this post was submitted on 23 Feb 2024
799 points (99.0% liked)

Privacy

32465 readers
405 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 64 points 10 months ago (3 children)

Former user, I've deleted my 12 years old account when Boost stopped working. I am not sure what can I do, I would gladly sue tbh.

[–] [email protected] 40 points 10 months ago (2 children)

If they still have your comments on the site then you still have a claim.

If they don't have the comments on the site, they probably do still retain the content secretly and technically you would have a claim, but it would be impossible to prove.

[–] [email protected] 17 points 10 months ago (1 children)

Au contraire. If they didn't delete the information when asked to under the GDPR, and they get caught deleting evidence after a suit was filed (civil by one of us, criminal by the EU), they're in even bigger trouble. Reddit would have to be very careful to cover their tracks, and they won't be careful enough.

[–] [email protected] 7 points 10 months ago (3 children)

My DPO basically told me that since reddit told me (I contacted reddit first as per the GDPR) that I can delete my comments myself I should go ahead and do that, and that my case was closed. Even after telling her that there were still 2 comments visible only when my profile is viewed "signed out", and I provided a screenshot of a regular browser window where I am signed in and an incognito window where I am not, her reply was that once I delete my account they will not be linked to me in any way so they do not violate the GDPR...

[–] [email protected] 8 points 10 months ago

It might not violate GDPR, but there's still copyright to it. Reddit haven't provided consideration in exchange for the rights they claim to your comment - access to the website is offered free of charge, regardless of whether you post.

Granted, that's a different avenue entirely, you'd have to take them to court for selling your work to train AI.

load more comments (2 replies)
load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 42 points 10 months ago (4 children)

Could we sabotage the LLM training so the data became worthless?

Like adding to our comments stuff like "2+2=5" "Abraham Lincoln discovered America" and whatever silly statement you can think of

[–] [email protected] 63 points 10 months ago (1 children)

I think reddit is already sufficently full of misinformation that you dont need to add to it

[–] [email protected] 20 points 10 months ago (6 children)

Google’s LLMs are going to get real good at gaslighting and hating minorities in the next few years

[–] [email protected] 7 points 10 months ago

Google is already a pro at gaslighting even without LLMs trained on Reddit's garbage.

"Web integrity is for your privacy and security" my cute ass.

load more comments (5 replies)
[–] [email protected] 9 points 10 months ago

Someone less lazy than me should use a script to feed existing comments into an LLM, which then reproduces a convincing sentence structure but incorrect gibberish content, and then edit all a user's comments - gradually, not all at once - to the poisoned content. Like 4chan did with the original captcha, but on a wider scale.

[–] [email protected] 6 points 10 months ago

"Wipe out all of Europe"

load more comments (1 replies)
[–] [email protected] 41 points 10 months ago* (last edited 10 months ago) (6 children)

Fun fact: Reddit is claiming it has full rights to distribute and sell any content posted to Reddit. So if you've ever posted to r/gonewild, they're claiming to have a full licence to do whatever they want with pictures of your naked body.

[–] [email protected] 8 points 10 months ago (3 children)

I honestly figure they do have the rights. I will be bum fucked if I ever read those terms and conditions.

What will they do with my lewd pics anyhow?

[–] [email protected] 9 points 10 months ago (1 children)

Under GDPR they have to prove that you read the terms and conditions, not just accepted them.

GDPR is a god send for the EU and UK.

[–] [email protected] 6 points 10 months ago (1 children)

Maybe a dumb question here from across the pond. Does GDPR even apply to the UK after Brexit?

[–] [email protected] 6 points 10 months ago (1 children)

@BurningRiver @soggy_kitty Not directly, but the UK Data Protection Act adopts nearly every aspect of GDPR to allow for data portability. Eg this is especially important for fintech data but there's good support for open science and open data in the UK too. https://www.gov.uk/data-protection

load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 8 points 10 months ago (2 children)

I might be naive, but isn't that the point of posting them on the internet?

[–] [email protected] 15 points 10 months ago (2 children)

No, many people do sex work on the internet and depend on distribution rights to their own bodies to make an income. I'm not usually a fan of copyright, but I make a big exception for people's bodies. This also isn't just a matter of money, it's a matter of personal dignity and social integrity. Nobody should be coerced into giving up creative rights to their own body. It's sexual harassment at best. If my nudes are used to train an AI in some way with a profit motive, then I'm engaged in what is essentially prostitution without my own consent.

load more comments (2 replies)
[–] [email protected] 11 points 10 months ago (1 children)

The point of posting them is either for fun or for profit. Not to grant an open license for a corporation to sell your content for their profit.

Reddit created a website for people to come and share content and ideas with each other, and now claims to have legal ownership over their users' content and ideas. Nobody participated because they wanted Reddit to sell their data. People generally figured that seeing advertisements was how they paid for the site, not by selling their souls.

load more comments (1 replies)
load more comments (4 replies)
[–] [email protected] 34 points 10 months ago (1 children)

Reddit definitely doesn’t seem like the kind of business that might utterly disregard such requests while insisting outwardly that they are complying.

[–] [email protected] 17 points 10 months ago

The requests don't go to reddit, but the supervisory authorities. They can try and ignore those requests, but since they have offices in the EU, those can and will be slapped around - if any DPA takes action, that is.

[–] [email protected] 30 points 10 months ago (2 children)

Isn't it a violation once they do something?

