Lemmy's Image Problem (Updated 02-06-2024)
Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.
đĄ This article has been updated.As far as the Threadiverse is concerned, Lemmy seems to be in an enviable position: they have a vast base of users, supporters, and donors. Their ongoing crowdfunding efforts pull in âŹ3,966 (about $4,304) per month from over 1,162 supporters. The project is also listed as the third largest Fediverse platform in FediDB, just behind Misskey and Mastodon.
Lemmy benefits heavily from being the first movers in their space. Which is why itâs so surprising that the most matured Threadiverse platform lacks a basic feature: users and admins canât delete uploaded images.
Wait, what?
Recently, Michael Altfield posted an intriguing piece to his blog titled Nightmare on Lemmy Street (A GDPR Horror Story). Itâs a fascinating read, and highlights a user mistake thatâs all too common: fumbling around on a phone, itâs possible to hit the wrong button and upload something sensitive. Federated or not, itâs a common expectation for platforms to offer tooling to clean that out of storage.PSA: you can't delete photos uploaded to #lemmy. So don't (accidentally) upload a nude to lemmy. That would be bad đ±https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/
Oh, and if you delete your account? It doesn't delete your uploaded photos. And good luck getting your instance admin to delete it; it requires a manual db query, api call, and â oh, none of this is documented? Welcome to my #fediverse #GDPR nightmare đŁđ€Ż
â Michael Altfield đĄïž (@MichaelAltfield)2024-03-04T16:08:55.929Z
Lemmy is a little bit more complicated than other platforms, architecturally speaking, because image hosting is actually handled as an auxiliary service called pict-rs, which runs alongside a given Lemmy instance. While pict-rs itself works fine for handling uploads, downloads, and modifications to pictures, the devs neglected to add anything to Lemmyâs interface to handle deletions. In fact, the platform as a wholelacks any tooling for moderating images whatsoever.Interacting with Lemmyâs Devs
Michael wrote up a handful of reports in the project repo [1, 2, 3, 4] scoped to specific bugs and feature requests. In their initial reactions to a request concerning image deletions and GDPR compliance, the Lemmy devs offered a frosty reception.âI dont believe that GDPR applies to Lemmy unless it is provided as a commercial service,â Nutomic wrote. When corrected on this point, he became more hostile.
âYou are not a lawyer so I wont take your unqualified opinion as fact. I also have to point you to the license under which Lemmy is provided to you for free,â he said, citing the GNU AGPL, âSo there is no legal nor moral responsibility to implement any features that you personally want. However you are free to implement it yourself, pay someone else to implement it, or stop using Lemmy and use one of countless alternative platforms instead.â
âWould you mind if we set some of your priorities also?â co-contributor Dessalines chimed in, âYouâre asking us to do free labor for you, that youâre unwilling to do yourself. Do not put ultimatums and demands on people making FOSS, or I wonât hesitate to block you from these repos.â
Some Progress
Eventually, the two core Lemmy devs reflected on it, and switched gears.âUnfortunately there was some miscommunication in this issue and we failed to get to the root cause,â Nutomic wrote, âIn fact the Lemmy backend has an option to delete all content when an account is deleted. This used to be the default behaviour but was changed in 0.19 so you need to set a parameter
delete_content
. We failed to add a checkbox for this parameter to lemmy-ui.â
While this is at least some kind of improvement, the other three issues remain largely unanswered, beyond a half-hearted statement from the other dev: âUnfortunately, I canât work on that right now, if someone else can do it, that would be helpful.âUPDATED, SEE BELOWWhy is this Important?
There are a couple of reasons as to why this is so surprising. Firstly, the Trust & Safety aspect: a few months ago, several Lemmy servers were absolutely hammered with CSAM, to the point that communities shut down and several servers were forced to defederate from one another or shut down themselves.Simply put, the existing moderation tooling is not adequate for removing illegal content from servers. Itâs bad enough to have to jump through hoops dealing with local content, but when it comes to federated data, itâs a whole other ball game.
The second, equally important aspect is one of user consent. If a user accidentally uploads a sensitive image, or wants to wipe their account off of a server, the instance should make an effort to comply with their wishes. Federated deletions fail sometimes, but an earnest attempt to remove content from a local server should be trivial, and attempting to perform a remote delete is better than nothing.
Moving Forward
The fact that Lemmyâs core team is taking a fairly laissez faire position on moderation, user safety, and tooling is problematic, and could be a serious blocker for communities currently hosted on Lemmy.At this point, most of the solutions the ecosystem has relied on have been third-party tools, such as db0âs fantastic Fediseer and Fedi-Safety initiatives. While Iâm sure many people are glad these tools exist, the fact that instances have to rely solely on third-party solutions is downright baffling.
A growing amount of Lemmy users and admins have become unhappy their relationship with the people building it, and are starting to look at other Threadiverse platforms such as Kbin, Mbin, Sublinks, and PieFed. Given that NodeBB and Discourse are also implementing ActivityPub, they might just overshadow Lemmy in the long term.
It may be that such a move is necessary, even if transitioning communities and user accounts might be painful. For now, users, admins, and developers need to think hard about raising the quality level on user and community safety.
Giving Credit Where Credit is Due
The Lemmy devs are working on a feature to deal with the crux of these problems right now. This is an incredibly welcome development, and showcases that they were motivated to solve the core issue.In the comments section for this article on lemmy.ml, both Nutomic and Dessalines expressed that they felt this coverage was one-sided and unfair, with Nutomic going as far to describe it as âa hit pieceâ and declaring that Iâm not doing responsible journalism because I âhate their projectâ. (For the record: I donât hate it. You donât constantly use a platform for years and years because you hate it.)
Lemmy has been doing a substantial amount of work over the course of the 0.19 release in improving admin and moderation capabilities for Lemmy. This includes:
- Instance Blocks for Users
- Auto-Resolve Reports for Deleted Comments
- Log for Image Uploads
- Overhaul of moderation / content actions
- Protections against downvote trolling
- Support for Reports from Mastodon and Kbin
These two guys basically work on Lemmy full-time, and in addition to the above improvements, do a lot of heavy lifting on infrastructure, federation, testing, feature development, and standards guidance. Itâs a massive body of work, and I can imagine that carrying this out on a daily basis, while effectively surviving on donations, is probably very stressful.
The thing that really gets me with these, is that we are 2-4 devs working on software used by over 40k ppl. It is absolutely impossible to please everyone, and fix every issue, there just isnât enough of us.Oftentimes we ask for ppl to do the open source thing, and contribute a PR, and many of them do.
Dessalines, Lemmy Dev
The Lemmy devs are currently rallying up their fundraising efforts, with the goal being to comfortably support both of them with reasonable median salaries. If youâre inclined to donate, please do so.https://wedistribute.org/2024/03/lemmy-image-problem/
#CSAM #Moderation #TrustSafety
Lemmyâs Image Problem
As far as the Threadiverse is concerned, Lemmy seems to be in an enviable position: they have a vast base of users, supporters, and donors. Their ongoing crowdfunding efforts pull in âŹ3,966 (about $4,Sean Tilley (We Distribute)
like this
Anders Rytter Hansen likes this.
ConstipatedWatson
in reply to Sean Tilley • • •This link has been posted and discussed on Reddit too.
