[HN Gopher] Blocking Threads won't be enough to protect privacy ... ___________________________________________________________________ Blocking Threads won't be enough to protect privacy once they join the Fediverse Author : jdp23 Score : 103 points Date : 2023-07-10 21:13 UTC (2 days ago) (HTM) web link (privacy.thenexus.today) (TXT) w3m dump (privacy.thenexus.today) | [deleted] | FollowingTheDao wrote: | My hope is that people will give up on all social media. | Nextgrid wrote: | If you have personal information you do not wish bad actors to | see, do not publish it using an open protocol explicitly designed | to allow anyone to read said information. | | Defederating from Meta as a solution is stupid - Meta can (and | will if they actually care enough) just rejoin undercover. | | Furthermore, when it comes to the fediverse, Meta is actually one | of the _more_ trusted actors compared to whatever else is on | there - at least they 're a known legal entity instead of some | random. | | Finally, the fact that publishing private information publicly on | the fediverse wasn't considered an issue before Meta came along | shows just how irrelevant the whole thing is - the data has been | public all this time, but the network is so irrelevant that not | even bad actors cared enough to actually scrape it (or at least | do anything with it). | itronitron wrote: | You're overlooking the fact that Meta is collecting a whole lot | more information than just what people post publicly, and | they're not transparent about that. | dcow wrote: | Yeah I stopped reading the article once it mentioned people | getting annoyed and wanting to control _who_ sees their public | content. You don 't get to make that call. The community | doesn't get to make that call. The protocol makes that call and | the protocol allows anybody to view stuff you post publicly. | You don't get to say "I publish this but Meta can't view it". | Not even legally you don't. That's not _privacy_ and no amount | of "web3" is going to fix that. | | Copyright cannot restrict who can view a work you created once | you transfer or license that work to somebody else (e.g. by | releasing it publicly on the fediverse). You don't get to say | "here's my post but if you show it to Meta then that's | illegal". We don't even have a common legal framework for | dealing with content distribution that isn't copying (we got | "lucky" that you have to copy content to view it digitally so | copyright can be poorly jammed onto the digital content | distribution model and everything doesn't burn down). | | Where the heck did people get the idea that they get to dictate | how culture spreads and evolves? | Guvante wrote: | Your understanding is flawed. Copyright is 100% okay with | transitively controlling production of content. | | After all how else would you describe someone allowing | Netflix to stream your content? | | You can't restream Netflix and Netflix is restricted on how | it can stream to you. Both rooted in the original Copyright | protection and the licenses to content given out by | intermediaries. | | Most posting platforms give themselves very broad rights with | what they can do in a transitive fashion. | | But that is "companies don't want to get sued for user | uploaded content and are lazy" not "you don't have any rights | over things that are published". | dcow wrote: | It's not that simple. If I sell you a book, I cannot place | a restriction on that sale saying you can't resell that | book (first sale doctrine). You're allowed to do that | because you own the _copy_ of the book. You can 't copy the | book and sell it, because you don't own the _copyright_ , | but you can sell the original copy, show it to whomever you | want, etc. It's not that "copyright is okay with transitive | licensing" but more that "copyright simply prevents you | from copying a work you didn't create (or otherwise don't | have copyrights over)". That's all it does. | | If you want to place downstream restrictions on your | content then you have to license it (and get someone to | agree to your license). You have rights over how you | _license_ content. Yes. And users may agree that they 're | only "viewing" a copy and don't in fact own it when | engaging with your licensed content, sure. But my main | point was that you don't get to publish content to the | public domain and then say oh wait no I didn't want Meta to | see that oops #privacy #cancelmeta. And further that it's | kinda silly to imagine a world where everyone licenses | every little toot they make. At some point we're in a | public forum and we just all need to understand what that | means, including that someone you don't like might be | listening. | | Anyway, I don't think licensing content is a positive thing | for society. It may benefit media conglomerates, but not | individuals. Arguably, creators _shouldn 't_ be allowed to | say "Netflix you can stream this content to users but not | in Brazil". I don't think it's a sealed deal that | downstream restrictions on content distribution are healthy | or in any way in the public interest. Charging a royalty | for a views/streams of some show is one thing. Saying "only | on Tuesdays and not in Brazil" gives too much control to | creators to dictate how their art should be interpreted. | And nobody can prevent you from using Netflix to stream a | show to your Brazilian friend on the couch next to you... | nor should they ever be able to. That would be really | really bad technology, were it to exist. | | So short of attaching licenses to every post you make, no, | there's not a socially healthy, let alone even viable, | strategy to control content distribution in the | "fediverse". | justcool393 wrote: | > If you want to place downstream restrictions on your | content then you have to license it (and get someone to | agree to your license) | | That's not how copyright works like... at all. HN needs a | license to display your comment right now (see here: | https://www.ycombinator.com/legal/#tou). Copyright works | by default (in the US) of being the most restricted. The | first sale doctrine applies but online when you | distribute something you're not making _1_ copy. | wpietri wrote: | > So short of attaching licenses to every post you make | | I think you have this backwards. Full copyright | protection is the default for all content not licensed | otherwise. Publishing does not put content into a "public | domain" status. Social media platforms already have | strong legal terms around every piece of content. If you | violate that license, platforms may choose to fuck you | up. E.g.: https://www.malwarebytes.com/blog/news/2023/01/ | untraceable-s... | | It would be easy enough for particular Mastodon servers | and/or accounts to be explicit about their downstream | licensing. | scarface_74 wrote: | > Saying "only on Tuesdays and not in Brazil" gives too | much control to creators to dictate how their art should | be interpreted. | | Do you feel the same way about restrictive open source | software licenses like GPL3? | dcow wrote: | Yes all software should just be public domain. But | because we have icky copyright, we have to have icky | software licenses. | giaour wrote: | > but you can sell the original copy, show it to whomever | you want, etc | | The license associated with physical media does have | restrictions. You can't mount a public display of the | work without acquiring a separate license. E.g., you | can't buy a DVD of a movie and then screen it for a group | (outside of what's permitted under fair use). If you sell | tickets to that screening or intersperse ads, thereby | infringing copyright for commercial gain, you're in even | hotter water. | nobody9999 wrote: | >Yeah I stopped reading the article once it mentioned people | getting annoyed and wanting to control who sees their public | content. You don't get to make that call. | | A fair point, and one that's not really new either. | | Don't want something to be public? Don't post it publicly. As | I recall, when my employer at the time (mid 1990s) | "federated" their email with the rest of the world, they sent | out a memo which stated, in part, "don't put anything in an | email that you wouldn't want to see on the front page of your | local newspaper." | | That was back when local newspapers were a thing, but I | imagine you can see the parallels. | | That said, I do get to control who sees my content -- by not | making it public (i.e., I don't federate my AP instances and | curate who can create accounts on them). | | If you want something to be _private_ , don't post it | _publicly_. I 'm not sure why that's such a foreign idea to | some folks since, as I mentioned, it's not even close to | being a new idea. | mcv wrote: | Controlling who can see your content is actually a very | reasonable feature; some things are not meant for everybody, | but just for the people who actually know you. But it's not a | use case that ActivityPub was designed for. Google+ had a | really nice feature where you could easily control who can | see your post. Diapora has something similar, but considering | it's federated, I'm not sure if you can really guarantee it. | | I think the only way to guarantee this control in a federated | system, is to encrypt everything that's not completely | public. If everybody has a public key, you can use that to | encrypt the secret key. It's a hassle, but I think this would | work. | echelon wrote: | There's a portion of the far left and the up-and-coming gen- | zalpha that takes on a dictatorial "censorship is okay for | things we dislike" attitude. They don't realize that in the | 90's and 00's free speech was a place of refuge for liberals | to escape from evangelical attacks on everything from LGBT | rights to Pokemon. | | They also don't appreciate that the "come one and all" nature | of the internet back then led to many people crossing the | fences and experiencing viewpoints they'd never seen or heard | before. This is an atmosphere we desperately need to return | to. | | Present day censorship, "gotcha" moderation, and algorithmic | manipulation of emotion have led to hyper polarization. We | should 1) deescalate the intrusion of these systems and | remove them from our day-to-day experience and 2) reinforce | the fundamental rights we all deserve. | | Social media networks with over 100,000,000 daily active | users should not be considered as "private companies with a | right to free speech through censorship". They are | effectively public squares that we have all elected and | chosen to share. Right and left alike. | | Public companies tend to censor to protect profits, but small | individuals (such as Reddit moderators and Fediverse instance | maintainers) do it from either a position of laziness or | political retribution. The latter is a form of disgust and | hatred for fellow humans and should be called out as such, | even if the other party is guilty of the same. | | I've seen the free speech argument twisted into "right wing | figures trying to force their views into everyone's feed", | but that need not be the case. There are tools for | individuals to block. And if we'd finally divorce ourselves | from platforms and federation and escape to true p2p social | networking, we'd all have maximum individual control: we | could institute any blocking, boosting, ingestion, sharing, | and ranking criteria we wanted. Many amongst the left | obsesses over what the right is doing (and vice versa), which | tells me people enjoy rubbernecking rather than tuning out. | It's a game of "neener-neener" high school football rivalry. | | But back to the core point - you shouldn't get to choose who | people talk to if you're not a first party in that | conversation. You shouldn't get to choose who can publish | openly or who can read public broadcasts. If you want to keep | your words private, share them in private. Your choices | should be limited to blocking what you personally dislike at | your own consumption level, and it should be that way for | everyone. Because that's fair. | | The pendulums of politics will swing. One day liberals will | need the free speech refuge again. Preserve it now even if | you want to get rid of it. Question yourself if you find | yourself wanting to mute or persecute others. If you're angry | with my words right now, please ask yourself why you want the | other party to shut up. | | I want to emphasize that I do not agree with the far right. | But I will fight with my last breath to preserve the right to | free speech for us all. If we lose it, we will slide into | tyrannical oppression from those in power. | | I wish we could all just get along. I know that's not going | to happen in my lifetime, but we should make best attempts at | deescalation and maintaining open communication with one | another. Conversation can be a bridge. | justsomeadvice0 wrote: | > Social media networks with over 100,000,000 daily active | users should not be considered as "private companies with a | right to free speech through censorship". They are | effectively public squares that we have all elected and | chosen to share. Right and left alike. | | Shouldn't this also apply to TV channels? Chat apps like | iMessage? Popular newspapers, blogs, and email newsletters? | And indeed, why stop at 100M DAUs - why not 10M, or 1M? The | problem I expect is this path leads to the death of freedom | of the press. | joe_the_user wrote: | _Defederating from Meta as a solution is stupid - Meta can (and | will if they actually care enough) just rejoin undercover._ | | I agree with the rest of your post but I suspect that in this | instance Meta, a large public company, that might leery about | doing something that potentially embarassing. | | But your basic point remains true. A wide variety of companies, | many bad actor, are going to be scraping, processing and | connecting any data anyone makes puts online and that will | happen whether Meta joins the fediverse or not. If Meta wanted | fediverse data bad, they'd likely just buy it. | | Indeed, all the hand wringing about Meta in particular in the | article and here seems deeply confused - of course Meta isn't | the only problematic actor out there. Indeed, the anonymity- | problem of all the walled-gardens is that they explicitly | attempt to stop online anonymity in various overt ways. But | everywhere entities are trying to deanonymize covertly and | these can be at least as bad. | | The main thing is that anyone wanting anonymity needs to take | active measures to achieve it. And these measures vary on how | visible you are and effectively how much your enemies are | capable and interested in you. Those talking anonymity would do | best educating people in this. | hackernewds wrote: | Meta has walled gardens at least with privacy settings that | cannot be scraped. | kevinventullo wrote: | _Meta, a large public company, that might leery about doing | something that potentially embarassing._ | | I don't know, they did depend on Onavo analytics for a while: | https://en.m.wikipedia.org/wiki/Onavo | joe_the_user wrote: | Yeah, the (less-important, subsidiary) point is they'd be | happier to use some other source than engaging deception | overtly and results would be the same. | jdp23 wrote: | I should have been clearer about how this relates to general | issues. I added a sentence | | "Of course, Meta's far from the only threat out there, but as | I discuss in 'Threat modeling Meta, the fediverse, and | privacy', looking at Meta-related threats also points to | solutions that increase privacy and safety in the fediverse | more generally." | | Here's a link to the longer post (still a draft). | https://privacy.thenexus.today/fediverse-threat-modeling- | pri... | | And agreed, it doesn't scale for Meta to infiltrate people | into every single fediverse instance -- although threat | actors who are targeting specific people or communities might | well do this, so it's also something to take into account. | [deleted] | bmacho wrote: | Can Meta scrape twitter or reddit, and pair your messages with | your facebook account? Sure they can. But it is probably not | legal, and looks very scary. | | Mastodon and Fediverse however explicitly offers your data to | them. | not2b wrote: | Even though Threads isn't federated yet, you can find any | user's public messages via https://threads.net/@username | (which is identical to the scheme Mastodon and other | fediverse sites use). Anyone's public postings can be found | in the same way, and defederation doesn't prevent it. There | is nothing to stop the Meta folks from looking at | https://sfba.social/@not2b even if our admin blocks | threads.net. | | Mastodon and the fediverse explicitly offer public posts to | everyone. Some sites use robots.txt to block search engines | and web crawlers that follow the conventions. Others don't. | dathinab wrote: | > If you have personal information you do not wish bad actors | to see, do not publish it using an open protocol explicitly | designed to allow anyone to read said information. | | you seem to not even have read the first paragraph, or not | understood what it imples | | the whole point of this article is that meta has a precendence | of aggregating and combining data from all kind of sources. | This includes data which is not supposed to be public, but e.g. | was sold without your knowledge, awareness or explicit consent. | A situation you could argue the huge majority of people on the | internet is in. | | For example consider this hypothetical scenario: | | So they might take the supposed to be public data of e.g. your | anonymous political activism (lets say anti corruption in a | very corrupt country). | | Then take a public profile you created e.g. in your teens, | which you never linked or used the same email address with as | you politic profile and should have no connection at all (you | acted carefully). | | But then meta is like, oh see through the data we bought/own we | know that that profile was using that (non public) email | address and through other data we brought we know that that | email is belived to be owned by the same person as that other | email (e.g. you used is for forwarding or account recovery, | also non public) so we conclude they are the same and publish | *to the whole world trivially accessible that the anonymous | political activists is you*. | | Or another scenario: They used AI body/face recognition to make | the link even through you never posted the face in you | anonymous account without appropriate masking or at all. | | Or another scenario: Metadata of locations leaked through the | usage of social media created the link. | | Or another scenario: Someone marks you on a image they took | without your consent (and/or knowledge), doesn't matter if they | later delete it or make it only visible to their frinds | followers. | | Or in other words as long as you don't live as a complete | hermit and have far above average tech knowledge and also treat | absurdly careful to a point where it causing major annoyance in | your life stuff like that can totally happen to you. | | This is why the GDPR was created to make it illegal to | aggregate information about third parties without their consent | in surprising ways. But it's also where it failed the hardest | to archive it's goals you could say (but thats a different | discussion altogether). | zzzeek wrote: | I think the point they're making is that Meta is in a special | place, where by using their unusually vast amounts of personal | data and photos, they are somehow (?) going to dox anonymous | users by publishing their real names, based on matching their | profiles in some way. At least that is the implication based on | the quoted tweet right at the top of the post (which is lacking | any real detail how exactly Meta got this person's real name | matched up with an online alias). | Havoc wrote: | >using their unusually vast amounts of personal data | | Jikes. Hadn't considered that. Certainly seems plausible, not | just via technical means but also content. I've got a reddit | profile that I try very hard to keep "clean and anonymous" | yet I've had people from halfway around the world message me | say "Hey you're Jack from X". Post sufficient volume and it | becomes identifiable no matter how hard one tries. | omoikane wrote: | I think people can make that discovery but you could always | deny that association, and it might be difficult for random | strangers to gather enough proof to say that two accounts | are linked. | | Meta appears to be publicizing account associations that | were previously difficult to confirm, in a way that defeats | any previous efforts to maintain deniability. | yodsanklai wrote: | > they are somehow (?) going to dox anonymous users by | publishing their real names, based on matching their profiles | in some way. | | Aren't there laws against that? are there even allow to build | internal links between FB/IG accounts without user consent? | not2b wrote: | The terms of service on Facebook require that real names be | used, and anonymous users aren't permitted. I know, many | ignore that, but they occasionally demand a user's real | name or proof that an unusual name is a real name. | | Instagram used to have different rules, but they seem to be | trying to integrate everything. | chongli wrote: | I think they're talking about Meta doxing anonymous users | on Mastodon. That is, by having Threads join the | fediverse they can pull in information about anonymous | users on other Mastodon servers and match it up with | Facebook and Instagram accounts, linking them and | potentially unmasking them. | not2b wrote: | They could do that just as easily without federation (and | in fact they already do: they've been found to create | "shadow users" from people who aren't even | Facebook/Instagram users from the tracking cookies | they've gotten lots of sites to add, and they plug in all | that info if that person later joins Facebook or | Instagram). | | I can't think of anything they can find out if federation | is turned on that they can't find if federation is turned | off. Even if there were some info that could only be | obtained by being in the federation (and I can't think of | anything but I might be wrong), that's easy enough: just | create some small instances that don't identify as Meta | or Threads and have the users of those instances follow | people on all the large instances. | adolph wrote: | > Aren't there laws against that? | | Law is a weak form of mitigation for risk of harm. If it | can be done and there is motive to do it, expect that it | will be done. | meepmorp wrote: | In the US, yeah. We're famously unwilling to do anything | about that kind of stuff. | Guvante wrote: | Have you read the terms of service? | | Any rights that they are allowed to strip from you are gone | as part of the ToS. | | Unless there is a law saying what you said explicitly, then | 100% for certain Meta gives themselves permission to do it | when you sign up for either service. | zzzeek wrote: | I'm sure the US justice system will be glad to let you sue | after you've been murdered by an online mob that found out | where you live | not2b wrote: | Meta (when they were Facebook) had a rule that members would | use their real names, that their users consented to as part | of the terms of service. Apparently they used that as | justification to find out someone's real name who was using a | pseudonym. Kinda stinks, but I could see how they could | justify it (though in the cases I'm aware of they just | demanded that people provide real names or verify that the | name that they were using was real). | | But someone who uses a completely different site hasn't | consented to the Threads terms of service, and if Threads | randomly decided to dox people and alter their posts to add | real names (or perhaps deadnames for trans folks), that's a | very different matter, and I'm sure that their lawyers are | going to tell them not to do that (or risk legal | consequences). Since non-users haven't agreed to any terms of | service Meta face real court, none of that binding | arbitration stuff, and possibly class action if they do it a | lot. | chc wrote: | The only entity that could realistically tell us how Meta | linked the profile to that person's real name is Meta, and | they aren't likely to share that information -- so it's not | exactly surprising that the tweet lacks detail on the matter. | Tempest1981 wrote: | Phone numbers and recovery email addresses? | giancarlostoro wrote: | I am assuming they used the same email address they use on | Facebook. | godelski wrote: | > Defederating from Meta as a solution is stupid | | One question I've had for fediverse people is how you prevent a | federated system from centralizing. I am legitimately curious. | Email is often given as an example, but imo that a perfect | example of a decentralized system BECOMING centralized. Sure, | other players exist but the vast majority of people are on | gmail, apple, or outlook (which is much smaller than the other | two). Things tend to follow power distributions due to the | momentum force being critical. In network systems (e.g. | twitter,facebook,HN,email,ISPs,Walmark,etc) the utility/value | is not linearly proportional to the userbase, but super-linear | (this was one of the big problems with cryptocurrencies too. | "Gotta have money to make money"). In these systems resources | are "attractive." | | So with this in mind, how is a decentralized paradigm any | different than an attempt to just reshuffle the top players? | (i.e. re-centralize but with a different group at the top) I | just don't see the mechanism that prevents centralization. | wmf wrote: | You can force decentralization in certain ways like only | allowing one user per domain but nobody has the courage to | try it. | fossuser wrote: | This is similar to how urbit's ID system works fwiw - the | ID is tied to the computing node itself 1:1 and you can't | have an account that's separate from a node. | [deleted] | not2b wrote: | The fight over whether or not to federate with threads might | actually cause more decentralization, as people move off | instances if they don't like the policies the admins have | chosen, and different admins make different choices. | jdp23 wrote: | It's certainly a challenge. Mastodon's development tends to | prioritize mastodon.social (Eugen Rochko is BFDL of the | software platform and also runs mastodon.social) -- for | example, the mobile app now signs people up by default on | mastodon.social, and functionality that people running | smaller instances have implemented in forks hasn't been | integrated back into the main line. So there's the weird | dynamic that people generally have better experiences on | small instances (as long as they're well-admined) but the | vast majority of the current fediverse is on large Mastodon | instances. So it'll be interesting to see what happens in | response to Meta. There's likely to be a partition, and if | .social winds up taking a Meta-friendly position, then the | anti-Meta region may be much less centralized. | | https://heat-shield.space/mastodon_two_camps.html looks at | tensions between people who just want a "better twitter" | (which tends to lead to centralization) and people who focus | more on small communities (a more decentralized solution). | fossuser wrote: | I think you don't, which is why I think federated systems | built on the existing stack are doomed to fail (by | recentralizing). You're right to point out email as an | example of this failure. | | You need urbit or something like it to fix it, the problems | are deeper. | | https://martiancomputing.substack.com/p/tlon-urbit- | computing... | dcow wrote: | I am continually impressed by how much _more_ relevant | Urbit has become (contrary to people years ago arguing it | would fade out into irrelevancy). Urbit was designed | holistically to solve the problems the "web 2" internet | experienced in a structural way, not just apply some fancy | "web 3" bandaids to some them. So of course it is a lofty | project. But time and again it's proven that it took the | right stance on socio-technological issues. Will it ever | gain enough traction so that it replaces your text message | app? Well that's really a social question, and one can | wish. But it certainly solves all the problems people keep | bumbling into when trying to "do web3". I wish more people | would give it a serious look. | fossuser wrote: | I work at Tlon (the main startup behind urbit, so | disclaimer) - it's a lot easier to use urbit now than it | used to be thanks to free hosting. | | It needs to be a lot easier still (particularly the | mobile experience isn't there yet without a fully formed | app), but if it's been a while it's worth checking out | again: https://tlon.io/ | | It'll be insanely hard to actually pull off, but it's the | only attempt in this space that I think has a legitimate | chance of a successful outcome. The others are dead on | arrival because they don't actually fix the underlying | issues. (Success being widespread adoption of software | the users actually own and control.) | | I personally self-host mine which has also gotten a lot | easier too: | https://martiancomputing.substack.com/p/product-review- | nativ... | | The UX needs to be just as good as a centralized service | - I think urbit is the only design where that's really | plausible (without recentralizing). | usrusr wrote: | Even "effectively re-centralized federated" will still | provide much better ways to keep all that browser | fingerprinting stuff and the like away from Meta et al than a | closed system. E.g. if for some reason you need to operate a | Google email address you could run the day to day read and | write behind a forwarding setup never connecting your regular | browser or your imap client to Google servers, dealing with | the occasional setup/maintenance from a browser properly | isolated from your search history and the like. | awwaiid wrote: | I've seen email being centralized mentioned a few times but I | don't think it's true. I email with plenty of people who | don't use gsuite... seems to work fine. I can see a power | distribution, sure, but that's still a distribution not a | central organized cabal that stops newcomers. | | Still I agree -- decentralized paradigms that are successful | seem like they'd end up with big players like you describe | eventually. Still better than actually centralized like slack | or something. | wizofaus wrote: | > the vast majority of people are on gmail, apple, or outlook | | What do apple email addresses look like? I genuinely don't | know anybody that uses an address that says to me "provided | by Apple"... I do know a lot of people that use their | corporate/organisational addresses for personal email though, | which always surprised me. | | Edit: just read that "me.com" email addresses are apple- | provided - I have at least seen them used occasionally, | though nowhere near as much as gmail and hotmail/live.com | (outlook). | someNameIG wrote: | me.com is the old address, it's been icloud.com for years | now. | wizofaus wrote: | I couldn't recall ever noticing anyone use an icloud.com | address as their primary personal email address, though | searching through my inbox it has cropped up once or | twice. Actually my sister did use one briefly in 2018. | mattl wrote: | And mac.com previous to that. Plus you can use your own | domain name. | wizofaus wrote: | Are there any stats on how many people do that? It seems | me the only way it could be true that Apple mail has far | more users than outlook/live/hotmail is if the former | tend to be associated with custom domains. | mattl wrote: | Apple mail the client has a lot more users than any | Apple-offered mail. | 8organicbits wrote: | > wasn't considered an issue before Meta came along | | This is false, there's been frequent discussion around how | indexing and search should be performed in a privacy preserving | way. Meta is just the latest concern. | | [1] https://www.anildash.com/2023/01/16/a-fediverse-search/ | | [2] https://blog.joinmastodon.org/2018/07/cage-the-mastodon/ | fooofw wrote: | I feel like the fact that Meta (and anyone) can see posts and | users regardless of whether or not they are defederated is a | bit of a distraction. | | However, I do see the point of considering ways for instances | to somehow distance themselves from Meta's instance. If another | instance/admin was publicly known to comparably engage in | pervasive user tracking (both on and off their own websites) | and algorithmic attention monopolization, would we not expect | many other actors in the fediverse to defederate or otherwise | distance themselves from those practices/that instance? | Obviously, several instances have decided to do so by | premptively saying they will defederate. I'm just saying that I | think it makes sense to at least consider it. E.g., compare the | labels the data collected by the Threads Android app (https://p | lay.google.com/store/apps/datasafety?id=com.instagr...) to | those of the Mastodon one (https://play.google.com/store/apps/d | etails?id=org.joinmastod...), and I at least see the contrast. | | But perhaps this is just me being naively unaware of rampant | community-sanctioned indiscriminate collection of user data in | the fediverse (I'm not part of it, just curiously observing | Meta's entry). | alwaysbeconsing wrote: | There's a huge gap between sharing a post and having that be | replicated and consumed or archived elsewhere by other | users/hosts, and having that same post processed against a | giant pile of other data specifically to de-anonymize it. The | first one is, yes, just normal use of public information. The | second is more like spying, and since we know Facebook does | stuff like that, being apprehensive specifically about them is | justified. | JohnFen wrote: | > Meta is actually one of the more trusted actors compared to | whatever else is on there - at least they're a known legal | entity instead of some random. | | But they're a known entity with a long track record, which is | how I know they can't be trusted. | nomel wrote: | But, you know the space they operate. That space is limited | by profits, what their immense legal team allows, and their | immense security team controls. The alternative is, | literally, a complete stranger, with no track record, unknown | motives, and (as the recent hacks showed) doesn't have the | skillset to keep your information secure anyways. | nobody9999 wrote: | >The alternative is, literally, a complete stranger, with | no track record, unknown motives, and (as the recent hacks | showed) doesn't have the skillset to keep your information | secure anyways. | | That's not the _only_ alternative. Another is, literally, | _me_ , someone I know very well, with a lifetime track | record that I'm intimately familiar with, known motives and | the skillset to keep my information secure. | | It's called "hosting your own instance." | | And it doesn't stop me from following users on other | instances, nor does it require me to accept the TOS of | other instances either. | | That said, I'm not interested in juicing my "follower" | count or building/enhancing my "brand," nor am I interested | in doing so for others. | | That's the alternative. And when someone comes up with an | AP hub that can interact with other AP instances like an | email client (my Thunderbird[0] can talk smtp, pop3, IMap, | xmpp, Matrix, nntp and more) that's a viable alternative | for the hoi polloi. Until then, more technical folks like | myself can just roll their own. | | I don't really care what most other people say anyway, | including (well, especially) "influencers", celebrities, | politicians, advertisers and other scum of the earth. | | So I'll just follow whoever _I_ want to follow from my own | AP instance. Or not, if I choose not to federate with other | instances. | | [0] https://www.thunderbird.net/ | | Edit: Added the _missing link_. | JohnFen wrote: | This is true, but it's also a "the devil you know is better | than the devil you don't" argument. Which is not to say | it's invalid, of course, but it's not a strong argument. | | Personally, while I certainly don't trust a random | stranger, I trust Facebook even less. | | Not that any of this matters, really. My opinion affects | nothing. | cdot2 wrote: | [flagged] | jrajav wrote: | You're the only one making the absurd terrorist analogy. | Reposting a person's content in another context with a whole | crowd of people specifically there to mock and humiliate that | person, many of whom will then go out of their way to | personally harass that person, definitely counts as | "targeting." | mediumdeviation wrote: | More than harassment, literal bomb threats https://www.washin | gtonpost.com/technology/2022/09/02/lgbtq-t... | | > After Raichik falsely claimed on Aug. 11 that Boston | Children's Hospital performs hysterectomies on children, the | hospital received a barrage of "hostile internet activity, | phone calls, and harassing emails including threats of | violence toward our clinicians and staff," the hospital said | in a statement. The hospital does provide hysterectomies to | certain patients over 18. | | > On Tuesday, police responded to an anonymous bomb threat at | the hospital. No explosives were discovered, and hospital | officials said they were cooperating with the police | investigation of the incident. "We remain vigilant in our | efforts to battle the spread of false information about the | hospital and our caregivers," the hospital said. | numpad0 wrote: | I'm starting to think there are lots of assholes using gender | and gender isms as excuse to themselves consistently labeled | assholes. Like there are people getting feet dragged by gender | dysphoria, and there are people who's got nothing else to shift | their blame to than maybe their biological identities that | catches onto it. | howinteresting wrote: | [flagged] | ndlan wrote: | [flagged] | howinteresting wrote: | Just convince other people about the falsehood of the | opinion. | cubefox wrote: | First, these are completely legitimate opinions which have | nothing to do with hate speech. Second, last time I checked | they still mainly reposted things. Third, the fact that you | think that people should be fired because of their private | beliefs which have nothing to do with their job is alarming. | Imagine you would be fired for one of _your_ opinions on sex | /gender/pronouns etc even though this has nothing to do with | your job. | howinteresting wrote: | You don't get to say "non-binary isn't real" in a workplace | when some of your colleagues are or could be non-binary. | That is absolutely a hateful, illegitimate opinion. | | The Colorado State University image is basic manners when | it comes to trans people. It is part of diversity training | at any decent workplace, and there is no legitimate reason | to object to it. | | edit: I just want to respond to the flagged response: while | there is disagreement on how to define "sex" and whether | particular definitions of sex admit only two members or | more than two of them, that has very little to do with | whether non-binary is a legitimate social category of | being. | | The statement "non-binary isn't real" flies in the face of | clear, concrete evidence that non-binary is "real". | Millions of people describe themselves as non-binary, | report improved mental health outcomes when socially | treated as non-binary, nonbinary medical transition is a | growing field in the medical literature [1], and so on. | Chaya is obviously aware of all this evidence. This means | that what her statement is saying is that it isn't a | legitimate category deserving of social recognition. That | is absolutely, by definition, hateful. | | [1] e.g. https://www.frontiersin.org/articles/10.3389/fendo | .2021.7013... | cubefox wrote: | [flagged] | phailhaus wrote: | When the account "just reposted stuff" with inflammatory claims | about children's hospitals, those hospitals were targeted by a | deluge of online harassment and phoned-in threats. [1] If | Twitter is the public square, then their account is on a | massive soap box with over two million followers. What they say | is going to have real-world consequences, and to pretend as if | they have no blame is ridiculous. | | [1] | https://www.washingtonpost.com/technology/2022/09/02/lgbtq-t... | cubefox wrote: | [flagged] | zzzeek wrote: | going to call bullshit on that. Share the source of so | called "illegal gender treatment". Going to guess it was a | hospital that had to quickly change practices due to one of | those reactionary laws recently passed in Texas or similar | at best. These laws violate people's human rights and | should be overturned (and they will be). | cubefox wrote: | [flagged] | [deleted] | phailhaus wrote: | Great, so we agree that Libs of TikTok "just reposting | stuff" is done to achieve political goals, with success, | that would not have happened without the huge spotlight | they