Tell me if I’m wrong, but federated systems don’t seem to be the best for privacy because you can’t ever delete all of the copies of your posts and comments?
I was thinking about this recently… By going to a federated system, one that essentially copies all of your content from one instance to another, when you delete a comment, does that comment get deleted on every instance? Is that even possible?
You can't truly delete anything period, anything posted publicly can be copied. What's more important is if it's verifiable. I can trivially edit your post locally and take a screenshot and pretend it's you, but there's nothing verifying you actually said it.
It's possible through encryption to verify that something was actually said, but most of the time we verify things through trust, we trust centralized services to have an accurate record of what happened. We trust social networks to not alter the original content posted to it. We trust archive organizations to store an original copy securely as it was at the time.
You can prove that a post was truly made and unedited via encryption, but even then you're still trusting that all the clients you are using are not doing anything nefarious in between. Unless you read the source code and compile your own applications you can't know for sure, so still, trust is a big part.
But if you can prove a post was made, how do you unprove it? I don't really see how that's mathematically possible. So when you "delete" something on the internet, you can't really remove it completely.
So what does "deleting" something actually mean? What it really means is "please stop hosting this and monetizing it on your server", and it's not even possibly to be sure they deleted all of it internally, you can only really check that they are no longer showing it to the public. That's easy enough to do when it's a centralized service, but for anything decentralized it means going to every single server and getting them all to delete it. You can send out a signal asking them nicely to delete it, and I don't know if Lemmy has this, but even if they did it's unenforceable to get a server to fully delete something, but you could put some rules in place that it needs to be publicly inaccessible otherwise the instance gets defederated or something, but I don't know how hard it would be to implement something like that. The resources required to verify that all instances have stopped serving it and don't begin to serve it later may be far too high to be practical.
At the end of each comment, you add a cryptographic hash of that comment concatenated with the hash of your previous comment. Then every time you post a comment, it could be used to verify the integrity of all your previous comments independently from the servers they’re stored on.
To “delete” or disown a comment, you could edit the hashes on subsequent comments to remove the disowned comment from the chain. So you’d have an editable, “canonical” comment list that would be re-confirmed with each new comment.