• banghida@lemm.ee
    link
    fedilink
    arrow-up
    60
    ·
    9 months ago

    Former user, I’ve deleted my 12 years old account when Boost stopped working. I am not sure what can I do, I would gladly sue tbh.

    • TWeaK@lemm.ee
      link
      fedilink
      English
      arrow-up
      42
      arrow-down
      2
      ·
      9 months ago

      If they still have your comments on the site then you still have a claim.

      If they don’t have the comments on the site, they probably do still retain the content secretly and technically you would have a claim, but it would be impossible to prove.

      • voracitude@lemmy.world
        link
        fedilink
        arrow-up
        17
        ·
        9 months ago

        Au contraire. If they didn’t delete the information when asked to under the GDPR, and they get caught deleting evidence after a suit was filed (civil by one of us, criminal by the EU), they’re in even bigger trouble. Reddit would have to be very careful to cover their tracks, and they won’t be careful enough.

        • promitheas@iusearchlinux.fyi
          link
          fedilink
          arrow-up
          7
          ·
          9 months ago

          My DPO basically told me that since reddit told me (I contacted reddit first as per the GDPR) that I can delete my comments myself I should go ahead and do that, and that my case was closed. Even after telling her that there were still 2 comments visible only when my profile is viewed “signed out”, and I provided a screenshot of a regular browser window where I am signed in and an incognito window where I am not, her reply was that once I delete my account they will not be linked to me in any way so they do not violate the GDPR…

          • TWeaK@lemm.ee
            link
            fedilink
            English
            arrow-up
            7
            ·
            9 months ago

            It might not violate GDPR, but there’s still copyright to it. Reddit haven’t provided consideration in exchange for the rights they claim to your comment - access to the website is offered free of charge, regardless of whether you post.

            Granted, that’s a different avenue entirely, you’d have to take them to court for selling your work to train AI.

          • voracitude@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            9 months ago

            Disappointing on the face of it, but not entirely unexpected. This will be an aggregate effort from members of the community; the next step is to write your local politician and ask why the response from their watchdog was so milquetoast?

      • winterayars@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        Even if they don’t have your comments, if you find a gdpr complaint they will have to show that. You can ask to see any data they have on you and also ask them to delete it. (If you’re actually going to sue them don’t ask them to delete it, though. You’ll need that in court.)

    • lemmyingly@lemm.ee
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      9 months ago

      Boost hasn’t stopped working. I’m still using it and I’ve used it everyday.

      I have Boost for Lemmy and Reddit. Their icons are identical.

  • Gordon_Freeman@kbin.social
    link
    fedilink
    arrow-up
    41
    ·
    9 months ago

    Could we sabotage the LLM training so the data became worthless?

    Like adding to our comments stuff like “2+2=5” “Abraham Lincoln discovered America” and whatever silly statement you can think of

      • Gamma@beehaw.org
        link
        fedilink
        English
        arrow-up
        19
        ·
        9 months ago

        Google’s LLMs are going to get real good at gaslighting and hating minorities in the next few years

        • archchan@lemmy.ml
          link
          fedilink
          arrow-up
          6
          ·
          9 months ago

          Google is already a pro at gaslighting even without LLMs trained on Reddit’s garbage.

          “Web integrity is for your privacy and security” my cute ass.

        • delirious_owl@discuss.online
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          9 months ago

          Yep. Ask them if Palestine committed a genocide and they’ll parrot back the Isrsel-funded disinformation spread all over reddit “no. Israel has a right to defend itself”

          If people actually turn to LLMs for information, we’re heading to a dark place.

          • Icalasari@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            9 months ago

            The far right multimedia group Gab released an LLM for people to get answers which “the government and liberal elite keep secret”, so already happening

            Hilariously easy to jailbreak though, so I imagine it’s also piss easy to poison

          • crispy_kilt@feddit.de
            link
            fedilink
            arrow-up
            1
            arrow-down
            2
            ·
            9 months ago

            Israel committing war crimes

            Israel has a right to self-defense

            Did you know that both of these statements can be true at the same time?

            • delirious_owl@discuss.online
              link
              fedilink
              arrow-up
              5
              arrow-down
              1
              ·
              8 months ago

              Thats like saying “all lives matter” to the BLM folks.

              Of course Israel has the right to defend itself, but the point is that 99% of their activity is offensive and they are the oppressor. that argument is double-speak.

              Israel is committing a genocide and you think that’s a reasonable response?

    • Agent641@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      9 months ago

      Someone less lazy than me should use a script to feed existing comments into an LLM, which then reproduces a convincing sentence structure but incorrect gibberish content, and then edit all a user’s comments - gradually, not all at once - to the poisoned content. Like 4chan did with the original captcha, but on a wider scale.

    • jarfil@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      9 months ago

      IIRC, one of the LLMs (was it OpenAI?) that crawled Reddit, had to manually remove subs like r/counting because they were messing with the training.

  • Exocrinous@lemm.ee
    link
    fedilink
    English
    arrow-up
    39
    ·
    edit-2
    9 months ago

    Fun fact: Reddit is claiming it has full rights to distribute and sell any content posted to Reddit. So if you’ve ever posted to r/gonewild, they’re claiming to have a full licence to do whatever they want with pictures of your naked body.

    • INHALE_VEGETABLES@aussie.zone
      link
      fedilink
      arrow-up
      7
      ·
      9 months ago

      I honestly figure they do have the rights. I will be bum fucked if I ever read those terms and conditions.

      What will they do with my lewd pics anyhow?

      • soggy_kitty@sopuli.xyz
        link
        fedilink
        arrow-up
        10
        arrow-down
        1
        ·
        9 months ago

        Under GDPR they have to prove that you read the terms and conditions, not just accepted them.

        GDPR is a god send for the EU and UK.

            • BurningRiver@beehaw.org
              link
              fedilink
              arrow-up
              4
              ·
              9 months ago

              Thank you very much for that. I work in an industry (in the US), but we have increasingly detailed training on GDPR, HIPAA (US healthcare information regulations), CCPA (California’s version of GDPR) and on and on. I didn’t know the UK had their own version.

              The lack of uniformity in the US is making it increasingly difficult to comply with everything over here, with states constantly passing their own laws on digital privacy, but those penalties for non compliance vary so greatly it’s almost impossible to follow.

      • Exocrinous@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        9 months ago

        Feed them to Google’s AI for data. Your boobs will be source material for the next generation of AI porn.

      • Exocrinous@lemm.ee
        link
        fedilink
        English
        arrow-up
        13
        ·
        9 months ago

        No, many people do sex work on the internet and depend on distribution rights to their own bodies to make an income. I’m not usually a fan of copyright, but I make a big exception for people’s bodies. This also isn’t just a matter of money, it’s a matter of personal dignity and social integrity. Nobody should be coerced into giving up creative rights to their own body. It’s sexual harassment at best. If my nudes are used to train an AI in some way with a profit motive, then I’m engaged in what is essentially prostitution without my own consent.

      • BreakDecks@lemmy.ml
        link
        fedilink
        English
        arrow-up
        9
        ·
        8 months ago

        The point of posting them is either for fun or for profit. Not to grant an open license for a corporation to sell your content for their profit.

        Reddit created a website for people to come and share content and ideas with each other, and now claims to have legal ownership over their users’ content and ideas. Nobody participated because they wanted Reddit to sell their data. People generally figured that seeing advertisements was how they paid for the site, not by selling their souls.

        • NotJustForMe@lemmy.ml
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          8 months ago

          That sounds like wishful thinking. If I leave my private photos and sex videos on the local supermarkets local-ads bench, I can all but hope that they will only be used for innocent fun. But who would actually expect that?

          Posting things on the internet is a verbatim open license for your stuff to being used and sold. Perhaps your country has some laws. But nobody is keeping some local vietnamese company in check, or that indian outlet. Or any other place in the world.

