I’m a reddit transplant and I’m excited about what I’m seeing so far in Lemmy and the Fediverse, but my brain keeps bugging me with concerns:

Maintainability and Scalability - There are a ton of instances now. Lemmy had made it easy to spin up and host your own instance. In some cases, this means people with little/no infrastructure experience are spinning things up and are unprepared for scalability challenges and costs. This post by the maintainer of a kbin instance highlighted this challenge quite well ( https://lemmy.one/post/302078 ). How do we know if an instance is properly maintained, backed up, and is able to scale? Or should we just be prepared to start over on another instance if ours fails?

Monetization - The above cost challenges bring up monetization issues. What mechanisms will instance maintainers have to help with maintenance/hosting costs? As the Fediverse grows, how do we prevent against ads and coordinated upvoting from taking over and pushing ad content?

Legal/Privacy - Privacy regulations are becoming a mine field… GDPR, CCPA, and other privacy frameworks are making it tougher to handle privacy properly. Is there a coordinated Lemmy legal defense or are instance maintainers on their own? How would you even approach a GDPR user delete request across the fediverse?

  • MentalEdge@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Deletion is already a feature of ActivityPub, with the limitation that it will only work with your content on instances that are still online and federated with yours.

    • dudeami0@lemmy.dudeami.win
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Good to know, but if that meets the legal requirements I cannot say. Really a lawyer that practices GDPR/CCPA would need to chime in if that is enough for either.

      • MentalEdge@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        As far as I know, for publicly posted things, GDPR only requires an entity you’ve given this content to, to on demand, tell you how much they still have, and/or delete what they have.

        Other instances, owe you nothing, as they would be more like third parties scraping the data, legally speaking.

        Matrix is also federated, and can in fact perform GDPR compliant deletions, despite it being impossible to ensure that any of your data on other instances, be deleted, too. This may be due to how matrix encrypts data, as when your account goes, the keys to access your data, even if stored somewhere else, goes with it. So even if not the data, the ability to access it is gone. (Though I’m unsure how this could work as the accounts you spoke to could still read your messages, with their keys)