When you shout in a town square, does everything else you've ever shouted, everything you've ever voiced your support for, everything you follow closely echo and remain in that square?
Again, this is a feature. But one people really have to understand before they engage here.
I've been looking to do the same for the many pros I've seen posted here, but maybe someone can give me some clarity on a very big downside to me.
From my understanding most instances are pretty liberal with federating anyone, then blacklisting bad actots or problematic instances. However as adoption grows is there not the potential for larger instances to move towards a whitelist, and possibly move towards only federating with known, established instances or ones with established conditions? Possibly flat out banning personal instances due to moderation overhead?
Perhaps my understanding is incorrect, but seems to me that there could be a big future risk your personal server turns into an island and all of your past engagement is no longer in your control.
Unfortunately not that easy. There is discussion on solutions. There isn't any now. Platform currently isn't stable enough to respect mutually federated changes all the time.
Also I did put a disproportionate focus on this no take back component, but the scope is wider than that (see comment below about votes being public when almost everyone coming from a monolith assumes it is private)
So, obviously an anti Lemmy bias there, and not entirely true, but there are some aspects of federation it can be dangerous to ignore.
There is a different primary privacy focus here, and it provides an extreme level of privacy but places an extreme level of responsibility on the user for their own privacy, more than most places.
There is a distinction to a potential scrape and a system designed to duplicate, often irreversibly at submit.
There are also other things people are often not aware of and the community is not doing a great job communicating. Admins are not doing a great job of protecting themselves either.
For instance many, still don't know votes here are entirely public.
If you understand this all and are comfortable, great. Many do not prepare themselves and would engage differently if they had a better understanding.
For a take by someone who is pro-federation but not ignoring these concerns see: https://lemmy.ca/post/948217
I explain the distinction in the post. It is very different on a platform designed to distribute at instant of hitting submit.
Also...
I do expect my account to be secure, in that no one should be able to pretend to be me.
Surprise! They very easily can here.
This is assuming your local is still federated. If your local gets defederated you currently have no control over any previously federated copies of your posts / comments / votes.
Yeah. I can see a case made on either side.
This is the point I am trying to drive home. Even with zero comments, zero posts, you could doxx yourself accidentally with votes alone. You came here from another platform and had a certain expectation of how privacy works here. It does intuitively feel like it should be private.
You are trading some privacy for censorship resistance and community safety in this case, because the goals are different here.
If you trust your admin to keep your IP and email private, and you manage your comments and posts carefully, I encourage you to let your voice be heard and upvote every sinnerdotbin's pantless picture post of the week (just don't like the posts in a different, very small and niche category that can link to you publically as you are the chair of the board at never-nude.social, and there are only 5 members who always like the same posts) . If you are in a country where that support might end with you in a work camp, I'd maybe advise against it in case your local turns out to be a honeypot.
There is a privacy component to federation that the world really would benefit from, but it will be lost if people are not informed. Incredibly private if you are aware how to navigate it. Horrible if you aren't.
Why would someone think that?
Because the comment I replied to, the actual thing I am addressing, makes an assertion that isn't entirely true and could lead someone uninformed into believing they can have their information removed platform wide.
What is the difference?
Not everyone is concerned with someone digging up dirt or wildly compromising material. Most people aren't special enough to be worried about that.
Most archives won't be globally search indexed. An archive won't show up on a federated search. There is more legitimacy to a federated version over someone reposting a screenshot (at least in perception, how federated could be altered or forged is another topic).
I also mention there are other reasons one might want to remove content. Just look at reddit right now, some may simply want to revoke support for a platform sometime in the future.
Sure, there could be a future where this is addressed. It isn't right now.
I don't disagree with you in the larger discussion on persistence of data. I am adding context to a scoped subtopic of it.
I'm behind Lemmy, but I've made an informed decision on what that means for my data.
It's the same camp.
I'm not making the claim other platforms are better because you might be able to slip in a ninja edit before it is captured. I am making the claim that if you are not on high alert here, more than ever, it will bite you.
For better or worse, some people are coming here from other services expecting a measure of control of their data that you don't get here.
The experimental aspect of this space is the other thing I feel warrants more explicit warning about, and noted in my policy template.
Me too! The world is different now.
Existing social media never really gave you a real edit/delete button anyway either. It’s all anonymity theater. The reality is that your data was always being scrapped and archived, somewhere by someone. This is just a reality created by digitization and virtually free recording/copying. No specific digital medium was ever going to protect you from this.
I explain the distinction to federated in the post. It is very different than a scrape or archive.
In the early days of the internet, everyone knew to use pseudonyms and not share personal information. We seemed to have forgotten this lesson. Maybe it’s time to relearn this lesson. Life is full of lessons. Let this be just one more.
Exactly. I am bringing awareness back to this.
No one should fool themselves into thinking they can use a pseudonym and not eventually doxx themselves accidentally if they have any level of engagement. People have grown accustom to being able to somewhat reverse that mistake. Many are also not accustom to their interests, their votes, and their voice is all retained, in one, easily digested and public place.
I don’t think the word “privacy” is a good word for the concept. I believe “user data control” or “right to be forgotten” is more appropriate for the “deletion issue”. However, there are few privacy issues such as instance admins having access to private messages and the potential for a hack to expose users e-mail addresses and usernames.
This has been debated, and is very dependent on the context. It is a very broad concept to try to address and the lines do get blurred on the definition of what is "private data". The hope here is to partition the responsibilities of the admin from the user.
It isn't truly immutable though, and could be dangerous to propigate the idea that it is 100% immutable
It does to many, thus the awareness of how it works here, that is all.
If you don't think it matters, or you understand enough to be sure never to expose yourself in a way that you are uncomfortable with that is awesome! Many are waking up to a realization of the nature of things here they were previously not aware of, and some are growing very uncomfortable with that now that they can't adapt their previous engagement to that knowledge.
Booo to miss Busy Body.
You're almost there.
Only if your home server remains unfederated. Even then other users of the server will be able to see everything. And will be more likely to remember, like miss Busy Body.
Uh, a, if not the primary point in my post?
Your IP, your email, will remain at your local if your admin is responsible. If you act to your comfort level in your engagement, you will remain private in the public sphere.
Praise your local admins! And help them out by petitioning them to study their local laws and come up with proper policy and TOS
Also USA does have laws regarding site usage by children. Might be more of a TOS thing, but this was brought over from the Mastodon policy I adapted.
IANAL. Especially anywhere near children.
I appreciate that you are reflecting on how you want to manage your own privacy in this space!
Unless a user is viewing from kbin, which interoperates here. It is entirely in view to the kbin UI (and Mastodon I believe).
I've had a similar idea. Want to have a race to market? (you'll have a head start, I'm heading into the domain of managing federation block lists next).
This is the beautiful part of an open platform, we can all steer it and contribute all sorts of wonderful solutions.
People should be educated enough of the pros and cons as much as possible, although that might mean some would get intimidated and refuse to join.
Bingo. Which would you rather do, talk someone's pants off, or scare them off or otherwise have them caught with them down?
Also love your local domain.
Not saying it is the proper course of action, but no idea where those folks are hosting. EU is not the only place with such laws, and USA is not the only place where hosting is happening. Also highlighted, required or not, privacy policies go a long way to establishing user trust.
I’d also argue stalking has more to do with the mental health issues of the stalker than the victim being to blame for how they interacted with the world. We don’t tell a student not to participate in lectures because someone may latch onto something they said and become infatuated. We punish stalkers instead.
If someone is aware and engaging to their comfort level, no matter how open, I would not blame them, the victim, for being stalked. If someone wanted to be cautious, but they didn't know the risks here, I would feel guilty for not educating them on how they can protect themselves.
Idk this is a ramble. I see so many things so often that used to be personal responsibility on online safety, that instead of teaching the skills we make tools. And i feel like not teaching good personal safety and protection is goong to doom any project ultimately.
You can’t fix ignorance without education.
Which is the entire point of my post, to encourage education in this space (which again, again, again, is different than what many are coming from with its own unique set of risks)
That isn't what I am speaking to, and the fact someone could make a copy or it is archived somewhere doesn't make the statement that you can always remove your data from the platform true. And there is a difference between a potential copy and an original federated, distributed, and indexed version. There are also reasons someone might want to remove their data other than simply being worried about the actual content of it.
People need to be aware of the persistence of data, but people also have to understand the technology they are using to make their own informed decisions on how they engage.
This is largely assumed by someone like yourself or I who understands the implications. I am finding it evident that a lot of people are not aware.
There is also a distinction to a potential screenshot, a scrape or archive no one visits, and a federated copy on a widly used instance you have lost access to.
I edited my comment above to include a project I am working on to hopefully help admins get this across and educate users on how to appropriately engage to their comfort level.
ceddit and others you have noted historically have broken for a variety of different reasons, and the others are announcing future inability to continue with API changes. Pushshift, which these services often used, had a mechanism to remove sensitive data you accidentally posted or otherwise wanted removed.
