thought I’d post it here as well for visibility
Honestly, while i can see why someone would be bothered by this, i don’t think there’s any solution to their concerns.
The whole point of this fediverse idea, as i see it, is that all the data is fundamentally controlled by a collection of entities instead of a centralised one. And you, as a mere user, have to choose which of these entities will have absolute full control of your data. Regardless of the source code of the webapp, if you’re not fine with others having control of the data you willingly uploaded to their servers, the only way out is to self-host your data.
If you upload stuff on remote servers you don’t control, you should always assume that you have no power over how that data is used. You can only hope for others to not be assholes, but you’ll never have a true garantee.
my problem doesn’t lie in having to trust an instance to not store your data; but rather the platform itself keeping this data without a clear way of turning it off when setting up your instance (aside from modifying the source)
I agree that there’s always trust needed and who you trust in the end is up to you so you as the end user should make an informed decision if you care about this.
I think part of the reason why i don’t care that much, is because i’m looking at it from a software developper’s perspective.
Even without touching the source code, which would require quite a bit of effort simply to familiarize yourself with the codebase, the moment you get full access to the database it becomes ‘trivial’ (as long as you know some SQL) to do absolutely anything with the data.
Also, a somewhat common thing when working with databases is to never truly, permanently delete data, especially when the deletion comes from user-controlled actions. You can’t trust users to not delete data they didn’t want to delete and user accounts can also be compromised. Depending on the data itself, allowing total and permanent deletion can be very harmful and irrecoverable. When you don’t fully delete the data but simply ‘mark it as deleted’, it’s a lot easier to revert such problems. Even with the GDPR and the right to be forgoten, i don’t have any stats on this but i’m pretty sure there’s a lot of sites that simply mark things as deleted instead of a true permanent deletion.
edit: Forgot to mention that since bugs are also a thing, not actually deleting data can save your butt more than once.
comments deleted by users are still visible to admins
I personally consider this to be a potential positive for moderation’ sake. Let’s say someone posts illegal content and then quickly deletes it the post. Well, the illegal content would still be uploaded on the server hodling the instance hosts potentially liable for storing such content. This feature allows for that content to be found and removed from the server.
deleted user accounts still have their data remain on the instance.
This one is the one which I could see the most problems with, especially if the instance requires you use an email to signup. This is something i’d like to have addressed in the software. This is definitely something to take into account when creating an account on a lemmy instance, especially those which require email or other personal information.
the first isn’t that upsetting for me either as I understand it’s admin purposes; but if those can be dealt with (such as automatically removing attached content when the post is removed in this case) it would go a long way to making sure things stay safe and trustworthy.
I definitely would not be opposed to the content being completely wiped from the servers (including attachments) that would basically solve any liability faced by the admins. Though, I have a feeling this might be in place for the more… strict instances to see what users have chosen to say so that they can punish people for their speech, even redacted speech.
Perhaps we should have it state to not use your main email if you’re not comfortable with people potentially having it on our signup form?
I don’t know, that almost feels implied, especially since it says (optional) in the email textbox when signing up.
What if the post was removed publicly, kept for 30 days, then removed from the server entirely? Similar to the way the “trash” in your trash bin works on PC.
This feels like something that should be configured on an instance level, if we’re talking about storing data for a certain number of days before deletion.