control. So when they post hateful content targeted at | trans people, they have reason to be afraid. | cubefox wrote: | [flagged] | phailhaus wrote: | I don't know why you're responding to me then. The post | I'm replying to is pretending that "just reposting stuff" | is totally harmless and has no real world consequences. | cubefox wrote: | [flagged] | jdp23 wrote: | Here's a couple of excerpts highlighting way many LGBTQ+ people | see Libs of TikTok as a threat | | "After gaining a large Twitter following in the spring as she | baselessly accused LGBTQ teachers of being pedophiles and | "groomers," Raichik began criticizing children's health | facilities earlier this summer, targeting a hospital in Omaha | in June and another in Pittsburgh in August. The attacks | resulted in a flood of online harassment and phoned-in threats | at both hospitals." | | (From "Twitter account Libs of TikTok blamed for harassment of | children's hospitals" https://www.washingtonpost.com/technology | /2022/09/02/lgbtq-t...) | | ... | | "One former English teacher, Tyler Wrynn, told Lorenz for her | piece that he had been harassed, sent death threats and | eventually fired after one of his TikToks about supporting | LGBT+ kids was posted by Raichik" | | (From "How Libs of TikTok Became an Anti-LGBTQ+ Hate Machine" | https://www.them.us/story/libs-of-tik-tok-twitter-facebook-i... | ) | | "While the account doesn't always explicitly encourage | followers to do anything, its posts have sometimes led people | to harass or physically threaten its subjects. In one instance, | a group of five Proud Boys members disrupted a Drag Queen Story | Hour at a public library, spewing homophobic and transphobic | insults at attendees, which investigators believe was spurred | by Libs of TikTok." | | (from "Teacher targeted by Libs of TikTok sent death threats | and lost his job" https://www.thepinknews.com/2022/04/20/libs- | of-tiktok-teache... ) | justincredible wrote: | [dead] | zzzeek wrote: | what an ignorant take. Social media promotion of "hated" groups | can be plausibly blamed for mass murder, including a literal | genocide for which Facebook is now being sued for PS150bn right | now: | | https://en.wikipedia.org/wiki/Facebook_content_management_co... | | https://www.nytimes.com/2018/10/15/technology/myanmar-facebo... | | https://www.theguardian.com/technology/2021/dec/06/rohingya-... | cubefox wrote: | That's completely different. Libs of TikTok only reposts very | far-left takes to expose their absurdity. | srveale wrote: | They provide commentary too. They certainly have an agenda. | They have targeted specific people and organizations, and | also groups of people generally. The article writer needed | an example of a well-known social media account that fit | this description, and accounts that are worse in terms of | explicitly encouraging harassment have already been banned. | cubefox wrote: | Their only "agenda" is "exposing" and making fun of far- | left excesses by simply reposting them. I don't think | they have targeted anyone in particular. If the things | they repost are damning, they were damning in themselves. | howinteresting wrote: | I expect a full retraction and apology: | https://news.ycombinator.com/item?id=36700969 | srveale wrote: | > I don't think they have targeted anyone in particular. | | Then maybe research before commenting? They do this | regularly. | | > If the things they repost are damning, they were | damning in themselves. | | The whole context of the account is to "damn" the things | they are posting. Sure, if you pick one of their posts at | random it'll probably be something that 99% of people | agree is wacky, but come on. They have inflammatory | commentary, they target specific people, organizations, | and groups, they know they influence politics and society | and are proud of it. If you need me to, I can spend the | time to prove all that, but it's all to say that yes, | they are a good example of a social media account to use | in OP's article. | cubefox wrote: | The OP article makes it sound as if they are immorally | harassing people, not what they are actually doing, at | least mainly: exposing things which are damning in | themselves. | | An analogy: They raise awareness about far-left excesses | in a similar way in which the media likes to raise | awareness about far-right excesses. | [deleted] | mrguyorama wrote: | What is it that right wing people like to point out about | how they interpret section 230? | | Choosing what to post is editorializing. | joiqj wrote: | Some people think they are above everyone else and that others | should not be able to scorn their behaviour. | jahewson wrote: | Claiming control over information that you've made publicly | available is nothing but claiming control over other people. | dahwolf wrote: | My prediction on how this goes down... | | Meta has zero interest in ActivityPub or the Fediverse, a tiny | speckle of users hostile to them. In less than a week, they've | created an "instance" 50 times the size of all of Mastodon and | the rest of the fediverse combined. The projection/goal is to | grow towards 1B MAU, which would make it 500 times larger than | all of the rest of the fediverse. | | Why would Meta possibly care about this tiny group of misfits? | The only reason I can think of is to give legislators the idea | that they are "doing good". | | Say it is done, and we have this Threads cosmos-sized instance. | Tiny vocal Mastodon instances will defederate out of principle, | and nobody cares. Because they are anti-growth anyway, they | object to anything. | | Larger Mastodon instances will consider federating but will then | find out Threads will only do this under conditions. You have to | serve ads, have to comply with a moderation policy, treat user | data in a certain way. You effectively work for Meta now, but | unpaid. | | Then you turn the thing on and the flood gates open. The first | thing you'll notice is your bankruptcy as your few tens of | thousands of users now having follow access to a billion users, | including very active and popular ones, spiking your infra. 10x? | 100x? Who knows? And what about storage? Yesterday I've read how | a mid-sized Mastodon instance (few thousand users) was adding 1GB | of media storage every 15 mins. Do that times a 100 (or 1,000) as | well. Your moderation inbox...well, good luck. | | This entire thing isn't going to work, at all. | no_wizard wrote: | I wonder if they'll surprise us all a little and allow people | to create - tightly controlled mind you - personalized fedi | instances for things like "fan experience", but from the | Threads app perspective it allows you to jump "portal to | portal" if you will, without leaving the app, so it feels | seamless. This would open other monetization verticals for Meta | via platform creators etc. It'd also give you data carve outs | that let Meta see what the most popular verticals are and they | can sell specialized targeted ads against that, which would | likely fetch a bigger premium and provide more useful | analytics. | | Also worth consideration: They could federate your Facebook | feed in the future too. | | It may not be so much supporting the protocol from the outside | as its worth doing from the "inside". | | EDIT: I'm not talking about full blown customization here, just | enough that allows creators to make their direct profile feed | look different from the standard app, maybe have targeted links | or a special background color etc. Simple but differentiating | things. | giancarlostoro wrote: | I know the main image in the article claims Meta scraped their | posts and updated their profile, but is it not feasible they used | the same email address or phone number they use on IG / FB and | Meta just filled in the missing blanks using information they | have already? Which mind you, Facebook buying IG was under the | premise that they would NOT merge IG and FB, but they've been | doing that for a while now, they are arguably already merged to | the hip. | dahwolf wrote: | As the crypto industry discovered: the paradox of | decentralization is that every downside it has can only be solved | in a centralized way. | | You can't have perfect privacy in a system that has the exact | opposite goal: federation. It means your data spreads by design | and enforcement of any privacy-preserving feature is optional per | instance. | | The very loud minority on Mastodon that obsesses over safety has | picked the wrong software. They should have just created a | Telegram group. | notatoad wrote: | >Mastodon (and most other fediverse software) wasn't designed | with privacy and user safety in mind | | this is the real problem. Mastodon and lemmy share way more | information than they actually need to (like lemmy shares a list | of usernames who upvoted or downvoted a post, not just a count), | and if you're using one of those services you should expect that | all your data and interactions are public. that's the actual | threat here, not the possibility that facebook might suck up that | data. Blocking Threads from federating is just a short-term patch | over mastodon's bad privacy controls. | brianolson wrote: | ActivityPub has been ignoring privacy since at least 2017 | https://github.com/w3c/activitypub/issues/225 | chc wrote: | To be clear, Twitter also shares the list of users who like a | post, and people generally seem to view this as a good feature | rather than an invasive one, so it makes sense that Mastodon | implemented it as well. | paxys wrote: | > Blocking Threads from federating is just a short-term patch | over mastodon's bad privacy controls. | | It's not a patch at all. Facebook (and literally anyone else) | can still scrape or otherwise access that data in a hundred | different ways. Blocking Threads is simply some server admins | making an anti-Facebook statement, nothing more. | Karrot_Kream wrote: | Not justifying the design decision (which is bad IMO), but the | reason upvotes and downvotes are shared is the nature of | sending discrete events. I've been working on a Reddit like | thing on top of Matrix and likewise I have to send upvote and | downvote events, which means other clients that fetch events | will fetch each upvote and downvote event and a malicious | client can then track what individuals upvote and downvote. | | (I'm trying to play around with ways around this, like using a | bot to instead publish aggregation events and making votes | private, but it's an ongoing exploration.) | [deleted] | kazinator wrote: | If ActivityPub and Mastodon were designed with privacy in mind, | Facebook/Meta wouldn't touch it with ten foot pole. | marcosdumay wrote: | Hunting down your personal details and publishing them is a | crime1, isn't it? | | 1 - I mean on the US where Meta really cares about. It's probably | one on most countries where Meta has revenue, but that won't send | anybody to jail. | oldtownroad wrote: | The story is almost certainly untrue or a misunderstanding. | Facebook has no reason to scrape individuals personal | information and then forcefully update their Facebook profile. | | There are various processes at Meta that do require | identification to be submitted and in some cases that | information will be published. For example, to be verified on | Instagram you must have your name be published. Likewise, | certain Facebook pages must publish their operators identities. | | Most likely the person in question submitted their identity | documents to Facebook (perhaps their account got locked) and | they didn't realise they were agreeing to that information | being put on their profile. | | The concern is valid -- Facebook has information users might | not want public -- but the cause isn't nefarious. Facebook is | not finding an anonymous sex workers identity and then | intentionally outing them. | 1970-01-01 wrote: | >Facebook is not finding an anonymous sex workers identity | and then intentionally outing them. | | They are? | | https://www.thewrap.com/facebook-sex-workers-outed/ | pseudalopex wrote: | > Facebook has no reason to scrape individuals personal | information and then forcefully update their Facebook | profile. | | Collecting personal information is central to Facebook's | business model. Facebook's policies mandate legal names. | | > Most likely the person in question submitted their identity | documents to Facebook | | Most likely this person would remember that. | | > The concern is valid -- Facebook has information users | might not want public -- but the cause isn't nefarious. | | Surveillance capitalism and legal names policies are | nefarious. | tredre3 wrote: | > Hunting down your personal details and publishing them is a | crime1, isn't it? | | It's a crime to obtain public data published on a public | network built on a public protocol explicitly designed to share | data? Isn't that the whole raison-d'etre of mastodon? | jeffbee wrote: | [dead] | soligern wrote: | What an asinine concern. Don't want your data on threads? Don't | use threads. | jdp23 wrote: | Did you even read the article? This is about data going to | Threads from people who aren't on Threads. | andybak wrote: | I know replying with "did you actually read the article?" is | explicitly forbidden on HN but is there an exception for cases | where the person who didn't read the article uses a word like | "asinine" in their dismissive reply? | ajmurmann wrote: | Isn't the exact concern here that people avoid Meta properties | and for that reason chose Mastodon, but now Meta is sucking | that data in? | | To me that still seems fairplay on a platform that's designed | to be open and heralded that way. Not a opinion I hold strongly | though. | [deleted] | ollien