I’m a reddit transplant and I’m excited about what I’m seeing so far in Lemmy and the Fediverse, but my brain keeps bugging me with concerns:
Maintainability and Scalability - There are a ton of instances now. Lemmy had made it easy to spin up and host your own instance. In some cases, this means people with little/no infrastructure experience are spinning things up and are unprepared for scalability challenges and costs. This post by the maintainer of a kbin instance highlighted this challenge quite well ( https://lemmy.one/post/302078 ). How do we know if an instance is properly maintained, backed up, and is able to scale? Or should we just be prepared to start over on another instance if ours fails?
Monetization - The above cost challenges bring up monetization issues. What mechanisms will instance maintainers have to help with maintenance/hosting costs? As the Fediverse grows, how do we prevent against ads and coordinated upvoting from taking over and pushing ad content?
Legal/Privacy - Privacy regulations are becoming a mine field… GDPR, CCPA, and other privacy frameworks are making it tougher to handle privacy properly. Is there a coordinated Lemmy legal defense or are instance maintainers on their own? How would you even approach a GDPR user delete request across the fediverse?
To address each of your points:
Maintainability and Scalability: This is a big concern, especially with users being drawn to large instances. In the beginning there will be pains, even the “flagship” lemmy.ml had issues maintaining this as this wasn’t their primary concern until recently. It is up to each instance owner to maintain their instance, and if it grows to large for them to handle to direct users to another instance. If an instance owner decides to abandon their instance, this will currently result in that instance being lost. I do think some protocol of preserving content (with the mechanisms for users to control the content) is needed but will need to be worked on in future versions. This could be done by users getting a key for example, and making requests via another instance to transfer their public user data over and they can control their content again from the new instance. This is just a thought though, and I am unsure how well this would work in practice. This will most likely become a topic of discussion among developers working on lemmy, so I have faith a good solution will be reached.
Monetization: The usual for this kind of stuff, donations using whatever service they prefer. I think some ads are ok, as long as they don’t siphon data and use advance techniques. Something such as as “sponsors” could work, it’s an ad but it’s not trying to steal your data. I think most instances would be abandoned if they implemented standard “google” ads.
Legal/Privacy - I am not a lawyer and this isn’t legal advice. Each of these laws have pretty clear details of implementations, and iirc they also only cover corporations and institutions. Users running instances themselves do not apply, but overall GDPR and CCPA compliance would be required as users won’t want the liability of running large instances. In my opinion, all that can be done is to have a delete request that propagates as any other content does. It’s up to the instance operator to fulfill the request.
Deletion is already a feature of ActivityPub, with the limitation that it will only work with your content on instances that are still online and federated with yours.
Good to know, but if that meets the legal requirements I cannot say. Really a lawyer that practices GDPR/CCPA would need to chime in if that is enough for either.
As far as I know, for publicly posted things, GDPR only requires an entity you’ve given this content to, to on demand, tell you how much they still have, and/or delete what they have.
Other instances, owe you nothing, as they would be more like third parties scraping the data, legally speaking.
Matrix is also federated, and can in fact perform GDPR compliant deletions, despite it being impossible to ensure that any of your data on other instances, be deleted, too. This may be due to how matrix encrypts data, as when your account goes, the keys to access your data, even if stored somewhere else, goes with it. So even if not the data, the ability to access it is gone. (Though I’m unsure how this could work as the accounts you spoke to could still read your messages, with their keys)