This is an opportunity for any users, server admins, or interested third parties to ask anything they’d like to @nutomic@lemmy.ml and I about Lemmy. This includes its development and future, as well as wider issues relevant to the social media landscape today.
Note: This will be the thread tmrw, so you can use this thread to ask and vote on questions beforehand.
I asked in the other thread about GDPR.
Nobody thinks it’s very interesting but if instances don’t follow gdpr, the entire network is at risk of legal consequences.
So please bring this up, even though it’s not very fun.
Neither @nutomic@lemmy.ml or I are too familiar with the GDPR, so we don’t know everything that it requires. Lemmy doesn’t do any logging of IPs or other sensitive info, but of course instance runners could be doing their own logging / metrics via their webservers.
We have a Legal section under admin settings, that’s an optional markdown field, that can probably be used for it. We’d need someone with GDPR expertise though to help put things together. Lemmy is international software, not european-specific, so we have to keep that in mind when supporting GDPR.
As a person who oversaw the implementation of GDPR in a large software house (which wasn’t EU specific, but had to in order to operate legally in the EU), the requirements were:
- Allow users to request data deletion or a copy of their data.
- If the former, delete all data of their data on the server, send it to them, and then (this was the important part) forward the data deletion request to every single partner we were working with.
For us, this was multiple ad companies. We had to e-mail each one, ask them about their GDPR implementation (most of them were somewhere between “we’re thinking about it” and “we have an e-mail address you can send something automated to and we’ll get to it sometime within the next month”), and then build an automated back-end system to either query their APIs for automated deletion, or craft/send e-mails for the more primitive companies.
As far as the data being deleted, it was anonymized IDs that were tied to their advertising IDs from their mobile phones. I used to try and argue that “no, it’s anonymous” - but we also had some player data (these were games) associated with that, so we ended up just clearing house and deleting everything on request.
So, legally, this means every instance - in order to be GDPR compliant - would have to inform every instance it federates with that a user wants their data deleted. If you’re not doing that, you’re not fully compliant.
Kind of shitty, but that’s how it went for me. (this was back when GDPR was first being released)
Edit: Also, the one month thing was relevant: you have 30 days to delete GDPR stuff after receiving a data clear request. I don’t recall what the time was for a “see my data” request. Presumably, though, on Lemmy the latter is superfluous as all your data is already present on your profile page. An account export option would be enough to satisfy that.
There a different levels of personal data but a unique identifier for a user is one of them because it allows linking information together about a single person, and from there you can try to identify the real person. So an option would be to overwrite all the occurrences of this identifier with random data so you can’t link data together anymore, as long as it’s not also personal data.
So, I wonder if Lemmy instances would be responsible for the instances that federate with them. It’s my understanding that the Lemmy instance doesn’t send the user’s data to other instances, rather it is just posted, and the other instances copy it onto their local instance.
It’s almost like those reddit services that would show deleted content. A user can delete their profile on Reddit, but Reddit isn’t required (that I know of) to go to these services and make sure the user’s data is being wiped out.
Im not a lawyer so I dont know about GDPR. Do you know how similar platforms such as Mastodon handle it?
Hard to say exactly what Mastodon does, but mastodon.social’s privacy policy should give you some direction in how they handle data: https://mastodon.social/privacy-policy
As mastodon.social is based in Germany, they will know about GDPR and have to follow it to the letter.
That sounds like its something for instance admins to handle, nothing we as developers need to care about. Maybe we should add a privacy policy for lemmy.ml but thats it.
That’s what I thought too until I looked it up. It applies to individuals as well.
If an individual runs a web server and processes personal data of individuals within the European Union, then they are subject to the requirements of GDPR. GDPR applies to anyone, including individuals, who processes personal data of EU residents, regardless of whether they are operating as a business or on a personal basis. It’s important for the individual running the web server to comply with GDPR’s data protection principles and obligations to safeguard the personal data they process.
As someone not residing in the EU, I don’t see how they could possibly enforce that. Best they could do is block my instance I suppose. Have they done that for any small site?
I mean, I would delete/provide all data of any user who requests me to do so for themselves. But I’m likely not following every facet of the GDPR.
How do you see Lemmy working with duplicate communities on different instances? For example if Lemmy.World and Lemmy.ml have a PersonalFinance community, are people expected to cross-post? Or have you conceived of a system to allow people to find the right community efficiently?
Its a problem, and at the same time a feature. For example, you can have two communities named !news, that pertain to completely different topics based on their instance:
This also isn’t unique to lemmy, since reddit too had tons of duplicate communities for the same topics.
Just like on reddit, the network effect will run its course here: unavoidably there will be a lot of cross-posting on duplicated communities, until people center around their favorites, based on quality of content.
There are a few tools out there too, like https://lemmyverse.net/communities , that can help people find communities to subscribe to.
Overall tho, I’m against the concept of “combining / merging communities” that are run on different sites by different people. These should be curated and controlled by the people who created them.
Hi there! Looks like you linked to a Lemmy community using a URL instead of its name, which doesn’t work well for people on different instances. Try fixing it like this: !news@startrek.website
I’d imagine it would be the same way it worked on Reddit when there were multiple communities with identical topics/similar names:
One gets a bit larger, therefore shows up in feeds more, appears higher in search results, etc.
Unless the other community has some kind of differentiation, it will wither and die.
And everything will be fine.
