TLDR: While Fediverse won’t directly serve you ads, anonymous bad actors other than Meta can save, redistribute, and even dox you for any information you post here. Anything you post here can/will remain forever on some malicious instance that doesn’t honor deletion requests. So be careful!
deleted by creator
So, the article isn’t exactly FUD, all the things they say about how posts migrate are true. Once I hit “post” here, these words get sucked into this server, and then get sucked into other Fediverse servers. If you believe in the “right to be forgotten”, then this is indeed a nightmare, since you don’t really know all the places your post goes and can never really be certain you’ve deleted it everywhere, should you want to. And they are right that there is no real “vetting” of any entity here. Anyone can make a server for any reason. In fact, there is no reason to believe that Threads is Meta’s first Fediverse service, they may have been running others to learn about the protocol, hoovering up the data, and we would never know.
But where the article misleads is that the devs understood this, and have structured federation to leak as little information as possible. Your post is public, of course, as is your username. But when your post gets copied to other federated servers, it is not tracking you at all. As I understand it, all the assets of your post get physically copied to the federation server, so key Metadata for tracking (like IP address) stay on the source server.
The insidious thing about Facebook isn’t that they let people post publically, it’s all the tracking that is built in, that sucks in information from your phone or browser that you don’t know you are leaking. The Fediverse is much more transparent about this. It is oversharing precisely the things that participants want to share, and nothing more.
I think the best we can do here is ensure this is outlined in the privacy policy on each instance. I’ve tried to outline how it works, and why it works that way in my privacy policy. But it’s still a bit work in progress.
I think the most important thing to stress here is that only data required for federation is shared. We don’t build profiles, we don’t send any other data to any third parties and all the data sent to federated servers is available via a web link to anyone publicly too.
The best we can do for users that want to be forgotten is send the delete request. We cannot force other instances to delete content.
I would argue that’s the case for “big social media” too. Say for example I say to facebook “Hey under GDPR provisions I would like you to delete all data you have from my account”. They are obliged to do this. Sure. But what about all the third party advertisers that already have my data through the sharing agreements? Do you think facebook even tries to remove it from them? Do you think they will do it if they ask?
So, I think that’s kinda synonymous with the federation situation. So long as you make clear how it works, and as long as you make good faith attempts to delete a user’s data on request. I’m not sure there’s more we can be expected to do (and it’s already more than the big companies will do for you).
Yup, you have a good point with the third party advertisers not following GDPR. And I agree that the privacy policy should be as transparent as possible.
Yep, I just wish atleast the major instances outline this clearly to the users. Fediverse definitely has its merits that outweigh these pitfalls. Everyone should still be aware of this in as transparent way as possible
Ofcourse, you can dox yourself in other text based sites like Twitter, Reddit.
But, ActivityPub has other applications like PixelFed. If someone doesn’t know about these privacy implications there private pictures can be exposed to even malicious accounts/instances that are not on theit followers list. It’s best for everyone to be aware of what they are getting into here.
You should probably stop considering anything you put online to be private…it’s not, ever.
Yeah, I just consider my record public. My username is my actual name. I don’t say shit I wouldn’t want anyone to know about. Simple.
Yes, but there is a reasonable assumption that your pictures will only be viewed by your followers on Instagram. I can’t see myself switching to PixelFed. I’ve completely switched from Reddit and Twitter to Mastodon, Lemmy, as I don’t tend to share my personal information there anyways.
reasonable assumption that your pictures will only be viewed by your followers on Instagram.
It’s not reasonable, as it’s both public and said followers can just re-up the content elsewhere out of your control. Look at any popular account on any platform, and see how often it gets copied/reuploaded elsewhere
It is reasonable because I can have a trust basis with my followers who are my friends/family. If a malicious instance host can just use a plugin to view follower only post, that’s not going to be expected by an average user. That’s why I posted in YSK.
deleted by creator
Other platforms just have the illusion of privacy
Do they? They state outright that they are going to abuse your privacy for profit. They have financial incentive to do so as it is their business model. Someone who is concerned about privacy deciding to use Facebook, Threads, Instagram, Twitter or whatever instead of Mastodon or Lemmy is completely ridiculous.
Do people not understand social media is the 2023 version of a community public square?
I see posting a comment or voting like shouting your comments and votes in a public square. I see no reason to expect privacy in this settings.
Your shouting in a public square and then upset that people heard you and potentially recorded you?
Sure I would agree deleting something on Lemmy has a higher risk of not actually being deleted everywhere. But again it is a public forum. Nothing is stopping anyone from keeping a record of what you said. How many people have deleted a controversial/drama filled post only to have screenshots of it posted later by third-partys?
As long as you can delete the original it is basically like any other public forum. The original is deleted any other copies are kind of out of your control. Yeah it sucks but such is life anything digital can be copied so be careful what you create.
