This is an opportunity for any users, server admins, or interested third parties to ask anything they’d like to @nutomic@lemmy.ml and I about Lemmy. This includes its development and future, as well as wider issues relevant to the social media landscape today.
Note: This will be the thread tmrw, so you can use this thread to ask and vote on questions beforehand.
Have you considered a feature like “sibling community”?
What I mean is, for example, car community on server 1 marks itself as a sibling community to a car community on server 2. Similarly server 2 marks itself as a sibling community to server 1, ie it is two-way.
When communities have been linked bi-directionally, any post and comment are shared between the two sibling communities.
This would allow bigger communities to form out of smaller communities, thereby preventing discussions from being fragmented and showing the true size of Lemmy, across servers.
Right now, instances with transphobic and racist content like exploding-heads are still listed on join-lemmy.org. Are you planning to implement a Server Convenant like on joinmastodon.org? To be listed on joinmastodon.org, an instance needs “Active moderation against racism, sexism, homophobia and transphobia”.
I’m not asking anything because I’m a potato when it comes to software. I just wanted to drop by and say: thank you both for Lemmy. The platform is amazing, and it’s clear that you guys are pouring some heavy love (and labour hours) in it, as it’s improving at an amazing pace.
I’m gonna be asking hard questions, I think, sorry about that. I hope you consider it tough love considering our past interactions.
As an instance admin, I have some questions:
-
How are you doing? I know there was a lot of pressure when things blew up and it seems to be calming down a bit now.
-
How is Lemmy doing financially?
-
Considering past releases and their associated breaking bugs (including 0.18.3), what measures are you taking to help prevent that?
-
Can we consider the possibility of downgrades being supported?
-
Why are bugs affecting moderation not release blockers? Does anything block releases?
-
Are there plans to give instance administrators a voice in shaping the future of Lemmy’s development?
As someone who is trying to help with Lemmy’s development, I have some other questions:
- What do you think are the biggest problems with Lemmy as a software project and what are your priorities for Lemmy?
- Considering fairly low amounts of developers contributing to Lemmy, how are you working to help new people get into the project?
- Do you worry about the message it sends to potential contributors when the main developers are working on a different project which competes with the former? (Example: Lemmy-ui vs Lemmy-ui-Leptos)
- Considering most work is done voluntarily, how are you trying to organize and prioritize work?
- Do you believe you are stretching yourself too thin between Lemmy, Lemmy-ui, Lemmy-ui-leptos, Jerboa and Lemmy.ml? If so, what are you doing to help you focus?
-
How do you see Lemmy working with duplicate communities on different instances? For example if Lemmy.World and Lemmy.ml have a PersonalFinance community, are people expected to cross-post? Or have you conceived of a system to allow people to find the right community efficiently?
I asked in the other thread about GDPR.
Nobody thinks it’s very interesting but if instances don’t follow gdpr, the entire network is at risk of legal consequences.
So please bring this up, even though it’s not very fun.
Neither @nutomic@lemmy.ml or I are too familiar with the GDPR, so we don’t know everything that it requires. Lemmy doesn’t do any logging of IPs or other sensitive info, but of course instance runners could be doing their own logging / metrics via their webservers.
We have a
Legalsection under admin settings, that’s an optional markdown field, that can probably be used for it. We’d need someone with GDPR expertise though to help put things together. Lemmy is international software, not european-specific, so we have to keep that in mind when supporting GDPR.As a person who oversaw the implementation of GDPR in a large software house (which wasn’t EU specific, but had to in order to operate legally in the EU), the requirements were:
- Allow users to request data deletion or a copy of their data.
- If the former, delete all data of their data on the server, send it to them, and then (this was the important part) forward the data deletion request to every single partner we were working with.
For us, this was multiple ad companies. We had to e-mail each one, ask them about their GDPR implementation (most of them were somewhere between “we’re thinking about it” and “we have an e-mail address you can send something automated to and we’ll get to it sometime within the next month”), and then build an automated back-end system to either query their APIs for automated deletion, or craft/send e-mails for the more primitive companies.
As far as the data being deleted, it was anonymized IDs that were tied to their advertising IDs from their mobile phones. I used to try and argue that “no, it’s anonymous” - but we also had some player data (these were games) associated with that, so we ended up just clearing house and deleting everything on request.
So, legally, this means every instance - in order to be GDPR compliant - would have to inform every instance it federates with that a user wants their data deleted. If you’re not doing that, you’re not fully compliant.
