743
PSA: You can't delete photos uploaded to Lemmy. So don't (accidentally) upload a nude
(tech.michaelaltfield.net)
This is a most excellent place for technology news and articles.
I’m a developer of a Lemmy client. When you upload an image to a Lemmy instance, the instance returns a “delete token”. Later, you can ask the instance to delete the image attached to the delete token. So as long as you keep hold of the delete token for a specific image, you’re able to delete it later.
Lemmy-ui (the official frontend) will give you the option to delete an image again shortly after uploading it. However, it’s not possible to remove the image after actually creating the post, as the delete token associated with that post isn’t remembered anywhere on the Lemmy backend.
As for other Lemmy clients, YMMV. The client I work on (Mlem) deletes images if you remove them from a post before posting it, but has the same pitfall as Lemmy-ui in that it won’t delete the image if you’ve already created the post.
It would be possible to locally save the delete tokens of every image you upload, so that you can request that they be removed later. I don’t know of any clients that can do this yet, though (if someone knows of one, feel free to mention it).
Edit: clarity
Backend of the app or the lemmy server? if it is not stored on the lemmy server then there will be no way to delete it even if the app stores the token.
Also using a singular token that never expires to modify user content sounds like a bad idea. image operations like upload and delete should probably tied to the user credentials.
Apologies, I worded that badly. Lemmy uses an image hosting service called pictrs to manage the images you upload, which is largely separated from the rest of the Lemmy backend. Pictrs of course stores the delete tokens matching each image, but Lemmy doesn't associate those tokens with the posts or comments they originated from as far as I know.
That makes sense, probably why image deletion was so hard on lemmy.
If you want this to be fixed, please tell the devs on the relevant GitHub Ticket
For some reason they think I'm literally the only person who wants it? At least that's what they keep saying as the reason for why they won't work on it.
@[email protected] I'm told Boost does this.
whats the intent of a delete token in this context, why is it needed. it looks like bad design to me