Another update and possibly a solution for some case where posts were not properly deleted. Seems I jumped the gun on this and the restores haven’t been intentional - at least not in this particular case.
There is a limitation in the popular Powerdelete that apparently prevents mass editing. Here is a link to a new version with a build-in delay and some other alternatives:
https://www.reddit.com/r/ModCoord/comments/145fico/comment/jnl4xmr/
There are other reported cases where manually deleted post reappeared or other scripts have been used, so this doesn’t solve all issues but explains how posts that were both edited and deleted withPowerdelete weren’t properly deleted and reappeared after subs went back live.
Update: As some have pointed out: the restores can be rollbacks from the server issues or post haven’t been properly deleted due to subs being private during blackouts. Many have experienced the same issue, I can’t explain how this happens. I’ll just run the script again, try the GDPR request and delete my account.
Also worth noting: according to the ToS Reddit can actually do whatever they want with existing content, apparently we agreed to this when signing up.
Worth noting is that a number of US states also have strong protection laws. So, delete you comments manually and then, if you’re really trying to ensure that they delete your data, submit a data removal request that cites your locale’s law on data removal.
Theeeeeen in 6 months or so, send a data retrieval request to make sure they followed through… and report them if they did not comply. Might as well make them pay for that data if they can’t follow the rules.
Assuming that this is, in fact, not legal and if they have money that can be gone after, I assume that someone may start a class action suit. In theory, they’re worth multiple billions, so…
An individual probably doesn’t care much about whatever harm is done, as the damage is too small. But this is the kind of thing where a lawyer can walk away with a big payday by aggregating cases of many users and then getting a percentage of any payout.
I am not at all certain that it is not legal, though.
This could be worse than anything else they’ve done. If they claim they own the data, are they then not responsible for it like newspapers? Is it in their terms and conditions they are free to do whatever with posted information, do they have the rights to edit users comments but in doing so become a content provider and therefore responsible. Kicking mods out doesn’t land you in court this seems high risk to be manipulating content. Doesn’t matter why it was deleted or edited it was deleted or edited who gets to decide what version to restore. Either you are hands off or you own the data and are responsible for it and upheld to media standards.
Edit: found a snippit of the terms and conditions in a German GDPR thread, It appears it is their terms and conditions that after you post it they can do with it what they like, even adapt it. Either way that’s not a reason to be gone.
I deleted all my content but I did it over the span of a few days, to let the different caches around reddit to update with the new void, and my content is still deleted (so far).
I said it before and I say it again: if you have the patience to do so then make sure you overwrite your content with chatgpt generated content, as the future AI that will feed on your post HATE feeding on already AI generated stuff. It makes the AI diverge.
edit: Filling your previous content with random generated content also make it harder to restore because it is harder to spot, compared with the comments which are simply “deleted”. Also, if all of it is really true, congratulation to reddit for demonstrating to everyone and specially the USA how useful the GDPR is for the citizen.
They really want to fuck around GDPR? Are they really Musk level morons?
Just wait a bit then delete your data. They can’t keep an eye on it forever.
That’s awful. I wonder if there’s a way to automate deleting all of our posts and replies—and repeatedly run it on a schedule via a cron job or something, maybe once an hour or something. And let it run until their API becomes locked down.
That’s not a bad idea actually. The Powerdelete script I used is based on Javascript and needs to be started manually in the browser window, I’ll just run the script once a day. But maybe someone with more knowledge can come up with a more automated solution. They can’t restore user accounts forever.
And then replace it with a Selenium script afterwards.
@megane_kun I was thinking something very similar. I’m sure there are keywords they’re looking for too, like “third party apps” and “fuck /u/spez” which trigger the restore.
Probably, though from what I’ve seen in the linked thread, there’s no such keywords present.
What I suspect is that Reddit admins saw a rise in deletions, and put two and two together and thought it’s part of the protest. They’re not wrong, but still a dick move.
Holy damn. I deleted all my comments and my account ~a week ago. I don’t even know how to check if they restored something. 😠
Quick and dirty Google search says GDPR law is complicated when it comes to backups https://www.itgovernance.eu/blog/en/the-gdpr-how-the-right-to-be-forgotten-affects-backups-2
Even if having backups of the data is legal, it seems highly doubtful that restoring data that a user intentionally deleted would be allowed.
That link is just too request the bulk of your data. It’s not a form to request deletion of all your data. Technically you could request that, but if they deny out ignore that, then there’s not a whole lot you can do unless you’re ready to take it to court.
If you’re in the EU, report it to the Data Protection Authority in your country. They must provide you with a copy of your data and also purge it upon request.
That is such a shitty move. Forcing subreddits to go back up is one thing, but as a european this feels very wrong from a data ownership standpoint and I’m not sure it’s ok in the GDPR rules?
I think we should actively keep track of Reddit restoring user’s content without people’s permission. Screenshots, timestamps, everything. Monitor it all.
Maybe if Reddit go ahead with their API change whilst treating their users like such disposable crap, we could reach out to the EU to inform them of Reddit’s GDPR breaches. Maybe that’d lead to their new revenue from API charges disappearing into hefty EU fines.
Update: Maybe there’s going to be some loophole about actually having to use the data deletion request via Reddit’s UI for there to be an actually GDPR breach though thinking about it. Going to ask around some Law friends for advise
Earlier this week I deleted all of my comments except for some in a private sub. I just checked and all the posts I deleted are back 🤬
Same
This is shitty of them to do but this is what people have been trying to tell us since the dawn of the internet. Nothing on the internet is EVER truly deleted
I think they may underestimate EU’s response here.
What response? The data on reddit is not personal, identifiable information, and would still have to be considered on a case-by-case basis. GDPR, generally, doesn’t apply here.
The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics
By definition commenting reddit users are covered, even if they haven’t posted anything otherwise identifying – but most have either way.
If a user is commenting they have an online identifier and are thus covered. If a user has ever referenced their relationship status, location or any physical descriptor they are covered. The GDPR – it applies.
That’s not what an “online identifier” is under GDPR. Those are RFID tags, cookies, device fingerprints, IP addresses, etc: https://gdpr-info.eu/recitals/no-30/
Usernames are online identifiers:
A non-exhaustive list is included in Recital 30
An individual’s social media ‘handle’ or username, which may seem anonymous or nonsensical, is still sufficient to identify them as it uniquely identifies that individual. The username is personal data if it distinguishes one individual from another regardless of whether it is possible to link the ‘online’ identity with a ‘real world’ named individual.
Perhaps delete and replace the comment with text that explicitly claims copyright on the deleted message and denies Reddit a license to use the deleted content? It would be good to get a legal eagle willing to look at the Reddit user agreement and content licensing and see if there is a legally literate way of denying them use deleted content once it has been submitted.
If you’re in the EU, submit a request to have it purged. If they refuse, that’s a violation of the GDPR.
There’s certainly no chance this will backfire…
Has anyone tried phoning a GDPR focused lawyer firm? I just did a google and they offer a “free consultation” I would like to get the facts 100% before raising my pitchfork.