• tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    TF1 and BFM both said the investigation was focused on a lack of moderators on Telegram

    I would vaguely imagine that they aren’t going to be very happy about the Threadiverse when they discover us. There’s no global moderator team to make moderate things.

    • Deebster@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      There’s moderation per community and per server. There’s no “fediverse moderator”, of course, but I think you’re vaguely worrying for nothing.

    • General_Effort@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      It certainly is against the GDPR to federate with US instances. US law enforcement could get their hands on our data!

      • tal@lemmy.today
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        4 months ago

        It certainly is against the GDPR to federate with US instances.

        considers

        I don’t think that it is, even for EU instances, in that the GDPR regulates businesses, so it’s out-of-scope for the GDPR.

        In theory, I suppose that GDPR implications might come up if someone starts selling commercial Threadiverse access at some point, though.

        There might be some interesting questions providing Usenet or maybe XMPP, though, as there are commercial providers of those services, and they are federated and transfer data all over the world.

        kagis

        Hmm. This has some people talking about it for XMPP. At least this guy’s first pass is that it might apply:

        https://mail.jabber.org/hyperkitty/list/operators@xmpp.org/thread/F5EGKYVPD42PPHOW72VBOS5E6OZTA22M/

        Under UK GDPR (not sure about the EU one) the only grounds for exemption is “Residential use” (other than police and national security, which are also exempt), quoting from the ICO:

        “Domestic purposes – personal data processed in the course of a purely personal or household activity, with no connection to a professional or commercial activity, is outside the UK GDPR’s scope. This means that if you only use personal data for such things as writing to friends and family or taking pictures for your own enjoyment, you are not subject to the UK GDPR.” [1]

        (For those who don’t know who the ICO is, they are the British data protection authority, see [2])

        At first, at least in my case, this seems pretty easy. The data is stored domestically, it is used with me and my friends for communication, there shouldn’t be any more to it… right?

        But there is. I regularly connect and talk in many MUCs for open source projects, such as Ignite Realtime (which this was initially discussed until Guus suggested moving it to operators, thanks Guus :) ).

        IP addresses, are considered identifiable information, logs will store said information, this therefore means my server is storing identifiable information on other servers, in this case, servers which could be considered for commercial purposes.

        It needs to be noticed commercial purposes doesn’t necessarily mean paid services, charities and non-profits are included within the definition. Open source projects COULD be considered commercial purposes because, although contributions are provided free of charge, it is still a “donation” of sorts in the way of code.

        The definition of “professional” does not seem to be clarified anywhere on the ICO page, nor in their legal definitions [3]. It doesn’t seem to be within the UK GDPR legislation [4] (I will admit I did not read all of this, I tried searching for keywords and found nothing, if someone read it all and knows where this exception is clarified, please let me know). Professional could mean a lot, but I will assume it is to do with some sort of “work”, which therefore would include open source contributions.

        This therefore could break the “no connection to professional or commercial activity”, to be honest the easiest thing to draw from this is if it involves someone who is not family or friend (or yourself), you are very likely to not be exempt.

        For those who will suggest a zero storage solution, where the XMPP server doesn’t store any data, it still comes under GDPR due to PROCESSING of data, simply processing it, even if you don’t store it, will have GDPR requirements.

        Failure to pay when you are required to results in fines.

        This is really cracking open a huge can of worms, it isn’t so much of “ah £45/yr is no big deal”, once you are exempt you must follow all the legal requirements of GDPR, and for a hobby? Is it worth it?

        I am 100% sure, an XMPP server which does not federate, which is used to communicate with friends would be exempt. But I have my doubts whether a federated server can still use the same exemption clause.

        • General_Effort@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          I’m not joking. It’s legally very questionable. It matters little if all the data is public.

          Have you heard about that $1.3 billion fine that Meta got under the GDPR? That was for sending data to US servers where the US government can get to it. It was the highest fine ever under the GDPR and it happened because Meta complies with US law. For that matter, the option to embed images into posts is a violation, as well.

          • Kusimulkku@lemm.ee
            link
            fedilink
            English
            arrow-up
            0
            ·
            4 months ago

            I don’t mind when they genuinely do go after child porn. But I suppose I’m not as principled about freedom of speech as some others

            • skibidi@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              4 months ago

              There is always a tension between security, privacy, and convenience. With how the Internet works, there isn’t really a way - with current technology - of reliably catching content like that without violating everyone’s privacy.

              Of course, there is also a lack of trust here (and there should be given the leaks about mass surveillance) that the ‘stop child porn powers’ would only be used for that and not simply used for whatever the powers that be wish to do with them.

              • Kusimulkku@lemm.ee
                link
                fedilink
                English
                arrow-up
                0
                ·
                4 months ago

                If we let Fediverse become unmoderared and rife with child porn then I’d be fine with them coming after it, is all I’m saying.