Of course, we shouldn't care about what people on Reddit think (and I noticed this post by chance since I log on there very rarely now), but some users in the thread genuinely ask about joining Lemmy and so I guess it's useful to know about possible obstacles to trying it that they may perceive.
steal_your_face
in reply to ConstipatedWatson • • •NOT_RICK
in reply to steal_your_face • • •No space for muh centrism
lol
CeeBee
in reply to steal_your_face • • •Ya, reading the GitHub issue sounds entirely like burnt out devs being abused by users. It's a massive issue in open source.
The Late Night Linux and Linux Dev Time podcasts talked about exactly this in a recent episode. It can be extremely demoralizing to do all this work for free for a project only to be inundated by ungrateful people demanding you fix something or implement a feature they want. Many open source projects have died because of that.
spiderman
in reply to CeeBee • • •CeeBee
in reply to spiderman • • •Maalus
in reply to CeeBee • • •CeeBee
in reply to Maalus • • •That's a lot of incorrect assumptions there.
They didn't steal any code. They didn't ignore licenses either. In fact, the only reason they had a judgment ruled against them is because they were taking monetary donations. Which was interpreted as "profiting".
They reverse engineered a process without stealing anything. They didn't even circumvent DRM, which is actually protected by law on the grounds of creating personal backups and data/software preservation.
You're either very ignorant on the subject or you just ate up Nintendo's BS.
Maalus
in reply to CeeBee • • •CeeBee
in reply to Maalus • • •Actually yes. The people that run afoul of the GDPR are the people who run the instance servers. The code writers are not the ones legally responsible.
Maalus
in reply to CeeBee • • •CeeBee
in reply to Maalus • • •spiderman
in reply to CeeBee • • •masterspace
in reply to CeeBee • • •We're not talking about a user demanding you release a flatpak build targeting their personal linux distribution running in a VM'd WSL, we're talking about a consumer facing social app that doesn't include the functionality for a user to delete something they added.
You know what the acronym used for describing the most basic functional web app api is?
CRUD - Create, Read, Update, Delete
What is CRUD?
Codecademypop
in reply to masterspace • • •masterspace
in reply to pop • • •Have you learned how to program to fix the problem?
It doesn't seem worth my time to learn Rust just to submit a PR to devs who behave like that, they'll just reject it and be pithy, like they are when a user asks them to comply with EU privacy law.
CeeBee
in reply to masterspace • • •Ya, this is exactly the attitude that burns out devs and kills projects. Congrats for being super entitled towards a free project.
masterspace
in reply to CeeBee • • •It is not entitled to expect a published project to comply with basic privacy legislation and not be illegal to use.
If your bar for this project is that much below basic consumer expectations, then this project was always going to fail.
CeeBee
in reply to masterspace • • •No it's not. But what is entitlement is bombarding voluntary devs with garbage requests. Is this particular issue entitlement? No. But having seen the various requests made over the last year or so there's a breaking point where a person gets overly sensitive.
Think of being pestered ALL day at work over garbage and having an all around bad day. Then on the way home you jump into a store to pick something up and someone says something annoying but ultimately innocuous to you. Some people can handle it in stride, some people's nerves get frayed.
I'm not excusing the devs here. I don't actually know what their thoughts are. But from personal experience in the dev world and from what I've seen, it looks to me like they're getting frustrated by users.
And they might be in a region where the privacy concerns don't apply to them. And I agree that it's a problem, but ultimately it's their right and prerogative to not i
... show moreNo it's not. But what is entitlement is bombarding voluntary devs with garbage requests. Is this particular issue entitlement? No. But having seen the various requests made over the last year or so there's a breaking point where a person gets overly sensitive.
Think of being pestered ALL day at work over garbage and having an all around bad day. Then on the way home you jump into a store to pick something up and someone says something annoying but ultimately innocuous to you. Some people can handle it in stride, some people's nerves get frayed.
I'm not excusing the devs here. I don't actually know what their thoughts are. But from personal experience in the dev world and from what I've seen, it looks to me like they're getting frustrated by users.
And they might be in a region where the privacy concerns don't apply to them. And I agree that it's a problem, but ultimately it's their right and prerogative to not implement.
Remember, absolutely no one here has paid a single CENT to the devs for their work (not talking about donations).
So complaining about the quality of their work while you are benefiting from it for free is literally entitlement.
masterspace
in reply to CeeBee • • •I understand having frayed nerves, I even understand snapping at someone because you're having a bad day, and I do feel sympathy for the devs, and wouldn't hold this against them (especially since they're at least providing a nuke everything option that will address it).
But the line between entitlement and reasonable expectation is not one of monetary compensation.
Engineering ethics does not let you off the hook just because no one paid you to build what you built. If an engineer goes to the park and unilaterally builds a playground that doesn't meet basic legislated safety standards and kills a kid, they're not off the hook. They will be investigated by their professional body and have their license revoked.
Hell if they just build a playground off in the woods on their own private land but don't take reasonable steps to prevent kids from accessing or using it then they will have their license revoked.
CeeBee
in reply to masterspace • • •Sure, but if you want to extend the analogy that far, then the devs are just posting free plans online on how to build a playground. It's the instance owners who physically build the "playground" and are liable.
masterspace
in reply to CeeBee • • •CeeBee
in reply to masterspace • • •There's no equivalent to a licensed civil engineer in programming.The proper analogy is just anyone putting up those plans.
Why do you keep adding new parameters to these analogies? It's such a simple concept but you are determined to prove your opinion, that the devs should acquiesce to your point of view, no matter what.
masterspace
in reply to CeeBee • • •It's literally called a software engineer in most jurisdictions that aren't America where anyone is allowed to call themselves that. And software engineers also have to take engineering ethics, both courses in university as well as in their final professional exams if they want to call themselves engineers.
You're the one who added the "posted online" parameter. I responded and pointed out that it doesn't matter to the analogy.
If you put something dangerous into the world, mark it "ready to use", and encourage people to use it, and that results in them getting hurt or hurting others, then that is a bad thing and you have an obligation to fix it or warn people.
... show moreIt's literally called a software engineer in most jurisdictions that aren't America where anyone is allowed to call themselves that. And software engineers also have to take engineering ethics, both courses in university as well as in their final professional exams if they want to call themselves engineers.
You're the one who added the "posted online" parameter. I responded and pointed out that it doesn't matter to the analogy.
If you put something dangerous into the world, mark it "ready to use", and encourage people to use it, and that results in them getting hurt or hurting others, then that is a bad thing and you have an obligation to fix it or warn people.
You're right about it being a simple concept, I don' understand where you think I'm demanding anyone do anything. The devs have already acquiesced after the community overwhelmingly dumped on their response. My only point has been that it's not entitled to expect a developer to put a warning on software once they've been alerted that it's dangerous.
Maalus
in reply to CeeBee • • •CeeBee
in reply to Maalus • • •No. It's the dev's project. They can do whatever they want with it. They can delete the repo and go live in the woods if they want.
To be clear, I don't agree with the stance they have taken. But I also see the kind of reactions there are far from what people are making it out to be. I think the people complaining about the devs being "mean" are just hypersensitive and have never been told "no" their whole lives.
Like I said, I disagree with the devs' position to not implement this feature. It's been highly requested, and for good reason. But this is a free project. If they say no, then it's no. If we don't like that decision, then maybe we need to move somewhere else.