Archive.org is not searchable, not indexed in mainstream search engines. Also would be responsive to legal requests. It is hard to get a complete profile history on someone.
All of these external sources require a great deal of extra effort from someone to pry.
The concern to be aware of here isn't that it could be scraped, which yes it can. The concern is that it is duplicated by design, wide and broad, on a platform that somewhat functions as a single entity.
People make mistakes. The Unabomber got caught by doxxing himself with a single phrasing of an idiom. Not complaining, simply saying "be very, very, very, very, very, very, very, very, very careful here"
The privacy goal on federation is different. If you educate yourself, you can be safe.
You can't eat your cake and have it too.
I feel you didn't read the original post. It isn't about expecting privacy, it isn't a criticism of the fundamentals of Lemmy as a minority seem to be taking it (there are many ways I explain how it is more private from being tracked and profiled).
It is designed for your actual traceable information to be kept safe by the gatekeepers, the admins. Users must be highly aware: everything else you do here is public in a way you may never have experienced before.
It is about understanding how privacy is maintained on a federated platform.
Many users coming from other platforms do not understand the mechanisms here and how they are different.
Take a look for the comment here about vote privacy (the highest voted comment here) or dozens of the other posts where people are coming to this awareness. Many assumed was private due to coming from a platform where this was.
It is designed for your actual traceable information to be kept safe by the gatekeepers, the admins. Users must be highly aware: everything else you do here is public in a way you may never have experienced before.
You are also kidding yourself if you think that defederation will not become more common. The community we are commenting on has already defederated 2 very large instances.
If you self host, or find an admin you have incredible trust in, you should remain untraceable if you manage your engagement responsibly.
Though another thing I highlight in the policies is this is experimental software. Leaks can and will happen. We have a voice and can play an active part in preserving that privacy.
Recorder is always on by default with your engagement; recorder is always off by default when it comes to things that automatically identify you. It is the opposite in a monolith service.
The idea is to gauge community interest/relevance and facilitate content discovery. I feel it is becoming a bit dated method of accomplishing this and easily gamed.
The analogy works to some extent, but it is a gross oversimplifications in most regards. But yeah, keeping up with maintaining a small mail server if you expect not to continually end up in SPAM is a royal pain.
Will be interesting to see how it develops. Could see a movement towards RBL type block lists, but with the lack of tools available at the moment I think most admins are going to end up having to take some pretty drastic actions at times.
You're right. Apologies.
There are many other models, some discussed in this post. All come with their own set of upsides and downsides.
For a small community, which Lemmy original was, straight up votes work great. Unfortunately it doesn't scale. Reddit is a perfect example.
You're right, there is only up/down vote systems with a user base that is in no way verified or otherwise restricted to a single vote/real person, or corporate algos.
There are plenty of different models. Do I fault the Lemmy devs for using it? No. Is it ideal for content discovery? Not really.
Thanks! I'm for mass adoption and want admins to succeed. That starts with keeping users educated (and admins covered).
This keeps on being asserted but it is far from true. If defederation happens or your local goes offline, posts/comment history/profile/votes will remain on other widely used instances and out of your control.
A large instance has already defederated with 2 other larger instances. If you run a personal instance I feel it will be very, very common for you where you will be locked out of managing your data.
You can expect defederation to happen all the time as that is a deliberate part of the open federated model.
And that is to say nothing about federation simply breaking sometimes.
I already have content that exists on other instances that will remain forever and I've only been around a short while. I don't care personally, but people keep asserting this claim that only bad actors or scrapers will dupe your data. Federated data is very different than a non-federated copy for many reasons and that matters to some people. Everyone should understand deleting your account, or modifying your content will often not remove your content outside your instance, and many people engage outside their local. It will likely exist in federated, Lemmy searchable form forever in some capacity (in the current iteration anyway).
Not trying to spread FUD, but if we want to maintain users, they have to be educated as they will find out eventually and not be happy.
Votes are entirely public, Lemmy just made a UI choice not to show them. They show up if someone views it from kbin and ultimately something that could be mined from a self hosted admin.
I think this information may make some of those who profess "everything is saved on the internet and why care" change their tune.
Saves I am not sure about yet. Think that may be locals only.
Edit: community subscriptions are another. I believe the admin that hosts the community has access to the sub, but this may also be available to anyone self hosting. Haven't confirmed anything regarding subs yet, maybe that is locals only too.