wrote: | Even if you don't use Threads, when they eventually add | ActivityPub support, Mastodon users' data will inevitably be | harvested. Instance admins have been signing a pact[1] to | defederate with Meta for this reason, in addition to the fact | that they don't trust Meta to moderate their instance well | enough for it to be safe to federate with. | | [1] https://fedipact.online/ | tick_tock_tick wrote: | > when they eventually add ActivityPub support | | What does that have to do with anything? Mastodon is | explicitly setup to allow all user data to be harvested. What | Threads supports or doesn't support in the end has no bearing | on Mastodon having all user data public. | ollien wrote: | I think you would agree that harvesting that information is | far easier if it's being literally POST'd to your servers | (which ActivityPub does) than if you're going out to scrape | them, no? It's the same principle with defederation; either | they're going to scrape all the data, or the data is going | to be literally sent to their platform. | | The point is, the idea that "don't use threads" solves the | problem being presented (your data being harvested), is | wrong. | kazinator wrote: | Just like digital entertainment is set up to allow all | movies and music to be downloaded for free! | | If you don't like it, just don't make movies or music. | smoldesu wrote: | This, but unironically. If you are uncomfortable with the | idea of a zero-marginal-utility medium distributing your | content without your consent, you probably shouldn't make | and share digital copies of your work. | robrtsql wrote: | Thanks. I was going to point out that this was an existing | problem in the Fediverse (there are instances that are | 'unsafe' because they are either explicitly _for_ hate speech | or just don't do enough to moderate it) and that the standard | approach is to not federate with those instances, nor with | any instance that chooses to federate with them. It's not | universally popular (some people don't like the idea of | 'guilt by federation') but it's necessary if your goal is to | prevent your users from coming into contact with nazis. | PaulHoule wrote: | I find it hard to believe they are really going to join the | Fedi. With 100 million users on Threads and maybe 2 million | on the Fedi, how could Meta possibly benefit? Federating | could bring them trouble but no benefit. | notatoad wrote: | The EU digital markets act will require "gatekeepers" like | meta to provide some form of interoperability or open | access. Supporting activitypub would be a way to satisfy | that requirement. | PaulHoule wrote: | But Mastodon can't possibly comply with GDPR the way it | is organized. I mean Heavens you can use it without | clicking on a cookie popup, they probably owe $70 billion | dollars just for all the people who haven't seen a cookie | popup already. | countrpt wrote: | It doesn't need a cookie popup because they aren't using | cookies for non-essential reasons, similar to how it | complies with GDPR because they aren't collecting any | data beyond what is necessary for the service's stated | purpose. | notatoad wrote: | I'm assuming this is the point. Facebook can get around | things like requests for deletion under the GDPR by | sending that data out to the fediverse, and then reading | it back in from the fediverse after they've deleted it. | | and when the EU complains, they get to throw their hands | in the air and say "yeah, you made us do it" | ollien wrote: | I could definitely see a benefit for them from a | legislative perspective. By federating with other networks, | they're able to signal to lawmakers that they're not | _really_ a monopoly, they're willing to pay-ball with | others. | | Also, isn't the 100M user figure disputed, because it's | counting existing Instagram users or some such? | PaulHoule wrote: | It is real sign ups but it is very easy to sign up. Just | because you signed up doesn't mean you're going to use it | regularly. | smoldesu wrote: | What stops them from harvesting Mastodon users' data after | they're defederated? | ollien wrote: | I mean, I guess nothing, they could absolutely still scrape | data, but that's much more likely to be noticed (rather | than sucking in data as part of product functionality), and | is a higher barrier to entry. | [deleted] | Falell wrote: | The article shows that federation delivers data to Meta even if | you personally don't use Threads, but I agree with your point. | | If you want to control distribution of your data, don't join a | federation designed to distribute data. Trying to blacklist | nodes in a graph that you don't control is not a solution. | | Information wants to be free, if you post something to a social | graph assume everyone in the graph can see it forever. | zimpenfish wrote: | Specifically addressed in the article. | | "Even if I only make followers-only posts, which aren't public | and can't be boosted, if somebody who's following me replies, | any of their followers on Threads will see my account name and | instance" and also "If somebody on another instance who follows | me boosts one of my public or unlisted posts, people on Threads | who are following them may be able to see everything I've said | in the post" | nickthegreek wrote: | Isnt this a core way that ActivityPub works though? Like this | isn't a Meta issue. It is the technical functionality of the | protocol these federated services are built on. If you | transmit data using the AP protocol, your content isnt | private. | kgwxd wrote: | Meh, I'm posting on a public forum, I don't consider any of it | private. Anyway, they're not going to do the Fediverse, I'm 100% | positive at this point. There is no benefit to them anymore. | Nobody wants them there, and their target user doesn't want the | complications inherent to the system. I love Mastodon and Lemmy | specifically for these reasons. Go there. Forget this nonsense. | It's a beautiful place to be. | sureglymop wrote: | I want it to be blocked for a different reason. The fediverse has | always been small enough that the content is "underground" and | interesting. Some of the people on there are weird or completely | different than me and that's what makes them so interesting. | That's not the case on something like Twitter and Instagram. Good | and actually interesting content is drowned out between your | average tweets and posts about nothing at all. Or all the content | sucks and is there for the sake of exposure, likes, clicks etc. | But I don't want mastodon to be overrun by 100M users' | uninteresting content! I don't even want them in the replies of | posts. Mastodon has consistently been great before this while | Twitter fiasco. I wish it never happened, I don't want the space | I have liked for years to change and be ruined. Maybe an apt | analogy would be the difference between Marginalia and Google as | search engines. Why would one want the interesting underground | search engine to be filled with SEO spam and ads? | jazzyjackson wrote: | You know what, you've convinced me. I've been rooting for some | kind of society-at-large network to succeed at federation (I | was so optimistic I tried bitclout, and more recently bluesky. | Both want to be a single global database to send money or to | index hashtags and blocklists globally) | | I really believed that discoverability is king, and I should | just be able to search a global graph of user profiles and read | everything that everyone has ever said, but you're right, | there's a lot of conversations that don't happen in public, and | not everyone wants to be "discoverable". | | So I think there's a case to embrace the balkanization of | social media, and go back to having separate identities to be a | part of each phpbb we signed up to. Going to different domains | to talk to different groups of people makes sense, and we can | have the modicum of privacy offered by a semi-private chat | server like discord, so that your messages don't get indexed by | google and archived forever. (Obviously discord retains all the | message logs, DMs included, but at least its not publically | searchable) | | And global social media is always going to suffer eternal | september. Smaller, unfederated chat communities is a probably | a much healthier approach to social media than whatever it is | we've been doing the last decade of meta-gramming | strogonoff wrote: | ActivityPub has a problem of laying all data out, nicely | structured, just waiting to be scraped and mined and machine- | processed, in perpetuity by default, as if it was something | people inherently need when communicating. Is it, though? | | It does look like something idealistically-minded early techies | would justifiably find really cool. | | It may indeed be desirable for, say, Dutch government (and | perhaps any government that wants to be transparent). | | However, I'd argue it may be from suboptimal to harmful for | regular people. | | Regular people may have to worry about future governments, which | may or may not end up less transparent to hostile towards them, | as well as other powerful adversaries. Regular people may want to | be careful and value features like transience, privacy, and | plausible deniability. | | Perhaps we can do better and come up with a protocol that | combines openness and those values. Whether Facebook enters the | Fediverse with its new product or not, ActivityPub in its current | shape and implementation seems to be a liability. | dahwolf wrote: | Indeed, and I extend this problem to any data of any value. The | more semantically you describe it, the more pathways you create | for abuse. | ilyt wrote: | _shrug_ not having API didn 't stop anyone before that. | | And "I want random people to see my social stuff (cos I yearn | for attention) but not that particular person/corporation" is | unsolvable problem | strogonoff wrote: | Bug-free software is unsolvable, but it does not mean we | should stop trying to avoid bugs, that'd be just silly. | | If _fully precluding_ public and private intelligence is | infeasible, that does not mean we should be using a protocol | that in many ways _is optimised_ for public and private | intelligence. | | Privacy, like many things, is a spectrum. | xg15 wrote: | I'm with you if you want to keep the API but put them | behind stronger authorisation requirements, i.e. what | "authorized fetch" seems to be for. | | I absolutely disagree if you want to keep the data public | but make it "harder to scrape", i.e. remove all APIs bury | it in some annoying HTML/Javascript mess. | | That would absolutely punish the wrong players: Having an | API which allows easy access to structured data allows all | kinds of desirable usecases, such as being able to use | whatever client you like. | | In contrast, the big players who are interested in tracking | the entire userbase already have enough experience in | building robust scrapers - they won't be deterred by a | closed-down API. | Aaronstotle wrote: | Don't have public accounts on a platform if you are concerned | about privacy. Don't use threads, don't use Mastadon. | kazinator wrote: | Don't go outside if you're concerned about bullies. | Aaronstotle wrote: | Meta makes their money through advertising, they do | everything in their power to profile and track you so they | can serve up relevant ads. | | The issues in the article are related to how | ActivityPub/Mastadon work, if you are concerned by privacy | issues, don't use Meta. | | Meta is guaranteed to erode your privacy, being outside | doesn't come with a guarantee of being bullied. | foderking wrote: | unironically | dabedee wrote: | This reminds me of the "embrace, extend, extinguish" strategies | Microsoft used extensively with Linux and open source software in | the 90s. From [1]: "a phrase that the U.S. Department of Justice | found that was used internally by Microsoft to describe its | strategy for entering product categories involving widely used | standards, extending those standards with proprietary | capabilities, and then using those differences in order to | strongly disadvantage its competitors." | | [1] | https://en.m.wikipedia.org/wiki/Embrace,_extend,_and_extingu... | briffle wrote: | remember the glory days when both google chat and facebook chat | used XMPP (jabber?) and you could chat with people with any | client you wanted.. (ahh, i miss pidgin). that lasted until | they had 'converted' enough users to their systems to then | close off all connections and make a walled garden. | | I assume they will do the same with the ActivityPub | compatibility. I don't see it as a permanent plan. | jdp23 wrote: | There's a lot of discussion about that! Here's a very good | article on the EEE threat. https://ploum.net/2023-06-23-how-to- | kill-decentralised-netwo... | | Personally I think it's more an "embrace, extend, and exploit" | approach; a decentralized model could work well for Meta, for | example if they do revenue-sharing on ads hosted by other | instances (think Disney or LA Lakers). | | Update: here's another good article looking at how Meta could | embrace and extend -- again, not extinguish. | https://darnell.day/heavy-meta-four-business-reasons-why-ins... | drdaeman wrote: | In my personal (subjective) opinion, XMPP died because of | entirely different primary reason: it, by design, had trouble | working on mobile devices. Keeping the connection was either | battery-expensive or outright impossible, and using OS native | push notifications had significant barriers. At the very | least, that's why I stopped. | | It's not like Google had "extinguished" anything, it's more | like the "largest server went uncooperative and removed | themselves". Sucked for people who were able to chat before | and got separated, but I disagree with painting this as some | sort of fatal blow. | | I don't think there's some statistics on reasons why people | stopped using XMPP, but I don't believe Google is the reason | for it. I'd speculate that it just coincided with the | beginning of the smartphone era and this whole "Google killed | XMPP" is a convenient myth. | xorcist wrote: | It's more that there is more to a complicated story than | that, but that Google dropped it when it did surely was | important at the time. To put it the other way around, had | Google continued to run a federated chat, Android would | have had first class support in no time. The fact that | third party real time messaging never worked well in | Android, and really bad in GApps, is related to this | decision. | smoldesu wrote: | As many others have said before, this isn't very likely to | happen for many of the reasons it never happened with the web | or Linux. | | - ActivityPub is an open protocol. If Meta goes all-in on it, | they'll be implementing a transparent spec everyone knows. | Modifying that would send obvious shockwaves through the | network and signal their non-cooperation. There isn't a covert | way for them to really try this. | | - Mastodon itself is AGPL licensed, meaning any Meta fork (for | whatever reason) would be subject to "provide the source code | of the modified version running there to the users of that | server. Therefore, public use of a modified version, on a | publicly accessible server, gives the public access to the | source code of the modified version."