It sucks but sometimes that's life.
Maalus
in reply to CeeBee • • •CeeBee
in reply to Maalus • • •Fine, that's what matters. Then ask them to implement it or write it yourself.
And if they say no, then that's your answer and Lemmy instances within the EU will need to move out of the EU or just shut down.
Maalus
in reply to CeeBee • • •CeeBee
in reply to Maalus • • •CeeBee
in reply to masterspace • • •What we're talking about is a complete free and open source project that's built and maintained completely through volunteer labour.
There are zero obligations towards the people actively using the software.
While I agree that the functionality should exist, the devs can literally do whatever they want. Nobody is paying them.
Edit: you're also seeing only a single instance of a conversation. I can guarantee that the devs have been dealing with asinine and demanding users for a while now. There comes a point where your patience wears thin.
masterspace
in reply to CeeBee • • •Yes, there are, and that obligation is to not publish something as production ready if it is illegal to use because of how it's built.
I'm a software developer, I understand exactly how frustrating user demands are, that was still a completely and utterly unacceptable way to respond to a very politely worded request for software that literally just doesn't break privacy laws to run.
As the commenter pointed out, if you don't want to fix it, fine, but then you absolutely have a moral, ethical, and professional obligation to document that clearly in your README.md.
CeeBee
in reply to masterspace • • •No, there really isn't. Do I feel that project owners should follow good practices for maintaining clean code that also allows users to keep things legal? Absolutely I do.
But that is not the same thing as an obligation. If there was a single cent exchanged between the devs and anyone else (donations do not count) then this conversation would be entirely different.
I don't agree with the devs' stance. But it is 100% their prerogative to say no. It's their project, not ours.
As am I.
... show moreI agree.
No, there really isn't. Do I feel that project owners should follow good practices for maintaining clean code that also allows users to keep things legal? Absolutely I do.
But that is not the same thing as an obligation. If there was a single cent exchanged between the devs and anyone else (donations do not count) then this conversation would be entirely different.
I don't agree with the devs' stance. But it is 100% their prerogative to say no. It's their project, not ours.
As am I.
I agree.
No, you absolutely do not. Although I do somewhat agree on the professional part, but it's still not an obligation. It's completely unprofessional, but that's different than it being an obligation.
masterspace
in reply to CeeBee • • •The word obligation is not as narrow as you're using it:
Does he have a contractual obligation? No, no contracts were signed. Does he have a legal obligation? No, the license file in the project absolves him of legal liability.
But he absolutely has a moral, social, and professional obligation to do so.
CeeBee
in reply to masterspace • • •If you want to apply such a better definition, then you have an obligation to learn Rust and submit a PR to bring the project into compliance. You have a societal obligation since you are aware of the issue and use Lemmy.
You owe it to your fellow Lemmites. Lemurs? Lemmings? Whatever the term for a Lemmy user is.
masterspace
in reply to CeeBee • • •All I have an obligation to do is give back to society, and I do so through taking care of my parents and grandparents, volunteering teaching classes every weekend at the community center, volunteering to upgrade and maintain an app for a non profit, donating to charity, open source projects and news organizations, helping my elderly neighbours with their snow and leaf clearing, etc.
And if you find one of my open source github projects will cause a user to violate a local law, kindly file an issue and I'll immediately update the README.md and take it down until the issue is fixed.
CeeBee
in reply to masterspace • • •100% your prerogative.
masterspace
in reply to CeeBee • • •CeeBee
in reply to masterspace • • •masterspace
in reply to CeeBee • • •Again, you are narrowing the definition of "obligation" to just legal and contractual.
If you just want to think about yourself and how you interact with the world through legal and contractual terms, good luck, it will be hard and miserable and you will be disliked. Otherwise you do have moral, ethical, and social obligations for everything you put into society.
Flax
in reply to CeeBee • • •CeeBee
in reply to Flax • • •LucidNightmare
in reply to CeeBee • • •What I truly donât understand is why the negative eggs that you WILL ALWAYS HAVE NO MATTER WHAT, read it again, ALWAYS HAVE NO MATTER WHAT, gets so much mental attention than the many more people who are actively applauding you and saying their thanks and giving you their praises.
I will never understand the focusing on the negative I guess. Itâd be easy as fuck for me to ignore peopleâs assholeishness while still taking their badly typed criticism and improving (if I reasonably can).
Shit, it makes me feel like the fucking champ when some random persons says thanks for something I did, and I laugh and ignore the ones who donât like what I do.
But hey, if focusing on the few negatives instead of the mountains of praise is what you want to do, itâs all yours.
CeeBee
in reply to LucidNightmare • • •Imagine you get approval to build a new park and playground for your neighbourhood. You spend hundreds of hours designing the plan and layout and you spend incredible amounts of your own money to get the resources.
You get to work and things are going well. As you near the end of months upon months of work, the park finally opens for families and kids to use.
As you're standing there proud of your work, some people come over to you. Do they say "thank you!" or "you did amazing work"? No, they come over to complain about things that are missing, tell you what you should have done better, that you didn't accommodate their each specific needs, etc.
You would very quickly get bitter and demoralized.
Like I mentioned before: this is a massive problem in the open source development world and has killed many great projects. This has nothing to do with "mental attention" and everything to do with users abusing the devs and their time.
Maalus
in reply to CeeBee • • •CeeBee
in reply to Maalus • • •In my analogy it's a park with trees, bushes, rocks, and slides. I said "park in your neighbourhood" not "mega-extreme rollercoaster park". I also said "you got approval" which is generally from the city or other governing municipal/county/regional body. And that also requires a plan to be submitted before approval is stamped.
So no, what you did is make up a bunch of crap to strawman my argument and try to make what I said wrong in some way.
Nice try.
Maalus
in reply to CeeBee • • •CeeBee
in reply to Maalus • • •Maalus
in reply to CeeBee • • •CeeBee
in reply to Maalus • • •chiisana
in reply to Sean Tilley • • •TxzK
in reply to chiisana • • •toasteecup
in reply to TxzK • • •What is sublinks?
Update: there was a link in the article, thanks though!
TxzK
in reply to toasteecup • • •https://sublinks.org/
About
SublinksSean Tilley
in reply to TxzK • • •Yeah, I'm pretty excited about it. Apparently the Pangora (Lemmy fork) dev joined forces, and the new UI is starting to look great.
https://bytes.programming.dev/notes/9qi6rc2avj3gn9dx
Sean Tilley
in reply to chiisana • • •It's honestly mind-blowing. At every turn, for no reason at all, they act like a bunch of dicks. It's like they decided to run a community project based on engineering prowess alone, and nothing else.
Except the engineering isn't all that good, either.
TxzK
in reply to Sean Tilley • • •Not only that, but the developer Dessalines apparently denies the Tiananmen Square Massacre and praises the Uyghur Genocide. Absolutely disgusting
Edit: Wow. Tankies are mad. Lmao
Arelin
in reply to TxzK • • •Well yeah? The only countries accusing China of mishandling the ETIM in Xinjiang (an issue created by the US through Afganistan btw) are the ones committing an actual genocide in Palestine, i.e imperial core countries. The Organization of Islamic Cooperation, Global South and Muslim countries in general are against the western propaganda about it.
