Personally I wouldn’t run a lemmy instance because of this (and also many other concerns)

I recommend [a] letting the lemmy devs know (eg on GitHub) that this issue is preventing you from running a lemmy instance and [b] donating to alternative projects that actually care about data privacy rights.

The fines usually are a percent of revenue or millions of Euros, whichever is higher.

So if your revenue is 0 EUR then they can fine you the millions of Euros instead. The point of the “percent of revenue” alternative was for larger corporations that can get fined tens or hundreds of millions of Euros (or, as it happened to Meta, in some cases – billions of Euros for a single GDPR violation).

The fines usually are a percent of revenue or millions of Euros, whichever is higher.

So if your revenue is 0 EUR then they can fine you the millions of Euros instead. The point of the “percent of revenue” alternative was for larger corporations that can get fined tens or hundreds of millions of Euros (or, as it happened to Meta, in some cases – billions of Euros for a single GDPR violation).

That would be true if their instance wasn’t federating. If the instance is federating, then it’s downloading content from other users, even if the user isn’t registered on the instance. And that content is publicly available.

So if someone discovers their content on their instance and sends them a GDPR request (eg Erasure), then they are legally required to process it.

It’s definitely not impossible to contact all instances; it’s a finite list. But we should have a tool to make this easier. Something that can take a given username or post, do a search, find out all the instances that it federated-to, get the contact for all of those instances, and then send-out a formal “GDPR Erasure Request” to all of the relevant admins.

Very nice. Unfortunately it doesn’t look like Boost is available on F-Droid.

Fortunately, in my case, my image was “orphaned” and never actually attached to a post or comment, so it wouldn’t have federated.

If the image has already federated then that’s a whole next level problem :(

Hi, unfortunate author here 😅

The issue happened in Jerboa. I opened a few tickets in the Jerboa app’s GitHub to address this:

• jerboa #1361: UI for deleting uploaded files
• jerboa #1362: Setting to hide "upload media" button
• jerboa #1363: Add "confirm upload" step to UX

Can you please tell us which Lemmy client apps you use that store the delete token and have a UI to delete uploaded images?

Yes, it’s clearly disclosed in my profile that I am the founder of the BusKill project.

This is a PSA that our sale has started. I’ve had inquiries from members of our community asking about Black Friday sales.

10% off is barely any discount anyway.

Sorry, we’re a very small open-source shop. I’ve paid myself nothing so-far. The price just barely breaks-even for the business.

All of this is explained in-detail in “The Finances” section here.

Prices would drop dramatically if we could do production runs (and actually sell) >10,000 units at a time. Currently we only sell a few cables per month. If you want to help, please tell all your security-conscious friends about BusKill :)

Hi, this is not spam but a useful PSA that’s full of information, not just about the sale.

BusKill is useful for many groups, including human rights defenders, activists, journalists, whistleblowers, etc. You can read more about the use-cases of our community at our documentation here:

• https://docs.buskill.in/buskill-app/en/stable/introduction/what.html#who-uses-buskill

Yes, BusKill works with any USB drive.

• https://github.com/buskill/buskill-app

In fact, the BusKill cable is just a USB Drive. The only thing “fancy” that it has is a magnetic coupler in the middle of the 1-meter cable so that it will breakaway at any angle. But, if you’d like, you can build your own. The instructions are here:

• https://docs.buskill.in/buskill-app/en/stable/hardware_dev/bom.html

It’s run by the folks at dys2p.

Besides running ProxyStore in Leipzig, they have published some pretty great articles:

• Random Mosaic – Detecting unauthorized physical access with beans, lentils and colored rice
• Revealing Traces in printouts and scans
• On the security of the Linux disk encryption LUKS

You can follow them on Mastodon here https://chaos.social/@dys2p

Yes BusKill works similarly – any USB drive can use the BusKill software

• https://github.com/buskill/buskill-app

The BusKill cable is just nice because it includes a magnetic breakaway, so it works when the laptop is snatched-away at any angle. There’s actually a ton of anti-forensics software like usbkill and BusKill; we enumerate them all on our documentation’s Similar Projects section

• https://docs.buskill.in/buskill-app/en/stable/attribution.html#similar-projects

You may want to check ^ it out :)

I made a video of this (demo in Windows, MacOS, Linux, TAILS, and QubesOS) with the old DIY model here (sorry for the terrible audio quality)

• https://www.buskill.in/demo-2/

We’re currently working on an updated video with someone who is much better at video production than me; it should be finished in early 2024.

I build open-source USB Dead Man Switches and the accompanying (also free) software

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

You attach the kill cable to your body and if the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys. It’s designed to protect high-risk users’ data. Data could include private keys (eg theft of cryptocurrency assets), contacts of correspondence (eg sources of a journalist – such as whistleblowers), etc.

It should only be posted once to this community. It’s also been cross-posted to other relevant communities.

Good bot

Removed by mod

Yeah, once they document how to use it, I hope they also publish an PSA telling all users to disable their existing keys and migrate to using Restricted API Keys

I consider “support” for this as having it documented. It’s not a boolean “on” / “off”. To “support Restricted API Keys” would mean that they document the minimum set of permissions required (which is a long list of properties, each set to “none” or “read” or “write”).

Indeed, I’m very happy to see they’ve changed it from ‘low-priority’ to ‘high-priority’. Hopefully they’ll update the documentation with the permissions needed for Restricted API Keys soon.