1400 is a masterpiece. It’s a shame that the sequels went for this 3D sims styled gameplay. I don’t want to control the whole family. I want to control one member of the family.

How does this compare with Carrot?

Why do you think that?

A password reset probably should invalidate all previous JWT tokens.

It’ll come back, but with automation.

If it’s cheaper to build locally with automation and minimal US based labor then it is to build overseas and ship then they will bring manufacturing back.

This seems transparent, well thought out, and opt-in. The headline concerned me but once I read the article this seems fine. I moved from LastPass to 1Password because of the horrible communication around breaches in the last few years.

A sketchy instance operator isn’t really a solid defense against implementation of better privacy features in the source code.

Why should someone who has doxed someone get away with it by deleting their account?

Doxxing is not illegal in many places - the US included. Cyberstalking and harassment may be illegal, depending on location. That’s beside the point, but this is an extremely specific example.

Ultimately users should, in my opinion, be in control of their data. Tildes, for example, preserves deleted comments for (I think) 30 days and then permanently removes them. It seems like that approach is a compromise that would work for your situation while still respecting privacy long term.

Deleted comments remain on the server but hidden to non-admins, the username remains visible

This is a negative behavior by Lemmy, in my opinion. Deleted comments should be purged after some time. Tildes does the same thing - I think with 30 days?

Deleted account usernames remain visible too

These should be replaced with some random string of characters or something like DeleteUser<numberhere> or something.

Anything remains visible on federated servers!

This is just a concession of federation.

When you delete your account, media does not get deleted on any server

This is an issue, too, in my opinion.

I don’t think there is a legal requirement that you store that data, just that you make the data you store available, or in some situations, you add logging for valid law enforcement requests.

Apple for example does not have access to end-to-end iCloud data that is encrypted to my knowledge. They wouldn’t be able to provide the contents of my notes application to law enforcement necessarily - and that is currently legal.

How do you know if they are non-complaint without manual verification?