Infosec concern: Account deletion buggy between Hexbear & Lemmygrad

Crosspost from the Hexbear meta comm:

Some deleted Lemmygrad accounts are straight up still there when you search for them from Hexbear, ditto for Hexbear on Lemmygrad. Whereas some other deleted Hexbear accounts have all their comments deleted but their posts are still up when you search via the Grad, and others appear like they're still there but give you an error message when you click on the link. Is this a known issue?

Seems like something that should be addressed, considering these are semi-sister instances and the culture (at least on Hexbear) tries to emphasize the importance of privacy and infosec.

I also realize Lemmy isn't nearly as secure/private as we like to pretend. Something someone posted in a thread sometime last year that I wasn't aware of at the time:

Lemmy privacy PSA

People kinda don't talk about this enough, but the fediverse is kind of "very permanent".

Even within default Lemmy, comment deletion just makes it invisible, if you undelete you'll see the original content.

One can make a "Lemmy server" or any other compatible software, get all of our federated content, and never honor any delete requests. Posting on Lemmy is much more like a listserv than reddit, once it's out there it's not really coming back.

Edit: also up votes are actually public, if someone has a server or client they can just show who up voted on content like insta or whatever it if they want. They are just hidden in the Lemmy frontend, but once again, the servers know.

Still though, the kinds of losers who'd want to doxx someone here or save troves of perceived dirt probably aren't the most committed or resourceful and for that threat model, the two sites should probably create as many barriers as they can.