Glad we both leaned something :)

That makes sense. Companies with no presence in the EU can likely skirt the rules, but any large company with an EU presence will be compelled to follow them.

On that page you linked, they say “So far, the EU’s reach has not been tested, but no doubt data protection authorities are exploring their options on a case-by-case basis.” So it hasn’t really been tested yet it seems. It’s true that there are extradition treaties and interpol that aid in cross-border prosecution, but that tends to be used primarily when the alleged crime happened in the prosecuting country’s jurisdiction, or the alleged crime is handled similarly in both countries. A GDPR violation by a US company wouldn’t be considered a crime at all in the US, so it’s entirely possible that they might decline to assist in prosecution.

That’s a really interesting point, has it been tested in court? The article is about US companies and US websites so I figured EU law was irrelevant, but I am curious to see if the EU can claim jurisdiction for actions foreign companies take outside the EU, regardless of if they have any official EU presence.

Subpoenas are tools the government uses to compel a private entity to provide information. This isn’t that though, this is one private entity asking another private entity to just give them data. It’s not a legal case, and because of our non-existant privacy regulations in the US, Reddit is free to just hand over this information, or not if they want. No crime has to even be alleged, Reddit can just hand that information out.

Getting out of a VM reliably is not usually trivial, and VM escapes are usually designed to target specific configurations rather than an arbitrary deployment. A VM with a minimum amount of shared resources is usually a reasonable security boundary unless you think the malware you’re analyzing has hypervisor-specific 0 days.

As far as free software goes, how does running free software on your own server that you allow others to communicate with using established standard protocols violate your freedom? Not saying you shouldn’t be able to be selective about federation, but why would Facebook specifically being one of the peers violate your freedom?

I think because of federation, even if lemmy blows up, smaller instances and communities will be able to exist still. Over on Mastodon, the big instances have grown up quite a bit, but there is also many thriving smaller communities that either aren’t federated with the big instances, or federated very selectively to curate the community they want.