Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.

  • nutomic@lemmy.ml
    link
    fedilink
    arrow-up
    39
    arrow-down
    3
    ·
    10 months ago

    I find it very questionable that you publish this sort of hit piece against Lemmy without even bothering to ask for a comment from our side. This is not how journalism should work.

    Effectively you are blowing the complaints of a single user completely out of proportion. It is true that we didnt respond ideally in the mentioned issue, but neither is it okay for a user to act so demanding towards open source developers who provide software for free. You also completely ignore that this is an exception, there are thousands of issues and pull requests in the Lemmy repos which are handled without any problems.

    Besides you claim that we dont care about moderation, user safety and tooling which is simply not true. If you look at the 0.19.0 release notes there are numerous features in these areas, such as instance blocking, better reports handling and a new moderator view. However we also have to work on improvements to many other features, and our time is limited.

    Finally you act like 4000€ per month is a lot of money, however thats only 2000€ for each of us. We could stop developing Lemmy right now and work for a startup or corporation for three or four times the amount of money. Then we also wouldnt have to deal with this kind of meaningless drama. Is that what you want to achieve with your website?

    • Dessalines@lemmy.ml
      link
      fedilink
      arrow-up
      32
      arrow-down
      2
      ·
      10 months ago

      The thing that really gets me with these, is that we are 2-4 devs working on software used by over 40k ppl. It is absolutely impossible to please everyone, and fix every issue, there just isn’t enough of us.

      Oftentimes we ask for ppl to do the open source thing, and contribute a PR, and many of them do.

      Anyone can look at our github profiles and see how busy we’ve been, and how many moderation related issues we’ve been working on, this is all out in the open. Yet writers of these articles somehow never bother to look, or reach out to us for questions. The amount of entitlement and second-hand rumors is really dissapointing.

        • nutomic@lemmy.ml
          link
          fedilink
          arrow-up
          11
          arrow-down
          1
          ·
          10 months ago

          Thanks that is a bit better. Unfortunately people who have already read the article wont see the update, and even people who read it now may not read all the way to the end, and still leave with a negative impression. Still its better than nothing.

          To get an idea how most Lemmy users feel, have a look at this thread. Practically every comment is positive about Lemmy, you can hardly find any negative sentiment. And certainly no one cares about this image deletion issue, which proves that the complaints of a few individuals are completely blown out of proportion.

          • harsh3466@lemmy.ml
            link
            fedilink
            arrow-up
            4
            arrow-down
            1
            ·
            10 months ago

            As a user, I love lemmy, and I want to thank you and the other devs that work tirelessly to develop it.

            Also as a user I value the ability to manage my data, and hope to see image deletion implemented when you’re able to do so.

            After having read the Nightmare piece, my decision was to stop posting images directly to lemmy. To share images, I’m going to self host an Imgur like service so if I do want to delete an image, I can.

            I’m not a developer, and can’t contribute code to address the problem, but, at least for myself, I’ve got a solution I can implement.

    • Sean Tilley@lemmy.mlOPM
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      19
      ·
      10 months ago

      If you can take a moment to move your massive, fragile ego out of the way, you’ll realize it’s not a hit piece. It’s criticism of your behavior in reaction to what is frankly a reasonable set of requests.

      Journalism is not just about serving as a propagandic mouthpiece to lionize you and your work. Sometimes, I have to report on subjects that are frankly horrible, people acting shitty, and how people in spaces react to that.

      Effectively you are blowing the complaints of a single user completely out of proportion. It is true that we didnt respond ideally in the mentioned issue, but neither is it okay for a user to act so demanding towards open source developers who provide software for free.

      This issue is basic fucking table stakes for user safety and data compliance, and the fact that it still does not exist after four years of being a project is wild to me. It creates liabilities for admins. The fact that it’s still a problem, right now, illustrates that these things are not direct concerns in how you design software.

      I find it very questionable that you publish this sort of hit piece against Lemmy without even bothering to ask for a comment from our side.

      Your comments were in the GitHub issues.

      • nutomic@lemmy.ml
        link
        fedilink
        arrow-up
        15
        arrow-down
        1
        ·
        10 months ago

        massive fragile ego, frankly horrible, acting shitty

        So this is how you see me, all based on two issues out of thousands and never having talked with me directly. Honestly this comment would be a good reason to ban you for harassment and violating the site’s code of conduct. But lucky for you I don’t care what random strangers on the internet think about me.

        • Sean Tilley@lemmy.mlOPM
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          14
          ·
          10 months ago

          No, it’s how I see you based on pretty much any time I observe you making a public comment. Which is unfair of me, admittedly, I can’t possibly see everything you write. Most of the time, though, you come across as hostile, and read as though you’re dunking on other people and projects.

