Warning: Lemmy doesn't care about your privacy, everything is tracked and stored forever, even if you delete it
raddle.me

Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server
  • aard@kyu.de
    4·
    1 year ago

    Lemmy also seems to federate your matrix_user_id, that is clear personal data.

    Just like specifying an email address when signing up adding a matrix identifier is your personal choice. Lemmy is perfectly usable without either.

    It does not matter how the data gets to the federated server, this is still user data within the scope of the GDPR. It does not matter that that server does not have an agreement with the user, the instance that would ignore a GPDR related deletion request would be in direct violation of the GDPR.

    Not a lawyer, but I’d say the instance outside of EU, not targetting EU users would not be in violation - though EU instances transmitting data there might.

    Instances should actually delete data when that is requested, or instance hosts can get fined.

    With that part I agree - but it should be made clear when deleting something that this is a local deletion, which may or may not propagate to other instances, and will almost certainly not remove the data from the internet.