GDPR is for companies/corporations to "respect" user's requests about their data.

Lemmy (ActivityPub, actually) isnt a company.

What you are saying is the equivalent of saying that the concept of writing is in direct violation of GDPR.

What you probably can do is request that an instance remove your content... And then do the same for every single other instance of any platform that implements ActivityPub (and not all of them will even have data coming from you) and is federated with your instance. And the only ones that would really need to comply are those that are based or operating in the EU.

This is still the internet, not some magical place.

Use some of the most basic fundamental internet safety rules and don't provide potentially compromising information for no reason whatsoever. Especially since this isnt a corporation such as Facebook or Google who require you do so in order to use their service.

It gets worse: everything you post to Lemmy is sent to multiple other servers automatically. Those servers may be in jurisdictions that have very different privacy laws than the server you post from, or that hosts the community you're posting to. You have no legal agreement with those servers.

We're not done though. The ActivityPub standard makes delete optional, and other servers could be running anything, not just Lemmy. Some of them are probably running somebody's janky pet project that implements half of ActivityPub, poorly, on a jailbroken smart light bulb or something.

Lemmy should implement proper post deletion, possibly with a delay to allow moderators and admins to inspect deleted posts, but expect anything you share via ActivityPub to follow the once on the internet, always on the internet rule even more than in the past.

This is a lot like spray painting a message on a public wall in a neighborhood and then complaining because the community won't paint over it (or destroy photos they took of it) when you realize how dumb it was.

You're writing on a public space for free with no business behind it. You're not the customer in this scenario.

OP is simply incorrect.

I'm coding a Lemmy alternative right now and have been testing this functionality out extensively. Deletes of posts and comments certainly federate, I've seen the AP traffic to make it happen. Also, the docs: https://join-lemmy.org/docs/contributors/05-federation.html#delete-post-or-comment

I haven't tested what happens when the 'delete account' button is clicked... Mastodon solves this by sending a 'delete this user' Activity to every fediverse instance so there's nothing about ActivityPub that makes removing an account and all it's posts in one go impossible.

Remind me again how things can be deleted from the internet?

All your posts on the fediverse are effectively a public blog of your thoughts that will be scraped and stored in servers you have no control over.

If you care about privacy, which I understand, you probably want to leave quickly.

Here’s a rundown from someone who got fed up with the fediverse and kinda rage quit: https://blog.bloonface.com/2023/07/04/the-fediverse-is-a-privacy-nightmare/

Another example of this is that it’s not just about lemmy. One way in which lemmy actually federated well worth microblogs like mastodon is that users can be followed from mastodon etc.

So any number of servers running a number of open source easy to run platforms could be taking up everything you specifically post.

seems weird this expectation of privacy on public sites built for public consumption of public content posted by people publicly.

i mean, i get wanting to control your data. the software i use allows for this ( the 'bins offer a user-level purge).

but privacy? seems weird

Kilroy was here -U-

Thats why I stay as anonymous as possible.

This is definitely a con of Lemmy for me. I like to be more privacy focused but Lemmy gives you 0 privacy on whatever you do on the website. Anyone who wants more privacy on Lemmy is told you have no right to privacy, don't expect any privacy, everything you do is public on the internet, etc. A massive boner killer for me. I think basic things like deleting your own post or comments should actually get removed from all servers, PMs should not be viewable by anyone except the recipients, and what you vote on or subscribe to should be private. Lemmy doesn't sell your data but that's because anyone can take the data for free. I thought this stuff was because Lemmy is still new and will get to it eventually but the push back seems to say this was a choice or is not broken. I ended up exploring different social media alternatives but I like the style of Lemmy better since it is more reddit-like with an active user base plus has different android clients. I don't like kbin because it shows who upvoted or downvoted something to everyone - it's not accountability when it erodes your privacy.

I used to comment on Lemmy more but then I ran into this problem when juggling multiple accounts, Liftoff sucks ass at letting you know which account you are logged into (I use Summit now and it is better at it) so I ended up getting my accounts' wires crossed when I thought using the drop down on your accounts changed your account but no you have to go to manage instances to switch which was not intuitive. I ended up abandoning the accounts when I couldn't figure out how to actually delete the post from the server.

Edit: man I wish I saw this sooner, might be time for me to either stop posting again or look somewhere else.

Effect of ActivityPub, not Lemmy. All federating systems function similarly, because it's a feature of the protocol.
If instances want, they can ignore delete requests and your content stays in their cache forever (remember Pleroma nazis from couple of years ago?) - now, that is an instance problem that might be a GDPR issue, but good luck reporting it to anyone who cares. At best you can block and defederate, but that doesn't mean your posts are removed.

The fediverse has no privacy, it's "public Internet". Probably a good idea to treat it as such.

there's a delete button

GDPR is international now? Do I need to break out Nelson Muntz when some Euro type thinks European law is extraterritorial?

Don't make me break out Nelson Muntz, please.

Mods and admins can remove posts and they don't stay on the server. If you delete it yourself, then it stays. Comments stay deleted, though and is replaced with a 'deleted by creator' message.

You know, I think I'm going to make some software that just siphons every ActivityPub message (ignoring delete requests except to log them) and call it "GDPR THIS". The amount of mysticism and confusion around two very basic concepts (ActivityPub works by copying profusely, and the GDPR has no weight outside of the EU) just leaves me baffled here.

Lemmy lack of central control is a feature. But it can still be GDPR compliant. GDPR did not make useNet illegal. GDPR does not make peer-to-peer illegal.

As an EU citizen you can still write letters to the editor of newspapers, and those letters can be published in those newspapers of record. Sending a message to Lemmy is akin to publishing publicly and opinion piece in a newspaper.

Certainly you can use GDPR to talk to an lemmy admin to remove your data on the instance you registered and account on. But due to the nature of Lemmy, it's architecture, you can't go out and retract all of the newspapers that have been published. That's a physical impossibility.

Even if you could somehow talk to every administrator of every instance, you can't prove you were that user who posted that data.