          Anyway, the article was updated somewhat to give proper credit for your recent developments and point to your fundraising efforts.

          Have a nice day.

      • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
        link
        fedilink
        arrow-up
        10
        arrow-down
        3
        ·
        10 months ago

        The fact that the issue exists after 4 years clearly shows that you are in fact blowing it out of proportion. Actual issues that affect large numbers of people running servers end up being addressed by people contributing to the project. Lemmy is an open source project that anybody can contribute to, and fix the issues that are affecting them. The fact that this hasn’t happened shows that this issue is not as high priority as you want to make it out to be.

        This doesn’t mean this isn’t a real issue that should be fixed at some point, but it’s simply not the show stopper you paint to be.

        So yeah, you are absolutely doing a hack job here.

  • morrowind@lemmy.ml
    link
    fedilink
    arrow-up
    11
    arrow-down
    2
    ·
    10 months ago

    At this point, most of the solutions the ecosystem has relied on have been third-party tools, such as db0’s fantastic Fediseer and Fedi-Safety initiatives. While I’m sure many people are glad these tools exist, the fact that instances have to rely on third-party solutions is downright baffling.

    I’m not sure I see the issue here, what’s the point of an open ecosystem if you don’t make use of any third party tools? Fedi-safety in particular feels like it should not be part of the core project

    • Sean Tilley@lemmy.mlOPM
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      5
      ·
      10 months ago

      There’s nothing wrong with having good third-party tools, that was not my point. db0 in particular has done some amazing, amazing work.

      What’s fucked, however, is having a project:

      • whose core infrastructure only offers the most threadbare tools
      • there’s zero consideration from development on privacy, user safety, or basic controls to handle when shit hits the bed
      • the devs are stone silent when waves of CSAM crash through instances
      • they openly mock people or say they’re “too busy to do this” when it comes to meeting the most basic expectations of how a social platform ought to work.

      Like, this is not an attack on Lemmy itself, I think the platform can be a real force for good in the Fediverse. But let’s be honest, this project is not going to live very long if nothing changes.

      Basic things like having the ability to easily remove images from storage should be part of the core platform. The fact that this still isn’t a thing even four years into the project is insane.

      • nutomic@lemmy.ml
        link
        fedilink
        arrow-up
        9
        arrow-down
        1
        ·
        10 months ago

        Its simply not true that we have zero consideration for privacy or user safety. But that is only one aspect of Lemmy, we also have to work on many other things. And we werent silent during the CSAM wave, but most of it was handled by admins and all the related issues are long resolved. Lemmy has 50k active users, its obvious that we are too busy to work on every single thing that some individual user demands.

        There is a reason that Lemmy still has version 0.x. If you have such high demands then you shouldnt use it, and switch to another platform instead. And yes you are clearly stoking an attack against Lemmy, I wonder why you hate our project so much.

        • Sean Tilley@lemmy.mlOPM
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          7
          ·
          10 months ago

          Look, no one is ungrateful for the work you and Dessalines are doing. I get it - I helped run a large-scale federated open source social network over a decade ago. It’s an amazing, incredible experience - but, it’s also grueling, demanding work, and community members and users can be incredibly fickle. Especially when it comes to living off of donations, and having to carve out a technical stack all by yourself. That shit is hard.

          Here’s the thing: your users, your community, your efforts in general, pretty much ride or die by the people who run instances of your software, advocate for your platform, and develop apps and tools for your ecosystem. If something is broken at a foundational level, it’s ultimately your responsibility to decide what to do about it.

          Code is not the only fruit of someone’s labor here. Your community is doing a lot of labor for you too, and making even less money doing so. At some point, if people don’t think their needs are being met to keep running their communities and stave off the worst of the worst, it’s going to tank people’s confidence. People will leave. And they’ll talk on the way out. Optics matter.

          I’m not saying you have to drop everything to accommodate some random concern right away. But some of the responses you’ve given to people that had reasonable asks, that had reasonable use-cases in ensuring smooth operations of instances in compliance of laws…some of your reactions are terrible.

          If your default when someone asks you about GDPR compliant features is to scream at people, demand that they do the work for you, make excuses that you’re too busy, or belittle someone because you disagree with someone, you’re doing community management ass-backwards, and you’re burning away community goodwill every time you do it. It’s hostile and demoralizing, and people will come to resent you for it.

          If you have such high demands then you shouldnt use it, and switch to another platform instead. And yes you are clearly stoking an attack against Lemmy, I wonder why you hate our project so much.

          See, this is exactly what I’m talking about. Someone asks for something, points out problematic behavior, gives feedback on how something could be better, and you lean into the myopic belief that this is somehow an attack or an effort to undermine you. My brother in Christ, if there is any ill-will towards how you do things, it is because of your own behavior, not on the merits of your project, your political alignment, or who you are as a person.

