Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

    • @madsen
      link
      21 year ago

      I am interested in discussion but I prefer to discuss things based on facts rather than feelings.

      Email isn’t exempt from the GDPR. If an email provider is doing anything with your email except for delivering it to the intended recipient, then you have a right to know under the GDPR. Plenty of hefty fines have been handed out over failing to sufficiently inform about such things: https://www.enforcementtracker.com/ (look for e.g. art. 12 violations). Even something as simple as SMTP logs contain PII according to the GDPR and should be handled as such.

      You voluntarily sending an email, with whatever content you decide to put there, to a recipient of your choosing, is in absolutely no way the same as clicking a vote button and involuntarily having your vote and username broadcast to whoever cares to listen without your prior knowledge and consent. Yes, emails travel through a bunch of MTAs underway — that’s a prerequisite for email to work. And no, broadcasting Lemmy votes along with usernames is in no way a prerequisite for voting to work.

        • @madsen
          link
          21 year ago

          It’s voluntarily broadcasting it, because YOU told it to broadcast it.

          Yes, and that’s not the issue as I’ve been saying the entire time. The issue is that you have a right to know where it’s broadcast — both in the past and in the present. That’s what I’ve been saying the entire time. And the privacy policy needs to specify exactly what data is sent and where to. The privacy policy you cited did neither, it just stated that it was sent out.