-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Delete Account should delete uploaded media (pictures) too #2384
Comments
See also this ticket to add a section to the Lemmy UI for users to be able to delete individual images without having to delete their account |
@Nutomic I'm ok to cleanup the title of this ticket from being too long/unwieldy, but I do think it's important to track which tickets are related to legal concerns of data privacy laws, such as GDPR. Can we please add a tag to this issue, such as:
I think it's important to add some sort of tag to issues that could cause legal troubles for instance admins, so they can more easily be filtered & identified for priority. |
I dont believe that GDPR applies to Lemmy unless it is provided as a commercial service. https://www.twipla.com/en/blog/what-does-gdpr-compliance-mean-for-personal-websites |
EU residents' data protection laws apply to all websites, not just commercial ones. The exemptions you've cited for "personal websites" do not apply to public Lemmy instances. Most lemmy instances are not a "personal website" (unless it's a single user's personal instance). It's extremely alarming if the lead lemmy devs think they're immune to criminal data processing practices. Anyway, legality aside, the Lemmy project has a moral responsibility to implement software that ensures its users' right to be forgotten and other data privacy rights. Is the Lemmy team really deflecting and de-prioritizing data protection ethics? Please tag & prioritize issues that harm lemmy users' data privacy rights. |
You are not a lawyer so I wont take your unqualified opinion as fact. I also have to point you to the license under which Lemmy is provided to you for free:
So there is no legal nor moral responsibility to implement any features that you personally want. However you are free to:
|
Please do not engage with developers in this way. We have way more work than we can handle, and years of priorities before this. If its a priority for you, then work on it and we'll accept a PR. |
I appreciate the work you've done in writing lemmy, but please prioritize pending issues of criminal data processing.
This is the problem that I'm trying to resolve. Your priorities.
GPL provides legal protections to the developers writing the software; it does not protect the instances running the software. By not prioritizing these issues, you're throwing users under the bus. By releasing a feature that allows users to upload content before implementing a means for them to delete that content, you're tieing your community of instance admins to the railroad tracks and walking away. |
Would you mind if we set some of your priorities also? You're asking us to do free labor for you, that you're unwilling to do yourself. Do not put ultimatums and demands on people making FOSS, or I won't hesitate to block you from these repos. |
I do not mind, please do. In the FOSS projects that I lead, I largely let the priorities of pending issues be dictated by the community. |
Very well, your first priority is to learn rust and take on this issue, I'll assign it to you. Since you're okay with other people setting your priorities, this shouldn't be a problem. We'd much appreciate your help. |
This comment was marked as spam.
This comment was marked as spam.
It's not his project and he's not its developer. You understand how bug reporting works, right? Everyone, please calm down and focus on addressing the actual reported bug. |
IMO, if you want something, DIY. If you want a new feature or fix a bug in Lemmy, learn Rust and submit a patch. We'll help review your code if you did. I agree that this violates GDPR, but FOSS developers, work on what they are interested in, not on what they have to do. Honestly, I might be willing to work on a patch for this. But I'm a little tired right now, so if anyone else wants to work on this instead, go ahead. I'm a bit too busy with maintaining my day job code atm. I'm based in Thailand and we have the PDPA act so this issue concerns me too. Also, thanks to that blog post above there might be some reaction brigading. Just a note for anyone else who stumbles upon this issue. |
This being the case, I've submitted a PR to add a warning to the README regarding the non-compliance. If nobody wants to write the code, fair enough. But people deserve to be warned that they could potentially be getting themselves into a lot of trouble for hosting Lemmy, imo. |
Unfortunately there was some miscommunication in this issue and we failed to get to the root cause. In fact the Lemmy backend has an option to delete all content when an account is deleted. This used to be the default behaviour but was changed in 0.19 so you need to set a parameter However the checkbox is added now in #2385 and will be included in the next Lemmy release. Other frontends and clients may also need to adjust the delete_account api call. |
Yep, that's a pre-requsite to contributing to Lemmy codebase. But you misunderstand how accessible that is versus someone or a team working on their own, less obscure language alternative. If it comes down to just learn Rust only for the opinionated Lemmy devs to say @#$#$ off or help contribute to a project with a well established language and receptive developers ... well then... I know where my energy is better spent. Good luck Lemmy; you'll need it. |
Requirements
Summary
Bug: When a user deletes their account in Lemmy, they're told that it will "permanently delete all of your data from this instance" but, in fact, it doesn't delete all of their data. For example, the photos that they uploaded will not be deleted.
When a user deletes their account in Lemmy, they're presented with the following message
Users should expect then, that all of their data was deleted. But this is not the case for photos.
This means that all instance admins are violating the laws of GDPR for any users that live in the European Union.
Steps to Reproduce
Technical Details
Linux, Firefox
Version
BE 0.19.3
Lemmy Instance URL
No response
The text was updated successfully, but these errors were encountered: