I sure hope there’s a large group of servers that refuse to federate with servers run for profit. I didn’t come to be a product and be manipulated with algorithms.
I don’t see anything inherently wrong with servers that try to generate some kind of income (servers don’t pay for themselves after all) but it’s absolutely the right of every server to choose whether or not to federate with them.
I’d take issue with free labour (e.g. unpaid mods) on a profit-making server.
I worry that through federation Meta will be able to track users of non-meta instances. Then you won’t even know you’re being traced
How would they do that? Is there a vulnerability in federation?
Shouldn’t be yet - for facebook (I’m not fucking calling them meta) to track you across the internet on websites you don’t use, they use a tracking pixel - a 1 pixel image that is included on the webpage which is loaded from facebook.com. To load this image your web browser sends facebook.com the cookies it always sends to facebook.com - i.e. your login information, and that’s how facebook knows that it’s you on that random-ass website that has nothing to do with facebook.
But note - you have to have cookies on facebook.com for this to work. So long as you never visit lemmy.facebook.com or whatever tf their federated instance is, they won’t be able to track you since they can’t associate you with your login via the tracking pixel - If I go to another lemmy instance, that lemmy instance has no idea that I’m actually @theblueredditrefugee@lemmy.dbzer0.com.
Well, this is based on my knowledge of how facebook tracking works. Maybe it’s changed since I worked there.
Edit: Should note that, obviously, everything you post on lemmy is public, keeping a log of everything a user posts should be pretty easy, like what they did with revddit and such before the apipockalypse.
It’d be a “vulnerability” of anything public. There’s nothing stopping me from building a bot that pulls posts/threads from any instance and storing all the comments, their owners, the posts and their owners, yadda yadda.
I suspect the up/downvotes are “private” but on any instance, the owners will have access to that. I can’t imagine all the data is encrypted at rest by default. But, don’t take my word on that as I haven’t read any of the specs. But, I’m pretty sure we’re just looking at the protocol, not the implementation with regards to how a federated instance works.
So, same precautions as anywhere else really. Your data that’s public WILL be tracked by someone and Meta is a damn likely culprit who absolutely would do that. I’m a total privacy nerd myself, but you’d be amazed at the things I want to track at work related to what/how/why people use the tools I work on. Granted, it’s 100% exclusively used to improve user experience, weed out bugs, and see what is used most frequently to focus on that stuff. But if it can be tracked, somebody is tracking it.
I like it when various programs at least ask before invasively scraping my data. If asked, I’ll often say yes because I want to help the developers, but when it’s silent and in the background I have no control and I don’t like that
1000% agree. This is how it should be done. And not hidden away somewhere deep. There are legit reasons for in depth tracking, but when used for advertising or something other than improving the user’s experience, count me out.
There’s a difference between generating income naturally through a platform and whatever the hell public companies are trying to do.
For instance sports teams would naturally have their own instance. They can generate more income naturally from their fans that way. Because their fans want to interact with them. They have a product that people want to pay money for.
In fact, I hope we sort out a fair and simple method to support servers in a way that makes people feel liket hey are also getting something.
One easy option is a server can have their own emojis like Twitch & Discord. A simple method is for Gold/Silver that goes to whatever server the comment was made to.
Please no. I don’t want this place to be emoji ridden. This is where people go to look for useful information and discussion, not a colour soup comment section.
I agree, instead let’s go with NFT profile pictures
Profile pictures are nice, but they force the comment section to have a lot of unused space.
On the bottom @Briongloid comment you see that the profile picture forces extra unused real estade. I’d prefer comment section to be much more compact. Similar to old.reddit.com
Maybe that could be an opportunity to make a unique twist for profile pictures on lemmy. Maybe crop them to an elongated squate that fits within the line height.
Maybe something like this
This is one of my biggest “issues” with lemmy (first world problem basically). There is a lot of whitespace and I wish there was a good css to fix this. I searched for many lemmy themes but none of them fixes the white space issue.
Agreed. IMO that’s where Reddit began it’s steeper descent, when a bunch of the FB/Insta crowd began flooding in and bringing their mannerisms with.
I think Gold/Silver/Bronze awards would be cool.
If Lemmy introduced those kind of awards, I would love for them to be simple and recognisable.
We could even have a revenue split between the server and the Lemmy development team.
I think that’s dependent on how each instance decides to sustain the server costs. Some might do that with donations, some might want a monetized feature. But I’m weary of those that monetize functional features.
This is my take as well.
I think among other issues would be the Gmail-ification and iMessage-ification of the fediverse. What I mean by that is open standards like email are dominated today by many people using Gmail accounts as it is popular, “free”, and comes with a ton of features. Then google started “walling off their garden” by adding features that only work between gmail accounts. Similarly, apple also took the open standard SMS and started adding on features only available between other iPhones.
What we might see is some of the coolest features the fediverse has ever seen, but it will come at the cost of most users ignoring or dealing less with “irrelevant” things not on meta ran instances.
Hope we can resist such a change, but that is what I am concerned about.
We have the power over ActivityPub
Who is ‘we’? And who doesn’t say that there’s something on top of activitypub?
Plus, if they do create cool features, why would we not also add them?
Because we don’t have multiple thousands of paid developers.
@Helix we have a legion of trans coders in pink striped programmer socks. They can do anything!
One of the “powers” of OSS is that the license usually required changes to be fed back upstream.
If Meta were not to do that the authors of Lemmy could ask someone like EFF to take legal proceeding against them.
Facebook can easily circumvent most requirements like that if the license isn’t invasivively copyleft. Usually web standards have permissive licenses.
i’m not sure if ActivityPub is copyleft or not. meta might be able to build proprietary features on top of it if the license isn’t viral.
If it is copyleft, they will probably try to reimplement it permissively.
ActivityPub itself is just a protocol, everybody can reimplement it. Lemmy and Mastodon are AGPL3 and thus copyleft along with “you must release source code for your server”.
Though if Meta does anything, I’d expect it to be written from scratch and MIT licensed. Companies don’t like to get near anything GPL as long as they can avoid it.
Because we don’t have multiple thousands of paid developers.
Having worked at a company with thousands of developers, that’s a significant advantage for us.
Well think of the iMessage example for a second, other phone manufactures wanted to extend upon SMS with RCS to enable cross-platform read-receipts, better image quality on messages, and more… and you can use RCS between various android phones, but apple has not yet adopted RCS. Then because of the pre-existing market share of iPhones being so high, if you want read-receipts, high quality image messages, and more you with most of your contacts will either have to convince all of your friends and loved ones to use a third party app or cave and get an iPhone.
The features don’t have to be revolutionary, they just have to find ways to flex their market share with their features. And their market share is almost destine to be huge if they put any meaningful effort or money behind it.
That’s an interesting example, but note that in Europe, at least, WhatsApp is king. I only mention it because the walled-garden approach Apple favours isn’t necessarily a guaranteed outcome, and third-party apps can happily become the norm among non-tech people.
This is true, and line is king in Japan and yet I believe the most common third party messenger app in the US is Facebook messenger despite its obvious flaws. Why, because it has more features than sms, and most people already have an account.
No matter which way you slice it, companies that can profit off communication will try to wall off their market share. Which is one of the things the fediverse aims to cure.
Yup, hard agree with you on that last point.
@emi @shipp I think an open standard converted to a walled garden is still better than a garden walled from the beginning.
I can still send emails to GMail accounts.
I can still send SMS to my friend’s iPhone.I wish everything was fully open, but at least I get to chose my email provider or my SMS app. (Although SMS is completely irrelevant in Europe these days, due to providers still charging money per message.)
True, if they integrate with federation in good faith it won’t matter that much for those not using them. But until we see what they do I won’t hold my breath on Facebook doing something in good faith.
We’ll probably have to create our own implementations, but I don’t see the issue in that either.
In the Fediverse you are still 100% under the control of whoever runs the server. Your user accounts can’t move between servers. There is no easy way to export communities and import them on other hosts. On top of that, all the federated features are completely optional and can be switched off.
Fediverse really doesn’t offer any securities beyond what a plain old Web forum does, all the federation aspects depend on everybody playing nice with each other.
At the moment even basic GDPR conformity isn’t given, as there is no way to export all your data from an instance, a deletion request for your data also doesn’t seem to be guaranteed to make it to other instances.
If Facebook builds something with ActivityPub and it gets popular they can play the whole embrace, extend, and extinguish game from start to finish.
