Due to federation, it's possible that neither happen on non-hexbear servers. For example, even if they are running stock Lemmy, which will delete and anonymize, they could always put a proxy before every incoming request and store every bit of data they receive into another database.
For InfoSec, I encourage everyone to regularly switch accounts and to provide false personal details or none at all.
yeah this honestly applies to any publicly facing site, even without federation. For instance with reddit, push-shift would hold any of the comments and posts you made with a particular account in perpetuity, even if you manually edited all comments, deleted them and then deleted your account, and it was either impossible or close to impossible to actually get them to delete your stuff from their database, you could just request to make it "inaccessible" to anyone who asked for your account data but they never would actually delete it.
Also, it can always just be done with web scrapers even if you don't have an API that specifically allows something like that.
Edit: just remembered something else really cringe about pushshift, to even get them to do that dogshit attempt at respecting your data privacy, you had to fill out like a google form with your email address or some shit like that
Due to federation, it's possible that neither happen on non-hexbear servers. For example, even if they are running stock Lemmy, which will delete and anonymize, they could always put a proxy before every incoming request and store every bit of data they receive into another database.
For InfoSec, I encourage everyone to regularly switch accounts and to provide false personal details or none at all.
yeah this honestly applies to any publicly facing site, even without federation. For instance with reddit, push-shift would hold any of the comments and posts you made with a particular account in perpetuity, even if you manually edited all comments, deleted them and then deleted your account, and it was either impossible or close to impossible to actually get them to delete your stuff from their database, you could just request to make it "inaccessible" to anyone who asked for your account data but they never would actually delete it.
Also, it can always just be done with web scrapers even if you don't have an API that specifically allows something like that.
Edit: just remembered something else really cringe about pushshift, to even get them to do that dogshit attempt at respecting your data privacy, you had to fill out like a google form with your email address or some shit like that