[0] | | - Meta has no reason to. If they decide the app is sufficiently | popular without ActivityPub integration, then things return to | the status-quo for Mastodon. Meta loses what little control | they had over the direction of the | standard/protocol/applications and nothing really changes. | | [0] https://www.gnu.org/licenses/agpl-3.0.html | vidarh wrote: | There's no reason for Meta to use Mastodon in order to | federate, so I don't see why the license of Mastodon is | relevant. | smoldesu wrote: | Then there's nothing for them to extend or extinguish. If | they're not able to manipulate the client and they can only | control the content on their own server, what leverage does | Meta have to extinguish the fediverse? | vidarh wrote: | They can potentially try to make changes to the protocol, | and try to leverage their users numbers to force people | to accept it. I think, though, that they'll find that a | lot of us are stubborn and don't like them and will not | react well to that. | bobthecowboy wrote: | It doesn't have to be a technical strategy, but a UX path to | EEE. | | I've been thinking about this in terms of Lemmy (also built | on ActivityPub), which I understand isn't currently on the | table for interop (but if Facebook is after Twitter's lunch, | why shouldn't they be after Reddit's). It could even be the | same application - Kbin is another AP service which has | separate tabs for "link aggregation" and "microblogging" | (Reddit and Twitter, respectively). | | With Lemmy, the way a large corp could come in and push it | around is by simply creating it's own version of the top 100 | (or N, whatever) communities, and automatically subscribing | users into them based on their interests (already known, due | to existing accounts/profiles elsewhere). c/linux on lemmy.ml | has ~6k subscribers, and is the largest Linux community on | Lemmy, afaict. It's not unreasonable to think a large corp | willing to pull in its existing userbase couldn't increase | that by an order of magnitude in very short order. Overnight, | those communities become _the_ place where conversations are | happening on those topics (maybe even with some pre-seeded | content) and the existing lemmy communities stagnate. | | Fast forward a while and one day BigCorp decides to pull the | plug. Existing non-BigCorp Lemmy users are now separated from | the communities they've been in and need to create BigCorp | accounts. You could argue that those non-BigCorp Lemmy users | are no worse off than they are pre-BigCorp-federation, but | they're effectively migrating their communities all over | again. | | As far as why, I think it's pretty invaluable for Facebook | to: | | 1) appear to be "playing ball" from a regulatory aspect 2) | eat a competitor's lunch 3) control a (potentially!) up and | coming federated service | [deleted] | linusg789 wrote: | "Privacy" and "fediverse" are like water and oil: they don't mix. | | Meta would have no more (extra) access to Fedi posts than an | large Mastodon instance like Mastodon.social would have. | Modified3019 wrote: | https://news.yahoo.com/teen-mom-plead-guilty-abortion-230802... | | >A Nebraska woman has pleaded guilty to helping her daughter have | a medication abortion last year. The legal proceeding against her | hinged on Facebook's decision to provide authorities with private | messages between that mother and her 17-year-old daughter | discussing the latter's plans to terminate her pregnancy. | | If you have information you don't want others to know, then don't | tell your secrets to a multi-billion dollar pseudo-governmental | organization that has even less data collection protections than | the governments it serves. There's more you should do, but that's | a big one. | jeroenhd wrote: | If you have secrets at all, don't send them through any | ActivityPub conversation. | | People on Mastodon make this mistake quite often, tagging | someone they're talking about, or realising that the person | they tagged now receives a copy of their conversation. | | This is a massive issue on top of the lack of end to end | encryption. Both servers receive plaintext copies of the | messages exchanged. I'm sure mastohub.ai is a safe server, but | how can you be sure they'll never be bought out or hacked? | | If you want to federate and share secrets, try something like | Matrix or XMPP. They make it significantly more difficult to | read your messages. | jdp23 wrote: | That's true -- and my more detailed threat modeling post has | a big public service announcement saying "don't share | information on the fediverse that you want to keep secret" -- | but there's a lot of information that's not "secret" that | people do want to share on social networks. | | https://privacy.thenexus.today/fediverse-threat-modeling- | pri... | em-bee wrote: | this is also what always bothered me about twitter. some | friends of mine has absolutely private conversations on their | public twitter feeds (nothing sensitive but stuff like | sharing shopping lists). my fear always was that if i join | twitter they would use it for private conversations with me | insteads of using email or something else that isn't public | for everyone. | HideousKojima wrote: | [flagged] | isoprophlex wrote: | Please take your inflammatory language somewhere else. | s1artibartfast wrote: | [flagged] | dathinab wrote: | > If you have information you don't want others to know, then | don't tell your secrets to a multi-billion dollar pseudo- | governmental organization that has even less data collection | protections than the governments it serves. | | that's such a naive egoistic apathetic world view it baffles me | | sometimes I wonder if posting stuff like that just don't | understand how humans and societies work, or just don't care | because "they know better". | s1artibartfast wrote: | What a terrible article. Well relevant to the discussion of | data privacy, it completely misconstrues the case. This | Behavior would have been illegal against under the row standard | as well given that the team was more than 7 months pregnant and | the two attempted to incinerate the body to destroy evidence | watwut wrote: | I mean yeah, but also, the actual fault is on the side of | people who literally voted for this. And campaigned for this. | And spend years trying to put the right people on supreme court | so that this happens. | [deleted] | Pxtl wrote: | tl;dr: | | Things you post publicly are public. | dsr_ wrote: | I don't think Meta is ever going to federate in the first place. | | What would they gain? | 1970-01-01 wrote: | The best way to handle it is to make a "minimum viable" account | and do absolutely nothing with it, ever, except login and logout | annually. Set up a spam filter to trash every single notice from | the company. | nemacol wrote: | Can you help me understand why this is preferable to never | joining in the first place? What is the goal? Controlling the | entry for my email/auth of choice? | 1970-01-01 wrote: | It is a mitigation for identity theft and slander. | | https://news.ycombinator.com/item?id=26931894 | paxys wrote: | A lot of privacy problems (including every single one raised in | that article) will be solved by just not posting your personal | business on social media, but people are somehow unwilling or | unable to accept it. | | If you post incriminating content on a Mastodon server it is | still out there whether Facebook can officially connect to it or | not. It is archived forever out of your control. The server owner | can be subpoenaed. Anyone can scrape the website, take a | screenshot, or share it in a hundred different ways. Regardless | of what pseudonym you use it can be tied to your real identity | with 5 minutes of internet sleuthing. | | "Private" online social media is an oxymoron. If you put | something out there in the world you don't get to control whose | eyeballs land on it. Facebook isn't the problem, your | expectations are. | dahwolf wrote: | It's even worse when you consider that others will put | something about you out there. They willingly give up their | contacts list (with you in it), when joining a network. | | A "friend" may make a photo of you as part of a social/work | event and directly post it publicly. | | Even with no participation on your behalf, your real name, | phone number, address and photo are out there. | justincredible wrote: | [dead] | bobobob420 wrote: | not a problem for 99.99 percent of people. | seattle_spring wrote: | So... Still a problem for 700,000 people. Got it | bobobob420 wrote: | the only problem is lack of critical thinking and | victimization. You're joining a centralized netowrk its | pretty obvious. | andybak wrote: | Isn't ActivityPub specifically about decentralisation? | bobobob420 wrote: | protocol to centralize decenteralized activity. The blog | starts with an issue on facebooks centralization and then | goes into issue on centralization on this decentralized | network. It's all very stupid imo. Edit sorry for my | spelling | AndyMcConachie wrote: | In theory it shouldn't be hard to block Threads. If they're only | using one domain for all their users it's trivial to block it. | | But privacy is not the issue with Threads. The issue with Threads | is that they're going to attempt to destroy the Fediverse through | standard Embrace, Extend, Destroy tactics. | | You see this with Bluesky as well. The point is to interoperate | when it's in your interests and then break interoperability when | you have enough of the audience. Thus, thereby capturing the | lion's share of the audience. | | Just wait. Threads will soon have a 'new feature' that only works | with Threads and that does not work on other Fediverse nodes. | Then they'll try and poison the standards bodies working on | ActivityPub. They could increase the velocity of new 'features' | to ActivityPub so fast that unpaid OSS developers couldn't keep | up. Like Google and that cartel do with browsers. Eventually Meta | and maybe a couple other large players will control the | standards, or atleast make it obtuse enough to prevent new | entrants. This playbook is tried and true. | nologic01 wrote: | This feels like irrational fear. The subversion of the original | Web took decades to happen, a lot of complacency, lack of | reflexes and the moral degeneration that allowed surveillance | capitalism to become hugely profitable. | | For sure Meta cannot be trusted to be up to anything kosher | especially since social media tech is close to the money | spinning core of the Death Star. | | But what "stolen" audience are you worried about? The existing | million or so fediverse users that will be lured back into the | lethal embrace of the move-fast-and-break-things brigade? | Future fediverse users that cant tell whether they are joining | a surveillance apparatus or, e.g. their local community | instance? Threads is currently cannibalising Instagram in the | hope, pressumably, of grabbing some pieces from the decaying | corpse of Twitter. All quite morbid affairs that dont have | overlap with the migrants escaping to build a new life in the | fediverse. | | The issue of subverting the fediverse standards is more serious | - in principle. But the tangible threat is not clear (to me at | least). E.g., the protocols are low level, minimum interop | standard, they specify nothing about how server platforms can | (ab)use their users. This is all down to implementations. | | In any case if you dont want corporate control of a standard | make sure you dont take any corporate money and if they insist | to join the fediverse party give them one vote like every other | solo fediverse pioneer. | | The fediverse is being noticed. Thats a good thing. Savvy PR by | fediversians could spin Meta's "interest" in the project to | open doors that they could not dream of. Granted PR and | marketing is not the fediverse's strong point. Its better this | way even if it makes the job of adoption harder. But lets not | get scared by shadows. | [deleted] | vinceguidry wrote: | Every single comment on this story qualifies