          The internet is public. Any bot can just parse reddit. All those pictures are being used anyway, with or without reddit making some cash with them. It’s just legal issues and drama. The data is out there, and someone is making money with it. Already. Just without making it public. All this outrcry is just additional marketing.

  • Eggyhead@kbin.run
    link
    fedilink
    arrow-up
    33
    ·
    9 months ago

    Reddit definitely doesn’t seem like the kind of business that might utterly disregard such requests while insisting outwardly that they are complying.

    • AlteredStateBlob@kbin.socialOP
      link
      fedilink
      arrow-up
      16
      ·
      9 months ago

      The requests don’t go to reddit, but the supervisory authorities. They can try and ignore those requests, but since they have offices in the EU, those can and will be slapped around - if any DPA takes action, that is.

  • delirious_owl@discuss.online
    link
    fedilink
    arrow-up
    32
    arrow-down
    2
    ·
    9 months ago

    Isn’t it a violation once they do something?

    Maybe its illegal to make impossible promises to investors, but the GDPR supervisor authority wouldn’t be the place to make that complaint…

    • AlteredStateBlob@kbin.socialOP
      link
      fedilink
      arrow-up
      16
      ·
      9 months ago

      It is not clear if reddit has already engaged in this with Google, or if it is something that’s only starting. However, as outlined in my post, they might have to consult with a DPA before engaging in this anyway, which I doubt they have done. So, no, DPAs are absolutely the right place to make that complaint.

      Even if they hadn’t started yet, might as well get their eyes on it, and force them to do it right from the get go (which they cannot do, as it currently stands).

      • Firipu@startrek.website
        link
        fedilink
        arrow-up
        5
        ·
        9 months ago

        You really believe a large Corp like reddit decided on something as big as this without consulting with their lawyers? Fuck spez, but there’s no way not a single lawyer working with reddit remembered the massive legislation that has by far had the largest impact on the internet in years.

        • Ephera@lemmy.ml
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          9 months ago

          Corporate lawyers tend to be …optimistic. And then management will put a risk calculation on top of that. As a result, most larger companies violate the GDPR. See the popular use of Google Analytics or Microsoft 365, for example, which are illegal in the EU, if you ask a DPA¹. Giving them a reality check is never a bad idea.

          ¹) https://www.imy.se/en/news/four-companies-must-stop-using-google-analytics/
          https://news.itsfoss.com/microsoft-office-365-illegal-germany/

        • AlteredStateBlob@kbin.socialOP
          link
          fedilink
          arrow-up
          3
          ·
          9 months ago

          Especially US companies usually just do things and are willing to engage in lenghty legal battles after the fact.they are very, very litigous.

          Another issue to consider is that the GPDR is held vague on purpose since it applies to your neighborhood yoga studio as well as Google or reddit. Entirely different use cases. So there is a lot of room for interpretation.

          Looking at the conduct just within Europe, yes, I think it is possible GDPR considerations were either ignored or downplayed to the point of irrelevance. There was a recent study by noyb.eu which showed that DPOs are still often pressured to make recommendations that do not align with GDPR principles.

          Either way, the DPAs will have to decide if the complaint has merit. Given new technologies are specifically mentioned im the GDPR, I am at least very curious to see how it turns out.

    • Ephera@lemmy.ml
      link
      fedilink
      English
      arrow-up
      8
      ·
      9 months ago

      Yeah, a formal complaint isn’t quite intended for this purpose. Just writing to your data protection authority/officer to let them know that this is important to look after, will do the same here. They can then hand out a warning to Reddit.

  • The Hobbyist@lemmy.zip
    link
    fedilink
    arrow-up
    28
    ·
    9 months ago

    Former reddit user, deleted my accounts just a few weeks back, should I feel concern that my data may still be involved? I guess there would be no GDPR recourse for me anyway?

