I'm no lawyer, but my uneducated guess would be that:
A) twts are already publicly available/public knowledge and such... just don't process children's personal data and _MAYBE_ you're good? Since there's this:
> ... an organization’s right to process someone’s data might override their right to be forgotten. Here are the reasons cited in the GDPR that trump the right to erasure:
> - The data is being used to exercise the right of freedom of expression and information.
> - The data is being used to perform a task that is being carried out in the public interest or when exercising an organization’s official authority.
> - The data represents important information that serves the public interest, scientific research, historical research, or statistical purposes and where erasure of the data would likely to impair or halt progress towards the achievement that was the goal of the processing.
B) What I love about the TWTXT sphere is it's Human/Humane element! No deceptive algorithms, no Corpo B.S ...etc. Just Humans. So maybe ... If we thought about it in this way, it wouldn't heart to be even nicer to others/offering strangers an even safer space.
I could already imagine a couple of extreme cases where, somewhere, in this _peaceful world_ one's exercise of freedom of speech could get them in *Real trouble* (if not danger) if found out, it wouldn't necessarily have to involve something to do with Law or legal authorities. So, If someone asks, and maybe fearing fearing for... let's just say 'Their well being', would it heart if a pod just purged their content if *it's serving it publicly* (maybe relay the info to other pods) and call it a day? It doesn't have to be about some law/convention somewhere ... 🤷 I know! Too extreme, but I've seen news of people who'd gone to jail or got their lives ruined for as little as a silly joke. And it doesn't even have to be about any of this.
P.S: Maybe make
X tool check out robots.txt? Or maybe make long-term archives Opt-in? Opt-out? P.P.S: Already Way too many MAYBE's in a single twt! So I'll just shut up. 😅
I'm no lawyer, but my uneducated guess would be that:
A) twts are already publicly available/public knowledge and such... just don't process children's personal data and _MAYBE_ you're good? Since there's this:
> ... an organization’s right to process someone’s data might override their right to be forgotten. Here are the reasons cited in the GDPR that trump the right to erasure:
> - The data is being used to exercise the right of freedom of expression and information.
> - The data is being used to perform a task that is being carried out in the public interest or when exercising an organization’s official authority.
> - The data represents important information that serves the public interest, scientific research, historical research, or statistical purposes and where erasure of the data would likely to impair or halt progress towards the achievement that was the goal of the processing.
B) What I love about the TWTXT sphere is it's Human/Humane element! No deceptive algorithms, no Corpo B.S ...etc. Just Humans. So maybe ... If we thought about it in this way, it wouldn't heart to be even nicer to others/offering strangers an even safer space.
I could already imagine a couple of extreme cases where, somewhere, in this _peaceful world_ one's exercise of freedom of speech could get them in *Real trouble* (if not danger) if found out, it wouldn't necessarily have to involve something to do with Law or legal authorities. So, If someone asks, and maybe fearing fearing for... let's just say 'Their well being', would it heart if a pod just purged their content if *it's serving it publicly* (maybe relay the info to other pods) and call it a day? It doesn't have to be about some law/convention somewhere ... 🤷 I know! Too extreme, but I've seen news of people who'd gone to jail or got their lives ruined for as little as a silly joke. And it doesn't even have to be about any of this.
P.S: Maybe make
X tool check out robots.txt? Or maybe make long-term archives Opt-in? Opt-out? P.P.S: Already Way too many MAYBE's in a single twt! So I'll just shut up. 😅
I'm no lawyer, but my uneducated guess would be that:
A) twts are already publicly available/public knowledge and such... just don't process children's personal data and _MAYBE_ you're good? Since there's this:
> ... an organization’s right to process someone’s data might override their right to be forgotten. Here are the reasons cited in the GDPR that trump the right to erasure:
> - The data is being used to exercise the right of freedom of expression and information.
> - The data is being used to perform a task that is being carried out in the public interest or when exercising an organization’s official authority.
> - The data represents important information that serves the public interest, scientific research, historical research, or statistical purposes and where erasure of the data would likely to impair or halt progress towards the achievement that was the goal of the processing.
B) What I love about the TWTXT sphere is it's Human/Humane element! No deceptive algorithms, no Corpo B.S ...etc. Just Humans. So maybe ... If we thought about it in this way, it wouldn't heart to be even nicer to others/offering strangers an even safer space.
