Due to federation, it's possible that neither happen on non-hexbear servers. For example, even if they are running stock Lemmy, which will delete and anonymize, they could always put a proxy before every incoming request and store every bit of data they receive into another database.
For InfoSec, I encourage everyone to regularly switch accounts and to provide false personal details or none at all.
yeah this honestly applies to any publicly facing site, even without federation. For instance with reddit, push-shift would hold any of the comments and posts you made with a particular account in perpetuity, even if you manually edited all comments, deleted them and then deleted your account, and it was either impossible or close to impossible to actually get them to delete your stuff from their database, you could just request to make it "inaccessible" to anyone who asked for your account data but they never would actually delete it.
Also, it can always just be done with web scrapers even if you don't have an API that specifically allows something like that.
Edit: just remembered something else really cringe about pushshift, to even get them to do that dogshit attempt at respecting your data privacy, you had to fill out like a google form with your email address or some shit like that
Right now it deletes all the content too, but I believe there’s a PR being worked on that adds an option to anonymize them instead
Edit: https://github.com/LemmyNet/lemmy/pull/3817 It's been merged! so barring anymore changes, this should be in the next lemmy version I believe!
Good to know! That seems like it'd be a good feature for accounts that wrote up effort posts, but wish to practice some opsec.
oooh looks like it will probably be in the next version of lemmy, here's the PR it was merged: https://github.com/LemmyNet/lemmy/pull/3817