Document how to delete images (pict-rs)

[maltfield]

We should document how user-uploaded images can be deleted from lemmy (by instance admins)

Problem

Currently there is no way for users to be able to delete images that they've uploaded to a lemmy instance from the WUI.

Moreover, even if a user deletes there entire account from the lemmy instance, their uploaded files are not deleted.

It has been mentioned that it's possible to do this via the API, but [a] there's a bug in lemmy that prevents DELETE queries from being sent to pict-rs and [b] a user would first need to get the image's delete_token, which doesn't appear to be possible unless they were logging the server's responses to the background ajax upload POST to /pictrs/image.

As users cannot delete images that they've uploaded, admins will need to do it on user's behalf.

Unfortunately, I recently uploaded a very sensitive image to lemmy and--when I reached out to the lemmy admin--they didn't know how to delete the image. And, of course, it's not documented anywhere how they can do it.

This lack-of-documentation is a legal risk to lemmy instane admins.

Legally, instance admins must respond to "GDPR Erasure Requests" from their users. That is, if a user sends them a request to delete some content (eg a photo), then they must delete it from their website within a reasonable timeframe. This law applies to any website operating anywhere in the world (not just to websites or businesses located in the EU) that has users who are residents of the EU (so it likely affects >90% of public lemmy instances with >100 active users).

The fines for this violation are commonly millions of euros or a percent of of revenue, whichever is higher.

Solution

A new section should be added to the documentation's moderation section that clearly explains to admins how they can delete an image

• https://join-lemmy.org/docs/users/04-moderation.html

The documentation should:

1. provide the commands to query the postgres DB (to fetch the image's delete_token for a given image URL)
2. provide the command to execute the image deletion API call

[maltfield]

Please assign this ticket to me; I've already started working on the documentation.

Unfortunately I burned an entire day trying to get a local test lemmy instance running (lots of work is needed on those docs -- the downloaded config files should "just work" without any modifications). After several hours I got the lemmy container to connect & configure the postgres db, but the UI only gave errors and the docker compose logs didn't output anything.

Anyway, I got far enough to write the documentation, but I do need an instance admin to help me confirm the backend commands are functional. If anyone is willing to work with me on this (I'll just pass you commands to execute on your instance and you send me the output), please let me know :)

[maltfield]

Remarkably, the Contributing page of the documentation enumerates a lot of repos, but it doesn't enumerate this repo. I'll try to fix that in this PR as well

• https://join-lemmy.org/docs/contributors/01-overview.html

[dessalines]

Thx for taking this on.

[maltfield]

For additional context of this issue, please see Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)

[Nutomic]

Images can be deleted via api now.