Reminder: Steem absolutely and completely violates GDPR and European privacy laws

in #steem6 years ago (edited)

I was linked to a post where witnesses were bickering about a significant proportion of witnessing happening by servers sourced (and resold) from one service provider in Germany.

Pretty shocking that no one addressed the elephant in the room. Seven weeks ago, I started an investigation into the legality of Steem. Now, with GDPR active, all I'll say definitively is that Steem is pretty much completely illegal and hosting this blockchain (with illegal data contained in it) in Europe makes you a criminal.

So, get out of Europe, start hosting in countries that don't care about human rights.

To developers and Steemit Inc, you need to build systems to comply with global laws.

That was for the witnesses. For the users of the platform - If you think Facebook is bad for "leaking" data, think about Steem. It leaks all data about you and everything you post, to everyone, at all times. There's zero recourse or appeal either. Feel free to post, but be careful what you post. If you care about privacy, leave Steem and look for a solution that respects your right to privacy.

I fully understand this is not a pressing concern. The authorities have far more important issues at hand than some tiny corner of the internet.

PS: complies with GDPR, as per the latest privacy policy. However, this post is about the Steem blockchain.



For the users of the platform - If you think Facebook is bad for "leaking" data, think about Steem. It leaks all data about you and everything you post, to everyone, at all times. There's zero recourse or appeal either.

I wish people would be aware more of that. On an immutable public blockchain, any company can spin up a node and start mining all data available for every account. Let Steem grow a little in userbase and watch how Nielsen and its ilk descend on us and mine the BC.

Exactly. I wouldn't be surprised if they are doing it already. (Not Nielsen, but maybe some Cambridge Analytica wannabe startup.) No one would ever know.

But it goes deeper than just some data mining company. All governments, all corporations, all advertisers, all underworld, all stalkers, serial killers, sexual predators - everyone has all access to all your data. And there's not a damn thing you can do about it.

Even Orwell didn't see this coming.

And we tend to promote it as... the opposite. Tracking free.

Wake up, people. The tracking on a blockchain is FREE, it’s not tracking free.

Most people even not aware that most interfaces also use Google Analytics. One of the worst “The product is YOU” behemoths.

you can be discriminating in what you post.

I thought transparency was one of the benefits of STEEM.

In general, we should not post anything to any social media, if we are concerned about privacy of that data. The whole purpose of social media is to show that to everyone, at least to your friends or peers. Isn't that by definition of social media ?

to everyone, at least to your friends or peers

That's what makes all the difference, the ability to choose who sees your data.

Isn't that always an illusion at best?

So what are your thoughts on print, then? Once it's out there in printed form it's out there. Corrections can printed, errata, further elaboration, etc. but you can't delete the paper out there in people's hands.

Good question, I would like to know too.

While the blockchain data is public information, none of that information was collected surreptitiously, all of it was stated publicly by the individuals concerned (or culpable individuals, and the blockchain data is proof of their crime), who intended it to be stored on a decentralized, permanent blockchain that is publicly auditable.

The EU is in the wrong. Should Steemit become a safe space for every fantastic hallucination of fascist tyrannies? No. It should not.

While I understand your concern, and caution to witnesses (and presumably folks that host an RPC node) this is not a problem Steemit needs to solve, nor is it a problem Steemit can solve.

The EU is imploding. The UK voted to leave the EU long ago, and are being essentially enslaved by an illegitimate government in that union, which is infiltrating thousands of agents provocateur to harass them and sexually abuse their children, and renditioning civilians who dare to report it. While the news today is about the egregious crimes of the UK against it's people, Austria, Sweden, Germany, France and the rest of the West in Europe are facing the same repression and tyranny.

This is a problem the people of Europe need to solve.

Steemit may be part of that solution, frankly, as long as it democratizes access to public information. I have noted for some time that not only are government agencies surveilling us through ostensibly private companies like Fakebook, Goolag, and Twatter, but that they are keeping that information from the people it pertains to. Worse, sites, posts, and information are being deleted from the net.

Sites like the Wayback Machine, and are not only in danger, they are going to fail. The EU is trying to establish complete control over what information is available to their subjects. This cannot be permitted, or there will be no free people, only chattel.

