Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Please don't post about US Politics. If you need to do this, try !politicaldiscussion@lemmy.world
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
view the rest of the comments
Sorry for the late response, your last comment didn't federate, so I just saw it.
I run my own single user instance and it's not that hard... I'd have to make some SQL queries to the database directly to retrieve the info but it's straightforward.
Yep that's the one.
Agreed.
Yes but that also makes it less useful and viable, unfortunately. I guess it really is like email if we consider federation an essential feature. I can set up my own email server that doesn't talk to any other, but then it's not too useful since it'd just me sending emails to myself.
So, federation is a must, but the question is how to make it work.
What more would need to be done?
And now I hit some kind of length limit so I had to break up the post. Moving right along,
It would still work. The difference instance would fetch the link containing the requested content and pass that on to the end user, where either the web UI running on the user's browser or the user's app would load the content. (Akin to a web browser loading the web page). It'd be up to to the piece running on the end user's computer to match it all together.
Yes, but the point is that, like an old-school forum, this is not revealed except by (and from) the original instance hosting the content, and only to the end user. It's not revealed until the end user's app/browser fetches the content from the original server. So since only a link is federated, the PII only exists on those two places. Meaning that the server admin has a much easier job to delete data, as they only have to get it deleted off their own instance.
If the end user then does webscraping ... well how can you prevent that?
And if someone creates a malicious instance that follows the link and screenscrapes it ... I assume it also falls under the "cannot prevent" bucket.
The problem here is that means we devs have to sit back and wait. When will we get the answers we need? And how long do we have to be exposed before we can actually work on solving the problem?
We really do need a foundation like the EFF to provide that legal advice and support, but I think coming up with technical fixes is still worthwhile even as we wait...
This seems like a good legal guide for an admin's and instance's jurisdiction is a must.
Interesting. In the US you can hire a lawyer to service that purpose, typically. In some jurisdictions, I wonder if something like https://www.alliancevirtualoffices.com/ may also work.
You've mentioned this a bunch of times but .. what's the DSA again? I have no doubt it's related but curious to understand exactly what it is and how it fits in.
Could there be jurisdictions that have only DSA and no GDPR, and others with GDPR and no DSA?
Ok, once more, continuing,
Thank you, that's a really good example! I understand the need to rein in AI, of course. My point stands (and it doesn't seem like you disagree) - a user friendly manual remains difficult to achieve.
Interesting. So pyfedi is a good example - the software supports backfilling when the instance discovers a new community/magazine on another instance for the first time, but it does it via API only. This means no backfilling of comments, and sometimes you can see posts from years ago in a stale magazine but which don't get backfilled because the API doesn't return them.
Clearview AI is a good example of exactly this kind of bad actor, see https://lemmy.world/comment/12151959
But it seems like even then there are ways to enforce.
Interestingly I've seen the reverse happen - websites blocking access to ip addresses that appear to be based in the EU to avoid having to deal with the GDPR and its ramifications.
I disagree. The issue you're describing is a common one in terms of extraterritoriality. How does the IRS get US citizens who are dual citizens living abroad to still pay taxes to the US? Enforcing laws extraterritorially is never easy, but as the IRS has proven, it is possible.
Me too. I'd say this is point one of what I'd like the GDPR to achieve.
Same here. I'm thinking one way forward may be to add funding to expand the agencies - one side does the regulation, but the other side offers free services to small business and individuals to help them comply.
No, I think that's a plus of the GDPR. Cost is on the company to comply and relevant gov't agency to chase up if the company doesn't. Facebook was brought in line, so it seems like a success so far. An example of point one above working.
Isn't this specifically covered by the journalism exception that the GDPR providers? https://verfassungsblog.de/the-gdprs-journalistic-exemption-and-its-side-effects/
I can kind of understand this though. What if I want that hidden so militants with missiles can't shoot me down? Easily justifiable by protection of life.
See where I mention point one above.
Seeing as it's a couple of months later, I'd add that I'm willing to wait if you think you will ever get around to it. Though you have already brought up some good points - the most salient one beinrg that GDPR compliance is simply too expensive and not user friendly for a small time individual, but I still feel that this is something that can be improved upon without major revisions to the GDPR itself.