As the Fediverse grows more and more, rules and regulations become more important. For example, is Lemmy GDPR complient? If not, are admins aware of the possible consequence? What does this mean for the growth of Lemmy?

  • Skull giver@popplesburger.hilciferous.nl
    1·
    1 year ago

    You can disable most endpoints in your application firewall, or put them behind a whitelist. For federation to succeed you don’t need all that many publicly reachable endpoints (mostly a bunch of inboxes and the data for your own user account).

    I don’t think the privacy policy is sufficient. My post will end up on your server but also on the server this community is hosted on, from which it’ll end up on hundreds or thousands of other servers. I’ve never agreed to any of their privacy policies and terms of service and neither has anyone else here.

    The concept of the Fediverse doesn’t work well with traditional corporate interpretations of privacy law. Going strictly by the way it’s interpreted for traditional social media, you’re on the hook for any personal data your private instance stores and makes available. This approach effectively kills the concept of the Fediverse, so I sort of fear the inevitable DPA investigation and/or lawsuits.

    • cwagner@lemmy.cwagner.me
      1·
      1 year ago

      You can disable most endpoints in your application firewall, or put them behind a whitelist. For federation to succeed you don’t need all that many publicly reachable endpoints (mostly a bunch of inboxes and the data for your own user account).

      Is there a guide somewhere? Because experimenting when federation is already as unstable as it is, is hard.

      My post will end up on your server but also on the server this community is hosted on, from which it’ll end up on hundreds or thousands of other servers. I’ve never agreed to any of their privacy policies and terms of service and neither has anyone else here.

      Just like with e-mail, yes. Sending an e-mail to user@example.org does not make you agree to the example.org TOS and PP. Or more relevant to federation, sending an e-mail to a mailing list will end up on hundreds of servers. This is not that new a concept.

      • Skull giver@popplesburger.hilciferous.nl
        3·
        1 year ago

        I don’t have a guide for you, sorry. I’ve looked into it briefly but I can’t say I care enough to fix it.

        I’m pretty sure you’ll be able to go federation only by blocking everything that’s not an application/ld+jsoncontent type (technically application/ld+json; profile="https://www.w3.org/ns/activitystreams" but some servers don’t send the correct Accept headers). The Lemmy frontend submits plain JSON and POST requests and it doesn’t implement the client-server ActivityPub API, so that should be the easiest way to keep federation working while whitelisting your personal IP addresses.