Archival is something that should be taken very very seriously by social media software
-
@aud but also filesystems aren't really designed from that perspective, either, and the hard-deletion features that exist at that level aren't really hooked up to the hard-deletion features at lower levels
-
@[email protected] ah! Right, including down to the hardware level. I admit I was thinking just of the software side. Yeah... I hadn't considered that. It's unfortunately probably outside the scope of an open source project given the wide variety of hardware it would be running on. boooooooo.
Even a 'rewrite' of inputting junk data into the database over the old entries then erasing doesn't guarantee anything, I strongly suspect. -
@aud you would think that, but on the other hand there's Eugen.
-
@aud the military standard here says to shred the drive to dust whose particle size is smaller than the size of a single transistor
we think that is probably unnecessary. there is probably no realistic attack by state-level actors that would require a particle size that small to defeat.
-
@aud An actual delete does remove your content from the DB: https://github.com/mastodon/mastodon/blob/e1b7382ea6b8b944a363914490d6476726dd7075/app/services/delete_account_service.rb and optionally keeps your username reserved (which I think the UI doesn't even give you the option to nuke the username).
Doesn't prevent an admin from keeping backups or whatnot of course.
-
@aud and yes, overwrites aren't real since SSDs came along, because the drive is permitted to remap blocks to other blocks any time it likes. also, it often does so without even telling the higher levels about it.
-
@[email protected] I like the thing I read recently (about encrypting DMs in the fediverse and how difficult it actually is) and one thing is they split out security and privacy from each other, and I feel that's a good mental framework for thinking about these. It is indeed very difficult to securely remove a person's data; however, attempts to maintain their privacy through deletion are still worthwhile.
Still, I think security + privacy is obviously preferable. But jesus, that sounds like a nightmare in the making. -
@[email protected] hahahahaaaaaaaaa yeah. I like that @[email protected] calls him "website boy" lmao. It's pretty accurate.
-
@aud you mentioned tombstones. tombstones are an important strategy in general, and we have definitely specced things out in the course of our privacy work that rely on them. they can be quite helpful in scenarios where there's a need to redact things but the metadata that the thing existed should be kept. of course, they require the specific application-layer code to be aware of how deletion works and have specific support for it.
-
@[email protected] Ah, thank you. That's good to know.
-
@[email protected] but admittedly, from a science perspective, that sounds like a pretty cool fucking problem to work on (how to extract data from a pile of dust).
-
@[email protected] ugh, this makes me wonder if the site I found talking about undelete was just total made up bullshit. God, I hate the new internet.
-
@aud Could be, the Mastodon interface very clearly says you won't be able to recover the account when you delete: https://docs.joinmastodon.org/user/moving/#delete
-
@[email protected] Right? I think it's unfortunately not always realistic to remove even the very data that suggests something that existed there (given that all this data is linked, it's probably like trying to trim an entire subgraph and not have the existing nodes break). Still.
-
@aud right???? it's like the un-shredding of paper problem, but on hard mode
(un-shredding paper is solved, and commercially available for a few thousand dollars per page. good fun.)
-
@aud Also easily possible there's some fork somewhere that preserves data on delete (for compliance or blackmail or whatever other reason).
-
@[email protected] fuuuuuucking google man
-
@[email protected] Yeah, but I suspect this one was bullshit. Ugh. This is the one issue I have with not running a Mastodon instance.
I shouldn't trust a random google result. I know this, and yet the habit is still so hard to break admittedly, that's why I phrased it as a question: I didn't trust the results. But I should have dug into the source myself. I appreciate you taking the time to do so for me, though! -
@aud we kind of don't quite believe that anyone's actually figured out how to run a bunch of dust through an electron microscope and get good three-dimensional models of each particle. like. the mechanics of actually putting an object on a microscope stage are quite hard. so we're pretty sure this is just a case of militaries deciding they need to defend against absurd things that aren't going to happen. just... only pretty sure.
-
@[email protected] hm. now I'm curious how they solved that. Admittedly, if you had a machine that could separate and then scan the individual parts (or even clusters of them), you could then basically have the software play letter tetris to assemble the pieces into something. Hmmmm...