Kind of shitty, but that’s how it went for me. (this was back when GDPR was first being released)
Edit: Also, the one month thing was relevant: you have 30 days to delete GDPR stuff after receiving a data clear request. I don’t recall what the time was for a “see my data” request. Presumably, though, on Lemmy the latter is superfluous as all your data is already present on your profile page. An account export option would be enough to satisfy that.
There a different levels of personal data but a unique identifier for a user is one of them because it allows linking information together about a single person, and from there you can try to identify the real person. So an option would be to overwrite all the occurrences of this identifier with random data so you can’t link data together anymore, as long as it’s not also personal data.
Sure, but you’d still have to delete all their written posts - which is really what all this is about.
You actually would not. The content of the post can stay but the username/identifier has to be removed. Written text is not PII to my knowledge and every social platforms I’ve actively used only delete the identifier (Reddit, GitHub).
Written content can contain pii, but it's rarer. Written content isn't, by default, pii, but if someone tells anything reasonably pii the entire text can be consisted pii even when anonymized.
Yeah as someone who had to deal with GDPR in a professional capacity, it's probably better to just assume that content written by users contains PII since you really have no way of telling whether it does or doesn't.
Naturally you can just ignore that and leave the content as-is, but then you run the risk of some data protection authority ruining your day.
So, I wonder if Lemmy instances would be responsible for the instances that federate with them. It’s my understanding that the Lemmy instance doesn’t send the user’s data to other instances, rather it is just posted, and the other instances copy it onto their local instance.
It’s almost like those reddit services that would show deleted content. A user can delete their profile on Reddit, but Reddit isn’t required (that I know of) to go to these services and make sure the user’s data is being wiped out.
It’s often too expensive to support GDPR for Europeans and disable it for other people. Most services just support GDPR for everyone.
Im not a lawyer so I dont know about GDPR. Do you know how similar platforms such as Mastodon handle it?
Hard to say exactly what Mastodon does, but mastodon.social’s privacy policy should give you some direction in how they handle data: https://mastodon.social/privacy-policy
As mastodon.social is based in Germany, they will know about GDPR and have to follow it to the letter.
That sounds like its something for instance admins to handle, nothing we as developers need to care about. Maybe we should add a privacy policy for lemmy.ml but thats it.
Yea it is ultimately on the admins, but Lemmy just needs to not make it hard to comply with GDPR. So it’s up to admins to raise issues when Lemmy is seen as an obstacle to compliance, and it’s up to devs to listen and implement compliance features.
You don’t have to bother with GDPR until you’re a certain size company
That’s what I thought too until I looked it up. It applies to individuals as well.
If an individual runs a web server and processes personal data of individuals within the European Union, then they are subject to the requirements of GDPR. GDPR applies to anyone, including individuals, who processes personal data of EU residents, regardless of whether they are operating as a business or on a personal basis. It’s important for the individual running the web server to comply with GDPR’s data protection principles and obligations to safeguard the personal data they process.
As someone not residing in the EU, I don’t see how they could possibly enforce that. Best they could do is block my instance I suppose. Have they done that for any small site?
I mean, I would delete/provide all data of any user who requests me to do so for themselves. But I’m likely not following every facet of the GDPR.
They don’t work like that, they have no technical capabilites. I think it would work more like a company being ordered to pay a fine if a user on your instance finds out that his data is not deleted if he asks.
But this is complicated so I hope someone else has good input on this topic. Someone must have run a website with registered users in Europe before without being a corporation.
The fediverse brings a new touch to all of this also, since the posts and comments are replicated across instances. Will that matter to the EU law? Maybe, maybe not.
What does “processing” data mean though?
Basically, anything that involves the data being present somewhere in information systems that you control. Taking decisions based on it, displaying it on a webpage, make decisions based on it, even just storing it, all counts as processing under GDPR.
Asking chat gpt, so take it with a bit of salt, but it’s usually correct about these things.
In the context of data protection and GDPR, “processing” refers to any operation or set of operations performed on personal data. This includes collecting, recording, organizing, storing, adapting, altering, retrieving, using, disclosing, transmitting, and deleting personal data.
Processing can be done both manually and automatically. It covers a wide range of activities related to personal data, such as capturing information through web forms, analyzing data for marketing purposes, storing customer records in a database, or even just viewing or accessing personal data.
Under GDPR, any entity or individual involved in processing personal data is required to comply with the regulation’s principles and obligations to protect the rights and privacy of the individuals whose data is being processed.
That’s not true. You might be thinking about the German network enforcement act. Every little ecommerce website, even when it’s a one-man operation, has to follow GDPR guidelines when they aim at people in the EU.
