How to Kill a Decentralised Network (such as the Fediverse) écrit par Ploum, Lionel Dricot, ingénieur, écrivain de science-fiction, développeur de logiciels libres.
A warning and a perspective from an insider who has been through this before.
I wouldn’t assume the EU would necessarily be interested in protecting the Fediverse. Legislation like the GDPR is very much oriented towards working with corporate entities and the open Fediverse model is generally at odds with the right to be forgotten (since it’s effectively impossible to ensure all copies of a user’s data are deleted - I don’t even think it’s possible to determine which nodes may have a copy of a year old post).
Couldn’t the protocol be updated to be more compliant with the right to be forgotten? Something like, when a user deletes a comment it gets deleted from the DB of every federated instance. Sure enough, admins might have made backups and that would theoretically go against the GDPR but still… you can only apply these laws to a certain extent. It’s the same as you posting a picture on Facebook, me downloading it and you deleting it afterwards. Even if you were to make a GDPR request to Meta you still couldn’t get the picture on my PC. But that’s not Meta’s fault, they can’t do much about that.
The right to be forgotten can be argued as being even stronger in the fediverse.
Yes, you can’t delete the content that you created, but you can delete the account associated with them, edit them, etc. with far more control than any corporate system gives you.
No there isn’t a button to just “delete all things related to me” as some people want, but that wasn’t what the right to be forgotten was about.
People knew the technical limitations of it from the start, the problem was that when users would take actions they thought deleted their content, private code would very much not delete it.
I assume the parent commenter referred to the EU because they seem to be the only governing body on the planet with enough influence and an actual desire to actually stand up to major corporations. The US sure ain’t going to be doing it, and the list of other options is essentially zero, so that’s the only hope we have in terms of legal protections or regulations.
I wouldn’t assume the EU would necessarily be interested in protecting the Fediverse. Legislation like the GDPR is very much oriented towards working with corporate entities and the open Fediverse model is generally at odds with the right to be forgotten (since it’s effectively impossible to ensure all copies of a user’s data are deleted - I don’t even think it’s possible to determine which nodes may have a copy of a year old post).
Couldn’t the protocol be updated to be more compliant with the right to be forgotten? Something like, when a user deletes a comment it gets deleted from the DB of every federated instance. Sure enough, admins might have made backups and that would theoretically go against the GDPR but still… you can only apply these laws to a certain extent. It’s the same as you posting a picture on Facebook, me downloading it and you deleting it afterwards. Even if you were to make a GDPR request to Meta you still couldn’t get the picture on my PC. But that’s not Meta’s fault, they can’t do much about that.
The right to be forgotten can be argued as being even stronger in the fediverse.
Yes, you can’t delete the content that you created, but you can delete the account associated with them, edit them, etc. with far more control than any corporate system gives you.
No there isn’t a button to just “delete all things related to me” as some people want, but that wasn’t what the right to be forgotten was about.
People knew the technical limitations of it from the start, the problem was that when users would take actions they thought deleted their content, private code would very much not delete it.
There is no such illusion here on the fediverse
I assume the parent commenter referred to the EU because they seem to be the only governing body on the planet with enough influence and an actual desire to actually stand up to major corporations. The US sure ain’t going to be doing it, and the list of other options is essentially zero, so that’s the only hope we have in terms of legal protections or regulations.