TxzK
in reply to Arelin • • •Yeah, because the West is also committing a genocide, that means your genocide is ok. Both are doing genocides. Torturing and raping hundreds if thousands of Uyghurs, forcing them to abandon their culture, forced birth control, forced labour, forced sterilisation and prosecution without any legal process isn't just combating ETIM terrorists. That's same level of BS argument Israel is using while flattening entire Gaza and saying they're only combating Hamas terrorists.
Because they're corrupt shitheads? They don't give shit about human rights either, they see more profit from supporting China same way the west sees more profit supporting Israel.
Sources:
- https://www.amnesty.org/en/latest/news/2021/06/china-draconian-repression-
... show moreYeah, because the West is also committing a genocide, that means your genocide is ok. Both are doing genocides. Torturing and raping hundreds if thousands of Uyghurs, forcing them to abandon their culture, forced birth control, forced labour, forced sterilisation and prosecution without any legal process isn't just combating ETIM terrorists. That's same level of BS argument Israel is using while flattening entire Gaza and saying they're only combating Hamas terrorists.
Because they're corrupt shitheads? They don't give shit about human rights either, they see more profit from supporting China same way the west sees more profit supporting Israel.
Sources:
And you can't say Amnesty International is Western propaganda because they're very critical of Israel and it's genocide as well.
China: Draconian repression of Muslims in Xinjiang amounts to crimes against humanity - Amnesty International
Amnesty InternationalFlying Squid
in reply to Arelin • • •RubberDuck
in reply to TxzK • • •Sean Tilley
in reply to RubberDuck • • •RubberDuck
in reply to Sean Tilley • • •sacbuntchris
in reply to Sean Tilley • • •Sean Tilley
in reply to sacbuntchris • • •The reason that an open source developer might experience burnout are myriad, but can include:
As someone who has done Community Management for an open source, decentralized communication platform (Diaspora), I am familiar with all of these things. This shit is hard, and I am not denying that Lemmy devs have done a lot of good work.
The problem is actually much simpler than you're making it out to be. For a social platform, which depends on interconnected self-hosted communities to succeed, you absolutely hav
... show moreThe reason that an open source developer might experience burnout are myriad, but can include:
As someone who has done Community Management for an open source, decentralized communication platform (Diaspora), I am familiar with all of these things. This shit is hard, and I am not denying that Lemmy devs have done a lot of good work.
The problem is actually much simpler than you're making it out to be. For a social platform, which depends on interconnected self-hosted communities to succeed, you absolutely have to build in the tools and utilities necessary to deal with all the crazy shit that comes with the territory. Ignoring this causes a cascade of problems that gradually get worse the longer they remain unaddressed.
The devs are surviving on crowdfunding and grants, and doing the best they can with that. That's commendable! They probably need more of both to have their needs fully covered. But don't get it twisted: receiving proceeds for your work is not the same thing as working for free.
Eyck_of_denesle
in reply to chiisana • • •Sean Tilley
in reply to Eyck_of_denesle • • •While I think you're correct about it ultimately being their project, and that users are in no place to demand or expect anything, this thing takes on whole other dimensions once a project is all about building a social platform. Particularly one where volunteers host part of the network themselves.
It's one thing to look at some random demand to write everything in a P2P architecture because DNS is too centralized. When I worked on Diaspora, I literally saw people demand stuff like that, and laughed it off. I'm trying to build a platform that exists today, not some pixie dream bullshit compromised of academic circle-jerking.
But when it comes to basic table stakes for participating in a network that already exists, things change a bit. This is especially true when you're connecting to a global network that has:
Suddenly, it makes a lot of sense to say "you know what, admins are going to want to filter this shit out, maybe it's reasonable
... show moreWhile I think you're correct about it ultimately being their project, and that users are in no place to demand or expect anything, this thing takes on whole other dimensions once a project is all about building a social platform. Particularly one where volunteers host part of the network themselves.
It's one thing to look at some random demand to write everything in a P2P architecture because DNS is too centralized. When I worked on Diaspora, I literally saw people demand stuff like that, and laughed it off. I'm trying to build a platform that exists today, not some pixie dream bullshit compromised of academic circle-jerking.
But when it comes to basic table stakes for participating in a network that already exists, things change a bit. This is especially true when you're connecting to a global network that has:
Suddenly, it makes a lot of sense to say "you know what, admins are going to want to filter this shit out, maybe it's reasonable for them to have some tools and fixtures that are part of core."
Unfortunately, these devs are the kind of people who scream angrily when someone says "Hey, this thing doesn't actually respect local image deletes / GDPR stuff / content deletion on account deletion". To me, that's fucking insane.
Emily
in reply to Eyck_of_denesle • • •Eyck_of_denesle
in reply to Emily • • •Flying Squid
in reply to Eyck_of_denesle • • •Eyck_of_denesle
in reply to Flying Squid • • •masterspace
in reply to Eyck_of_denesle • • •You don't know how social networks work. They only survive based on network effects, if they don't have the most basic functionality that users expect (like complying with privacy legislation), then they will fail to reach critical mass and be outcompeted and die.
If the devs don't want to provide the most basic functions that any user of a social network would expect, they're welcome to be downvoted to hell and have their project go back to being one of the millions of forgotten and unviewed personal github projects.
Open source projects die because it takes both technical talent and attention to your users to make a project successful, and for-profit companies often pay different people to do those.
DrCake
in reply to masterspace • • •masterspace
in reply to DrCake • • •No, it's not.
The purpose of the fediverse is to decentralize control of the network, it does not eliminate network effects in any way shape or form. At the end of the day a social network is only as valuable as the users using it and contributing content to it. If they don't find lemmy pleasant to use, they're not going to say "let me jump to mastodon" they're going to go to Reddit.
You really don't understand network effects if you think you can just sit around and wait for basic functionality and expect your network not to die.
RubberDuck
in reply to Eyck_of_denesle • • •SupraMario
in reply to RubberDuck • • •maynarkh
in reply to SupraMario • • •It does apply, but not to the Lemmy devs, but to the instance admins.
As it stands, you can't legally host a Lemmy server in either the EU or the US (or places they can reach) and federate with the 'verse at large without fear that the authorities will come after you.
SupraMario
in reply to maynarkh • • •maynarkh
in reply to SupraMario • • •SupraMario
in reply to maynarkh • • •Yeah no it doesn't.
https://gdpr-info.eu/art-3-gdpr/
Go read it ffs.
Art. 3 GDPR â Territorial scope - General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)maynarkh
in reply to SupraMario • • •Lemmy instances offer services to me as an in-EU data subject, and that makes it subject under the very Article 3/2 (a) you linked.
Since there is federation, a US-based instance would still be a data processor if it IP blocked be as coming from the EU.
I did in fact read it.
SupraMario
in reply to maynarkh • • •maynarkh
in reply to SupraMario • • •1984
in reply to chiisana • • •I disagree strongly that they are childish. They are 100% correct in what they are saying here. Also this article doesn't "highlight" their behavior, it's actually "cherry-picking" behavior that puts them in a bad light. Similar to tabloids read by the lowest iq crowds.
You don't demand anything from open source devs. You feel gratitude for what you have.
