Thanks! That’s everything I’d hoped to get rolling and then some so clearly you have it well in hand.

Really what I was aiming for was a recognition that we shouldn’t have to guess about this stuff and it should be straightforwardly laid out. Of course that’s rarely the case but I see Lemmy as a way to collaborate in building the sort of social media we want rather than what we’re given as a byproduct of other’s interests.

Deletion on other instances isn’t something we can control but we can point that out so people understand. And for our part we can understand what’s happening on our systems, ensure it’s in line with what we want (eg. if it isn’t expunged you can add a cron job to do it after X days or w/e) and be transparent about it.

I didn’t expect that you’d go as far as not logging exact IPs at even the the HTTP level, I fear that you will have to walk that back a bit over time in order to use things like fail2ban and more sophisticated tools to quickly respond to abuse and DoS attempts. Alas time and time again has proven there are some people out there who just like to mess with stuff and we need to be proactively resilient against what’s unfortunately inevitable. Similarly, there’ll be more subtle stuff like it becomes obvious that some set of IPs has been used in mass creation of accounts for sockpuppets or LLM bots and it’d be useful to retain them for a bit so we’d have the option of going back and reviewing what they put out.

i don’t think there’s any other PII that is stored?

We have the option to give your our emails too, is that only visible to you?

I know i have a lot of “i think”'s in there, so all of this is a best guess. I’ll do some digging and testing at some point so I can firmly answer these questions.

See? Right person for the job. Holler if you need anything, I get a general sense there’s a willingness to pitch in around here.