Steemit is the solution to that problem. The right to be forgotten doesn't exist. It's a false claim, an abnegation of reality, that is no mercy to those whose drunk posts embarrass them. Once data is released into the wild, there it remains. The attempt to foist such repression on the people of nations subject to those tyrannies will have to be thrown off by those people, or they will have no need of Steemit in the cells they are allowed by their masters.

Not every revolution is only noticed in retrospect. Sometimes you have to spit in your palms and hoist the black flag. If Steemit doesn't remain uncensorable, it will be useless. is going to comply with GDPR. Indeed, Steemit has remove a lot of content on the site in the past, responding to DMCA notices etc. Maybe you should use a different app on the Steem blockchain since your political rant makes it clear you don't agree with the regulation. While you are at it, you may want to edit all references to "Steemit" in your post to "Steem".

PS: Source

Good point about Steem/Steemit. Thanks! I often forget to note the difference as the only interaction I have with Steem is Steemit.

If Steemit has a mechanism in place to remove content already, problem solved.

As to the rest of your rant about public information being public, where's the problem?

Is there a problem in your view with the public having access to public information?

If Steemit morphs into some lapdog of tyranny, don't worry, I'll be gone.

The problem is not solved as the infringing data is still held in the Steem blockchain. Privacy is a human right, there's no distinction between "private" data and "public" data, and like all human rights privacy is timeless. I.e. by foregoing your privacy today doesn't mean you don't have the right to privacy in the future.

I understand that you see the above distinction, but the law is the law. If you don't like the law, I would recommend you protest in appropriate forum.

Ah, the distinction was not clear, and both you and @carlgnash assume I should know that if Steemit removes content, they don't do so by hardforking and removing the infringing data from the blockchain.

I would have assumed this was necessary to satisfy DMCA.

But, a mechanism does exist to remove data from the blockchain.

It's called a hardfork.

That's the whole point of my initial rant. (As well as previous rants over the last two years) There needs to be a defined, transparent system implemented that responds to DMCA, GDPR etc. Something like witnesses review and approve amendments, and it leads to thousands of microforks. But the system has to be robust enough so everyone's on the right chain at all times etc.

(I'm not a developer - I'm sure they will come up with a better solution.)

you are again missing the distinction between "Steem" and "Steemit". Steemit has a mechanism in place to remove content, as in One website. One website not displaying content that is on the blockchain, is different than a way to remove that content from the Steem blockchain.

Even if every web front end for Steem in the world didn't display illegal content, that content would still exist in the servers of the witnesses. It has to - the witness server has to have the whole blockchain. There is no current mechanism to remove data from a block once it has been produced.

"If Steemit has a mechanism in place to remove content already, problem solved."

Is what I said.

"Steemit has a mechanism in place to remove content, as in"

Is what you said to correct me.


You are still missing it. having a method in place to remove content does not mean the content is removed from the steem blockchain. The entire point of liberosist's post is that the witnesses who run servers, which hold the blockchain, are still in possession of illegal material even if has removed it (meaning, is not displaying it) from one website. The content has not been removed from steem. steemit does not equal steem

I have grasped my failure to understand that @liberosist's statement that Steemit complied with DMCA takedowns by removing content did not mean they removed it from the blockchain, which I assumed was what he meant by 'removed'.

Data can be removed from the blockchain, as I pointed out in my last reply to @liberosist, with a hardfork.

Thanks for clarifying for me =)

Why doesn't steem respect your right to privacy? Steem doesn't force anyone to disclose anything and makes no reservations about "safeguarding" what you post. A right to privacy would be if they extended certain controls that would limit what people can see from your posting. Remember Steem was never meant to be a Status Update Facebook Killer, it was and still is a Transparent, Censorship Proof, Public Forum, much more resembling all other internet forums minus their built in chat and messaging systems.

If you want to store private data on a PUBLIC place you better encode it.

I've never understood this type of behaviour. You took the time to read this authors post, took the time to comment on it and might want to spark a discussion, but you couldnt be decent enough to give even a 1% upvote. this is a problem, one that has been growing for a while. Even if you disagree with someones opinion doesn't mean you shouldn't give them a little credit and appreciate their effort.