Cagi
in reply to 1984 • • •1984
in reply to Cagi • • •Cagi
in reply to 1984 • • •Eyck_of_denesle
in reply to Cagi • • •asdfasdfasdf
in reply to chiisana • • •sunaurus
in reply to asdfasdfasdf • • •The core issue here is that there are too many things to do, and too few developers to do them. By the way, for a huge number of these things that need to be done, there is most likely at least one person who thinks itâs the absolute highest priority for Lemmy. Forking would not help fix this issue, it would only make it worse.
In other words: if youâre a Rust dev, you can just fix it in Lemmy anyway, so there is no benefit from forking. If youâre not a Rust dev, then after forking, you will have a new repo to create issues on, except youâll have 0 devs to actually fix them.
sudneo
in reply to Sean Tilley • • •Honestly, what? Why would be baffling to have third party tools in this ecosystem? It would be baffling if that was the case for Facebook.
Also the devs did work on some moderation features, but they probably have tons of other stuff to work on, all for an amount of money which is a low salary for one developer.
Sean Tilley
in reply to sudneo • • •That's not the argument being made. What's baffling is to pretty much only rely on the efforts of third party devs to fill in the missing gaps. It's a profoundly bad strategy.
It's like with Bethesda releases a shitty half-finished game, and leans on the modding community to actually put in half the things that would actually make it in any way fun to play. Except Bethesda actually makes money, and the community works for peanuts. Here, Lemmy makes some money, but a huge chunk of the user community shoulders the cost out of pocket. A big chunk of the Fediverse is actually unpaid labor that brings in negative dollars month over month.
The devs have a vested interest in ensuring their project continues to grow, they continue to get funded for their work, and features on their own roadmap get planned and developed. They can't do that if the tooling is too brittle, shitty, or threadbare to actually handle the deeply fucking intense problem of managing and maintaining a server and community on the open Internet, where literally anything and everyt
... show moreThat's not the argument being made. What's baffling is to pretty much only rely on the efforts of third party devs to fill in the missing gaps. It's a profoundly bad strategy.
It's like with Bethesda releases a shitty half-finished game, and leans on the modding community to actually put in half the things that would actually make it in any way fun to play. Except Bethesda actually makes money, and the community works for peanuts. Here, Lemmy makes some money, but a huge chunk of the user community shoulders the cost out of pocket. A big chunk of the Fediverse is actually unpaid labor that brings in negative dollars month over month.
The devs have a vested interest in ensuring their project continues to grow, they continue to get funded for their work, and features on their own roadmap get planned and developed. They can't do that if the tooling is too brittle, shitty, or threadbare to actually handle the deeply fucking intense problem of managing and maintaining a server and community on the open Internet, where literally anything and everything goes. Factor in a myriad of local jurisdictions and laws about data and content, and a lot of these things end up becoming severe liabilities.
Look at it this way: with federation, a handful of volunteers themselves are doing labor for free, for the devs, by propping up their platform, client ecosystem, and reputation in the space. If this gets bad enough, people will literally say "fuck it" and walk away.
sudneo
in reply to Sean Tilley • • •I literally quoted the article:
I mean, there are some moderation features in Lemmy, for sure with gaps, but there are many gaps on other aspects as well, and if people can't run the instances due to other technical issues, there is also nothing to moderate, so obviously prioritization is complex when resources available (dev) are so limited.
That said, I really don't see the problem of third parties. We rely on third parties for one of the most fundamental features, which is community discovery (lemmyverse.net), for example. What's the problem with that? I think that's literally one of the benefits of making an open platform, where other people can build other tools in the ecosystem. We are not purchasing a service, we are not talking about an
... show moreI literally quoted the article:
I mean, there are some moderation features in Lemmy, for sure with gaps, but there are many gaps on other aspects as well, and if people can't run the instances due to other technical issues, there is also nothing to moderate, so obviously prioritization is complex when resources available (dev) are so limited.
That said, I really don't see the problem of third parties. We rely on third parties for one of the most fundamental features, which is community discovery (lemmyverse.net), for example. What's the problem with that? I think that's literally one of the benefits of making an open platform, where other people can build other tools in the ecosystem. We are not purchasing a service, we are not talking about an organization who has a substantial revenue and tons of people and can't deal with basic functionalities. We are talking about a project with a team that is smaller than the team that in Facebook deals with which colors to make buttons, and it's "paid" 1/20th of that. So I still don't understand, what is "baffling"? Because from where I stand, all things considered, it's totally normal that a project with these resources and that gained popularity less than a year ago has still tons of gaps and a long roadmap, and that tools in the ecosystem address some of these gaps.
No it's not. Bethesda is company that sells you a proprietary product while having a revenue in the order of hundreds of millions. The relationship between Bethesda customers and Lemmy users has absolutely nothing in common.
Lemmy makes no money. Considered the opportunity cost, Lemmy loses money. A single dev with a full time job can easily double the amount that Lemmy devS earn. Not to talk about the fact that the money they make are donations, without a contract bounding them to anything and also not granting them anything (tomorrow everyone could cancel donations and the income would disappear).
Sure, but again, if those were the only problems and the devs would be sipping cocktails in Hawaii splurging on those 4k/month, I would agree with you. If they think priorities are elsewhere, or are also elsewhere, they might have their reasons. In fact, in the article there is a complaint about them answering in a "hostile" manner, but I also understand that the issue in question is probably the 100th issue in a week/month in which other people tell them what they should do. This is a regular problem in OSS (See https://mastodon.uno/@bagder@mastodon.social - the maintainer of curl - for plenty of examples).
After they understood better what's the problem, their stance changed as well, which is also reasonable.
I don't look at it in this way at all. I think the devs made it extremely clear (even given the political stance of both) that despite the happiness of seeing their project flourish, they have no interest in growth as an end. In fact, I would say that nobody is doing work for the devs. But I see that we have a fundamentally different perception on the dynamics in Lemmy, so I see no reconciliation between our opinions.
daniel:// stenberg:// (@bagder@mastodon.social)
MastodonVirtualOdour
in reply to sudneo • • •Anders Rytter Hansen
in reply to Sean Tilley • •Fediverse reshared this.
Quokka
in reply to Anders Rytter Hansen • • •like this
Anders Rytter Hansen likes this.
RubberDuck
in reply to Quokka • • •Quokka
in reply to RubberDuck • • •RubberDuck
in reply to Quokka • • •Quokka
in reply to RubberDuck • • •Actually it is :)
Not located in the EU, not targeting the EU, and under 250 employees means no GDPR to worry about.
https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en
Who the General Data Protection Law applies to
European CommissionRubberDuck
in reply to Quokka • • •From your link:
- a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.
A social networks core purpose is processing data, processing of data does pose risks to people.
I doubt that privacy watchdogs will pursue smaller instances, but pretending it never applies could lead to legal issues.
Quokka
in reply to RubberDuck • • •Eh i still dont think itd hold up.
But more reason to hate European arrogance. Imagine if i could go to say your blog, comment my name and address, and sue you for not going into your database and scrubbing it all. Just another way to benefit big companies at the expense of individuals who dont have the tech skills to comply but want to run their own personal sites.
RubberDuck
in reply to Quokka • • •Such an ignorant stance. Privacy is an individuals RIGHT. It should have been the defacto stance for everything.
You allowed the corporate fuckery to cloud your thinking it is too much to ask for. It isn't. And GDPR compliance is usually straightforward.
