To add to this spending some time in custody is inconvenient, but losing your rights being convicted of something you didn’t even do is more inconvenient. You think you know what to say until you say the wrong thing and start digging a hole.

This is good to know, but adds an additional step to simply requiring a passcode to unlock on screen lock.

Just the act of refusing makes the act of seizing your phone legal or not. If you legally give them your phone by your own will, they are able to use all evidence they find in the courts. If you deny to give them your phone, and they seize it anyways and access it you have a valid path to throw the evidence they discover out as an illegal search and seizure of your property. I’m not a lawyer but that is the general thought process on denying them access to your property.

Edit: Just want to say this mostly pretains to United States law and similar legal structures. This advice is not applicable everywhere and you should research your countries rights and legal protections.

I personally rather trust that my device isn’t able to be unlocked without my permission, rather than hope I am able to do some action to disable it in certain situations. The availability of such features is nice, but I would assume I would be incapable of performing such actions in the moment.

My other thought is, how guilty is one perceived if they immediately attempt to lock their phones in such a matter, by a jury of their peers? I rather go the deniability route of I didn’t want to share my passcode vs I locked my phone down cause the cops were grabbing me.

To add to this, don’t use bio-metrics to lock your devices. Cops will “accidentally” use these to unlock devices when they are forcibly seized.

Sadly it wasn’t a bid to open source the AI, rather than a bid for payment.

As for the data transfer costs, any network data originating from AWS that hits an external network (an end user or another region) typically will incur a charge. To quote their blog post:

A general rule of thumb is that all traffic originating from the internet into AWS enters for free, but traffic exiting AWS is chargeable outside of the free tier—typically in the $0.08–$0.12 range per GB, though some response traffic egress can be free. The free tier provides 100GB of free data transfer out per month as of December 1, 2021.

So you won’t be charged for incoming federated content, but serving content to the end user will count as traffic exiting AWS. I am not sure of your exact setup (AWS pricing is complex) but typically this is charged. This is probably negligible for a single-user instance, but I would be careful serving images from your instance to popular instances as this could incur unexpected costs.

It’s still a fingerprint, the most vague information correlated with other data points can make a useful fingerprint. This is how a lot of the companies can track you even if you aren’t logged in, you using any service creates a pattern that with enough aggregate data can be used to approximate who you are.

Each instance serves the content from that instance, so from my understanding the only thing other instances can see are subscribed communities to be able to federate posts. Upvotes/Downvotes can possibly be tracked per user as they are federated on a per-vote basis currently, though this is just something I read and don’t have sources at the present.

Being an admin of an instance, I can’t even see my own history of visited posts. I can’t verify this, but I doubt this information is being stored in the database currently.

This being said, each instance has full control over their API server and the web-based application being served, so they could add monitoring to either to gather this data. If they did this on the API end it would be undetectable. Running your own instance is the only fool proof method, otherwise you need to trust the instance operator.

To dump a simple postgresql database, you can do something like:

pg_dump postgresql://lemmy:[email protected]/lemmy -f backup.sql

This should result in a file being made named backup.sql for your database.

As for upgrading, my small instance with a 1.5Gb database upgraded with no issues using the docker images on kubernetes.

I’d say setting registrations to closed and having the operator enable/configure which to use is the best default. CAPTCHAs can also be automated, so this won’t stop anyone that is ambitious enough. If someone sees value in automating account registrations, they might be willing to pay for the CAPTCHAs to be solved for fraction of a US cent each.

Upgraded my instance, switched the docker images to 0.18.0-rc.6 and it started right up. Appears to have no issues for me thus far, so hopefully a full release will be right around the corner.

Good to know, but if that meets the legal requirements I cannot say. Really a lawyer that practices GDPR/CCPA would need to chime in if that is enough for either.

To address each of your points:

Maintainability and Scalability: This is a big concern, especially with users being drawn to large instances. In the beginning there will be pains, even the “flagship” lemmy.ml had issues maintaining this as this wasn’t their primary concern until recently. It is up to each instance owner to maintain their instance, and if it grows to large for them to handle to direct users to another instance. If an instance owner decides to abandon their instance, this will currently result in that instance being lost. I do think some protocol of preserving content (with the mechanisms for users to control the content) is needed but will need to be worked on in future versions. This could be done by users getting a key for example, and making requests via another instance to transfer their public user data over and they can control their content again from the new instance. This is just a thought though, and I am unsure how well this would work in practice. This will most likely become a topic of discussion among developers working on lemmy, so I have faith a good solution will be reached.

Monetization: The usual for this kind of stuff, donations using whatever service they prefer. I think some ads are ok, as long as they don’t siphon data and use advance techniques. Something such as as “sponsors” could work, it’s an ad but it’s not trying to steal your data. I think most instances would be abandoned if they implemented standard “google” ads.

Legal/Privacy - I am not a lawyer and this isn’t legal advice. Each of these laws have pretty clear details of implementations, and iirc they also only cover corporations and institutions. Users running instances themselves do not apply, but overall GDPR and CCPA compliance would be required as users won’t want the liability of running large instances. In my opinion, all that can be done is to have a delete request that propagates as any other content does. It’s up to the instance operator to fulfill the request.

I just upgraded, was fairly painless overall. Solid code coming from the devs, another good sign.

That would explain it, and I see they pushed docker images for 0.18.0-rc6. I might have to give it a spin on my instance, if they are running it must be pretty safe to use.

Edit: As for pending status, if I go click the orange “Subscription pending” button then re-subscribe it joins instantly.

Edit2: larger communities take some time still but you can actively see the posts coming in.

Edit3: The larger communities require a second unsubscribe/subscribe, but all my lemmy.ml communities are now synced! Great news.

The posts just started pouring into my instance as well. I think they might of, which is wonderful news.

I fear a lot of this is bot accounts.