to be in "Shit | HNer's say." | shadowgovt wrote: | The unfortunate thing about the Fediverse, relative to a | (hypothetical) walled garden, is that this sort of information | leaking is inevitable. | | Meta has the scale and scope to make it scary, but the point of | the Fediverse is that it is federated, which implies some | openness. If you're federated, you are publishing content to | other people that they might do whatever they want with. That | includes crawling it, storing it, indexing it, and building mass | profiles. You can certainly protect yourself by blocking bad | actors, but since the network is, well, a network, an aggressor | that _wants_ your published data need only find access to a node | you _do_ want to share with and copy from there. | | So you either default-close your data and choose very, very | carefully who you federate your node to or... You don't put that | data in the fediverse at all. | | (Contrasting to a walled garden, where monolithic control of the | data storage and transfer means a single entity is responsible | for where the data goes and can constrain at will. If someone's | kicked off Facebook, they're _off_ Facebook; they have a single | attack surface they have to reenter to get to that data, not | O(nodes) they could make an account on to reach the data of | someone who 'd rather not share it with them). | Dma54rhs wrote: | What's the point of joining a decentralized federated platform if | you don't want other instances or people to see what you post? | | Meta scraping your name and doing other shenanigans is a | different subject and obviously bad, but the rest is like | complaining joining a public torrent tracker and being mad about | leaking your ip address to its peers. | itronitron wrote: | If I take public transit to work should I be bothered by Uber | posting my daily commute details? | kazinator wrote: | What's the point of joining a decentralized, open-source | federated platform if you don't want Facebook to collect | information about you and track you online, even though you | aren't a Facebook user? | hanniabu wrote: | federated is not decentralized | rcmjr wrote: | Why do you think they aren't doing that now? Meta could | easily do it. | lkjdsklf wrote: | if you're at all concerned about privacy, the fediverse is | not for you. | | It is anti-privacy by design. | | Once you've posted something to it, you have absolutely no | control over who has that data and what they do with it. | That's the fundamental design of the system. | | Complaining about meta potentially ingesting all data from | the fediverse comes off as a bit naive. Meta is the least of | the privacy concerns on the fediverse. You at least know who | they are and have legal recourse against them. Huge numbers | of other consumers are not even known. Just look at the | thousands of instances that have popped up. Many of which are | just in joe bob's closet and god only knows how they protect | the data. | User23 wrote: | > Once you've posted something to it, you have absolutely | no control over who has that data and what they do with it. | That's the fundamental design of the system. | | Welcome to the Internet. It's always been like that. | w0m wrote: | So you want the information to be free! But not free to | _those_ guys over there. Ever so slightly hypocritical. | klabb3 wrote: | That's a bit of an overstatement. I can want an open | neighborhood but still be creeped out when a neighbor puts | up a camera facing my house. | | Systemic data collection and casual access aren't equal. | | That said, on these protocols you can't control it anyway, | so it's not like you can stop it. | MBCook wrote: | But it's Mastodon. It's ALL posted online without a | paywall. | | They could have been scraping it for years (if they | cared) and you'd never know. | | Federating won't give them anything new except DMs to | their users since those aren't encrypted. | | All the existing stuff you've posted publicly is already | public. | Dma54rhs wrote: | As others have noted they are doing it anyway. Gmail accepts | emails from ProtonMail despite "ideological differences" and | vice-versa, otherwise it's destined to doom. | | If being separated from the mainstream internet is the | reasoning then yeah sure, go ahead, but you also can't | complain why no one besides fanatics is using alternatives | when the alternatives are not worth using for the mainstream | audience. | mattl wrote: | There was a post here from Drew DeVault a while ago on how | they're rejecting all non-plaintext email. | | I see the situation as similar | fsflover wrote: | This is not a problem specific to | Federation/ActivityPub/Mastodon. | numpad0 wrote: | And what's wrong about details on bunches of _whore_ - people | engaged in the oldest professional occupation known to | humanity, no less - scraped into Meta systems, as a | _replica_? It'll end up in recording, representing, | normalizing birth control as well as commercial sexwork and | also current status and known issues around it. | | It's just Mastodon movement or whatever it calls itself don't | want to be associated with shady corners of lower classes or | the human society, despite there shouldn't be such classes | and hidden areas in the first place, as in not trying to | stigmatize, deny and nullify the fact that we're dirty | animals, but in constructively removing negative aspects of | life. | mrguyorama wrote: | Because famously, shining light on a community of people | that are hated only results in that community becoming | accepted. | | Please ignore the people who die and are harmed in the | process. | numpad0 wrote: | yeah, segregation and gatekeeping wash clean, and feels | great doing too. | blitzar wrote: | Threads doesnt need to exist for facebook to capture every | post in the fediverse. | Moldoteck wrote: | They can collect all that info right now from that | decentralized platform without integrating it in Threads | crooked-v wrote: | "Decentralized access for everyone, unless it gets popular enough | that somebody actually wants to interop with it" | | I understand the Meta hate, but joining a very explicitly public | and intentionally republishable service and then being unhappy | that your data is public and intentionally republishable is | bizarre to me. | dnissley wrote: | This reaction has shades of nimbyism: Yes we care about climate | change + housing affordability + are in favor of increasing | immigration. No we can't have those evil developers building | big apartment buildings in my neighborhood! How dare you | insinuate these things are related in any way! | x3n0ph3n3 wrote: | Just being pedantic, but none of that first sentence is | requisite for NIMBYism. I know plenty of NIMBYs who disagree | with the first sentence. | ldehaan wrote: | [dead] | mrguyorama wrote: | "You didn't invent the perfect solution so you aren't allowed | to complain about the faults of your imperfect reality" | turnsout wrote: | Yeah, this article reads more like a critique of the way | ActivityPub and Mastodon work. None of this is particular to | Meta. | PaulHoule wrote: | The odd thing is that even the biggest fedi promoters don't | seem to get it. | | I thought "mastodon.social" was based in Germany, heart of | GDPR country but there is no consent theater, no harassment | by cookie popups, certainly no controls over data. | | I really don't mind, but there is some serious cognitive | dissonance there. | Finnucane wrote: | There's no consent theatre because mastodon isn't doing | anything that requires consent under the GDPR. | sunbum wrote: | Because almost none of that is actually required if you are | not collecting data outside of the actual usage of the | application. | PaulHoule wrote: | People are documenting their own personal lives without | any protections. You can delete your account and the | system will circulate a polite notification that other | servers _should_ delete that information. | | If you are a "sexworker" (sic) and you doxx yourself | tough luck. | | If you reveal your mental illness through the things you | write about and the language patterns you use tough luck. | (Pro tip: machine learning algorithms can read your | social media posts and psychodiagnose you better than the | psychiatric nurse practitioner you'll struggle to get an | appointment with.) | | People get these spams inviting them to play games where | they ask questions trying to gather their answers to | break into their bank account such as "What was the name | of your first pet?" Even if you didn't have a tendency to | be paranoid maybe you should. | chc wrote: | What does any of what you just said have to do with GDPR | requirements? | PaulHoule wrote: | If this is right | | https://github.com/mastodon/mastodon/issues/7280#issuecom | men... | | #1 is "consent theater" which I am not noticing, maybe I | missed it. Even if I give consent to one server am I | really giving consent to any other server? Can any other | server be bound to my agreement with the first server? #2 | is a "polite request" and not a guaranteed property of | the platform. #3 seems to be satisfied. | numpad0 wrote: | Fedi promoters are traumatized from Mastodon explosion of | late 2010s that forced them into picking either of | revolustionist-terrorist or anime-loli or trans-furry | factions to support, of which the last one is the only | less-than-seriously-considering-self-harm choice for most. | It still must be full pain and giant source for self | contradiction. | the_gipsy wrote: | They're not unhappy about their data being intentionally | republishable. C'mon. On the contrary, they are saying that | when the product gets successful, they will pull the rug. Like | facebook did before, and like twitter did with the API and now | again. | dahwolf wrote: | Pulling the rug is a daily event in the Fediverse itself. | dnissley wrote: | Even if this happens it won't make any difference to how | these instances operate, will it? It'll just reduce traffic | to them, right? | chc wrote: | In the same sense that Google didn't largely kill off the | RSS ecosystem with Google Reader and Microsoft didn't | stagnate the browser ecosystem for a decade with Internet | Explorer, sure. | dnissley wrote: | The death of RSS preceded the death of Google Reader, no? | (Although it may have hastened the last act of it's | death.) Not sure I understand the comparison to IE. | mrguyorama wrote: | People are complaining that facebook is, intentionally or | otherwise, going to suffocate the baby in the crib, before | it has a chance to grow. If you provide a way to see | mastadon content without actually doing the work of joining | mastadon, nobody will join mastadon except the people who | have strong ideological reasons to join mastadon, which | accelerates the problem. | | It's the same effect as any platform that tries "free | speech" invariably becomes a nazi echo chamber, because the | only people who WANT to use the less popular system are | those that CAN'T or REALLY REALLY REALLY cling to their | ideology. | dahwolf wrote: | The original idea of having many small-sized instances is | already failing, also without Meta. Small instances are | unreliable (they quit/shutdown), have major sync issues | (not seeing all replies, boosts etc) and have a tendency | for too restrictive moderation and defederation. | | So indeed, most people (normies) will naturally flow | towards larger and more mainstream instances. It's | already tilting in that direction and actively encouraged | in the signup process. | | As these instances grow, they will simply have more | disagreeable posts (from the perspective of the | ideological instances) leading to even more defederation, | hence the split will become ever harder over time. | GeekyBear wrote: | > joining a very explicitly public and intentionally | republishable service and then being unhappy that your data is | public | | Comparing the sheer amount of data that Meta/Facebook vacuums | up to the privacy practices of similar apps is instructive. | | https://www.wired.com/story/meta-twitter-threads-bluesky-spi... | Nextgrid wrote: | IMO the problem with Facebook is the _private_ data they | vacuum. If you publicly post the data on an open network, I | see no problem with them taking it. | | In practical terms, Facebook is actually quite tame compared | to any other malicious actor who can get the same data. FB | just wants it for ads and processes it in aggregate (most is | never seen by a human), while other malicious actors might | actually target you personally. | | The main issue is that you shouldn't post anything on a | public, unauthenticated network that you wouldn't want | random, potentially-hostile actors to see. | dmonitor wrote: | This feels like another instance of seeking a technical | solution to a legal problem | pseudalopex wrote: | People seek mitigations to problems when solutions are not | available. | fossuser wrote: | I think for a lot of mastodon users it's more about being part | of a specific ideologically aligned in-group than it is about | anything else (this post touches on a lot of stuff that makes | overtures to that). | | The irony to me is that any chance of relevance for a protocol | is obviously going to need big players like meta to sign up | (and that's a good thing for the protocol). | | A weird set of circumstances might have aligned where meta sees | an advantage in being part of a federated protocol to | commoditize a threat to themselves (twitter, bluesky, etc.) and | still hold a dominant position in quality of the end user | clients (which is the only thing 99% of users care about). | | It's a little funny a lot of the mastodon hosts are up in arms | about