If the blog platform in your example had an option to "delete my account" and it would then completely scrubbed this would be plenty compliant probably. As would the option for people to comment without storing anything but the comment.
Quokka
in reply to RubberDuck • • •It is, which is why you have the RIGHT not to use a public space and push your information out to millions of people. You explicitly agreed to it the second you started doing it.
And if it didnât? If itâs just a simple piece of software made by two people? Should they drop everything to cater to European demands?
Europe invaded the world, then turns around and tells the world to respect its self imposed rule it enforces on others. We canât even host our own space on the internet without you invading and threatening us to operate your way. The only safety we apparently have is in our small size means we might escape notice.
Itâs utter arrogance.
RubberDuck
in reply to Quokka • • •Europe funds them. Check where they got their money.
Requiring people (yes also tankies devs) to respect human rights as outlined in many treaties is not a fringe stance.
The GDPR was implemented to require entities to respect human rights by giving privacy watchdogs some teeth. It's not some strange law people made because they felt like it. It is apparently needed because privacy is just some silly concept to some people.
If you don't understand all of that, maybe just sit down and be quiet.
sudneo
in reply to RubberDuck • • •RubberDuck
in reply to sudneo • • •Fair point, it also requires privacy by design though.
And again, why not invest some time into actually respecting privacy. Storing all sorts of info through a framework that is not needed. And at least discuss what is needed and for how long.
It is a work in progress, but there is no need to be hostile about these requirements by people against these rules.
sudneo
in reply to RubberDuck • • •I am sure that for such small shops it's trivial to explain that resources are extremely limited, I don't see any data protection authority actually pursuing anyone based on the lack of privacy by design.
The point is, nobody is forcing you to deploy the software as is, and technically anybody could write tools that bridge the gaps in the software. If the software does not offer data deletion, any instance admin could have identified this gap (a risk assessment for data collection is also needed technically) and wrote a script that would allow to satisfy data deletion requests or anything else that would have made them comply.
That said, I agree that these features are important. I do not agree that they are what the devs should work on right now, or that at least it takes some convincing to convey the fact that these are important features for instance admins to be compliant and for users (in general).
I also get the point about the "I am not taking your word for it" approach. Look how many people in this thread talk about GDPR without actually understanding who is
... show moreI am sure that for such small shops it's trivial to explain that resources are extremely limited, I don't see any data protection authority actually pursuing anyone based on the lack of privacy by design.
The point is, nobody is forcing you to deploy the software as is, and technically anybody could write tools that bridge the gaps in the software. If the software does not offer data deletion, any instance admin could have identified this gap (a risk assessment for data collection is also needed technically) and wrote a script that would allow to satisfy data deletion requests or anything else that would have made them comply.
That said, I agree that these features are important. I do not agree that they are what the devs should work on right now, or that at least it takes some convincing to convey the fact that these are important features for instance admins to be compliant and for users (in general).
I also get the point about the "I am not taking your word for it" approach. Look how many people in this thread talk about GDPR without actually understanding who is the data controller/processor and who has to be compliant. I can only imagine the amount of uninformed people who open issues and waste time for already busy devs. We are seeing the couple of examples that the article picks, we are not seeing the rest of issues which justify this harsh approach.
The way I see it, having certain features implemented in the Lemmy software is one way to ease compliance for admins, and they should just upvote the issue and explain why it's important for them, possibly even adding a bounty to the feature. OP's approach doesn't seem this and it's much closer to demand stuff, as if the compliance responsibility was on the devs and the donation were some sort of reason to make them work on what other people want.
maynarkh
in reply to Quokka • • •Murvel
in reply to Sean Tilley • • •Lemmy devs being man children when confronted with GDPR compliance.
And if Lemmy if supposed to better Reddit in basic fucking decency then GDPR is absolutely crucial.
Jumuta
in reply to Murvel • • •SupraMario
in reply to Jumuta • • •You can't and this is a shit article...the GDPR doesn't apply to instance outside of the EU....
https://www.dickinson-wright.com/news-alerts/what-usbased-companies-need-to-know#:~:text=The%20GDPR%20even%20applies%20if,language%20of%20an%20EU%20country%2C
Literally people using the GDPR like it's some gotcha thing for admins. If nothing is sold or offered to be sold and their is no financial gain it's not going to apply. On top of that good luck suing a FOSS dev.
Edit: that downvote button does jack shit on Lemmy people. If you think I'm wrong why not prove that I'm wrong...and why a bunch of law firms are wrong as well.
What US-Based Companies Need to Know About the GDPR, and Why Now? | Insights | Dickinson Wright
www.dickinson-wright.commaynarkh
in reply to SupraMario • • •It absolutely does, if the company processes data of EU residents. The US enforces GDPR themselves, as they have signed an agreement to do so. To be clear, this means that according to US law, if you are a US web host, you can abuse US customer data and the FBI will not come after you, but if you do so with EU customer data, US authorities will come after you on behalf of the EU.
Yeah it does, as soon as you are providing a service, if you have a user from the EU that's not you, it applies. And while GDPR fines are defined in a revenue percentage, there is a minimum of "up to 10 million EUR" for a violation.
... show moreNobody is getting sued. EU data prot
It absolutely does, if the company processes data of EU residents. The US enforces GDPR themselves, as they have signed an agreement to do so. To be clear, this means that according to US law, if you are a US web host, you can abuse US customer data and the FBI will not come after you, but if you do so with EU customer data, US authorities will come after you on behalf of the EU.
Yeah it does, as soon as you are providing a service, if you have a user from the EU that's not you, it applies. And while GDPR fines are defined in a revenue percentage, there is a minimum of "up to 10 million EUR" for a violation.
Nobody is getting sued. EU data protection agencies don't "sue" people and companies. They fine them. The difference is that a lawsuit is a process where at the end you might need to pay money, but you mostly settle. A GDPR fine looks like you get a letter saying you need to pay an amount, if you want to appeal, you can do so after paying.
And it's not the devs that will be getting these fines, it's instance admins.
yamanii
in reply to maynarkh • • •RubberDuck
in reply to yamanii • • •maynarkh
in reply to yamanii • • •SupraMario
in reply to maynarkh • • •No it does not, the instances are free, no one is making money off user data or selling anything to the user. It does not apply period.
... show moreNo it does not, if you do not sell anything to anyone or offer any services or make any money it doesn't apply. Stop repeating bullshit.
No it does not, the instances are free, no one is making money off user data or selling anything to the user. It does not apply period.
No it does not, if you do not sell anything to anyone or offer any services or make any money it doesn't apply. Stop repeating bullshit.
Good luck fining a host admin, of a foss instance. I don't know why you think that any admins of instances will be getting fined if they're not selling anything. You need to read up on the GDPR.
Again, no they will not.
maynarkh
in reply to SupraMario • • •As per official EU communication:
Lemmy instances are entities that offer free services and are arguably monitoring the behaviour of individuals in the EU through federation. From the perspective of the GDPR, there is no difference between Facebook and a Lemmy instance regarding what they can or cannot do, or whether they get fined for something.
You need to read up on the GDPR yourself.
SupraMario
in reply to maynarkh • • •maynarkh
in reply to SupraMario • • •Usernames at the very least, as online identifiers.
And they don't need to be sold, just retained. GDPR applies even if there is no payment anywhere, even to non-commercial entities.