Maybe its illegal to make impossible promises to investors, but the GDPR supervisor authority wouldn't be the place to make that complaint...

[–] [email protected] 16 points 10 months ago (3 children)

It is not clear if reddit has already engaged in this with Google, or if it is something that's only starting. However, as outlined in my post, they might have to consult with a DPA before engaging in this anyway, which I doubt they have done. So, no, DPAs are absolutely the right place to make that complaint.

Even if they hadn't started yet, might as well get their eyes on it, and force them to do it right from the get go (which they cannot do, as it currently stands).

load more comments (3 replies)
[–] [email protected] 8 points 10 months ago

Yeah, a formal complaint isn't quite intended for this purpose. Just writing to your data protection authority/officer to let them know that this is important to look after, will do the same here. They can then hand out a warning to Reddit.

[–] [email protected] 28 points 10 months ago (2 children)

Former reddit user, deleted my accounts just a few weeks back, should I feel concern that my data may still be involved? I guess there would be no GDPR recourse for me anyway?

[–] [email protected] 9 points 10 months ago (1 children)

Did you also deleted your comments and posts?

[–] [email protected] 9 points 10 months ago (1 children)

Yes, all content possible, before deleting my account.

[–] [email protected] 24 points 10 months ago (1 children)

You didn't delete anything. You told reddit to delete stuff, but whether they actually did that is a different question. It isn't public on their website anymore, but the data might still be lying around on their servers

[–] [email protected] 25 points 10 months ago* (last edited 10 months ago) (4 children)

Yea they keep all the data. I deleted everything on my account when the whole shitshow happened and then GDPR requested the data associated with the account and it was all still there. And when I requested that they delete that too they outright refused.

[–] [email protected] 15 points 10 months ago

i would love to see the answer from reddit because that sounds extremely illegal. keeping the data alone is already a violation.

[–] [email protected] 10 points 10 months ago

If you're in the EU, I hope you have documentation of that. Could prove useful.

[–] [email protected] 6 points 10 months ago

Can you post a short version of what you sent them for inspiration?

[–] [email protected] 5 points 10 months ago (1 children)

That sounds like a gdpr violation. Companies can keep some things under the gdpr even when asked to delete them but i doubt your comments or whatever fall into that category.

load more comments (1 replies)
[–] [email protected] 5 points 10 months ago

You can ask to have everything related to you, to be deleted. Just provide your email.

[–] [email protected] 26 points 10 months ago (1 children)

Done. Simple process and can do it “anonymously”

[–] [email protected] 6 points 10 months ago (1 children)
[–] [email protected] 16 points 10 months ago* (last edited 10 months ago) (2 children)

For the dutch its: https://www.autoriteitpersoonsgegevens.nl/een-tip-of-klacht-indienen-bij-de-ap

But to be honest I think its already on their radar since its also in the news here (some) but every bit helps (i think)

Like the topic says in the last paragraph “ Find your supervisory authority (just use google, for added irony) by searching for "Data Protection supervisory authority [the state you live in]". but with state you should fill in your country.

load more comments (2 replies)
[–] [email protected] 21 points 10 months ago (2 children)

PSA: GDPR still applies in law in the UK too; it has not been repealed

[–] [email protected] 10 points 10 months ago

*UK GDPR. Because all EU legislations prior to Brexit have been made into domestic equivalents when the UK left the bloc.

load more comments (1 replies)
[–] [email protected] 21 points 10 months ago (5 children)

Ive been engaged in discussion with my country's data protection officer since the summer, and the reply I got was that I should delete comments myself. There are 2 comments that appear on my profile only if viewed while I am signed out, and when I raised the concerns with her I basically got the reply that "there is no personal information contained within and once you delete your account there is no username attached to them so you cant be linked with them". Is she right, and how do I handle this situation?

[–] [email protected] 11 points 10 months ago (8 children)

As I understand it:

As long as the link between data and user is severed, they are compliant with GDPR. Anonymising data (proper non-reversable anonymisation, rather than pseudo-anonymisation) is as good as deleting. As long as it's not personally identifiable, it's OK.

I suspect anyone else expecting the EU to purge reddit of their comments will be equally disappointed.

load more comments (8 replies)
[–] [email protected] 8 points 10 months ago

The DPAs have discretion on how they interpret the laws and what guidance they give. This is something you could only really pursue through litigation beyond what reply you're getting from your DPA. Personally, I am not trusting reddit to actually, truly delete anything. But there would need to be proof for that, beyond my suspicions.

If deleted was truly deleted, I'd say they're right on an individual case.

The issue I'm outlining is however of a different nature, so I am somewhat hopeful at least some DPA will take this issue on.

load more comments (3 replies)
[–] [email protected] 17 points 10 months ago

Even threatening with a GDPR request was taken seriously by them half a year æg when I deleted my account.

[–] [email protected] 8 points 10 months ago (2 children)

Is there a way to export my data from reddit and archive it on Lemmy instead? I dont want my valuable contributions of difficult-to-find information to be lost forever by just deleting it

load more comments (2 replies)
[–] [email protected] 7 points 10 months ago

Done. Screw Reddit.

[–] [email protected] 7 points 10 months ago (1 children)

Where do one make gdpr requests to reddit?

[–] [email protected] 13 points 10 months ago

If you reside in the EU, here "[email protected]"

load more comments
view more: next ›