abff08f4813c

I think piefed.social/pyfedi (which is slowly implementing support for all such objects) should get a mention here as well

For me it’s zero. In addition to reusing existing hardware, I have a subsidized internet connection that I reuse to connect my instance, and even the domain name is free.

Of course I also have fewer users - excluding me, zero.

I suppose that’s why they mentioned the Alford plea by name in the article itself…

Considering that the article said Pres Biden wouldn’t do it,

He has said previously he would not use his presidential power to pardon his son or commute his sentence, and White House press secretary Karine Jean-Pierre told reporters Thursday that was still his position. “It’s still no,” she said.

I’d be quite unhappy if this came to pass,

Also, I’d love to see Joe say, fuck it, and pull a West Wing Bartlett, and pardon him in the last minute of his last day in office. I would pay very good money for this.

I wonder what kind of sentence he will get. It’s relevant as the lighter it is, the less apparent need for a pardon.

I don’t see that he’s rewriting history. He thought Biden would do better - but still thinks Harris can win. Or else he thought Biden could do better, but now with the additional new data that came with Harris getting nominated he has indeed changed his mind. But it’s not like he’s going back and denying his earlier concerns or support of Biden…

Instead of having it be completely random, I am thinking of a site similar to sub.rehab.

Instances that are open to public signup would register on the site, and give updated states on how many users they have along with a brief description of what they are for.

Users can decide roughly what size instance they’d like to join and view a list of matches. We could add a “I’m Feeling Lucky” button that picks a random one out from the list.

There are in fact a couple of workarounds for this.

If Harris wins and Dems get enough majority control of both houses (enough to get around likely no votes from maverick Dems like Joe Manchin), then the Senate majority leader (Schumer) can lower the bar for a filibuster to a bare majority.

Then pass a new law appointing nine new Supreme Court justices. Harris nominates them and the Senate approves them.

Then pass a new federal law that requires the electoral vote of states to follow the nationwide popular vote, as per the Compact. You get the same effect without needing the States to sign on, and with the court packed the law hopefully will be able to withstand the challenges.

Plan B - if we really do need a constitutional amendment to fix this and abolish the Electoral College outright - then drop the filibuster as above, but then follow this plan https://www.vox.com/2020/1/14/21063591/modest-proposal-to-save-american-democracy-pack-the-union-harvard-law-review

Basically pass a law that allows each neighborhood of DC to be admitted in as a new state - so 127 in all - and with the new supermajority of states (and corresponding supermajorities in both Houses), pass whatever constitutional amendments are required.

The article quotes him as saying

“beat us by a whisker”

and then

“used Covid to cheat.”

So I suspect in his mind, he still only “lost” because of the millions of illegal immigrants voting or some similar BS. I.e. the media is being too optimistic about this guy’s POV and mental state.

Alas it sounds like the company is even dumber than that. From their quote,

But in a statement emailed to The Associated Press, Clearview’s chief legal officer, Jack Mulcaire, said that the decision is “unlawful, devoid of due process and is unenforceable.”

I am guessing the reason they didn’t appeal is because they refuse to recognize the jurisdiction of the Dutch courts altogether.

However, this is wrong, and I’m pretty sure it will come back to bite them. Under the GDPR,

EU data protection authorities may fine companies that continue to do business with US organizations that violate GDPR

and also

EU and US companies may pursue US companies for breach of contract, if GDPR compliance is written into the underlying agreement. These contractual claims may be adjudicated in US courts, depending on the contract, even if they relate to EU compliance.

So in short US companies that do business in the EU and also do business with Clearview may get sued and have to pay up on Clearview’s behalf. Expect Clearview to run out customers shortly after the first set of suits get litigated successfully against Clearview’s customers…

(Edit: source from https://www.metaverselaw.com/how-will-gdpr-be-enforced-in-the-us/ )

So, here’s a page from the online manual that specifies how to do this specifically for the FritzBox 7530

https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-7530/893_Configuring-static-port-sharing-in-the-FRITZ-Box/

Based on the original post though I am 100% sure that OP has already seen this page, already tried it, and therefore knows that the warning under 2.10.b. applies to the OP’s case (i.e. FritzBox doesn’t allow it from UI because the ISP doesn’t allow it - that honestly had me wondering just how the FritzBox knows the ISP doesn’t allow it, but that’s a different topic).