SupraMario
in reply to maynarkh • • •maynarkh
in reply to SupraMario • • •What do you think an online identifier is then? And why would the GDPR only apply if there is money made? It specifically says in multiple places free services also count.
Dame
in reply to SupraMario • • •User Generated Content and the Fediverse: A Legal Primer
Electronic Frontier FoundationSupraMario
in reply to Dame • • •Maalus
in reply to SupraMario • • •Why are you trying to be an authority on GDPR without even reading about what it is?
GDPR applies to all personal data of people currently in the EU. If you have a service that uses data from a person in the EU, you need to comply with it. It's not some "gotcha" law which goes in effect once you make money.
SupraMario
in reply to Maalus • • •What personal data is a Lemmy instance holding onto?
I'm pointing out how much bullshit is being spread in this damn thread by people who don't understand the law. You're the same damn users who get pissy with forums and demand action be taken using a law you don't understand.
Maalus
in reply to SupraMario • • •SupraMario
in reply to Maalus • • •Maalus
in reply to SupraMario • • •SupraMario
in reply to Maalus • • •What part of personal data do you not understand? Lemmy instances are no processing any personal data
And the link I provided has already stated this, but here it is again.
https://www.dickinson-wright.com/news-alerts/what-usbased-companies-need-to-know#:~:text=The%20GDPR%20even%20applies%20if,language%20of%20an%20EU%20country%2C
What US-Based Companies Need to Know About the GDPR, and Why Now? | Insights | Dickinson Wright
www.dickinson-wright.commaynarkh
in reply to Jumuta • • •RubberDuck
in reply to maynarkh • • •No, if you collected the data and shared it with others, simply informing the others is not enough. This is why the platform needs tools for admins to comply.
A proper method, that allows the users to nume their account could already be enough.
maynarkh
in reply to RubberDuck • • •RubberDuck
in reply to maynarkh • • •I get that, but this is where it gets tricky. As "there is nothing we can do" was the number one reason used under the law predating the GDPR. So in the GDPR there is a stipulation that you stay responsible or share responsibility with the other party If you share the data. Because large companies used this to send data through clearing houses allowing them to hash their hands.
GDPR is really the cranky brother of its predecessors, because there was so much fuckery going on.
And while I doubt Admins will be a prime target for privacy watchdogs, it is good that they also have to think about the privacy of their users. Since privacy is a basic human right.
maynarkh
in reply to RubberDuck • • •Oh, that's actually neat. But at the same time, that means every instance owner is responsible for the whole of the Fediverse.
I can imagine that would mean non-compliant instances will get defederated at some point? Or ActivityPub will get some compliance features? It's not like the EU is unaware of the Fediverse, they are the main monetary supporters behind Lemmy.
RubberDuck
in reply to maynarkh • • •I have no clue how jurisprudence would turn out. But keep in mind, this is not about the posts people make. The framework just needs to collect/store as little information as possible that can be considered PII. And it should have a way to remove it.
If Deleting your account results in the PII actually being removed (username, ip address, other profile info, whatever data is stored under the hood) and these removals actually get federated.. there should not be an issue.
Then admins maybe have to do something if people start posting PII as messages, but that would probably be doxing and up for removal anyway.
So mainly the issus boil down to:
- is there a way for people to scrub their account
- does the scrubbing remove all the data
- is the platform clear about what data is being collected and is all collected data actually needed
maynarkh
in reply to RubberDuck • • •RubberDuck
in reply to maynarkh • • •There is plenty of jurisprudence and clarity needed, so..... maybe. Hence the importance for the framework itself to be as GDPR compliant as possible and not store PII if not nessecary and remove it once no longer nessecary. (Storing someone's IP for login, and post validation, bans etc should be limited to the period that makes sense, not infinitely.)
And in your example, the 'malicious' part of the 3rd party probably makes it different. Maybe then it is a dataleak.
RubberDuck
in reply to Jumuta • • •Sean Tilley
in reply to Sean Tilley • • •rglullis
in reply to Sean Tilley • • •I know you said it is a brain dump, but your follow up still seems mostly an emotional reaction to how the devs responded rather than a reasoning synthesis process.
E.g, your "Where Fediverse Software Differs", it seems like you want to pay off the set up you've placed in the previous paragraph (about the difficulty of being an open source developer), but this payoff never comes and instead you end up the argument with "The feature requests valid, and the devs responded like dicks".
Even if we take "the feature request was valid" for granted, it does not follow that the devs must act on it right away. If the Lemmy devs acknowledged the issue and said "You are absolutely right and we strongly advise anyone hosting an instance in the EU if they are worried about GDPR", then what? Do you think that whoever wrote the "perfectly valid feature request" should still be pushing for making it a higher priority? On what grounds?
Also:
... show moreI know you said it is a brain dump, but your follow up still seems mostly an emotional reaction to how the devs responded rather than a reasoning synthesis process.
E.g, your "Where Fediverse Software Differs", it seems like you want to pay off the set up you've placed in the previous paragraph (about the difficulty of being an open source developer), but this payoff never comes and instead you end up the argument with "The feature requests valid, and the devs responded like dicks".
Even if we take "the feature request was valid" for granted, it does not follow that the devs must act on it right away. If the Lemmy devs acknowledged the issue and said "You are absolutely right and we strongly advise anyone hosting an instance in the EU if they are worried about GDPR", then what? Do you think that whoever wrote the "perfectly valid feature request" should still be pushing for making it a higher priority? On what grounds?
Also:
shouldn't ever be used as an excuse to justify free labor from developers. This is not Self-Loathing and Display of Low Self-Steem Olympics. Anyone that comes to me with a "I'm not gaining anything from my work" argument will promptly receive "The fact that you can not establish boundaries and are martyring yourself is not my problem" as a response.
The fact that developers of FOSS software project are able to tell users "If you want something done, you need to give us the resources or do it yourself" should be lauded, not criticized or be seen as "dicks".
If instance owners are dealing with bad users "and not getting paid for it", they can do two things: close down the instance, or put proper boundaries and tell what they are willing and not willing to do for free. Alternatively, they can do what I do and make the relationship explicitly transactional: I'm more than willing to work a lot to solve my customer's problems, but this is only after they actually paid me for it. The fact that I only accept paying customers makes my instance noticeably easier to manage. Even if I'm charging way less than what some people would donate to their favorite instance, the fact that all the users from the instances are paying make for an excellent filter.
This "donation-based" approach needs to change. Mastodon has no problems with "optics", and its "Founder and CEO" is reportedly making 30000⏠as yearly salary. This is ridiculously low. This is less than what an intern makes at Facebook. The three Lemmy devs are sharing less than 4kâŹ/month. You can make more money by working part-time on Uber Eats. To think that this is enough to claim "they are making some money" is frankly absurd.
If society in general is so tired of exploitative Big Tech, society needs to give a strong signal that it's willing to pay for the alternative. If we don't want to have the most brilliant minds of our generation working on how to optimize the amount of ads that you get to see online, then we need to show that those building better solutions can be properly rewarded. It's not up to the developers to try to build out everything perfectly and then go around begging for people for breadcrumbs and their seal of approval.