I could already imagine a couple of extreme cases where, somewhere, in this _peaceful world_ one's exercise of freedom of speech could get them in *Real trouble* (if not danger) if found out, it wouldn't necessarily have to involve something to do with Law or legal authorities. So, If someone asks, and maybe fearing fearing for... let's just say 'Their well being', would it heart if a pod just purged their content if *it's serving it publicly* (maybe relay the info to other pods) and call it a day? It doesn't have to be about some law/convention somewhere ... 🤷 I know! Too extreme, but I've seen news of people who'd gone to jail or got their lives ruined for as little as a silly joke. And it doesn't even have to be about any of this.
P.S: Maybe make
X tool check out robots.txt? Or maybe make long-term archives Opt-in? Opt-out? P.P.S: Already Way too many MAYBE's in a single twt! So I'll just shut up. 😅
$ yarnc debug https://twtxt.net/user/prologic/twtxt.txt | grep -E '^pqst4ea' | tee | wc -l
0
I very quickly proved that Twt was never from me 🤣
$ yarnc debug https://twtxt.net/user/prologic/twtxt.txt | grep -E '^pqst4ea' | tee | wc -l
0
I very quickly proved that Twt was never from me 🤣
Our investigations revealed: https://lyse.isobeef.org/tmp/twtinjector.tar.bz2
> In order for this to be true,
yarnd would have to be maliciously fabricating a Twt with the Hash D.Yep, that’s one way.
Now, I have *no idea* how any of the gossipping stuff in Yarn works, but maybe a malicious pod could also inject such a fabricated twt into *your* cache by gossipping it?
Either way, hashes are just integrity checks basically, not proof that a certain feed published a certain twt.
> In order for this to be true,
yarnd would have to be maliciously fabricating a Twt with the Hash D.Yep, that’s one way.
Now, I have *no idea* how any of the gossipping stuff in Yarn works, but maybe a malicious pod could also inject such a fabricated twt into *your* cache by gossipping it?
Either way, hashes are just integrity checks basically, not proof that a certain feed published a certain twt.
> In order for this to be true,
yarnd would have to be maliciously fabricating a Twt with the Hash D.Yep, that’s one way.
Now, I have *no idea* how any of the gossipping stuff in Yarn works, but maybe a malicious pod could also inject such a fabricated twt into *your* cache by gossipping it?
Either way, hashes are just integrity checks basically, not proof that a certain feed published a certain twt.
> In order for this to be true,
yarnd would have to be maliciously fabricating a Twt with the Hash D.Yep, that’s one way.
Now, I have *no idea* how any of the gossipping stuff in Yarn works, but maybe a malicious pod could also inject such a fabricated twt into *your* cache by gossipping it?
Either way, hashes are just integrity checks basically, not proof that a certain feed published a certain twt.
jenny does things with storing every Twt in a Maildir I suppose? 🤔
jenny does things with storing every Twt in a Maildir I suppose? 🤔
yarnd because of the way it permanently stores and archives Twts, so even if you decide you changed your mind, or deleted that line out of your feed, if my pod or @xuu or @abucci or @eldersnake (_or any other handful of pods still around?_) saw the Twt, it'd be permanently archived._
yarnd because of the way it permanently stores and archives Twts, so even if you decide you changed your mind, or deleted that line out of your feed, if my pod or @xuu or @abucci or @eldersnake (_or any other handful of pods still around?_) saw the Twt, it'd be permanently archived._
I *think* none of this matters to people outside the EU anyway. These aren’t your laws. Even if you were to start a company in the US, it would only be a marketing instrument for you: “Hey, look, we follow GDPR!” EU people might then be more inclined to become your customers. But that’s it.
That said, I’m not sure anymore if there are any *other* treaties between the EU and the US which cover such things …
I *think* none of this matters to people outside the EU anyway. These aren’t your laws. Even if you were to start a company in the US, it would only be a marketing instrument for you: “Hey, look, we follow GDPR!” EU people might then be more inclined to become your customers. But that’s it.
That said, I’m not sure anymore if there are any *other* treaties between the EU and the US which cover such things …
I *think* none of this matters to people outside the EU anyway. These aren’t your laws. Even if you were to start a company in the US, it would only be a marketing instrument for you: “Hey, look, we follow GDPR!” EU people might then be more inclined to become your customers. But that’s it.
That said, I’m not sure anymore if there are any *other* treaties between the EU and the US which cover such things …
I *think* none of this matters to people outside the EU anyway. These aren’t your laws. Even if you were to start a company in the US, it would only be a marketing instrument for you: “Hey, look, we follow GDPR!” EU people might then be more inclined to become your customers. But that’s it.
