96
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story) - Michael Altfield's Tech Blog
(tech.michaelaltfield.net)
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
The "huge fines" are proportional to the revenue of the company and there are plenty of legal steps that need to be taken before someone with a big stick gets involved.
Also, this is not an issue for the developers, but for the admins.
The fines are only proportional for big corporations. Organizations without revenue can still be fined:
https://gdpr-info.eu/art-83-gdpr/
In this case, the processing of data hinges upon the data subject’s consent, which is detailed in article 7.
Imagine a car manufacturer building cars without brakes and then saying ‘This isn’t a problem for the engineers, but for the retailers’. Of course the developers can’t be sued for this. But that’s not the point! The point is that this bug or missing feature or whatever you want to call it jeopardizes the admins upon which this whole ecosystem hinges. I can’t believe that that’s in the devs’ best interests.
They are also proportional to the size of the leak. Small businesses get some leeway, but the approach that devs have had so far is "we don't care" when it was brought up.
It's an issue for both. If a software you run can get you fined in both the US and the EU, then devs need to adapt or nobody will be using it. Right now, lemmy is too small for big wigs to notice. It takes one disgruntled user to report the breaches though, and everything can change veeeery quickly.
Or the people that want to use it can hire other developers to add the missing functionality, or develop themselves, or implement some tedious-but-functional process that satisfies the legal requirements, etc, etc.
My point is:
If people don't like the Lemmy devs and want to use something else that fulfills their needs, fine. But this "I opened a bunch of issues on Github and I demand the developers to work on them ASAP" is really not the way to go.
Your point is "don't make our devs do things that are essential for using it in Europe"
I wasn't talking about some issues on github, I was talking about GDPR. If lemmy is to be used in any way, it can't behave like some student project thrown together from random bits. Legal is part of that. And there is a lot of it to go through. I get it, it's not fun at all to code that and they'd rather do some cool new feature instead. But it needs to be done, even if nobody wants to do it. Or, at least people could simply accept the risk of it going really bad.
Nobody wants to do it for free. Show some actual support to the developers, let's help them find a way to let work on something without worrying about how they will keep a roof over their heads, and I can bet that things will start being prioritized accordingly.
If you want any open source project to be more than "a student project thrown together", then we need to treat the people working on it as professionals. And how well are these professionals being treated by this "community", if is not able to collectively pay for one FT developer and where the "CTO" of Mastodon GmbH makes less than what an intern can get at Facebook?
And since I'm feeling like a rant is brewing inside me, allow me to vent a little: when I mean "developers", it doesn't need to be the Lemmy team exactly. As I said in the top comment, my fediverser project already added an "admin" backend that could be used by staff and moderation. it wouldn't be difficult at all to turn it into a center dashboard for moderation, and it could even be made to have a granular permission system. From the reasonable amount of people that expressed interest, how many do you think actually opened up their wallets to help? Zero
Back in July when Reddit revealed its true colors, I thought people finally understood the importance of paying for the products they use, so I took the opportunity to pledge 20% of Communick's profits to the Fediverse projects that I offer. I thought it would be a win-win-win situation: I could acquire customers, users would have expert help to figure out their issues and hopefully even help steering the direction of the project, and developers would have some form of income while not having to deal with a barrage of requests from the non-technical mob. How well do you think that went? Let me tell you: The handful of paying customers that I have are amazing, but they are simply not enough for me to even the server bills.
It frustrates me to no end when I think of how "anti-capitalistic" people here claim to be, yet I can bet that if we got only the the North American users who have bought an iPhone to pay $1/month, we would probably be able to fund all of the leading fediverse projects and kill Big Tech.
There, rant over.
Yeaaah, except I don't care about this platform enough to invest money into it. It has huge flaws, no people, etc. The fact of the matter is though, and I keep repeating this, once it gets noticed, it will be hit by fines. And by that time, it will be a huge scandal, with both admins and devs wishing they actually coded the "uninteresting" parts of the app.
So you are not willing to contribute, you are just here to dismiss whatever effort people make and to feel smug about it.
It's the worst type of leech behavior. All high and mighty to talk about the law, but no fundamental sense of ethics and no willingness to put skin in the game.
And the most shameful part, you are likely in the majority.