this, but not that surprising when considering what | they're actually getting out of being part of it (the identity | stuff that comes along with being a mastodon user). | | I'd guess similar stuff was said during the eternal september | era of the web itself - simply being an internet user was no | longer an identity that meant something culturally specific. | [deleted] | ipaddr wrote: | Thread users are today's aol users. Better to keep them out | of areas where real conversations happen | dbfx wrote: | Then I fail to see the issue since "real conversations" | aren't happening on the fediverse either. | nemo44x wrote: | There's dozens of real conversations happening. Dozens! | treyd wrote: | What do you mean by this? There's over a million active | users including quite a few high profile people like Cory | Doctorow. | turnsout wrote: | You are 100% right that Threads users are today's AOL | users, and _that 's a good thing._ If Threads actually | federates, it will be another Eternal September [0], and we | need that for ActivityPub to truly thrive. | | [0]: https://en.wikipedia.org/wiki/Eternal_September | JPws_Prntr_Fngr wrote: | Surely you, Foss User, are aware that FB et al don't just | "republish" your voluntarily published info as per GP - they | doggedly track you around the internet and the physical | world, 24/7, without consent, storing, profiling, and | reselling you to advertisers. | | Example: download the supposedly privacy-focused app pCloud | on your iPhone, start it up, and check what IPs it's hitting. | That's right, it's hitting _facebook tracking servers_. | | This is not a tribal ingroup club thing. It's a "fuck off, | megacorps" thing. | jchw wrote: | I wonder if all of this hoopla over Meta joining the Fediverse is | even justified. If Meta wanted to suck up all of that data right | now, they could do that without creating an entire social network | to do so, by literally grabbing it from the source, where it is | publicly available, and they can do this with basically no fear | of ever getting called on it. By merely federating with and | supporting ActivityPub, all they do is make it reciprocal, and | opt-in, at least from our PoV. | | The real risk here in my opinion is the influence that Threads | could have over the Fediverse indirectly. What if they become an | integral part of it and threaten to leave, or just leave? What if | they become the defacto censor of what instances you can federate | with, by virtue of cutting off anyone that doesn't defederate | certain instances? Etc, etc. | | The privacy concerns, while they hold some validity, are a little | bit moot for people who weren't going to consider using Threads | in the first place. Google hoovers up all of this data already if | only indirectly, and nobody seems to bat an eye. | nottorp wrote: | 'I had a FB account as Mistress Matisse, but FB scraped my legal | name from somewhere else and then changed my displayed NAME on my | account without notice/consent.' | | Who gave FB permission to conflate two different identities? | mrguyorama wrote: | The legal right for a private entity to do most things to its | private property. | | The law says they don't need permission to do something like | that, regardless of any morality or decency issues that causes. | The law is often not aligned with morality. | | Most people seem to not really _get_ this, even when they | objectively know it, or are otherwise unable to imagine what | could go wrong, because doing so basically requires you to be | the unhealthy kind of imaginative and paranoid. "What if | facebook doxxes me and changes my display name" SEEMS like it | should be an insane paranoia, because the human brain isn't | equipped to handle extremes of scale and bureaucracy like this. | gidam wrote: | probably in their TOS, where they give themself right to do | anything. | raymondgh wrote: | I'm surprised that a followers-only post's author's information | would be available to followers of original author's followers. I | would think that a non-public discussion started by one account | should be nonexistent to anyone without access to follow that | account. | dahwolf wrote: | The sex worker real name reveal has to be bullshit. | | I'm quite convinced that Meta actually does have the real name of | most of us as well as the ability to link it to other accounts. | But the idea that Meta would willingly reveal this without the | user's consent means a planet-scale doxxing event. It could lead | to actual deaths in the real world, and they would be legally | crushed. | | What is far more likely to have happened is that the user had an | Instagram account with their real name and used that to log | in/sign up to Threads. There is no stand-alone account on Threads | currently. | charcircuit wrote: | My guess is that she was breaking Facebook's real name policy | by using a fake name on her main profile. It seems plausible | that Facebook would update someone's main profile to their real | name. | chrisnight wrote: | The problem I see with Threads isn't what Meta will do with | fediverse data, it's the power they have with owning 97% of the | entire fediverse network [1]. | | Embrace, Extend, Extinguish. Owning the vast majority of the | fediverse userbase will cause them to have a large amount of | power to compel users or servers to do whatever they want. What | do you do when Facebook implements a new feature and all of your | followers complain that your using a Mastodon server instead of | joining Threads that has this feature they want? You either go | against your entire community or let Meta takeover your account. | | As such, the resolution is to not let anyone have this much | power. It being Meta makes it easier to hate on them, but no | single server should own the vast majority of the network, let | alone (100M / (100M + 2M + 1M)) = 97% of it [1]. | | [1] Threads has 100M users and is rising fast, Mastodon was | recently stated to have 2M active users, the rest of the | fediverse can be estimated to be, say, 1M. As such, Threads has | about 97% of the userbase. | ajross wrote: | Threads is still way behind Twitter, though, which doesn't even | federate with Mastodon and never did. If that's your complaint, | why wasn't it doubly or triply so with the last corporate | overlord? "Don't use that silly Mastodon thing, everyone is on | Twitter" is, in fact, the way the world has worked for the | whole lifetime of Mastodon. | chrisnight wrote: | > If that's your complaint, why wasn't it doubly or triply so | with the last corporate overlord? | | I'll interpret this to mean "If the problem is that Threads | owns the majority of the userbase, why didn't you complain | about Twitter owning the majority of the userbase?" | | I'll reply to that as: Mastodon users did. That's why they | used Mastodon in the first place, because they felt too much | power was controlled in a single entity, so they complained | and moved. | | In terms of actions to take, what power was there with | Twitter that Mastodon users did not exert? With Threads, | Mastodon server owners have the power to defederate and block | Threads trying to intermingle with their userbase. With | Twitter, Mastodon users were the ones with the power to | publicly disclose their Mastodon account and tell users to | follow them on there. | | In each instance, Mastodon users are doing what they can to | reduce corporate overlords from having power over as many | people as possible. Even if Threads is more centralized | because of other instances defederating with it, the overall | reach of Meta is reduced. | Karrot_Kream wrote: | The fact that Threads has a much larger userbase than | Mastodon already means that they won't ever really feel | threatened by it. The stated reasons why GChat and Facebook | Messenger eventually defederated is that it was hard to | keep scaling the platform while speaking XMPP, but the | unstated reasons were that Messenger and GChat at the time | were still very much niche technologies that were jockeying | for marketshare in a crowded space. | | This time around Threads is already an order-of-magnitude | larger than the existing Mastodon Fediverse. Moreover, now | Meta has a diverse array of different social products, so | there isn't as much pressure on any one product to succeed. | If Threads ends up in a dominant position in the threaded- | text social network world, that already nets them more | users and more opportunities for ad revenue, which they can | collect revenue aside their existing properties of | Facebook, Instagram, and WhatsApp. On the other hand, | interoperating with the Fediverse allows them to be | opinionated about what kind of content they allow on their | network (e.g. if you're posting from Threads, you can't | post sexually explicit content) which can keep them | advertiser friendly, while offering a relief valve for the | loud minority that will want content disallowed by Meta's | content policies. It's a win-win really. | charcircuit wrote: | >Owning the vast majority of the fediverse userbase will cause | them to have a large amount of power to compel users or servers | to do whatever they want | | Mastodon already did this to ActivityPub. Extending open | protocols is important else people will stop using them in | order to accomplish building what they want. | FinnKuhn wrote: | I don't think you can really compare total users (how many | people have created an account) and active users (how many | people actually use the platform). | stormbrew wrote: | Threads has 100m _total users_ (that number is based on userid | badges on Instagram afaik). | | The fediverse has somewhere around 10-13m total users, about | 8-10m of those are on the main Mastodon network, and around | 2-4m MAU. It's hard to pin these down precisely because | different counters disagree (it's hard), but if you're going to | take the most optimistic number from Meta (the only one you'll | ever see), you should take the most optimistic from the other | "side" as well. | | Threads doesn't have an MAU yet because it hasn't existed for a | month, but it will not be anywhere near 100%. Most people I've | seen on it seem to have bounced day one and user growth has | stalled a lot (roughly halving every day). | | Sources for fediverse/mastodon numbers: | | - fedidb.org | | - the-federation.info (includes some things that aren't | activitypub based) | | - https://mastodon.social/@mastodonusercount | | Threads numbers (only total users, pulled from badges on | Instagram) | | - https://www.quiverquant.com/threadstracker/ | chrisnight wrote: | This is indeed true and we will have to see how the numbers | settle as we go along. | | However I would be surprised if Meta doesn't continue to | possess well above a supermajority of the userbase until | another large corporation embraces ActivityPub. | stormbrew wrote: | I think that's true, though I also think the fediverse (but | not necessarily Mastodon specifically) will outlive | threads. | | But I think the really big question will be: in 3-6 months | is meta putting out DAU and/or MAU numbers for threads | separate from Instagram's? | | Until then you can only guess how "big" it really is. I | don't personally find the numbers so far all that | impressive: it's a sub-10% conversion rate from insta daily | active users and I think behind the celebratory face | they're putting forward that might not be what they were | hoping for. | | But mostly I see this trend everywhere where people give a | lot of latitude to things like threads and Twitter and then | give the most pessimistic read of the state of Mastodon. | | If Mastodon were a startup and "centralized" its growth, | bumpy as it is, would be the darling of the tech press. | This is really obvious because every article about the fall | of Twitter lists at least one and often several networks | that have worse numbers and worse growth than Mastodon as | if they're the next big thing. | | Though maybe that'll change now that threads has bought its | first 100m users. | xorcist wrote: | The power imbalance when a semi-monopolist joins an open | protocol is a really hard problem to solve. | | Google all but killed XMPP by using it in | GTalk/GChat/Gmail/whatever it's called now. They probably had | no ill intent from the beginning, but their very presence gave | everyone the need to quickly be if not bug- then quirk- | compatible. | | By the time everyone came around they suddenly de-federated | everyone and with vague references to spam, which everyone knew | was bunk. But the damage was done. | vidarh wrote: | I think a potential difference here is that a substantial | part of the existing Fediverse won't care if we break | compatibility with Threads. Many will actively welcome it, so | there's potentially less pressure to yield if the make | changes people don't like. | stormbrew wrote: | The Mastodon corner of the fediverse is also ridiculously | more well run and diverse than xmpp outside the big players | ever was. | | Like, when threads joins it's far far more likely to be a | net contributor of spam and abuse towards the rest of the | network because the people who run Mastodon instances | generally actually care. | | Even Mastodon.social (the biggest instance currently) | routinely gets silenced or blocked temporarily by other | instances when it lets spam get out of control, and that is | generally considered a good thing by users. | | Honestly that's gonna be the main reason threads gets | defederated after the first round of ideological blocks: | self-defence against abuse. | 56kbps_capsLOCK wrote: | [dead] ___________________________________________________________________ (page generated 2023-07-12 23:00 UTC)