        • onion@feddit.de
          link
          fedilink
          arrow-up
          24
          ·
          9 months ago

          You didn’t delete anything. You told reddit to delete stuff, but whether they actually did that is a different question. It isn’t public on their website anymore, but the data might still be lying around on their servers

          • MouseWithBeer@iusearchlinux.fyi
            link
            fedilink
            arrow-up
            25
            ·
            edit-2
            9 months ago

            Yea they keep all the data. I deleted everything on my account when the whole shitshow happened and then GDPR requested the data associated with the account and it was all still there. And when I requested that they delete that too they outright refused.

            • Metz@lemmy.world
              link
              fedilink
              Deutsch
              arrow-up
              15
              ·
              9 months ago

              i would love to see the answer from reddit because that sounds extremely illegal. keeping the data alone is already a violation.

            • winterayars@sh.itjust.works
              link
              fedilink
              arrow-up
              5
              ·
              9 months ago

              That sounds like a gdpr violation. Companies can keep some things under the gdpr even when asked to delete them but i doubt your comments or whatever fall into that category.

              • LWD@lemm.ee
                link
                fedilink
                arrow-up
                4
                ·
                9 months ago

                Elsewhere in this thread, somebody mentions that Reddit only needs to unlink your comments from your identity in order for it to be technically legal for them to hang on to them.

                But if you do a GDPR request for your account and it comes back with your comments, they clearly haven’t even done that.

      • SteefLem@lemmy.world
        link
        fedilink
        arrow-up
        16
        ·
        edit-2
        9 months ago

        For the dutch its: https://www.autoriteitpersoonsgegevens.nl/een-tip-of-klacht-indienen-bij-de-ap

        But to be honest I think its already on their radar since its also in the news here (some) but every bit helps (i think)

        Like the topic says in the last paragraph “ Find your supervisory authority (just use google, for added irony) by searching for “Data Protection supervisory authority [the state you live in]”. but with state you should fill in your country.

          • SteefLem@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            9 months ago

            Sorry didnt copy what i wrote. Some along the line of well what they are selling and to whom and pasted the url from this article in the box. Nothing to lengthy, so its not a bother to read, just the facts, as far as i know them that is. Keep it short and simple. You can also attach documents if you have any.

  • promitheas@iusearchlinux.fyi
    link
    fedilink
    arrow-up
    21
    ·
    9 months ago

    Ive been engaged in discussion with my country’s data protection officer since the summer, and the reply I got was that I should delete comments myself. There are 2 comments that appear on my profile only if viewed while I am signed out, and when I raised the concerns with her I basically got the reply that “there is no personal information contained within and once you delete your account there is no username attached to them so you cant be linked with them”. Is she right, and how do I handle this situation?

    • Blackmist@feddit.uk
      link
      fedilink
      English
      arrow-up
      11
      ·
      9 months ago

      As I understand it:

      As long as the link between data and user is severed, they are compliant with GDPR. Anonymising data (proper non-reversable anonymisation, rather than pseudo-anonymisation) is as good as deleting. As long as it’s not personally identifiable, it’s OK.

      I suspect anyone else expecting the EU to purge reddit of their comments will be equally disappointed.

      • sibachian@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        9 months ago

        what about the whole knowing who is who based on word pattern/habit, and connected content and/or opinion?

        • Blackmist@feddit.uk
          link
          fedilink
          English
          arrow-up
          4
          ·
          9 months ago

          None of that really seems to count for GDPR. And good luck picking any one person out of a sea of a million orphaned comments.

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        9 months ago

        According to how the UK’s Matrix/Element “privacy” messager app acts, that is correct. If, for example, you request a GDPR compliant data deletion of your messages in a room that contains 100 people, they will continue storing your data and delivering it to those 100 people, as well as propagating your data across any other servers where those people may be.

        If you’ve lost access to any of those rooms, screw you, your data doesn’t belong to you but it does belong to anybody who was there at the time.

      • jarfil@beehaw.org
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        As long as the link between data and user is severed, they are compliant with GDPR. […] As long as it’s not personally identifiable, it’s OK.

        Wrong.

