Mastodon Instances All Violate the GDPR: Bad Software, Bad Developers
Did you know #Mastodon by default has admins violating the GDPR on the regular without warning, by irrevocably deleting all of a users' data upon banning that user?
I tried to tell Gargron and Nightpool, but they said that would only apply to instances that obviously serve users in the EU.
They are very okay with all of you instance admins possibly paying fines if any user of yours from the EU decides to complain about it, and since the software does not warn you, there will probably be lots of evidence of it happening many, many times before.
Also.. I guess Gargron and Nightpool are just okay abandoning the HUGE part of Mastodon that is French? and every .eu instance? I spent a good amount of energy attempting to explain to them how the GDPR works and that you don't have to state you are "intentionally targeting" the EU for the GDPR to apply. It was mostly wasted.
The other argument they made was that it was up to you all to decide on the GDPR, and that people who don't want to violate the GDPR can use the suspend function. This completely ignores the fact that the ban-delete function does not warn you that you are inherently violating the GDPR by using it without the user's consent. At least a warning of some kind that you need to provide the user a copy of their data first or get their consent to delete the data without providing it to them first before you can delete it.
This is very clearly listed under these requirements, which I walked them through multiple times:
To which "banning a user" does not qualify for any of the reasons to process a user's data without their consent.
"4.2: ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;"
https://gdpr-info.eu/issues/consent/ for more.
What do you think of this, instance admins? Are you okay with them allowing a GDPR violation as a normal function on all of your instances that could get you fined? Are you okay with Gargron deciding a simple warning when clicking the delete button is too much to ask?
Here is the github repo. In the below thread I will be posting our interactions of them completely failing to understand the GDPR, not even making an attempt to reach out to other individuals to correct the failure in their knowledge, and instead decide to try to pull unrelated events into it to paint my reason for trying to make Mastodon GDPR compliant as somehow self-motivated.
Instance Block, Another Pleroma Racist
Ha, it's probably a good idea to block wurm.host because... well...
i can't even open images here aklsdhas;ldh
Holy crap, google is apparently taking down all/most fediverse apps from google play on the grounds that that some servers in the fediverse engage in hate speech. At least three apps I know of anyway and I'd imagine the others will follow soon under the exact same reasoning.} Seems to be the case with Husky, Fedilab, and "subway" tooter.
this is a scary precedent if google play is going to ban any apps that can in any way be used to access content with hate speech. So what about a forum client, do they take that down just because there is a forum somewhere on the internet posting hate speech?
This is particularly worrisome because for most people Google Play is the only way they understand to install apps at all.
Picture attached of one of the notices received by fedilab.
guess it's time for me to periodically check in on that account to see if they're just squatting the name again or if it's actually someone who's gonna use that account
oh hm.. as far as I can see, there isn't even documentation on uploading custom emojis through the API
time to look into modules again and check if I can upload them that way 👀