Any plans for improving SEO? One of Reddit’s biggest strengths was being able to get very relevant results with a simple internet search. In time can you see something similar for Lemmy, even with its decentralized nature? I really you for doing this, thank you for your time!
Sorry, no question, only: Thank you for your hard work :)
Any plans to make it easier to interact with links to other instances?
The QoL value to automatically open links to other instances inside my current instance would be enormous.
deleted by creator
I’m personally a hard copyleft developer, so I’d prefer that people making apps and tools for the lemmy eco-system, open source them, to benefit the community as a whole. Nearly all lemmy projects have adopted that standard, and are using the GPL and other hard copy-left licenses, and sharing their code freely with the community.
One example: various devs of lemmy apps have asked me how we build comment trees. Because lemmy’s source code is open, I was able to share the exact code from lemmy-ui (typescript) and jerboa (kotlin). This is not something closed source developers are able / willing to share.
So I continue to recommend that developers heed calls to open source their applications. I developed my ThumbKey android keyboard, specifically because my requests to the MessageEase developers to open-source their codebase, after development had stopped, went unheeded for years.
Side note, but I’ve seen a lot of the discourse around Sync confuse FOSS, with making money. Of course developers deserve to get paid for their labor time! The thing is, FOSS makes no demands on how you monetize your software: “free as in freedom, not free as in beer”, is the saying. So its entirely possible to open source your app, and still charge for it if you like. And If someone wants your app for free (say via an unlocked APK), they’ll get it, whether its closed source, or not.
And yes, if an instance decided to insert ads, or becomes full of blog/cryptospam, I’d def recommend other instances defederate from them. I’d rather not lemmy become the ad-machine that other social media has become.
I definitely didnt expect it, nor did I expect that there would suddenly be more than a dozen different apps. But its not a problem, the more choices users have the better. Those who like such clients can use them, thout it affecting anyone else. Plus monetization of apps could potentially help to fund development of Lemmy itself.
For instances with ads its pretty much the same, more choice for users. But I really doubt that model can have any success considering how many free instances are around which are run by volunteers. Defederation should be unnecessary assuming that ads are only shown to local users.
For me the whole point of fediverse is not depending on a single party for your socials/subs. But the current climate in each instance forces users to have accounts in multiple instances.
As a Lemmy user I believe account migration should be a default Lemmy feature which enables true federation for end users. Any plans for this feature in the near future?
Any thoughts on overhauling cross-posting, to allow more interaction with the source interaction?
As far as I’m aware: currently when you cross-post, only the recipient instance gets all interactions (comments, upvotes), instead of duplicating to or having the origin solely receive those.
The current implementation hampers the growth of smaller instances when reposting something to a bigger one. Discoverability is still there due to seeing from which instance the post originates from, but that’s arguably not enough.
-
Is there a plan to improve search and federating communities between instances? My biggest hurdle joining and using Lemmy was without a doubt the search functionality and subscribing to a community on my own instance, it was severely off-putting. Let me walk you through it: you find a community you like, say !vinyl@sopuli.xyz. You paste it into the search of your instance, as instructed. It immediately tells you “No results”. If you don’t click off, sometimes it changes it’s mind within a few seconds. Sometimes it never loads. You try manually creating the URL by going to example.com/c/vinyl@sopuli.xyz but it gives you an error. If you’re lucky it works the next day, if you’re not then I don’t actually know the next step. Not to mention the lack of feedback on subscribing to communities. I have “subscribed” to communities before then realised a week later that despite appearing in my list of subs it didn’t actually work and I have to redo, the only feedback you get is “pending”. This is the #1 issue that stops me from recommending Lemmy, or at least smaller instances that haven’t federated with much yet. Is the search a priority?
-
I know you’ve been asked about splitting NSFW already, but is there any chance of a specific NSFL tag or a generic spoiler/blur tag? Gore and nudity are such different topics they really don’t deserve to be under the same banner.
-
Are proper inline previews something on the roadmap? What I mean is items like YouTube videos, Streamable links, and just about anything that isn’t a Lemmy image is not expandable and requires leaving the website. It’s one of my most missed features from old Reddit with RES.
I read as much of the thread as possible, so hopefully these are new questions. Hope I didn’t come across too negative here as I’ve been enjoying my time overall and I know y’all have been swamped these months and never expected this popularity.
-
@nutomic@lemmy.ml, can’t reply to the thread here because the user was defed from us which is a pretty frustrating design for the purposes of reading a whole thread from another instance, but i’d just like to say that if you don’t self crit here you need to delete your avatar, maybe upload a picture of spez instead, because he says the same shit :) like a lot of your other posts but by god this is liberal shit that basically no one wants to see
First off. How dare you‽
