Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document how to delete images (pict-rs) #293

Open
maltfield opened this issue Feb 10, 2024 · 4 comments
Open

Document how to delete images (pict-rs) #293

maltfield opened this issue Feb 10, 2024 · 4 comments
Assignees

Comments

@maltfield
Copy link

maltfield commented Feb 10, 2024

We should document how user-uploaded images can be deleted from lemmy (by instance admins)

Problem

Currently there is no way for users to be able to delete images that they've uploaded to a lemmy instance from the WUI.

Moreover, even if a user deletes there entire account from the lemmy instance, their uploaded files are not deleted.

It has been mentioned that it's possible to do this via the API, but [a] there's a bug in lemmy that prevents DELETE queries from being sent to pict-rs and [b] a user would first need to get the image's delete_token, which doesn't appear to be possible unless they were logging the server's responses to the background ajax upload POST to /pictrs/image.

As users cannot delete images that they've uploaded, admins will need to do it on user's behalf.

Unfortunately, I recently uploaded a very sensitive image to lemmy and--when I reached out to the lemmy admin--they didn't know how to delete the image. And, of course, it's not documented anywhere how they can do it.

This lack-of-documentation is a legal risk to lemmy instane admins.

Legally, instance admins must respond to "GDPR Erasure Requests" from their users. That is, if a user sends them a request to delete some content (eg a photo), then they must delete it from their website within a reasonable timeframe. This law applies to any website operating anywhere in the world (not just to websites or businesses located in the EU) that has users who are residents of the EU (so it likely affects >90% of public lemmy instances with >100 active users).

The fines for this violation are commonly millions of euros or a percent of of revenue, whichever is higher.

Solution

A new section should be added to the documentation's moderation section that clearly explains to admins how they can delete an image

The documentation should:

  1. provide the commands to query the postgres DB (to fetch the image's delete_token for a given image URL)
  2. provide the command to execute the image deletion API call
@maltfield
Copy link
Author

maltfield commented Feb 10, 2024

Please assign this ticket to me; I've already started working on the documentation.

Unfortunately I burned an entire day trying to get a local test lemmy instance running (lots of work is needed on those docs -- the downloaded config files should "just work" without any modifications). After several hours I got the lemmy container to connect & configure the postgres db, but the UI only gave errors and the docker compose logs didn't output anything.

Anyway, I got far enough to write the documentation, but I do need an instance admin to help me confirm the backend commands are functional. If anyone is willing to work with me on this (I'll just pass you commands to execute on your instance and you send me the output), please let me know :)

@maltfield
Copy link
Author

Remarkably, the Contributing page of the documentation enumerates a lot of repos, but it doesn't enumerate this repo. I'll try to fix that in this PR as well

@dessalines
Copy link
Member

Thx for taking this on.

@maltfield
Copy link
Author

For additional context of this issue, please see Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)

Nightmare on Lemmy St - A GDPR Horror Story

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants