Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.
- Deleted comments remain on the server but hidden to non-admins, the username remains visible
- Deleted account usernames remain visible too
- Anything remains visible on federated servers!
- When you delete your account, media does not get deleted on any server
Other people have already commented on how federated social media often requires certain data just for implementations to work and make sense, and there’s not much more to add to that.
If you want private, end-to-end-encrypted, decentralized communication, the best modern solution to that is #matrix.
The same “rumors” exist about Matrix. According to some, “a lot of metadata is unencrypted”. While somewhat true, there’s literally no way to be able to deliver a message from person A to person B without knowing who the message is from and who it’s going to, especially on a decentralized platform. Most of the (not E2EE) metadata sent with an event in Matrix needs to be read by the homeserver, and thus can’t be E2EE.