To sum up: I'm not saying that developers need to be worshipped because they can do what others can't. I'm also not saying that the Lemmy devs were right in how they communicate with its users, but I am saying that they are absolutely right in establishing their priorities and not let their work be dictated by someone that is not putting any Skin on The Game.
Community is not enough
Raphael Lullislaverabe
in reply to rglullis • • •rglullis
in reply to laverabe • • •I am not sure I'd be using any mass communication platform that is primarily developed and/or funded by any government.
But anyway, I really don't like to use hypotheticals as an excuse to not take action. Yes, it would be better if there was more public support for open source. But it doesn't. Should we just shrug our shoulders and do nothing on our own? Why give away our agency?
spaduf
in reply to rglullis • • •One could argue you're using one now.
VirtualOdour
in reply to laverabe • • •Personally I believe that yes open source should be created by governments for the global good, that open source should be created by people studying PhDs and that community commons projects should be part of schooling with students learning how to use and contribute to them.
However the main brunt of open source should be created by people who simply want it to exist because we will always outnumber and outperform government workers and students.
Personally I would love to see a world where contributing to community projects is something everyone does as part of their life, not only because it'll create more open source but because I think it'll be a much healthier community if we stop seeing everyone else around us as competition and start seeing them as fellow workers in the project to improve life for all.
goferking0
in reply to Sean Tilley • • •I can't imagine why the devs or others wouldn't be receptive when that's how you start off
onlinepersona
in reply to Sean Tilley • • •I don't agree with the tone of the Lemmy devs, but they are right: it's opensource being worked on mostly in the free time of people. Do not treat the devs like they are paid to do your bidding, because they aren't. If you donated and have expectations, you don't understand the meaning of a donation.
Imagine if the author had a woodworking workshop on their compound where they made things out of wood; figurines, furniture, tools, sculptures, and so on. Say they opened it up to the public so that guests could have a look, play around, spend some free time there, and maybe even use the equipment there. But then guest started demanding the author buy newer equipment, make sculptures more to the guest's liking, made the workshop more accessible to invalids, put up the national flag, play the radio, and a host of other things. All the while not footing the bill for anything, not helping clean up, not volunteering to help in any fashion.
... show moreThen the author refused and invited the guests to help. But instead, the guests went off and made a blog saying the author was selfish, cold,
I don't agree with the tone of the Lemmy devs, but they are right: it's opensource being worked on mostly in the free time of people. Do not treat the devs like they are paid to do your bidding, because they aren't. If you donated and have expectations, you don't understand the meaning of a donation.
Imagine if the author had a woodworking workshop on their compound where they made things out of wood; figurines, furniture, tools, sculptures, and so on. Say they opened it up to the public so that guests could have a look, play around, spend some free time there, and maybe even use the equipment there. But then guest started demanding the author buy newer equipment, make sculptures more to the guest's liking, made the workshop more accessible to invalids, put up the national flag, play the radio, and a host of other things. All the while not footing the bill for anything, not helping clean up, not volunteering to help in any fashion.
Then the author refused and invited the guests to help. But instead, the guests went off and made a blog saying the author was selfish, cold, self-centered, egoistic, rude, and what not.
This is what the author of this article and people in that github discussion come over as. If those people came into my workshop and told me how to do things without helping out in any way, I'd rightfully tell them to fuck right off.
Articles like these that are practically demanding change will not and do not improve the dialogue. They are actually bad for opensource as a whole because they give people who don't understand opensource the feeling that they have the right to complain, the right to demand, the right to expect, the right to be entitled to an opinion and an outcome.
That's a thumbs down from me dawg.
CC BY-NC-SA 4.0
CC BY-NC-SA 4.0 Deed | Attribution-NonCommercial-ShareAlike 4.0 International | Creative Commons
creativecommons.orgMaalus
in reply to onlinepersona • • •onlinepersona
in reply to Maalus • • •Beautiful example of a commercial company selling products to customers đ My questions to you:
CC BY-NC-SA 4.0
CC BY-NC-SA 4.0 Deed | Attribution-NonCommercial-ShareAlike 4.0 International | Creative Commons
creativecommons.orgMaalus
in reply to onlinepersona • • •onlinepersona
in reply to Maalus • • •Ah, I see. You're answering your own questions with the answers you like. Do you even need me to agree with yourself?
Let me guess: "no".
If you want to read your opinion typed by somebody else, I suggest you get a secretary. I'm not here to indulge in your fantasy.
CC BY-NC-SA 4.0
CC BY-NC-SA 4.0 Deed | Attribution-NonCommercial-ShareAlike 4.0 International | Creative Commons
creativecommons.orgMaalus
in reply to onlinepersona • • •QuaternionsRock
in reply to onlinepersona • • •Of course the Lemmy devs arenât liable for GDPR violations; the admins are. That doesnât eliminate the problem, though: if the Lemmy devs wish to see their software used as it is now in the long term, they need to introduce GDPR compliance tools. We should consider it gravely concerning that bad actors (e.g., a Reddit employee) can set up Lemmy admins for a massive GDPR suit at any moment.
Edit:
I know itâs a stereotype around here, but not everybody on Lemmy is a programmer with free time.
hamid
in reply to Sean Tilley • • •Oh hey it's the article that drove me to become a sponsor of the lemmy project, for every demand and complaint there are many of us who are in solidarity with Lemmy devs and I'm happy to provide material support. This isn't a business and this is a website to use for fun. There is no way GDPR would ever apply to this, it would require a complaint with merit and the instance owners to refuse to cooperate. There are no enforcement actions on GDPR against private individuals that don't also include criminal charges in the EU. You can literally look up every GDPR enforcement action.
Also it's March not February
GoodEye8
in reply to hamid • • •hamid
in reply to GoodEye8 • • •GoodEye8
in reply to hamid • • •hamid
in reply to GoodEye8 • • •Apply meaning being applied to you by a human regulator regulating a lemmy instance. This will never happen.
Again, look up the enforcement actions again the private individuals who got pinned for GDPR, they have all also been tried in Spanish and Portuguese courts for other criminal offenses that had the regulators take a look at them and what they are doing. There are actual GDPR offenses that never get regulated. The company I work for literally just ignores it and no one has ever found out. Why? Because we made the risk assessment of a EU citizen actually having a problem, suing us, then having a regulator contact us, and then actually begin investigating us to levy a fine is actually really low despite the fact you think EU regulators are somehow omniscient. The fact that you think they're going to regulate a Lemmy instance is just not grounded in reality. It is concern trolling.
Maalus
in reply to hamid • • •hamid
in reply to Maalus • • •Maalus
in reply to hamid • • •hamid
in reply to Maalus • • •I'm certain that report would most likely not lead to an investigation. Again, you can only get fined if you refuse to cooperate, why wouldn't the instance owner just cooperate? There is nothing at stake here, there is no money being made on this.
You don't really know what you are talking about, these aren't Youtube copyright strikes. These are auditors and regulators who are disorganized, understaffed and underfunded, like every government agency in the world, who deal mostly with huge enterprises. All audits and regulations are a risk assessment and anyone who understands the actual risks can make a decision if they want to host or not. As someone who deals with auditors and regulators a lot, and understands risk and risk assessments, I would totally feel extremely comfortable hosting a Lemmy instance despite the software having some limitations.
But you have a child's understanding of the world and the law and are just a concern troll.
Maalus
in reply to hamid • • •