this post was submitted on 08 Jul 2023
23 points (100.0% liked)

Fediverse

757 readers
3 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
 

Hey, i'm a software developer and i'm considering trying to build a site using ActivityPub, but i have a few concerns about it. My first concern is that if the platform is open source someone can host a malicious version of it, where certain requests may be ignored (such as deletion).

This leads into my next concern which is GDPR, because now i can't be certain that a users data gets deleted upon their request and i'm not certain whether i would be liable since my instance federates with the malicious instance (which may also not be hosted in the EU which is itself problematic, and even if i'm not liable it's still not great).

I considered if it was viable to make the platform invite based somehow, so that it doesn't federate with everything by default, but that also sort of defeats the purpose of using ActivityPub.

The loss of control over content is also something that i don't particularly like, since some people may use their own instance for harassment or something else gross, but i guess that wouldn't be my problem since i just wrote the code and wouldn't have anything to do with the hosting of such sites.

i'd appreciate any feedback since i think the technology and the fediverse is very interesting, i would definitely like to try it out, but i'm not sure how to go about these challenges.

top 4 comments
sorted by: hot top controversial new old
[–] muddybulldog@mylemmy.win 14 points 1 year ago

ActivityPub is a standard, Lemmy, KBin & Mastodon are open source applications built on the standard. It's the same relationship as Hypertext Transfer Protocol (HTTP) and Chrome, Safari, Firefox, Apache & IIS.

As a client/server architecture, Lemmy is no more or less vulnerable to malicious actors than a web browser or a web server. You're at least as likely to have a rogue admin mishandle data as someone build Evil-Lemmy. While I consider myself a good netizen, if you delete this post right now I'm still going to have a copy for at least six months because that's my current backup retention for this instance.

I'm no GDPR expert but I can't see how an instance owner who does comply with GDPR can be punished for instances they don't control not deleting federated data. There are ongoing conversations throughout the Fediverse on this topic.

[–] poVoq@slrpnk.net 8 points 1 year ago

IANAL, but the GDPR only concerns itself with personal data (name, address, email, IP etc.) for deletion requests. These however are not necessarily shared with other ActivityPub servers, so if you delete them of your own server it should be sufficient.

[–] androidul@lemmy.ml 6 points 1 year ago* (last edited 1 year ago)

I can only comment on the content part: if someone posts content that’s against your instance policy you can either block their instance or the user afaik

[–] SkyNTP@lemmy.ml 4 points 1 year ago* (last edited 1 year ago) (1 children)

My first concern is that if the platform is open source someone can host a malicious version of it, where certain requests may be ignored (such as deletion).

Just so you know, this is not a fefiverse specific issue. Third party websites have cropped up to scrape sites like Reddit and post archived versions of undeleted posts for decades. I'm not sure your concern relates to the fefiverse at all.

load more comments (1 replies)
load more comments
view more: next ›