Have been asking this myself lately.
People always seem to get defensive about this topic, but if an instance gets challenged on a GDPR investigation it could have a huge fine associated to it.
It is good to have this sorted out, so instance owners don’t enter a life changing financial risk.
Currently we probably are too small and fly under the radar, but this could become a big problem as the fediverse scales.
Issues I wonder about:
- How safe is the Fediverse? Is there a way for a federated instance to misuse the user data? Or can such activity be detected and cause a defedaration.
- How easily can all user data be deleted if a request comes in to remove all personal data? Wouldn’t that request have to be extended to all instances your instance is currently federated with?
- Instances probably wouldn’t be able to handle a bad actor (for example Meta, or spez) that decides to start a mass request attack.
- Corporations have lawyers that deal with this stuff, I don’t feel like most instance owners have the same kind of protection here.
But isn’t the whole point to play a burned copy of the game?
This seems like scalping concert tickets to a concert that allows you to copy tickets in the printer.