Edit: obligatory explanation (thanks mods for squaring me away)…
What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
I’ve been wondering exactly this, Lemmy will have to be shut down in the EU if it doesn’t comply with GDPR, and considering that means each individual instance and the individual/group/company running it…
I just don’t see how this is ever going to be secure enough to fully comply with GDPR. Not when huge security holes like this exist, where anybody with a tiny bit of knowledge and a few hours can access so much data on people anywhere…