          I don’t hate your project, but you need to pull your head out of your ass, and realize that you’re dropping the fucking ball on trust and safety. People hosting instances aren’t going to stick around forever if you keep defaulting to hostility.

  • maegul (he/they)@lemmy.ml
    link
    fedilink
    English
    arrow-up
    5
    ·
    10 months ago

    Moderation is obviously important, but what are the realities around deletion in a federated ecosystem?

    I feel like the push around this and GDPR are similar to the DMs situation in mastodon, where you might feel like you’ve deleted your stuff but it’s actually very much out there still.

    I’m sure there’s a middle ground where some amount of deletion occurs and it’s better than nothing. But as with the BlueSky bridge conversation, it seems to me having a frank conversation about the kind of system we’re dealing with here is just as important.

    • Sean Tilley@lemmy.mlOPM
      link
      fedilink
      English
      arrow-up
      4
      ·
      10 months ago

      Yeah, I agree. I think the important thing is “was the local content scrubbed?” Because at least if that was done, the place of origin no longer has it.

      Federated deletes will always be imperfect, but I’d rather have them than not have them.

      What might actually be interesting would be if someone could figure out this type of content negotiation: deletes get federated, some servers miss it. Maybe there’s a way to get servers to check the cache and, if a corresponding origin value is no longer there, dump it?

      • maegul (he/they)@lemmy.ml
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        Well I’m sure there are a number of nice ways of arranging federated delete, including your suggestion, but it seems to me that the issue is guaranteeing a delete across all federated servers where the diversity of software and the openness/opt-out-ness of federation basically ensure something somewhere will not respect a request out of either malice, ignorance or error.

        Ultimately, it seems a weird thing to be creating and expecting fediverse platforms in the image of those designed with complete central control over all data and servers. Like we’re still struggling to break out of the mould.

        Even if one platform makes a perfect arrangement for something like delete, so long as servers running that platform push to / federate with servers that run something else, where it’s ultimately impossible to tell what they’re running because it’s someone else’s server, there will be broken promises.

        I’m interested to hear your response on this actually, because it increasingly seems to me like we haven’t got to terms yet with what decentralisation actually means and how libertarian some of its implications are once you care about these sorts of issues.

        I suspect it gets to the point where for social activity some people may start realising that they actually want a centralised body they can hold to account.

        And that feeling secure on a decentralised social media platform requires significant structural adjustments, like e2ee, allow-list federation, private spaces, where public spaces are left for more blog like and anonymous interactions.

        Also, sorry, end rant.

        • Sean Tilley@lemmy.mlOPM
          link
          fedilink
          English
          arrow-up
          3
          ·
          10 months ago

          No, you’re good, and we’re mostly on the same page! My general expectation is that your server tries its best, maybe there are still copies out there, but you shrug and say “eh, I wiped my stuff locally, good enough”.

          But yeah, I agree that once something leaves your server in terms of the passage of data, there are no guarantees. And I do agree that significant structural changes are necessary and important for the network’s continued evolution!

  • Zerush@lemmy.ml
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    10 months ago

    Because of this, I never upload directly an image to Lemmy and others, using instead a sharing tool (FileCoffee, IMHO the best). With my account there I can easily delete the hosted image with which it disappear everywhere.

    • Sean Tilley@lemmy.mlOPM
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      10 months ago

      It’s not a bad thought, but the way some Fediverse software works, it can still get proxied and/or cached locally.

      • Zerush@lemmy.ml
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        10 months ago

        That is a general problem in the internet, not only in Lemmy, images andother content can be copied, this you can’t avoid, it would even be imposible if you could delete embedded images in Lemmy, someone could have copied and pasted it somewhere else. But by using an imagesharer where you later delete the image, you also eliminate your origin as the author, since it no longer appears in your contributions in Lemmy or other sites.

  • Mactan@lemmy.ml
    link
    fedilink
    arrow-up
    5
    ·
    10 months ago

    tbh I just assume that despite GDPR or CCPA any images I put up are there forever, it’s not like the tech is that different in the fediverse from anywhere else. nowhere is going to be scrubbing their storage drive blocks on delete if it even can be deleted

    • Sean Tilley@lemmy.mlOPM
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      10 months ago

      I take it you’ve never run a community instance. The problem is, laws vary by jurisdiction, and can have a very real effect on how you run your server when shit hits the fan.

      We recently ran a story about a guy building his own Fediverse community and platform, who just happened to be a bit naive about the network. He’s off in his corner, doing his own thing, people find his project and assume it’s some kind of weird scraper. After disinformation came out about it, someone remote-loaded child pornography to his server, for the purpose of filling a report with the police.

      The guy is based on Germany. Local jurisdiction requires one year of prison time minimum. It matters.