Are users data protected on the fediverse?
-
In other words, can any user delete its data on its will and is there something that will remove its data from all the connected activitypub services?
I believe this should actually be a basic feature and pretty much a requirement.If your instance goes down, then you have no way of deleting your federated posts on your own. So the posts on my lemmynsfw alt will be up forever.
-
Good question!
PieFed sends delete requests to every known server, including defederated ones. I’ve seen a ton of delete requests from Mastodon too, for accounts that don’t exist on PieFed so it looks like Mastodon does that too. No idea about other fedi platforms.
I’d be willing to bet there’s archiving going via software/servers that don’t obey deletion requests.
Anything federated is public information.
-
I’d be willing to bet there’s archiving going via software/servers that don’t obey deletion requests.
Anything federated is public information.
There’s definitely a bot with a user agent like “fedi big data” doing some scraping in my server logs, does anyone know who that is?
-
In other words, can any user delete its data on its will and is there something that will remove its data from all the connected activitypub services?
I believe this should actually be a basic feature and pretty much a requirement.Well-behaved server software honors delete requests, but there are a bunch of ways for that to fail without anyone doing anything malicious:
- If your instance shuts down, there is no way for you to generate delete requests
- If a server admin has to restore a backup from before your request, the deleted data will be restored
- Immature or experimental software may not work as designed; Lemmy itself has a version number starting with 0
- Archiving services may keep snapshots of pages from fediverse servers; here’s your user page on lemmy.world on archive.org
- Fediverse servers often make content available by RSS, and RSS clients may store that content; there’s no way for them to receive a signal that it should be deleted
And then there’s malicious activity. It wouldn’t be hard to run a server that speaks ActivityPub, subscribes to a bunch of stuff, pretends to honor delete requests, and actually keeps everything.
Deletion will always be unreliable on the fediverse as long as it runs on technology that looks anything like current implementations.
-
I’d be willing to bet there’s archiving going via software/servers that don’t obey deletion requests.
Anything federated is public information.
With how Lemmy handles deleted posts (and nuking access to the comments) I’m probably gonna make my own removeddit for Lemmy.
-
It is a basic feature and it does work. Except in rare cases.
“it works when everyone behaves well” is not the same as being protected.
It doesn’t even take a malicious actor: I am working on a local-first browser extension that is very aggressive about caching content in the database. There is no “please delete this data” for an extension. You of all people should not be making claims about privacy that you know you can not guarantee.
-
In other words, can any user delete its data on its will and is there something that will remove its data from all the connected activitypub services?
I believe this should actually be a basic feature and pretty much a requirement.Is it actually possible to request deletion of something on someone else’s computer over the internet, and guarantee that its gone?
-
You are technically correct but the fact is that 99.9% of federated activities, including delete requests, are processed normally and in the expected way. That is not “impossible to delete” that is “will be deleted except in exceptional circumstances”.
Even if things get deleted we‘re still on the internet and everything is posted public and exposed to being scrapped the second you submit something. Your anonymity is your best friend here, I think.
-
In other words, can any user delete its data on its will and is there something that will remove its data from all the connected activitypub services?
I believe this should actually be a basic feature and pretty much a requirement.Anything you post on the internet is public knowledge forever. End of discussion. Most people won’t care at all, in most cases almost nobody or perhaps even literally nobody will ever even see it, but the harder you try to hide it, the more the Streisand Effect will magnify it until eventually everyone knows about it.
Anyone telling you they’ll delete your data from the internet without clarifying that it is in fact impossible, is at worst deliberately lying to you usually for their own benefit, and at best making a promise they literally have zero ability to keep.
I would hope that Fediverse services will never lie to you and tell you your data is deleted, because it can’t be.
-
In other words, can any user delete its data on its will and is there something that will remove its data from all the connected activitypub services?
I believe this should actually be a basic feature and pretty much a requirement.I think not? Which is kind of a drawback to the fediverse. You gotta be careful what you post cause it’s probably gonna be somewhere forever.
I could be wrong though
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login