- cross-posted to:
- fediverse@lemmy.world
- cross-posted to:
- fediverse@lemmy.world
Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.
- Deleted comments remain on the server but hidden to non-admins, the username remains visible
- Deleted account usernames remain visible too
- Anything remains visible on federated servers!
- When you delete your account, media does not get deleted on any server
The internet never forgets.
Back in the 2000s and early 2010s that was common knowledge. You should always assume that something you put out there for everyone to see will stay there forever. Even if the original host gets physically destroyed, you should always assume that someone has saved a copy, made a screenshot or found one of a thousand other ways to archive your content.
And there is no way of preventing that, as much as celebrities, newspapers and movie distributors wish there was. Even if we assume we had an infrastructure where the only plaintext copy sits on your own machine and everyone who wants to access it has to go through the most draconic DRM ever invented that only displays the content on trusted hardware and with time-limited keys… nobody can keep me from pointing a camera at my screen.
Lemmy instances not deleting their own users’ stuff is certainly a shortcoming but more on the point of being polite than actually scrubbing every trace of a post. Oh and by the way: GDPR doesn’t protect you here. A provider is required to pseudonymize/anonymize your profile as it clearly contains personal data that you have given them as such. They are not required to delete or pseudonymize your posts.