this post was submitted on 15 Mar 2025
129 points (97.8% liked)

Buy European

3527 readers
2373 users here now

Overview:

The community to discuss buying European goods and services.

Matrix Chat

Rules:

  • Be kind to each other, and argue in good faith. No direct insults nor disrespectful and condescending comments.

  • Do not use this community to promote Nationalism/Euronationalism. This community is for discussing European products/services and news related to that. For other topics the following might be of interest:

  • Include a disclaimer at the bottom of the post if you're affiliated with the recommendation.

Feddit.uk's instance rules apply:

  • No racism, sexism, homophobia, transphobia or xenophobia
  • No incitement of violence or promotion of violent ideologies
  • No harassment, dogpiling or doxxing of other users
  • Do not share intentionally false or misleading information
  • Do not spam or abuse network features.
  • Alt accounts are permitted, but all accounts must list each other in their bios.

Benefits of Buying Local:

local investment, job creation, innovation, increased competition, more redundancy.

Related Communities:

Buy Local:

[email protected]

[email protected]

[email protected]

[email protected]

Buying and Selling:[email protected]

Boycott:[email protected]

Stop Publisher Kill Switch in Games Practice:[email protected]

Banner credits: BYTEAlliance

founded 1 month ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
129
Veklar, a French social media, apparently aims to protect their users from the Fediverse (?!) (feddit.nl)
submitted 1 day ago* (last edited 1 day ago) by [email protected] to c/[email protected]
39 comments fedilink hide all child comments
 

https://veklar.com/

First time I see this, not sure what they mean

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 60 points 1 day ago* (last edited 1 day ago) (1 children)

Their reasoning isn't necessarily bad:

They do explain their reasoning:

Expand for alt text"The ActivityPub protocol, standardised by W3C and governing exchanges within the Fediverse, requires us to clearly identify you when you interact with another platform, which is normal in order to prevent falsification of exchanges.

Opening such a breach would go against our commitments and philosophy on data protection and anonymity.

If we don't expose your likes and follows it's not to make them public on platforms that can be hosted anywhere and by anyone thanks to decentralised applications such as Mastodon.

This would also be a problem regarding our commitments in terms of moderation and the protection of minors, since profiles moderated by other platforms, with their own rules, could interact with Veklar users.

The Fediverse is open and anyone can decide to join in the future. This is particularly the case for Meta, which has already prepared Threads for its foray into the Fediverse, and is also thinking about integrating Instagram. Google could also join the Fediverse with YouTube. In all its principles, Veklar is committed to protecting you from GAFAM and ensuring the sovereignty of your personal data and your public image."

They use Threads as an example of what could happen to the Fediverse, but who knows how many companies are out there with fake Mastodon/Lemmy servers, subscribing to as many feeds as they can, letting the Fediverse handle delivering structured, scrapable data for them so they can work on their AIs or thread intel or marketing profiles.

They also have a point with their attempts to keep likes/follows private: that's something a lot of users want, and something a lot of users are surprised to learn doesn't exist on the Fediverse. The Fediverse is more metadata than data and that's not something everyone likes sharing. With monoliths like Veklar, you only need to trust one server not to datamine your every move rather than thousands of servers.

Speaking of privacy, most of the Fediverse isn't compatible with any privacy laws I've seen. For a bunch of hobbyists that's probably fine because privacy enforcement agencies have better things to do, but for a company that intends to make money and wants to actually become an alternative, that's a problem. A GDPR-compliant Fediverse server would need to record which other servers which bits of PII have been shared, how that information is protected (does lemmy.world even encrypt their database?), and with what other servers that information was shared in turn. That's practically impossible. The Fediverse exists in Europe because it's unimportant and unprofessional enough not to attract lawsuits.

