust dev, then after forking, you will have a new repo to create issues on, except you’ll have 0 devs to actually fix them.
Yeah same. I’ve been looking forward to sublinks for quite a while now. I’m jumping to it as soon as it’s ready
What is sublinks?
Update: there was a link in the article, thanks though!
“Sublinks, crafted using Java Spring Boot, stands as a state-of-the-art link aggregation and microblogging platform, reminiscent yet advanced compared to Lemmy & Kbin.”
Yeah, I’m pretty excited about it. Apparently the Pangora (Lemmy fork) dev joined forces, and the new UI is starting to look great.
I can’t wait to migrate from Lemmy to it. Looks good and all Apps should be working with it
Followed Sublinks on Mastodon for updates 😼
It’s honestly mind-blowing. At every turn, for no reason at all, they act like a bunch of dicks. It’s like they decided to run a community project based on engineering prowess alone, and nothing else.
Except the engineering isn’t all that good, either.
You’re being dense, the reason is devs get burned out and you’re asking them to do work for free.
The reason that an open source developer might experience burnout are myriad, but can include:
- Lack of compensation
- Insufficient tooling or project infrastructure
- A high ratio of operators to maintainers
- Lack of a concrete roadmap, quality documentation, tests, essential resources
- Lack of an onboarding process for new contributors
- Inability to reconcile differences with contributors, leading to hard forks or exodus of contributors
- Intractable architectural issues that require substantial engineering effort, possibly more than the maintainer can actually contribute
As someone who has done Community Management for an open source, decentralized communication platform (Diaspora), I am familiar with all of these things. This shit is hard, and I am not denying that Lemmy devs have done a lot of good work.
The problem is actually much simpler than you’re making it out to be. For a social platform, which depends on interconnected self-hosted communities to succeed, you absolutely have to build in the tools and utilities necessary to deal with all the crazy shit that comes with the territory. Ignoring this causes a cascade of problems that gradually get worse the longer they remain unaddressed.
The devs are surviving on crowdfunding and grants, and doing the best they can with that. That’s commendable! They probably need more of both to have their needs fully covered. But don’t get it twisted: receiving proceeds for your work is not the same thing as working for free.
Not only that, but the developer Dessalines apparently denies the Tiananmen Square Massacre and praises the Uyghur Genocide. Absolutely disgusting
Edit: Wow. Tankies are mad. Lmao
And on .ml you get banned for saying otherwise. Check their modlog.
Yeah, one of the project devs threatened to ban me after I told him to get past his own ego.
Par for the course. I hope for them they don’t break the ethics clauses of their financing.
Well yeah? The only countries accusing China of mishandling the ETIM in Xinjiang (an issue created by the US through Afganistan btw) are the ones committing an actual genocide in Palestine, i.e imperial core countries. The Organization of Islamic Cooperation, Global South and Muslim countries in general are against the western propaganda about it.
20 . Welcomes the outcomes of the visit conducted by the General Secretariat’s delegation upon invitation from the People’s Republic of China; commends the efforts of the People’s Republic of China in providing care to its Muslim citizens; and looks forward to further cooperation between the OIC and the People’s Republic of China.
Yeah, because the West is also committing a genocide, that means your genocide is ok. Both are doing genocides. Torturing and raping hundreds if thousands of Uyghurs, forcing them to abandon their culture, forced birth control, forced labour, forced sterilisation and prosecution without any legal process isn’t just combating ETIM terrorists. That’s same level of BS argument Israel is using while flattening entire Gaza and saying they’re only combating Hamas terrorists.
“The Organization of Islamic Cooperation and Muslim countries in general are against the western propaganda about it”
Because they’re corrupt shitheads? They don’t give shit about human rights either, they see more profit from supporting China same way the west sees more profit supporting Israel.
Sources:
- https://www.amnesty.org/en/latest/news/2021/06/china-draconian-repression-of-muslims-in-xinjiang-amounts-to-crimes-against-humanity-2/
- https://en.m.wikipedia.org/wiki/Persecution_of_Uyghurs_in_China
And you can’t say Amnesty International is Western propaganda because they’re very critical of Israel and it’s genocide as well.
TIL two wrongs equals a right!