Anything you post here can/will remain forever on some malicious instance that doesn’t honor deletion requests.
Hilarious, as if microsoft, reddit, facebook, google or any other corp would be any more trustworthy/save or would actually delete anything on request, especially now since they can train their LLMs with the data.
Unfortunately there are people who will trust you if you’re well meaning.
Whether or not you have any inkling of how to do what they trust you to do.
Or any intention…There are laws that you can enforce by suing them. It’s probably not going to be the case here
There are laws that you can enforce by suing them.
… i am still waiting on those laws actually being created or enforced (depending on the country) for the last few decades, at least to a degree that they wont be completely ignored. 🙃
Anything you post here can/will remain forever on some malicious instance that doesn’t honor deletion requests.
That is true of literally any social media; Twitter, Reddit, Instagram, Facebook, there is nothing preventing someone from screenshotting a post, or a web crawler from archiving it, and then keeping that information after it is deleted from the original source.
sueing a big tech company… good luck champ
Anything you post on the internet is public and you should stand behind it. If you want to be anonymous on the fediverse there’s steps you can take to make sure you aren’t easily doxed. use a unique username and email thats not used anywhere else. don’t post photos that can possibly be geo located. Don’t mention who you work for, don’t mention places you visit. Pretty basic stuff.
Treating any online interaction as a public forum is best practice. I wouldnt say anything online I wouldn’t say in public.
Did people forgot that the internet never forgets?
I think this is so disingenuous. There’s such a huge difference between being actively tracked and monetized in ways that are explicitly hidden from you vs all of your posts being intrinsically public and cached. To act like the first is fine and the second is risky is just big tech propaganda.
There’s no expectation of privacy when you’re posting things in a public forum. Seems like common sense
The post title should really be “The Internet is a Privacy Nightmare If You Think You Might One Day Want To Send a Takedown Request to a Malicious Site”.
YSK that deletions are federated just like everything else. If you delete a post on your home instance, that deletion request is sent to all other instances that federated properly/are not malicious, and your post will be deleted from those instances as well.
YSK that images are only ever stored on your home instance. All other instances only link to the image on your home instance. So deleting an image deletes it from the server and breaks the link everywhere.
Wait…the posts i send are “stored” on other instances? Inthought they were stored on just one and just accessed by the others? There shouldbe no need to delete from other instances. Once the post is deleted from ist home instance it wont show up on others anymore (because it was never stored there). Am i misunderstanding this? Like most, im new to Lemmy amd still figuring things out.
Each remote instance stores the posts from every other instance’s communities, from the point at which the first person viewed (…or subscribed to…?) that community on the remote instance. That way the instances are less dependent on each other’s uptime and can optimize their queries, giving a better user experience.
Btw. this also means that there will always be some delay before posts/comments from one instance show up on another.
Well things that you post on a public social media site… Are public.
If you don’t want your info to be public, don’t post it. Also be aware that people can also archive posts before you delete them. Common sense stuff
Yes - of necessity and by design, there is and can be no central authority in the fediverse that can be meaningfully expected to promise to protect blithering morons from the consequences of their own actions.
Whether or not people face the fact that posting publicly things they want to keep private is bash-yourself-in-the-face stupid
and make the plainly obvious sound choice to simply not do it in the first place is entirely, as it should be, their concern and their responsibility.Things I post on the internet end up on the internet?
Same as reddit, same as Facebook, same and Twitter. It’s the same as any website. Anything you post is most certainly getting scraped to create a profile on you. Whether that is for nefarious purposes for just to better serve you ads is irrelevant.
There is no privacy to anything you post on the internet to public forums.
Just look at the effort that went into making “work from home” viable back in 2020. The fediverse is not a unique case of being a “privacy nightmare”.
For fun, try to “dox yourself” by searching on Google from a different IP and computer from what you normally use for your name, usernames, etc. to see what information is freely available to the public.
tldr: practice good opsec!
It’s called social media, the entire purpose of its existence is for other people to see what you post. This is true for Reddit, Twitter, literally any social media site. I’m not saying, well other social media is just as bad, I’m saying, this is inherently how social media works. If you’re expecting anything you post on any social media to remain private or be completely erased from existence when you delete it, you’re either stupid or hopelessly uniformed.
There are some sites where you can allow only people you’ve friended/followed can see your posts, but that is not the default setting and doesn’t prevent someone you’ve shared your content with from saving and distributing it.
Most social media sites ask at the very least for your phone number and birthday when signing up; Lemmy doesn’t, they don’t have any personal information other than an email address and only if you choose to add that for account recovery.
If this article is news to you, then so might this headline: Warning: when you drive your car from one place to another on public roads you can be seen by other people. Car users should consider this carefully before driving.