PSA: you can't delete photos uploaded to #lemmy. So don't (accidentally) upload a nude to lemmy. That would be bad đŸ˜± (tech.michaelaltfield.net)
from maltfield@monero.town to fediverse@lemmy.ml on 04 Mar 2024 17:01
https://monero.town/post/2345467

This article will describe how lemmy instance admins can purge images from pict-rs.

Nightmare on Lemmy St - A GDPR Horror Story
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)

This is (also) a horror story about accidentally uploading very sensitive data to Lemmy, and the (surprisingly) difficult task of deleting it.

#fediverse

threaded - newest

frozen@lemmy.frozeninferno.xyz on 04 Mar 2024 18:20 next collapse

I haven’t had a deletion request come around yet, but I’ve had the pict-rs documentation in my back pocket just in case. My instance allows NSFW, so I made sure I knew how to do this before deploying.

I agree with the author, though, it definitely shouldn’t be so hard to delete images. Hopefully the Lemmy devs tackle these issues quickly.

maltfield@monero.town on 04 Mar 2024 18:25 next collapse

Unfortunately, the Lemmy devs literally said it would take years to fix this issue. If you think this should be a priority for them, please advocate for them to prioritize it on GitHub:

Blaze@reddthat.com on 04 Mar 2024 23:39 collapse

Thanks for sharing.

Sad to see such communication from the Lemmy devs

The_wild_card@lemmy.ml on 05 Mar 2024 13:18 collapse

I agree the whole issue was lemmy devs being an arse to maltfield

Valmond@lemmy.mindoki.com on 04 Mar 2024 19:44 collapse

Impossible to be done if not every servers plays by the rules.

Sort of non news too, “don’t put sensitive data on display, especially on the internet”.

Redjard@lemmy.dbzer0.com on 04 Mar 2024 19:54 next collapse

With federation it’s kinda like complaining archive.org doesn’t have a good way to purge page snapshots in case you post something on your website you regret later. Or search engine caches. Or the local scammers replicating your page with curl for a phishing scam.

HarkMahlberg@kbin.social on 05 Mar 2024 19:22 collapse

The author pretty freely admits he shares some blame, having PII on the same phone he uses Lemmy, using Lemmy while not paying attention/being half asleep. I'm sure he does know better and agrees with your statement. And yet, when mistakes happen and people prove to be fallible, Lemmy proves it is not capable of handling the problem.

I also can't believe the Lemmy developers would be so indignant about being presented with such an oversight. GDPR or no GDPR, federated to other servers or not, the idea of PII being hard/impossible to delete from a social media platform is an embarrassment to the developers.

Valmond@lemmy.mindoki.com on 07 Mar 2024 09:06 collapse

I think you don’t understand how federation works.

It’s like you show something sensitive on TV, and you want to “erase” that from everyone seeing it.

Lemmy isn’t centralized like Reddit or Facebook.

nutomic@lemmy.ml on 05 Mar 2024 15:34 collapse

You clearly put a lot of effort into writing this blog post, creating the header image and sharing it across dozens of Lemmy communities and Github issues. I only wish you would put even a fraction of this effort into actually resolving some of the mentioned issues. After all you are a programmer and many of them are relatively easy to resolve with a bit of time.

What you dont seem to realize is that Lemmy only has two fulltime developers (Dessalines and me). We are both working every day to fix bugs and implement new features in Lemmy, but there are only so many hours in a day. Whenever we resolve one issue, a new one gets reported so its impossible to resolve all of them. The repos for lemmy and lemmy-ui currently have 750 issues. So there is no other way but to strictly prioritize what we work on, and ignore things we dont have time for. Obviously people will disagree with the exact priorities, that is inevitable.

The only solution is to get more contributors who help work through the issue backlog. Or if you are not willing to do that, switch to a different platform which is backed by venture capital and can pay dozens of developers to work on it.

maltfield@monero.town on 05 Mar 2024 16:15 collapse

Did you read the article and the feedback that you’ve received from your other users?

Any FOSS platform has capacity issues. I run my own FOSS projects with zero grant funds and where I’m the only developer. I understand this issue.

What we’re talking about here is prioritization. My point is that you should not prioritize “new features” when existing features are a legal, moral, and grave financial risk to your community. And this isn’t just “my priority” – it’s clearly been shown that this is the desired priority of your community.

Please prioritize your GDPR issues.

nutomic@lemmy.ml on 06 Mar 2024 09:08 collapse

I bet your project doesnt have 50.000 monthly users so its not comparable at all. Out of all these users only you and one or two others care so much about GDPR (yet not enough to make actual contributions yourself). We really cant change our priorities for a single user out of thousands.