That said, I’m not sure anymore if there are any *other* treaties between the EU and the US which cover such things …
I don't know if it's worth giving much thought to the issue unless either you expect to get big enough for the GDPR to matter a lot (I imagine making money is a prerequisite) or someone specifically brings it up. Unless you enjoy thinking through this sort of thing, of course.
](https://git.mills.io/yarnsocial/yarn/pulls/1177) that will act as a transition from the old naive archiver to the new bluge-based search/index. I will switch my pod over to this soon to test it before anyone else does.
](https://git.mills.io/yarnsocial/yarn/pulls/1177) that will act as a transition from the old naive archiver to the new bluge-based search/index. I will switch my pod over to this soon to test it before anyone else does.
~
~
yarnd would have to be maliciously fabricating a Twt with the Hash D.
yarnd would have to be maliciously fabricating a Twt with the Hash D.
Invent anything you want, say feed A writes message text B at timestamp C. You simply create the hash D for it and reply to precisely that D as subject in your own feed E with your message text F at timestamp G. This gets hashed to H.
Now then, some a client J fetches your feed E. It sees your response from time G with text F where in the subject you reference hash D. Since client J does not know about hash D, it simply asks some peers about it. If it happens to query your yarnd for it, you could happily serve it your invention: "You wanna know about hash D? Oh, that's easy, feed A wrote B at time C."
The client J then verifies it and since everthing lines up, it looks legitimate and puts this record in its cache or displays it to the user or whatever. It does not even matter, if the client J follows feed A or not. The message text B at C with hash D could have just deleted or edited in the meantime.
Congrats, you successfully spread rumors. :-D
The right thing to do here of course is to keep A in the "thread" but display B. Why? So the thread/chain doesn't actually break or fork (_forking is a natural consequence of editing, or is it the other way around? 🤔_)._
The right thing to do here of course is to keep A in the "thread" but display B. Why? So the thread/chain doesn't actually break or fork (_forking is a natural consequence of editing, or is it the other way around? 🤔_)._
delete btw, Or at least not making it mandatory, as-in "clients should" rather than "clients must". But yes I agree, let's explore all the possible ways this can be exploited (_if at all_).
delete btw, Or at least not making it mandatory, as-in "clients should" rather than "clients must". But yes I agree, let's explore all the possible ways this can be exploited (_if at all_).
> What about edits of edits? Do we want to “chain” edits or does the latest edit simply win?
This gets too complicated if we start to support this kind of nonsense 🤣
> What about edits of edits? Do we want to “chain” edits or does the latest edit simply win?
This gets too complicated if we start to support this kind of nonsense 🤣
yarnd works and I'm sure jenny can make similar assertions too.
yarnd works and I'm sure jenny can make similar assertions too.
yarns (_not to be confused with yarnd_) are always welcome 🤗 -- I don't have as much "spare time" as I used to due to the nature of my job (_Staff Engineer_); but I try to make improvements every now and again 💪
yarns (_not to be confused with yarnd_) are always welcome 🤗 -- I don't have as much "spare time" as I used to due to the nature of my job (_Staff Engineer_); but I try to make improvements every now and again 💪
> Would the GDPR would apply to a one-person client like jenny? I seriously hope not. If someone asks me to delete an email they sent me, I don’t think I have to honour that request, no matter how European they are.
I'm not sure myself now. So let's find out whether parts of the GDPR actually apply to a truly decentralised system? 🤔
> Would the GDPR would apply to a one-person client like jenny? I seriously hope not. If someone asks me to delete an email they sent me, I don’t think I have to honour that request, no matter how European they are.
I'm not sure myself now. So let's find out whether parts of the GDPR actually apply to a truly decentralised system? 🤔
> anyone could claim that some feed contained a certain message which was then removed again by just creating the hash over the fake message in said feed and invented timestamp themselves
I'd like to see a step-by-step reproduction of this. I don't buy it 🤣
Admittedly
yarnd had a few implementation security bugs, but I'm not sure this is actually possible, unless I'm missing something? 🤔
> anyone could claim that some feed contained a certain message which was then removed again by just creating the hash over the fake message in said feed and invented timestamp themselves
I'd like to see a step-by-step reproduction of this. I don't buy it 🤣
Admittedly
yarnd had a few implementation security bugs, but I'm not sure this is actually possible, unless I'm missing something? 🤔
iPhones 16, and 16 Pro
iPhones 16, and 16 Pro