Maybe you out to consider my observation as quite valuable indeed, instead of trying to shame me for not upvoting an inconsiderate and idiotic post: Privacy on a Public Forum, and that's if my VP wasn't already depleted!

Chill the fuck out bro. My voting power is depleted, and I have no business voting for this nonsense of Privacy in a Public Place.

You couldn't be decent enough to take my valuable comment as good enough for the post and decided you had to repeat what I said instead of expounding on it or at least saying you agree? Fuck me, now I have to show appreciation for all the fucking idiots, morons, imbeciles and other fools for their "effort" regardless of how imbecilic it might be, they Tried, everyone gets a fucking sticker.

You know what the fucking problem is? People who fucking jump on shit before even a cursory investigation on a half-cocked assumption that you fucking know me or I owe you shit, which is exactly the same idiotic nonsense that this post is linch-pinned on: A public Forum doesn't offer you Privacy. You might as well buy a McLaren F1 and complain about the trunk space and the lack of cupholders.

Besides having a big mouth and having no appreciation for those with differing opinions than yours, you could use a little work on your people skills. Maybe that's why your posts get no views, comments and worth less than a dollar, but what do I know, I'm just here for a sticker.
If you don't have anything constructive to say, you're not interesting in giving the OP an upvote and you spout off when people don't agree with you, then why don't you just fuck off and not bother commenting in the first place?

So when I commented to this post, it wasn't constructive, yet when you jump down my throat for supporting idiocy with my vote that was constructive? What the fuck did your comment want to accomplish besides shaming me for not supporting my adversary, or Idiocy itself? Did you make a constructive remark when you copied what I said, was that something other than pure noise?

I should shut up because I have no nice word for Idiocy itself and the infuriating nonsense that it espouses, tell me are you mad that I called your shit out, or are you mad that I called the other idiot out? Why did you bother to comment in the very first place if all you had to do is RAG on how I didn't upvote a post, as if my comment offered ZILCH value to the post (engagement and traction in the post lists doesn't count as much as a bullshit EMPTY gesture though, fucking idiot). Tell me I am curious but I have a nagging suspicion by the absence of any response to the same inquiry before that you won't say shit and think that I give a fuck about your life lessons on people skills because my posts don't make a dollar. Woop-de-Woop, blow it out your ass.

Europe sucks, I find myself not surprised that folks that don't have freedom of speech are not allowed to use this.

To listen to the audio version of this article click on the play image.

Brought to you by @tts. If you find it useful please consider upvoting this reply.

Who cares :p

Of course, you're right. I wasted a lot of time, and the amusement wasn't worth it. Silly me!

I wish I understood this better. I'm in Canada, but it still makes me pretty nervous. Only an issue if you host the blockchain? Posting isn't an issue?

Issue with upvoting btw.. trying but no luck.

No, posting is not an issue. You just give up privacy.

Gotcha. Yeah - I really try to be vigilant about anything I post. It's hard to know whatever you put up is there forever. There are things I would delete--not terrible things really at all, just some wince-worthy things I don't wish had near-eternity for posterity.

Most of what I post is just my music, which I'm happy to post. Then again, it's a sacrifice to know I can never take it down again. It's hard to plan for all of the potential effects of that years down the road.

As of now, everything you post is up there forever, publicly accessible to everyone, and you can do nothing about it. Steem does not offer you your right to be forgotten (formally, right to erasure - Art 17 GDPR), among others. So, yes, be vigilant.

Well this isn't very reassuring. Hope the witnesses get it together so they don't run into legality issues. I think when it comes to things on the blockchain though, it doesnt make sense to follow traditional ways of doing things. The blockchain is meant to be transparent, steem doesn't force you to use your real name or censor you in anyway, so I'm not quite sure how the issue should be handled.

  1. Privacy controls. Way back in mid-2016, confidentiality was actually top on the roadmap.
  2. Ways to remove illegal data; respond to appeals such as right-to-be-forgotten etc etc.

The above are challenging for a blockchain, but methods need to be invented to keep up with human rights laws.

Coin Marketplace

STEEM 0.27
TRX 0.12
JST 0.032
BTC 66278.74
ETH 3072.53
USDT 1.00
SBD 3.68