And one can prototype this for free by using something like localhost.run or ngrok.com

Bureaucracy takes time, unfortunately.

If they can take lessons learned and come up with a new package that even the current Supreme Court can’t strike down with that extra time, so much the better. (Sadly, I suspect that the current SC will just throw out jurisprudence entirely and give unsound decision after unsound decision to stop this, but if there’s a one in a million chance that they can find a line that even the current SC wouldn’t cross to stop this…)

As GDPR-fans will tell you, data protection is a fundamental human right.

And I completely agree with this. I’m one of those who is a GDPR-fan as well as a fediverse fan.

We don’t let just anyone perform surgery, so don’t expect that just anyone should be able to run a social media site.

So this is the fundamental disagreement I feel. Progress generally entails moving things into the hands of the people. We’re empowered because we can do things like program our own computers, 3-d print our own devices, and yes run our own social media site.

Deny a person that right, and you take a bit of their power away. By running my own single user instance, I make sure that I always own my own content, no one can take it away from me by suddenly shutting down their website (as has happened to e.g. elle.co for example).

As such, my goal here is to figure out how to let ma & pa joe run their own social media site on the fediverse, while staying GDPR compliant.

Of course, the same can be said of surgery but it’s still not allowed. Obviously the harm from letting anyone try it is much worse than strictly regulating it, but is running a social media site on the fediverse likewise so harmful? Is there no way at all to strike the balance?

They need legal experts on the team.

I’ve been thinking about this. You are right of course, but I’d wager that this is outside of what most folks running instances can afford. In particular new devs who want to run their own single user instance.

So what’s the way forward? I have come up with an idea for this. Basically we need to get some organization like the EU branch of the Electronic Frontier Foundation (EFF) to research this and come up with a HOWTO guide that covers most of the average cases - along with pointers on when something is not covered by the guide (so at least you know going in that you’d need to pay for that extra legal firepower).

On mastodon, you follow a person, which they can refuse. Only then the data is automatically sent to your instance. On lemmy, you subscribe to a community and everyone’s posts and comments are sent to yours. At least, that’s how I understand it.

I think you have understood correctly. This actually provided me with the epiphany that I needed. On forum-like software that speaks ActivityPub (like pyfedi or mbin), there’s no actual need to actually transfer the content. Just send me a notification - with the “user” being a bot account named something like “federation_bot_messenger” with a link to the new post or comment, then bubble it up to the user to open in their browser. No content is shared, and no identifiers like a user name get shared, so there’s no risk of a GDPR violation. It’s just a link.

One could imagine that fancier web UIs might use an iframe or something to display the content inplace instead of requiring an extra manual click - but it’s still only on the end user’s browser that the content is transferred.

We could still have traditional federation - but just as you describe, the allow list for that is only for those instances where you know the folks (have contracts you said) and thus are assured that the transfer of content complies with the GDPR. For unknown instances, just do the link sharing. It could be implemented in a way that instances running older software would still see a post by the bot account with just the link inside. (Perhaps as an enhancement, folks could designate a trusted instance as the primary - e.g. my instance trusts lemmy.world as primary, so when it sends the links out, it sends out a lemmy.world link, to take the load off of my own instance from users clicking on links.)

Or am I missing anything here?

Bear in mind, that few of the people who passed the GDPR have any technical background. Of the people who interpret it - judges and lawyers - fewer still have one. They are not aware of how challenging any of these requirements are.

I think this is a bit unfair. Clearly they had technically knowledgable advisors at the very least. After all, they came up with exceptions like this,

here are two exceptions here: “Involuntary data transfer” is generally seen as not being part of the data handling. But that mainly applies to datascrapers like the web archive and similar usage where the data is transfered through general usage of a page that the DC cannot reasonaby prevent without limiting the usage of their service massively.

That said I think I might have been a bit unfair to the lemmy devs. From https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/ I can see that pretty much all of the issues raised directly on lemmy itself have since been resolved - by a dev writing code to fix the problem. Even if GDPR isn’t the highest priority, the devs are clearly at work trying to address what they can when they can.

I guess some people don’t get the joke.

The sayings potato/potahto and tomato/tomahto mean they’re the same thing.