They also have a good point about moderation. I could trivially spam every Lemmy server full of CSAM with maybe $100 in cloud credit to the point the FBI becomes interested. The Fediverse, and in particular Lemmy, is a bit like the Old Internet, assuming everyone has good intentions and that the minority with bad intentions can be handled by human interaction. New servers don't get vetted, new moderation environments don't get verified, and server administrators are left to their own devices to get rid of botnets and other malicious entities if they don't want their server to become a spam relay.

I think the upsides of the Fediverse are worth the risks. Veklar clearly thinks otherwise. They're not necessarily wrong, they just have different priorities.

[–] [email protected] 29 points 1 day ago (2 children)

Mastodon and Lemmy don't actually share any data actually protected by GDPR, unless the users actively make it public (like using their real name).

[–] [email protected] 5 points 20 hours ago (2 children)

Am I right in my understanding that if you run a federated Lemmy instance, you can see who has upvoted what, even on other instances?

Is that not something protected by GDPR?

[–] [email protected] 6 points 19 hours ago (1 children)

No, things like your home address, your IP address, birth date, health conditions, religion, etc are PII.

Upvotes almost certainly falls into "legitimate purposes" since the data is required for moderation.

[–] [email protected] -5 points 19 hours ago (2 children)

So, are you saying that Facebook holds basically no data covered by GDPR?

[–] JackbyDev 7 points 18 hours ago (1 children)

How'd you get that from that???

[–] [email protected] -1 points 18 hours ago (1 children)

Well, ok, of that list they have my ip address, but nothing else.

[–] JackbyDev 2 points 11 hours ago

They accept all of that information in one way or another.

[–] [email protected] 3 points 19 hours ago

Your instance has data covered by GDPR, but the data it sends to other instances is covered by the same exceptions as the data you send in a email. Without exceptions for legimitate interests it would be illegal to send an email from, say, mailbox to Gmail or Yandex Mail.

[–] [email protected] 3 points 20 hours ago

I guess that could be in regards to user profiling.

Since no fedi platform aggregates user data like "user xy always upvotes topic a, therefore I will show him more on topic a via an algorithm", or shows algorithmic advertisements, or sells user data for advertisements etc, I don't think it's relevant to GDPR at the moment.

[–] [email protected] 2 points 23 hours ago (1 children)

PII includes any information that can be used to link or correlate personal information. That includes usernames and account IDs. Every like/upvote contains that information, as well as a timestamp, indicating a unique account but also behaviour. The system doesn't just share a list of names, it shares a list of names with a lot of context. Stuff like this is also why pseudonymisation isn't sufficient to avoid GDPR obligations.

Usernames aren't sensitive information, so you can handle it without too much special care (although you do need to ensure basic protection of login credentials against data leaks, for instance by encrypting databases as a minimum requirement). They are PII, though, which means you're obligated to take some level of care and ensure that the information can be corrected or redacted everywhere.

The GDPR simply wasn't written with something like the Fediverse in mind. My server knowing when your account upvoted what posts on a third server would be ridiculous if we're talking about Twitter and Facebook, but it's the core of vote counting on Lemmy.

[–] [email protected] 3 points 21 hours ago* (last edited 21 hours ago) (1 children)

GDPR doesn't include things you choose to make public, otherwise no social media could show your posts or username to anyone. My only doubt about Lemmy and Mastodon is about DMs where people have a reasonable expectation that they are private but they are not.

Edit: and thinking about it, even DMs probably fall into the same exception as email.

[–] [email protected] 2 points 20 hours ago (1 children)

That is wrong. GDPR of course covers public information. It simply does not force platforms to hide this kind of information. But transmission of these informations without user's consent and especially sale of these informations could possibly be prohibited by a court referencing GDPR.

[–] [email protected] 2 points 19 hours ago (1 children)

But simply transmitting it for the purposes of making the protocol work, falls under legimitate purposes, like sending an email to email server in China

[–] [email protected] 4 points 19 hours ago

Absolutely.

But if a fedi software/instance decided to do something else with this public data, it could get legally problematic. That is the point I'm making.