        In the US, data protection refers to “personally identifiable” data, so severing the link is enough. Under the GDPR, all “personal” data is protected, doesn’t matter if it has a link or not to identify the person.

        The test under the GDPR, will be whether a comment has any personal data in it. If it’s a generic “LMAO”, then leaving it anonymous might be enough; if it is a “look at me [photo attached]” or an “AITA [personal story]”, then the person can ask for it to be removed, not just anonymized.

        • LWD@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          That sounds like it places an undue burden onto the user to determine and explain why data might be personal. Is a particular writing style personal? Something that identifies their IP address, or time zone, or three separate messages that can be used to pinpoint someone’s identity or narrow it down significantly?

          To build on the Matrix example I mentioned, they give you the ability to “redact” messages but it’s your job to hunt them down across their entire platform, and obviously you can’t look at any messages in any rooms you’ve been kicked out of (and I’m pretty sure an API call to redact them, even if you correctly guessed the ID, would be rejected).

          • jarfil@beehaw.org
            link
            fedilink
            arrow-up
            2
            ·
            8 months ago

            places an undue burden onto the user to determine and explain why data might be personal

            The other way around: all data originating from a person, is by default “personal data”, and the burden of explaining which one is not, lies with whoever is keeping it.

            you can’t look at any messages in any rooms you’ve been kicked out of

            If they’re keeping them, then you can request a GDPR export of ALL your data. Doesn’t matter whether some interface or application allows you access to the data or not, or even if you’ve been banned from the whole platform; as long as they keep the data, they have an obligation to honor your rights of:

            • Access
            • Correction/Modification
            • Removal

            Even during obligatory data retention retention periods, when they can’t remove the data and only make it inaccessible, you still have the right to get a copy of your own personal data.

            • LWD@lemm.ee
              link
              fedilink
              arrow-up
              1
              ·
              8 months ago

              I really hope I’m wrong and you’re right here! I agree with you entirely in terms of what should be allowed, if it isn’t already allowed. And I definitely hope you’re correct. I haven’t recently requested a data export from my languishing Matrix account, but I might give it another go to see what kind of data is stored on my home server.

    • AlteredStateBlob@kbin.socialOP
      link
      fedilink
      arrow-up
      8
      ·
      9 months ago

      The DPAs have discretion on how they interpret the laws and what guidance they give. This is something you could only really pursue through litigation beyond what reply you’re getting from your DPA. Personally, I am not trusting reddit to actually, truly delete anything. But there would need to be proof for that, beyond my suspicions.

      If deleted was truly deleted, I’d say they’re right on an individual case.

      The issue I’m outlining is however of a different nature, so I am somewhat hopeful at least some DPA will take this issue on.

    • xor@infosec.pub
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      9 months ago

      wrong because “deleting” your data doesn’t make it disappear

  • cosmicrookie@lemmy.world
    link
    fedilink
    arrow-up
    17
    ·
    9 months ago

    Even threatening with a GDPR request was taken seriously by them half a year æg when I deleted my account.

  • delirious_owl@discuss.online
    link
    fedilink
    arrow-up
    7
    ·
    9 months ago

    Is there a way to export my data from reddit and archive it on Lemmy instead? I dont want my valuable contributions of difficult-to-find information to be lost forever by just deleting it

    • Kissaki@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      You can export your reddit data. There’s no simple, existing way to replicate it on Lemmy though.

      The export is machine readable, so scripting a loop that creates posts from it would be viable and reasonably doable.

  • lemmyingly@lemm.ee
    link
    fedilink
    arrow-up
    9
    arrow-down
    5
    ·
    9 months ago

    I see no difference between most big tech companies and Reddit in terms of selling user data. Reddit is just being more forthcoming with it instead of allowing users to figure it out eventually.

    • voracitude@lemmy.world
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      9 months ago

      They undeleted a bunch of content that they had no right to undelete, and are using EU citizens’ data without consent. They’re in violation of GDPR, and the EU is going to take a very dim view of that indeed.