-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document how to delete images (pict-rs) #293
Comments
Please assign this ticket to me; I've already started working on the documentation. Unfortunately I burned an entire day trying to get a local test lemmy instance running (lots of work is needed on those docs -- the downloaded config files should "just work" without any modifications). After several hours I got the Anyway, I got far enough to write the documentation, but I do need an instance admin to help me confirm the backend commands are functional. If anyone is willing to work with me on this (I'll just pass you commands to execute on your instance and you send me the output), please let me know :) |
Remarkably, the Contributing page of the documentation enumerates a lot of repos, but it doesn't enumerate this repo. I'll try to fix that in this PR as well |
Thx for taking this on. |
For additional context of this issue, please see Nightmare on Lemmy Street (A Fediverse GDPR Horror Story) |
We should document how user-uploaded images can be deleted from lemmy (by instance admins)
Problem
Currently there is no way for users to be able to delete images that they've uploaded to a lemmy instance from the WUI.
Moreover, even if a user deletes there entire account from the lemmy instance, their uploaded files are not deleted.
It has been mentioned that it's possible to do this via the API, but [a] there's a bug in lemmy that prevents DELETE queries from being sent to pict-rs and [b] a user would first need to get the image's
delete_token
, which doesn't appear to be possible unless they were logging the server's responses to the background ajax upload POST to/pictrs/image
.As users cannot delete images that they've uploaded, admins will need to do it on user's behalf.
Unfortunately, I recently uploaded a very sensitive image to lemmy and--when I reached out to the lemmy admin--they didn't know how to delete the image. And, of course, it's not documented anywhere how they can do it.
This lack-of-documentation is a legal risk to lemmy instane admins.
Legally, instance admins must respond to "GDPR Erasure Requests" from their users. That is, if a user sends them a request to delete some content (eg a photo), then they must delete it from their website within a reasonable timeframe. This law applies to any website operating anywhere in the world (not just to websites or businesses located in the EU) that has users who are residents of the EU (so it likely affects >90% of public lemmy instances with >100 active users).
The fines for this violation are commonly millions of euros or a percent of of revenue, whichever is higher.
Solution
A new section should be added to the documentation's moderation section that clearly explains to admins how they can delete an image
The documentation should:
delete_token
for a given image URL)The text was updated successfully, but these errors were encountered: