this post was submitted on 07 Jul 2023
8 points (56.9% liked)

Fediverse

28380 readers
1635 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
 

Drive we are so privacy focused here. What is to prevent myself or anybody out there, from starting to report individual instances of GDPR and CCPA.

No lemmy insurances are complying with national privacy laws and nobody is talking about it at all.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] r00ty@kbin.life 5 points 1 year ago (1 children)

Here is the information I have on your user ID as an operator of a remote instance.

1: Your username and home instance (and a separate link to your profile page on your home instance)
2: Your avatar
3: Your about info
4: Date/time of your last activity (but that I think will be the last time you were seen by my instance, interacting in a community I also have here), so not shared really.

I took a look at the json returned from your home instance, and again the info is profile page, username, information required for communication between instances with the only PII present being the username, the about and an icon and image.

Here's why I'm going to say this isn't likely to be a problem as such. This is the same as on reddit, if I look at a post a user makes I can click on the user and get access to this level of public information. Also under GDPR and DPA based on advice from the ICO data sharing isn't forbidden, but the minimum required to fulfil the function of that sharing should be sent. I think the above data meets that. There isn't information we don't need to work a distributed network like this.

I think the point about making a privacy policy visible is a good one. It should make it clear how the network works, and what kind of information is shared with federated instances (and also available to the public, the user query is publicly available). But the data that is federated is the same as is publicly available.

Now I do feel like there's the scope for a lot of manual work. For example, federation sometimes means that edits/deletes don't make it. It can be caused by problems on both sides of the connection. So if you want all your data deleted. Sure I could delete all posts and your user info here. And even make requests to the home instances that they delete them too. But, some might remain on remote instances, and I don't know who would be responsible for that. Some grey areas remain.

[โ€“] trouser_mouse@lemmy.world 1 points 1 year ago

This is really interesting, thank you - I definitely agree there is grey areas and work to be done to ensure compliance as far as is possible!

It will be interesting to see how it all unpacks.