Dunno necessarily if they are _forced_ to expose that data.
Something like OAuth means that you can give different levels of private data to different actors, based on what perms they request.
Then you just have whoever is holding your data anyway (it's gotta live somewhere) also handle the OAuth keys. That's how the Bluesky PDS system works, basically.
Now, there is an issue with blanket requesting/granting of perms (which an end user isn't necessarily going to know about), but IMO all that's missing from the Bluesky-style system is to have a way to reject individual OAuth grants (for example, making it so Bluesky doesn't have access to reading my likes, but it does have access to writing to my likes).
In a federated system, the best you can do is a soft delete request, and ignoring that request is easier than satisfying it.
If I have 100 followers on 100 different nodes, that means each node has access to (and holds on to) some portion of my data by way of those followers.
In a centralized system, a user having total control over their data (and the ability to delete it) is more feasible. I'm not saying modern systems are great about this, GDPR was necessary to force their hands, but federation makes it more technically difficult.
The ability to fully delete your posts on any platform is an illusion anyway, as e.g. a local politian found out.
I don't really see my posts remaining in people's RSS readers after deletion as a problem. It's a fundamental property of information distribution as far as I am concerned.
That's not entirely true. The big platforms yes, but that's a combination of economic incentives and technical challenges at scale (such as moving data to cold storage).
But even then, that means there's resistance, but that's not the same as things being technically impossible. In federated systems, a delete is not a delete. It can't be because there's no way to confirm deletion on nodes you can't control.
And I understand your perspective as a realist on deletion generally, but that's not most social media users understanding when they're told they can control their own data, which is a common selling point of federation.
A centralized system which is properly incentivized to completely wipe all data associated with an account will be able do so, but a federated system can't.
Something like OAuth means that you can give different levels of private data to different actors, based on what perms they request.
Then you just have whoever is holding your data anyway (it's gotta live somewhere) also handle the OAuth keys. That's how the Bluesky PDS system works, basically.
Now, there is an issue with blanket requesting/granting of perms (which an end user isn't necessarily going to know about), but IMO all that's missing from the Bluesky-style system is to have a way to reject individual OAuth grants (for example, making it so Bluesky doesn't have access to reading my likes, but it does have access to writing to my likes).