This is an opportunity for any users, server admins, or interested third parties to ask anything they’d like to @nutomic@lemmy.ml and I about Lemmy. This includes its development and future, as well as wider issues relevant to the social media landscape today.
Note: This will be the thread tmrw, so you can use this thread to ask and vote on questions beforehand.
I asked in the other thread about GDPR.
Nobody thinks it’s very interesting but if instances don’t follow gdpr, the entire network is at risk of legal consequences.
So please bring this up, even though it’s not very fun.
Neither @nutomic@lemmy.ml or I are too familiar with the GDPR, so we don’t know everything that it requires. Lemmy doesn’t do any logging of IPs or other sensitive info, but of course instance runners could be doing their own logging / metrics via their webservers.
We have a
Legalsection under admin settings, that’s an optional markdown field, that can probably be used for it. We’d need someone with GDPR expertise though to help put things together. Lemmy is international software, not european-specific, so we have to keep that in mind when supporting GDPR.As a person who oversaw the implementation of GDPR in a large software house (which wasn’t EU specific, but had to in order to operate legally in the EU), the requirements were:
- Allow users to request data deletion or a copy of their data.
- If the former, delete all data of their data on the server, send it to them, and then (this was the important part) forward the data deletion request to every single partner we were working with.
For us, this was multiple ad companies. We had to e-mail each one, ask them about their GDPR implementation (most of them were somewhere between “we’re thinking about it” and “we have an e-mail address you can send something automated to and we’ll get to it sometime within the next month”), and then build an automated back-end system to either query their APIs for automated deletion, or craft/send e-mails for the more primitive companies.
As far as the data being deleted, it was anonymized IDs that were tied to their advertising IDs from their mobile phones. I used to try and argue that “no, it’s anonymous” - but we also had some player data (these were games) associated with that, so we ended up just clearing house and deleting everything on request.
So, legally, this means every instance - in order to be GDPR compliant - would have to inform every instance it federates with that a user wants their data deleted. If you’re not doing that, you’re not fully compliant.
Kind of shitty, but that’s how it went for me. (this was back when GDPR was first being released)
Edit: Also, the one month thing was relevant: you have 30 days to delete GDPR stuff after receiving a data clear request. I don’t recall what the time was for a “see my data” request. Presumably, though, on Lemmy the latter is superfluous as all your data is already present on your profile page. An account export option would be enough to satisfy that.
How do you see Lemmy working with duplicate communities on different instances? For example if Lemmy.World and Lemmy.ml have a PersonalFinance community, are people expected to cross-post? Or have you conceived of a system to allow people to find the right community efficiently?
Its a problem, and at the same time a feature. For example, you can have two communities named
!news, that pertain to completely different topics based on their instance:This also isn’t unique to lemmy, since reddit too had tons of duplicate communities for the same topics.
Just like on reddit, the network effect will run its course here: unavoidably there will be a lot of cross-posting on duplicated communities, until people center around their favorites, based on quality of content.
There are a few tools out there too, like https://lemmyverse.net/communities , that can help people find communities to subscribe to.
Overall tho, I’m against the concept of “combining / merging communities” that are run on different sites by different people. These should be curated and controlled by the people who created them.
I’d imagine it would be the same way it worked on Reddit when there were multiple communities with identical topics/similar names:
One gets a bit larger, therefore shows up in feeds more, appears higher in search results, etc.
Unless the other community has some kind of differentiation, it will wither and die.
And everything will be fine.
I keep seeing people being this up as if it’s some huge problem. There’s tons of /c/memes out there, but !memes@lemmy.ml is clearly the place to go. It’s not confusing, IMO.