No one in their right mind would say a potato is a tomato or vice versa, just like no one would ever argue Portuguese and Spanish are the same. They’re both of a category (veggies and languages respectively) but totally different and distinct items within that category.

Ah, maybe it’ll open up again soon. Last time I checked it out (a couple of weeks ago) it was still open - albeit you apply, and then your application is considered (that is, admin approval/human review required).

Edit: Note of course that you can still subscribe to communities like !piefed_help@piefed.social and !piefed_meta@piefed.social from your lemmy.world account to keep up to date here.

Depends on your POV.

In one sense, if ActivityPub can be a bridge between two protocols (e.g. RSS vs email) then it’s always technically possible to cut out the middle man. In that sense, no not really.

From my POV though ActivityPub shines because it’s more content agnostic. RSS is specific to feeds and posts, while email is for email, Bluesky is Bluesky (twitter), etc, but ActivityPub can handle video (peertube), images (pixelfed), forums - including likes and downvotes (Lemmy), microblogging (Mastodon), etc. (Note that the ActivityPub to email implementation I mentioned currently doesn’t handle likes/downvotes for example.)

With the possible exception of email, I’d also say that ActivityPub has something these other protocols do not - ownership over your own data. If you run your own instance for yourself, you always retain a copy of your content - you don’t have the situation of ello.co where if the site suddenly goes down without warning you lose years of work. Even if you use someone else’s instance, if that goes down you may be able to recover your content from another instance that was federating to it (retrieving content posted to kbin.social from the copy at fedia.io for example). That’s the beautify of federation.

(This is also true of traditional email, but things like gmail and Outlook - where the email is simply hosted on someone else’s server - are moving away from that.)

For what it’s worth, the first sentence after the subscriber paywall is this,

My short answer is “no”. Indeed, if I thought polling was predicatbly biased, I’d have built that into the model somehow.

The really intriguing thing about ActivityPub, at least to me, is it’s capability and potential to be a bridge for many other protocols.

For example, here’s ActivityPub via email: https://apubtest2.srcbeat.com/apas.html

That page also references the longstanding NNTP(Usenet)-email bridge that existed for the linux-kernel mailing list, so we could get ActivityPub to Usenet.

In fact there are a couple of RSS->Mastodon projects out there already, such as https://github.com/dariusk/rss-to-activitypub or https://github.com/jehna/mastofeeder

a purely personal or household activity
No chance. This is what makes it legal to share data within a family and, to a degree, among friends. Running an open social media platform is neither a personal nor a household activity.

Hmm.

So running a single user instance for my own personal use (and keeping in mind the nature of federation meaning the only stuff my instance sends out is the stuff that I write) is absolutely not covered by the above?

The UK is not part of the EU. They kept the GDPR when they left, but it should not be assumed that the UK interpretation is always the same.

That is a very good point indeed.

The GDPR is not very thoroughly enforced; much to the chagrin of some people. This may or may not change in the future. It would be politically quite unpopular, a bit like thoroughly enforcing no-parking zones.

Seems risky to rely on low enforcement though. For those of us who love federation and privacy and want to federate while complying with the GDPR - what must be done?

That’s not even remotely enough, even assuming that the information is sufficient.

What’s not enough? lemmy.world’s privacy policy?

Mastodon is in a much better place, on account of how federation works there. It might still not be enough.

Hmm… what’s the difference?

Lemmy instances would have to stop all federation with instances beyond the territorial reach of the GDPR or equivalent.

Oof. This is indeed a tough one.

I recall that this isn’t universally true - in some cases a country or territory may be deemed as GDPR equivalent and after that data transfer is allowed without additional safeguards, see for example https://www.torkin.com/insights/publication/european-commission-approves-of-canada-s-data-protection-regime-(again)#::text=What%20does%20this%20mean%20for,authorizations%20to%20transfer%20the%20data.

Even so, this does impose significant limits on federation due to the risk of transferring data to non-complying terrotories.

Federation within that territory should only happen based on a contractual agreement between the owners, probably with every user given an explicit choice to opt out.

Uh - if this is right, then this is even more restrictive and seems to suggest a fundamental incompatibility between federation and the GDPR overall.

But, this has got to be an already solved problem. Usenet has been around since the 1980s at least, and NNTP was basically federating before there was ActivityPub. I’m missing something obvious here I’m sure, but what?