Can you mention this in your article?

Personally I wouldn’t run a lemmy instance because of this (and also many other concerns)

I recommend [a] letting the lemmy devs know (eg on GitHub) that this issue is preventing you from running a lemmy instance and [b] donating to alternative projects that actually care about data privacy rights.

The fines usually are a percent of revenue or millions of Euros, whichever is higher.

So if your revenue is 0 EUR then they can fine you the millions of Euros instead. The point of the “percent of revenue” alternative was for larger corporations that can get fined tens or hundreds of millions of Euros (or, as it happened to Meta, in some cases – billions of Euros for a single GDPR violation).

The fines usually are a percent of revenue or millions of Euros, whichever is higher.

So if your revenue is 0 EUR then they can fine you the millions of Euros instead. The point of the “percent of revenue” alternative was for larger corporations that can get fined tens or hundreds of millions of Euros (or, as it happened to Meta, in some cases – billions of Euros for a single GDPR violation).

That would be true if their instance wasn’t federating. If the instance is federating, then it’s downloading content from other users, even if the user isn’t registered on the instance. And that content is publicly available.

So if someone discovers their content on their instance and sends them a GDPR request (eg Erasure), then they are legally required to process it.

It’s definitely not impossible to contact all instances; it’s a finite list. But we should have a tool to make this easier. Something that can take a given username or post, do a search, find out all the instances that it federated-to, get the contact for all of those instances, and then send-out a formal “GDPR Erasure Request” to all of the relevant admins.

Did you read the article and the feedback that you’ve received from your other users?

Any FOSS platform has capacity issues. I run my own FOSS projects with zero grant funds and where I’m the only developer. I understand this issue.

What we’re talking about here is prioritization. My point is that you should not prioritize “new features” when existing features are a legal, moral, and grave financial risk to your community. And this isn’t just “my priority” – it’s clearly been shown that this is the desired priority of your community.

Please prioritize your GDPR issues.

Unfortunately, the Lemmy devs literally said it would take years to fix this issue. If you think this should be a priority for them, please advocate for them to prioritize it on GitHub:

• https://github.com/LemmyNet/lemmy/issues/4433

It’s run by the folks at dys2p.

Besides running ProxyStore in Leipzig, they have published some pretty great articles:

• Random Mosaic – Detecting unauthorized physical access with beans, lentils and colored rice
• Revealing Traces in printouts and scans
• On the security of the Linux disk encryption LUKS

You can follow them on Mastodon here https://chaos.social/@dys2p

Yes BusKill works similarly – any USB drive can use the BusKill software

• https://github.com/buskill/buskill-app

The BusKill cable is just nice because it includes a magnetic breakaway, so it works when the laptop is snatched-away at any angle. There’s actually a ton of anti-forensics software like usbkill and BusKill; we enumerate them all on our documentation’s Similar Projects section

• https://docs.buskill.in/buskill-app/en/stable/attribution.html#similar-projects

You may want to check ^ it out :)

I made a video of this (demo in Windows, MacOS, Linux, TAILS, and QubesOS) with the old DIY model here (sorry for the terrible audio quality)

• https://www.buskill.in/demo-2/

We’re currently working on an updated video with someone who is much better at video production than me; it should be finished in early 2024.

Good bot