I keep seeing people being this up as if it’s some huge problem. There’s tons of /c/memes out there, but !memes@lemmy.ml is clearly the place to go. It’s not confusing, IMO.
For me it’s a problem for the exact reason you think it’s fine: I don’t want centralization. If I did, I’d go to reddit. I do want each topic of discussion to be spread out amongst different instances and communities. But for that to be viable, you need a way to get all the content as easily as if it was all in one place.
Aside from any impracticality that could arise in implementation, I like the idea of federated communities between servers. I mean why not extend the possibilities of federation even further? Community mods or users could de/federate from communities on other servers with the same names or core themes should they so choose. In consideration of difficulties with moderating spam and other materials from other communities generated with the same name, I think it makes sense for that kind of community federation to be opt-in rather than opt-out.
If it goes the Reddit route, one of those communities will definitely border on dead and the risk for moderators/servers having too much power/influence within the larger communities continues.
Any plans for improving SEO? One of Reddit’s biggest strengths was being able to get very relevant results with a simple internet search. In time can you see something similar for Lemmy, even with its decentralized nature? I really you for doing this, thank you for your time!
Lemmy-ui supports SEO, and also has opengraph tags. If there’s anything else needs to be added, we’re open to PRs.
Side note: For me personally, as @FrostySpectacles@lemmy.ml suggested, SEO shouldn’t be a focus. SEO is such a gamed system, catering to a few giant search companies, and results are increasingly becoming unusable, especially in the past few years. I can barely find the things I want to search for, and almost always have better luck using internal sites search engines. So I’d rather focus on improving lemmy’s search capabalities and filtering, than catering to google.
Would you please consider having only local post/community/users indexed by search engines? A lemmy.ml user complained that their username is first result on Google with lemmynsfw.com domain name. Also implementing this would decrease chance of duplicate content.
It can resolved with a simple noindex meta tag.
edit: This start bit is wrong; Lemmy does SSR so Javascript-free/spiders should see at least some comments.
Lemmy is currently pretty terrible at SEO, in large part because the comments don’t load until the JS has run.
This isn’t just a problem for search engines, it affect things like archive.org and offline reading. Earlier today I loaded a page from an instance that had dropped offline - while they had Cloudflare Always Online enabled, the page loaded without comments so it was almost useless.
I think it’s a mistake to consider all the SEO-related concerns as irrelevant just because you don’t care about Google, etc. Most of the things necessary for good SEO are just good practices, with benefits for all users, especially in the areas of accessibility and third-party tools.
Lemmy-ui uses isomorphic rendering so comments do come loaded (just not all of them) on the first page you visit, no javascript needed. Did you mean it should serve all comments?
Fair enough. I’m currently focused on creating my own Lemmy web UI, but later I might have room to submit some SEO-related PRs. While I’m not yet sure what needs to be done, instance owners can get tailored recommendations from Google. I have a hunch that Lemmy is currently being penalized for duplicate content, which we might be able to mitigate by adding `` to federated posts.
I’m fully with you on not wanting to cater to Google. On the other hand, if someone writes a helpful Lemmy post, I would like people who don’t know Lemmy to be able to find it.
I second this. I know SEO is a controversial term with Lemmy’s core audience, but being able to find posts through a search engine is pretty darn helpful. It’ll also help more people find their way to Lemmy, which will diversify the range of communities.
If you’re not sure where to start, Google’s free Search Console can give you insight into how your site ranks, how people are finding you and which factors are preventing instances from appearing in search.
To a certain extent lemmy is inherently at a disadvantage because of how Google ranks things. Google gives a lot of weight to site trust which works on a per host basis, and lemmy is distributed meaning the trust of the system as a whole is diluted across instances. It’s a really stupid system that just helps big sites get bigger. It’s made even worse because big blog sites are actually only owned by a small handful of companies and since single companies own many properties that can collude between them to funnel their page ranks between their network of sites.
Right now, instances with transphobic and racist content like exploding-heads are still listed on join-lemmy.org. Are you planning to implement a Server Convenant like on joinmastodon.org? To be listed on joinmastodon.org, an instance needs “Active moderation against racism, sexism, homophobia and transphobia”.
I’m gonna be asking hard questions, I think, sorry about that. I hope you consider it tough love considering our past interactions.
As an instance admin, I have some questions:
-
How are you doing? I know there was a lot of pressure when things blew up and it seems to be calming down a bit now.
-
How is Lemmy doing financially?
-
Considering past releases and their associated breaking bugs (including 0.18.3), what measures are you taking to help prevent that?
-
Can we consider the possibility of downgrades being supported?
-
Why are bugs affecting moderation not release blockers? Does anything block releases?
-
Are there plans to give instance administrators a voice in shaping the future of Lemmy’s development?
As someone who is trying to help with Lemmy’s development, I have some other questions:
- What do you think are the biggest problems with Lemmy as a software project and what are your priorities for Lemmy?
- Considering fairly low amounts of developers contributing to Lemmy, how are you working to help new people get into the project?
- Do you worry about the message it sends to potential contributors when the main developers are working on a different project which competes with the former? (Example: Lemmy-ui vs Lemmy-ui-Leptos)
- Considering most work is done voluntarily, how are you trying to organize and prioritize work?
- Do you believe you are stretching yourself too thin between Lemmy, Lemmy-ui, Lemmy-ui-leptos, Jerboa and Lemmy.ml? If so, what are you doing to help you focus?