Jons Mostovojs @jonn@social.doma.dev

@stancarey understood. Btw, idk if you like cosy crime. If you do – Anthony Horowitz does crazy cool things with the genre, as well as writing absolutely "honest" (solvable) stories.

@stancarey is there some deduction to deduct along in noir genre? Never read it, even though I'm a huge fan of mystery.

@isabel btw, in all seriousness -- I'm with my left friends on a lot of issues raised, such as lack of transparency in steering, corporation centrism being a detriment to the progress of Nix, etc. etc.

I can't, however, in good faith agree with the defense industry argument. I also think that shaming defense contractors in 2k24 is in turn detrimental to the security in Europe, which benefits russian expansionist agenda.

I'm sorry if my tone or jokes were inappropriate. I hope that soon the day will come when I'll be back in the "eww, defense contracts" camp (rather than in a russian concentration camp).

❤️

@limes ok so, I kid you not, but I'm so stupid I legit thought that you made some sort of adapter that prints stuff from a terminal on this typewriter.

That's a very clean job and a fun toot, love the colours!

@isabel yeee screw these filthy Eastern Europeans, am I right?

Russians sure have strange bedfellows.

@dsp I already mentioned it earlier in the thread, but the easiest way is to hash PII during authentification and never store it.

@simon I honestly don't think that completely automated erasure is possible in good faith.

When user-generated data comes into play, an erasure in good faith should create an audit trail certainty that the controller took steps to also remove PIIs from user-generated content.

I would probably write a script which amends PII mentions in posts and responses, creates the trace of affected URLs and asks the user who requested deletion if they are happy with that. It's not perfect, but can be done completely automatically and with a good success rate.

P. S.

I assume your website isn't evil and you don't sell the data to Coca Cola and other Amazons. If so, it's pure hell, as it's your responsibility to reach out to third parties and facilitate erasure.

@dsp the UK has ratified GDPR though. A British website administrator is a data controller. GDPR clearly states in the very beginning of the document that its scope is protection of the rights of natural persons worldwide, and a push-back against the global data misuse.

@simon tl, dr: you may choose to not gather PII, then you need PP mentioning it.

If you choose to gather PII:

- PP with your contacts, memo of users' rights.
- TOS.
- Think ahead about how will you process requests for erasure.

@simon back to the text of the law: if you insist on storing personal data and its mapping to a user name or displaying personal data or identifiable information [I.(26)], you will have to forewarn the user by presenting them with a privacy policy. Note that E-Mail addresses can sometimes squarely and beyond doubt be personal data. In PP, you will have to tell the user everything they legally need to know about the way you process it [II.(6)].

The user will then have to have a way to break consent, which means that the content of their comments may be retained based on terms of service, while the link between the personal data and the data the user produced on the platform must be severed and further processing should be avoided. Furthermore, they may exercise the right to be forgotten (III.(17)] to make you, within reasonable time, delete their data.

The problem is that even if your tos say "we will anonymise your user-generated content", you will have to go through all the content to demonstrate that other user-generated content which is in itself data that your system processes doesn't expose or even internally contain personal data or PII. Examples: quote feature on forums, users calling each other by name based on the information disseminated by your system, archive.org snapshots.

Aside from this consideration, as long as your platform doesn't use automated decision-making based on the personal data, you're in the clear.

@simon @plausible this one trick GDPR lawyers don't want you to know about. 🤣

@simon very importantly – none of this matters if you pseudonymise identities. This is what we're currently doing on the public deployment of https://app.zerohr.io. See our PP: https://app.zerohr.io/privacy

GDPR and laws alike only protect the identities of natural persons, not the devices or software. That's why usages of systems like @plausible are automatically as GDPR-complaint as the system that embeds it.

@simon https://eur-lex.europa.eu/eli/reg/2016/679/oj#d1e1797-1-1 remember, this is a blanket text. Member-states can add but hot remove constraints.

Under general don't need a function to delete comments, but you need to have a [not necessarily automatic] way for a user to ask to delete all the comments and the information that they ever left any comments. I'll find the exact article and point in some minutes.

I'm very interested what LLM would say.

I wonder how surprised will westerners be when the war extends to central Europe. 🤔

While the attack on Ukraine is 100% russia and russian fault, I think that the extension of this war shall be mostly the fault of westerners. Which would be very ironic, because the next russian expansion will happen due to, not despite of slow military support that the West is providing to Ukraine!

@isabel @cafkafk oh wait but does it mean my mom will have no nixos anti-air missiles to protec from russians? 😭

@LubinP it's beautiful