Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.
- Deleted comments remain on the server but hidden to non-admins, the username remains visible
- Deleted account usernames remain visible too
- Anything remains visible on federated servers!
- When you delete your account, media does not get deleted on any server
This is a big issue because in the EU you have the right to remove your data. It could make Lemmy illegal in the EU
https://github.com/LemmyNet/lemmy/pull/3208 there’s already a pull request, it’s being fixed soon.
Yeah. GDPR §7 is very clear on that. And the removal must be facilitated by the original data collection point - so e.g. Beehaw is liable that all other servers delete the personal data if Beehaw willingly distributed the data there. (It gets more interesting because Data transfer from a EU to a non-EU server is also basically impossible and of course the initial server would need a data transfer agreement with all following nodes)