Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.

  • morrowind@lemmy.ml
    link
    fedilink
    arrow-up
    34
    arrow-down
    4
    ·
    10 months ago

    At this point, most of the solutions the ecosystem has relied on have been third-party tools, such as db0’s fantastic Fediseer and Fedi-Safety initiatives. While I’m sure many people are glad these tools exist, the fact that instances have to rely on third-party solutions is downright baffling.

    I’m not sure I see the issue here, what’s the point of an open ecosystem if you don’t make use of any third party tools? Fedi-safety in particular feels like it should not be part of the core project

    • Sean Tilley@lemmy.mlOPM
      link
      fedilink
      English
      arrow-up
      43
      arrow-down
      12
      ·
      10 months ago

      There’s nothing wrong with having good third-party tools, that was not my point. db0 in particular has done some amazing, amazing work.

      What’s fucked, however, is having a project:

      • whose core infrastructure only offers the most threadbare tools
      • there’s zero consideration from development on privacy, user safety, or basic controls to handle when shit hits the bed
      • the devs are stone silent when waves of CSAM crash through instances
      • they openly mock people or say they’re “too busy to do this” when it comes to meeting the most basic expectations of how a social platform ought to work.

      Like, this is not an attack on Lemmy itself, I think the platform can be a real force for good in the Fediverse. But let’s be honest, this project is not going to live very long if nothing changes.

      Basic things like having the ability to easily remove images from storage should be part of the core platform. The fact that this still isn’t a thing even four years into the project is insane.

      • DieguiTux8623@feddit.it
        link
        fedilink
        arrow-up
        21
        ·
        10 months ago

        The first time some random user files a sue in court the admins of their instance will be in trouble.

        Lemmy devs are not affected, but instance admins are and according to the GDPR they are considered “data controllers” and are responsible for the processing of users’ data.

        As far as I understand it, this lacking feature is an open “challenge” to existing regulation and legislators, maybe also to open people’s eyes about the fact that privacy claims are often not enforced even by those who claim to do so.

      • nutomic@lemmy.ml
        link
        fedilink
        arrow-up
        23
        arrow-down
        9
        ·
        10 months ago

        Its simply not true that we have zero consideration for privacy or user safety. But that is only one aspect of Lemmy, we also have to work on many other things. And we werent silent during the CSAM wave, but most of it was handled by admins and all the related issues are long resolved. Lemmy has 50k active users, its obvious that we are too busy to work on every single thing that some individual user demands.

        There is a reason that Lemmy still has version 0.x. If you have such high demands then you shouldnt use it, and switch to another platform instead. And yes you are clearly stoking an attack against Lemmy, I wonder why you hate our project so much.

        • Sean Tilley@lemmy.mlOPM
          link
          fedilink
          English
          arrow-up
          17
          arrow-down
          11
          ·
          10 months ago

          Look, no one is ungrateful for the work you and Dessalines are doing. I get it - I helped run a large-scale federated open source social network over a decade ago. It’s an amazing, incredible experience - but, it’s also grueling, demanding work, and community members and users can be incredibly fickle. Especially when it comes to living off of donations, and having to carve out a technical stack all by yourself. That shit is hard.

          Here’s the thing: your users, your community, your efforts in general, pretty much ride or die by the people who run instances of your software, advocate for your platform, and develop apps and tools for your ecosystem. If something is broken at a foundational level, it’s ultimately your responsibility to decide what to do about it.

          Code is not the only fruit of someone’s labor here. Your community is doing a lot of labor for you too, and making even less money doing so. At some point, if people don’t think their needs are being met to keep running their communities and stave off the worst of the worst, it’s going to tank people’s confidence. People will leave. And they’ll talk on the way out. Optics matter.

          I’m not saying you have to drop everything to accommodate some random concern right away. But some of the responses you’ve given to people that had reasonable asks, that had reasonable use-cases in ensuring smooth operations of instances in compliance of laws…some of your reactions are terrible.

          If your default when someone asks you about GDPR compliant features is to scream at people, demand that they do the work for you, make excuses that you’re too busy, or belittle someone because you disagree with someone, you’re doing community management ass-backwards, and you’re burning away community goodwill every time you do it. It’s hostile and demoralizing, and people will come to resent you for it.

          If you have such high demands then you shouldnt use it, and switch to another platform instead. And yes you are clearly stoking an attack against Lemmy, I wonder why you hate our project so much.

          See, this is exactly what I’m talking about. Someone asks for something, points out problematic behavior, gives feedback on how something could be better, and you lean into the myopic belief that this is somehow an attack or an effort to undermine you. My brother in Christ, if there is any ill-will towards how you do things, it is because of your own behavior, not on the merits of your project, your political alignment, or who you are as a person.

          I don’t hate your project, but you need to pull your head out of your ass, and realize that you’re dropping the fucking ball on trust and safety. People hosting instances aren’t going to stick around forever if you keep defaulting to hostility.

        • PenguinCoder@beehaw.org
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          5
          ·
          10 months ago

          There is a stark difference between closing an issue and actually resolving the problem. You’re right; lots of those issues are closed. The identified problems remain and don’t go away merely because you close an software repo issue on it.

        • PenguinCoder@beehaw.org
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          1
          ·
          10 months ago

          the Fediverse may not be for you. You’re probably better off over some place else,

          Just going to leave this here. Pretty sure this user knows about the fediverse quite a bit more than you’re assuming.

        • Sean Tilley@lemmy.mlOPM
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          8
          ·
          10 months ago

          You’re not wrong to feel irked by this. However, if that’s the case, the Fediverse may not be for you. You’re probably better off over some place else, like Reddit or Bluesky, where decisions are taken centrally, investor money is driving development, and there’s a manager to complain to.

          Thanks for the laugh, I’ve been on the network for almost the entirety of its lifetime and witnessed every development and major change. I’ve even helped run a major project in the early days.

            • Sean Tilley@lemmy.mlOPM
              link
              fedilink
              English
              arrow-up
              9
              arrow-down
              1
              ·
              10 months ago

              Perhaps you could enlighten me on what Fediverse software does take “privacy, user safety, or basic controls to handle when shit hits the bed” into consideration, because I can’t think of any; they all just expect every other server in the network not to be malicious.

              Friendica, Hubzilla, Streams, tentatively Bonfire, Pixelfed, PeerTube, Akkoma. Off the top of my head.

    • eveninghere@beehaw.org
      link
      fedilink
      arrow-up
      14
      arrow-down
      1
      ·
      10 months ago

      There’s no guarantee on third party tools continuing to work with Lemmy. Something as critical as deleting images, which can cause problems like revenge porn and such, must be given priority by the official project.

        • eveninghere@beehaw.org
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          10 months ago

          Lemmy providing an open API does not mean that third parties maintain compatibility forever. (Edit: for example, what happens if the third party app gets taken away by a malicious maintainer? Or becomes buggy, or un-maintainable, project dies, etc.)

          I don’t want to upset you, but I think I have to say this for the sake of the community. The attitude like “we provide an API, so third parties will follow,” is what is causing instance admins’ distrust in the first place.