Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.
- Deleted comments remain on the server but hidden to non-admins, the username remains visible
- Deleted account usernames remain visible too
- Anything remains visible on federated servers!
- When you delete your account, media does not get deleted on any server
It could defederate any non-compliant instances.
How do you know if they are non-complaint without manual verification?
It could, but actually policing it would be difficult. I don’t think there is any “yeah I’ll do that” response and even if there is an instance could say it will delete it and still do nothing.
You could defederate with instances running versions that don’t delete federated posts. Removing compatipility with older protocol implementations is not unheard of.
while this is certainly feasible, it is just a compliance checkmark of “doing your best”. It wouldn’t actually prevent someone attempting to persist that data. For example, I just need to maintain an insert-only copy of my deletion-compliant lemmy instance DB, and none of the deletions would be reflected on that.
I could then host that copy publicly on some unrelated lemmy instance, and without systematically de-federating from all other instances, you wouldn’t know which one was retaining the data.