maybe don't give explicit instructions on how to do that (yes I know it's trivial for anyone with a little knowledge or time to spend), considering its an unfixed hole and no amount of spreading the word will get everyone on the site to change their behavior around deletes. But this is really frustrating and should have been fixed ages ago. Ah Lemmy... :/
no, it is a hole, intentional or not, and a major violation of user trust. They can retain it in the DB for 30 days, but there is no justifiable reason to hand out the content of deleted comments, posts, user profiles, anything, to literally any person or script that asks for it
I don't mean to be too blunt about it, but also every time I think about this being implemented intentionally it makes my brain hurt that they thought this was okay lol
it's trivial for anyone with a little knowledge or time to spend
My app can show by default, so it's even easier then that.
I don't know, if I posted something super personal I'd edit it after learning about that. Most of the time it's just a joke I don't think will land so 🤷 who cares. I think that's the case for a lot of people.
Wow. Whoever wrote your app... That sucks of them ngl. If there's a "hey the user deleted this" flag you should honor it. Though I mostly blame lemmy devs for giving them the opportunity to begin with, and I really don't think most people would expect to have to edit a comment to remove personal info or whatever they don't want people to see, when there's a delete button right there. Most of the time its harmless, yeah, but I still don't think we should be giving instructions on how to view deleted comments (potentially en masse), that's just giving the lowest effort assholes somewhere to dig for the 1% of deleted comments that are genuinely sensitive.
My whole point is there's no way of spreading the word to every user of the site that doesn't also tip off attackers who might want to exploit this knowledge, and even if you pushed out a pinned post or DM to every user it would still not see perfect adherence. There needs to be a server side fix, and all the instances we're federated with need to upgrade as well, and in the meantime we probably shouldn't yell it from the rooftops. I guess its been like this for ages but... still, this is bad and should be taken seriously
To be fair to the app dev, I'm pretty sure it was unintentional. Just pointing out it's easier then having to write up a python script and working with apis.
I really don't think most people would expect to have to edit a comment to remove personal info or whatever they don't want people to see
I completely agree with you. Most users wouldn't think that.
I think there'd be much better adherence if people understood how insanely easy it is. "hey guys, deleted comments are still readable" does that convey the same sense of urgency as "clicking this link shows you deleted comments"? I think without communicating how easy it is, people won't worry about it. I know I didn't when I thought the issue was federated servers being able to read comments, instead of literally anyone.
I don't know. I kind of see what you're saying about new attackers realizing this, but this has been a known issue for a long time. Would they really not know? If they searched Google to figure out how to see deleted comments, I imagine you could find the issue quickly. Overall I'm not really a fan of security by obscurity either 🤷. More people knowing how to properly delete stuff is a clear upside too.
And yea, this desperately needs a server side fix and I can't believe how long it's gone on without one. I'm not familiar with lemmy's code base, but a check for if the content is deleted doesn't seem like it would be hard.
its mildly annoying to figure out exactly how to implement it best (I've been looking at it all morning) but editing the ORM sql queries in https://github.com/LemmyNet/lemmy/blob/main/crates/db_views/src/comment_view.rs would be one way to do it that covers all the different api endpoints affected. The comments there indicate this was done knowingly/intentionally. The problem is if upstream lemmy says they don't want to change it we'd just be screwed. I think they'd be amenable but you never know
Edit: it's already fixed upstream I'm a doodoohead
maybe don't give explicit instructions on how to do that (yes I know it's trivial for anyone with a little knowledge or time to spend), considering its an unfixed hole and no amount of spreading the word will get everyone on the site to change their behavior around deletes. But this is really frustrating and should have been fixed ages ago. Ah Lemmy... :/
It's actually not an unfixed hole, after 30 days the comment is overwritten.
no, it is a hole, intentional or not, and a major violation of user trust. They can retain it in the DB for 30 days, but there is no justifiable reason to hand out the content of deleted comments, posts, user profiles, anything, to literally any person or script that asks for it
Actually, you're right.
I don't mean to be too blunt about it, but also every time I think about this being implemented intentionally it makes my brain hurt that they thought this was okay lol
My app can show by default, so it's even easier then that.
I don't know, if I posted something super personal I'd edit it after learning about that. Most of the time it's just a joke I don't think will land so 🤷 who cares. I think that's the case for a lot of people.
Wow. Whoever wrote your app... That sucks of them ngl. If there's a "hey the user deleted this" flag you should honor it. Though I mostly blame lemmy devs for giving them the opportunity to begin with, and I really don't think most people would expect to have to edit a comment to remove personal info or whatever they don't want people to see, when there's a delete button right there. Most of the time its harmless, yeah, but I still don't think we should be giving instructions on how to view deleted comments (potentially en masse), that's just giving the lowest effort assholes somewhere to dig for the 1% of deleted comments that are genuinely sensitive.
My whole point is there's no way of spreading the word to every user of the site that doesn't also tip off attackers who might want to exploit this knowledge, and even if you pushed out a pinned post or DM to every user it would still not see perfect adherence. There needs to be a server side fix, and all the instances we're federated with need to upgrade as well, and in the meantime we probably shouldn't yell it from the rooftops. I guess its been like this for ages but... still, this is bad and should be taken seriously
To be fair to the app dev, I'm pretty sure it was unintentional. Just pointing out it's easier then having to write up a python script and working with apis.
I completely agree with you. Most users wouldn't think that.
I think there'd be much better adherence if people understood how insanely easy it is. "hey guys, deleted comments are still readable" does that convey the same sense of urgency as "clicking this link shows you deleted comments"? I think without communicating how easy it is, people won't worry about it. I know I didn't when I thought the issue was federated servers being able to read comments, instead of literally anyone.
I don't know. I kind of see what you're saying about new attackers realizing this, but this has been a known issue for a long time. Would they really not know? If they searched Google to figure out how to see deleted comments, I imagine you could find the issue quickly. Overall I'm not really a fan of security by obscurity either 🤷. More people knowing how to properly delete stuff is a clear upside too.
And yea, this desperately needs a server side fix and I can't believe how long it's gone on without one. I'm not familiar with lemmy's code base, but a check for if the content is deleted doesn't seem like it would be hard.
its mildly annoying to figure out exactly how to implement it best (I've been looking at it all morning) but editing the ORM sql queries in https://github.com/LemmyNet/lemmy/blob/main/crates/db_views/src/comment_view.rs would be one way to do it that covers all the different api endpoints affected. The comments there indicate this was done knowingly/intentionally. The problem is if upstream lemmy says they don't want to change it we'd just be screwed. I think they'd be amenable but you never know
Edit: it's already fixed upstream I'm a doodoohead