this post was submitted on 19 Jun 2023
152 points (100.0% liked)

Technology

37739 readers
601 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it's visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server
(page 4) 50 comments
sorted by: hot top controversial new old
[–] phillycodehound@geddit.social 3 points 1 year ago

It's a work in progress.

[–] MrEUser@lemmy.ninja 2 points 1 year ago (2 children)

I’m at a loss. You’re saying that things that you said publicly are private? Or you’re saying that they become private because you delete your account? Assume you dox someone. I need to find out if that happened. As an admin I’d be able to see that

  1. you
  2. publicly posted
  3. their data

I would need to be able to provide this to authorities if they provided needed legal documentation. Why do you think that privacy dictates you should be able to commit a crime, and get away with it by deleting your account?

[–] Enkrod@feddit.de 2 points 1 year ago (1 children)

Wouldn't Mastodon have the same legal requirements?

load more comments (1 replies)
[–] mainfrog@beehaw.org 2 points 1 year ago* (last edited 1 year ago) (2 children)

I don't think there is a legal requirement that you store that data, just that you make the data you store available, or in some situations, you add logging for valid law enforcement requests.

Apple for example does not have access to end-to-end iCloud data that is encrypted to my knowledge. They wouldn't be able to provide the contents of my notes application to law enforcement necessarily - and that is currently legal.

[–] MrEUser@lemmy.ninja 2 points 1 year ago (2 children)

I’m basing what I have said off of work I have done with attorneys in similar situations. I don’t know evidentiary law, but I wouldn’t want to be accused of destroying evidence of something. But my question stands. Why should someone who has doxed someone get away with it by deleting their account? How is that ethical?

[–] mainfrog@beehaw.org 2 points 1 year ago (1 children)

Why should someone who has doxed someone get away with it by deleting their account?

Doxxing is not illegal in many places - the US included. Cyberstalking and harassment may be illegal, depending on location. That's beside the point, but this is an extremely specific example.

Ultimately users should, in my opinion, be in control of their data. Tildes, for example, preserves deleted comments for (I think) 30 days and then permanently removes them. It seems like that approach is a compromise that would work for your situation while still respecting privacy long term.

load more comments (1 replies)
[–] t3rmit3@beehaw.org 2 points 1 year ago* (last edited 1 year ago) (1 children)

So the key thing here is, "are you aware that the data is part of a legal proceeding or crime?"

If no, deleting it as part of normal operations is perfectly legal. There are plenty of VPNs which do not log user information, and will produce for the authorities all of the logs they retain (i.e. an empty log file).

From an ethical standpoint, keeping peoples' data which they want removed, against their wishes, based on the hypothetical that at some point someone might do something wrong, is by far the less ethical route.

"You might do something bad, so I'm going to keep all your data whether you like it or not!" <- the bad thing

load more comments (1 replies)
[–] markpaskal@lemmy.ca 2 points 1 year ago (1 children)

Apple (and Google, Microsoft, etc) are checking signatures of all files on their services to detect illegal stuff. They do it for copyrighted content and they do it for CSAM.

[–] t3rmit3@beehaw.org 2 points 1 year ago

Checking against a known-malicious hash is very different than claiming to have access to the plain data. In fact, even for the known-malicious hashes, the companies doing the checks usually don't have access to the source data (so i.e. they don't even necessarily know what it contains).

[–] nii236@lemmy.jtmn.dev 2 points 1 year ago

Mastodon should just leave us alone!

load more comments
view more: ‹ prev next ›