rglullis

To my understanding, the key part is that you are supposed to disclose any type of information that you are sharing with third-parties through back channels.

If you set a third-party tracking cookie on your site, then yes, the third-party can use the cookie to correlate users from different sites. But if you do what you just did and place a image that displays the IP, how can any third-party access this information? You have my IP and a request log, so what? Is there any way that another Lemmy instance can use this to identify me?

On the fediverse, every comment, every vote, every moderator action is completely public, and tied to the username.

And distribution/collection of public information is not what the GDPR is trying to regulate!

Skin in the Game is about showing that you are willing to accept the risks and costs of standing up to your values. This is a separate thing from "I will only give money to X if they are willing to be subjected to my personal purity test".

I am not saying that donating to me specifically would be a display of SITG. You (and by you I mean "anyone that wants to keep using Lemmy but is worried about potential GDPR violations") could, e.g:

• get a lawyer to work and make a real assessment of the legal liabilities for admins and users in the EU.
• take initiative to pool together resources to find other Rust developers who could work on the Lemmy source code, pay them instead.
• contribute to a competing project to signal to the Lemmy devs that this is important.
• go ahead and tell the Lemmy devs "I am willing to contribute to your work specifically to reach the GDPR-compliance milestone"

The offensive part of your previous post is not that it makes the donation conditional on a milestone, but just you came as someone who is trying to use money as a way to control my behavior. You basically said "I don't like what you did before, so I will only support you for something that I do like if you disown your previous actions". This is completely removed from SITG and reminiscent of a struggle session.

User generated content != PII.

Like, when Threads joins, what’s stopping them from swallowing all your user’s data?

What's stopping you (or anyone else) to just bypass authorized fetch and swallow the data stream from anyone?

This seems like a post for !lemmy_support@lemmy.ml...

Anyway, this is a known issue. You don't need to login every time. Just reload the page and it will show you logged in again.

Ok, so now you know, and you can share and/or help.

People think GDPR is some magic spell that can be used to stop bits from being transmitted around the Internet.

It's not. It's just a set of instructions regarding what online services are supposed to do with the data of European users interacting directly with their servers. To be "GDPR compliant", all instance admins need to be able to do is:

1. tell their users what PII they need to collect for their service.
2. ask for consent to share this PII with other parties.
3. remove any PII upon the user's request from their servers.

I'm reasonably certain that I can satisfy these regulations.

• I don't share any PII with other parties (not even analytics of any kind), so I don't even need that stupid EU cookie pop-up on my website.
• The only PII I need to collect is their username. Even email address is optional.
• People only get access to my instance by signing up to Communick, so they need to accept my privacy policy.

There is nothing in the law that says "if someone screams Gee-Dee-Pee-Arrr three times in front of their phone, their data becomes radioactive and must disappear from the Internet in 48 hours or the instance owner will pay 100 million euros + 3 pints of blood from their unborn first child"

The last time I advertised something here, I got banned by the mods from LW.

Anyway, now you know it as well. If you think that this is a worthy effort, what are you going to do about it besides commenting here?

• It would be separate from Fediverser. I'm just mentioning because by working on it I learned enough about Lemmy's API and database to know that I can create a management dashboard that can work with the Django admin.
• alien.top is not mirroring posts anymore. The reason I am not working on the two-way bridge is (surprise!) because no one who expressed interest in it has shown up to support it as well.
• If you are offering donations on the condition that I do something that satisfies your expectations, it's not a donation. I'm not here to chase people around the internet for $4/month. If you want to hire me to do your bidding, my consulting fee is 250€/hour. Pay me that and I can do the monkey dance. Please don't ever come to me or anyone else with "do this and I will contribute". It's downright offensive.

Tagging @maltfield@monero.town because I forgot that mentions only work in comments...

For large instances, it’s not “just a single query”. You also can’t miss anything, so photos and similar - if they have uploaded something.

So, you went from "all instances are liable" to "big instances won't be able to handle it". Not only you just moved the goalposts, you are also missing the point of the Lemmy devs: if compliance with GDPR is problematic only for instances that are so big to the point that the volume of requests can not be manually processed, then it's not something that should be a concern for the developers of the main software and the cost to implement such a thing should be born by the admins themselves!

Also, does your instance have a cookie prompt?

Cookie prompts are only required if you have tracking cookies, which I don't have on my website or any of the instances I run. Cookies used for authentication or basic functionality (let's say to store the user preference for dark mode) are not tracking the user across multiple sites and therefore do not fall into the requirements for disclosure.

Edit: downvoting without a response serves only to show how lost you are in your argument. You spent the best part of the last two days fueling the mob and throwing accusations at the devs and basically making them criminally irresponsible and now you can't even support the premise that EU instances are somehow not able to comply with the law.

Let's play it out. I have a commercial instance based on the EU, I have a handful of European citizens who I have processed data.

If any of them tells me they want to delete their data, I can run a script that delete all their data from the database. If they want me to tell you what data I collected from them, it's another data query away.

Please do tell me exactly what is illegal about it.

If you don't mind me asking, how much are your current costs? My infra for managed hosting is way over-provisioned. If you are using your instance just for yourself, send me a DM and we can work out a deal.