this post was submitted on 22 Jun 2023
19 points (100.0% liked)

Lemmy

12538 readers
6 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

I’m a reddit transplant and I’m excited about what I’m seeing so far in Lemmy and the Fediverse, but my brain keeps bugging me with concerns:

Maintainability and Scalability - There are a ton of instances now. Lemmy had made it easy to spin up and host your own instance. In some cases, this means people with little/no infrastructure experience are spinning things up and are unprepared for scalability challenges and costs. This post by the maintainer of a kbin instance highlighted this challenge quite well ( https://lemmy.one/post/302078 ). How do we know if an instance is properly maintained, backed up, and is able to scale? Or should we just be prepared to start over on another instance if ours fails?

Monetization - The above cost challenges bring up monetization issues. What mechanisms will instance maintainers have to help with maintenance/hosting costs? As the Fediverse grows, how do we prevent against ads and coordinated upvoting from taking over and pushing ad content?

Legal/Privacy - Privacy regulations are becoming a mine field… GDPR, CCPA, and other privacy frameworks are making it tougher to handle privacy properly. Is there a coordinated Lemmy legal defense or are instance maintainers on their own? How would you even approach a GDPR user delete request across the fediverse?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (1 children)

Good to know, but if that meets the legal requirements I cannot say. Really a lawyer that practices GDPR/CCPA would need to chime in if that is enough for either.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

As far as I know, for publicly posted things, GDPR only requires an entity you've given this content to, to on demand, tell you how much they still have, and/or delete what they have.

Other instances, owe you nothing, as they would be more like third parties scraping the data, legally speaking.

Matrix is also federated, and can in fact perform GDPR compliant deletions, despite it being impossible to ensure that any of your data on other instances, be deleted, too. This may be due to how matrix encrypts data, as when your account goes, the keys to access your data, even if stored somewhere else, goes with it. So even if not the data, the ability to access it is gone. (Though I'm unsure how this could work as the accounts you spoke to could still read your messages, with their keys)