If there are some big players (like in email), i think the biggest risk is that the big players would end up only talking to each other.
Similar to email, where a random host is likely to be spamming, that might happen here too. (Although I’m not that familiar with the protocols here)
Plus, if they do create cool features, why would we not also add them?
Limited developer time.
@CanadaPlus this is referring to far in the future. In the long scale of things, developer time is not so limited. Fedi doesn’t necessarily have a time limit after all, it’s just going to go stronger over time. I don’t see a stopping point.
Ah. Yes, in the asymptotic future limit everything can be implemented twice as long as there’s social opportunity to do so. I wonder if that applies back to Gmail as well, will we see an open-source federated G-suite?
@CanadaPlus so are you expecting there to just be zero progress in the future? What do you think the fedi will look like in 10 years? And yes, there are foss tools to replicate all of gsuite. What a pessimistic view not even based in reality.
so are you expecting there to just be zero progress in the future?
… You’re OP. You said you were referring to the far future. I was literally just agreeing with you.
And yes, there are foss tools to replicate all of gsuite.
Individually. Nothing that’s all integrated, though. Like, I can use Proton for certain things, but only with other Proton users, and it’s not seamless and feature-rich the way G-suite is (again, yet, maybe that will change).
Even though email is supposedly “open”, and federated, is no longer is really the case. Big services like Gmail are suspicious of non-big-name servers, and often flag email coming from them as spam.
About a year ago I came across an article from a guy who’d been running his own email server since the 90s, and finally gave up. I couldn’t find that article in my quick search, but I did find this:
https://twitter.com/greg_1_anderson/status/1425113874722820100
“I run my own email server. It’s no longer a good idea, because the anti-spam arms race makes delivery from small independent servers very difficult, even when you keep yourself off the block lists, so it’s a continuous struggle. Would switch, but I have too many domains/addresses”
This is very true, I have hosted my own email before and if you are doing it yourself and not going through a big player like google to host it then your stuff sometimes gets treated as suspect by filters. Used to beg people with Gmail accounts to flag my emails as “not spam” whenever it showed up in the spam folder.
Everyone who cares about their instance and the fediverse as a whole needs to defederate and block their instances as soon as they pop up.
deleted by creator
The problem is that the blocking will have to be layers deep. If your instance has defederated from Meta, but is federated with an instance that does federate with Meta, then Meta still has access to all your data through that mutual server. So not only would people have to defederate from Meta, they’d have to defederate with anyone who does federate with Meta. If everyone isn’t on board with this, it’ll cause a huge fracture to form.
Make no mistake: Meta wants to sell your data. They know all it takes is one server to federate with them and they’ve unlocked the entire fediverse to be harvested. I would not be shocked to see large amounts of cash flowing in exchange for federation rights.
deleted by creator
There has been some good commentary about this on Mastodon, but the long and short of it seems to be that federation is actually a pretty terrible way to harvest data.
The entire fediverse is based heavily on openly accessible APIs - Meta doesn’t need to federate with your instance to scrape your data, there’s really not much that can be done about it.
The real solution to Meta’s unethical behaviour is unfortunately going to be legislation, not technical.
Meta has access to my data anyway. Everything I post here is public, and there’s nothing stopping them from scraping it. That’s not the problem. The problem is Meta controlling the Fediverse, not merely observing it.
This is a point I’ve not seen brought up. Anyone who wants to is already able to (and maybe are) using my data for all sorts of things, including training LLMs.
Yeah Meta are a scourge. If I had a friend who worked for them I’d look down on them the same if they worked for Big Tobacco or lobbying for the fossil fuel industry.
tbh, I doubt they would federate with anyone they don’t have at least some control over. Like a contract or terms agreement or something.
Yeah I really don’t want Meta to federate with us. They have enough users to completely drown the mostly positive, thoughtful, and inclusive community we’ve built so far with the toxic algorithm brain rotted right wing zombie army that makes up most of their user base. I have such a happy little community on my instance and my little sublemmy rn and I dont want it to be swamped 😭
My question is : how do we keep our block list up to date to stop every new data crawler from Meta ? And also, they could gather what is posted on public…
They can already gather what’s posted publicly 🤷♀️
Someone had to be the first that I de-federate with and I’m glad it was facebook.
List of Fediverse admins pledging to pre-block Meta instances: https://fedipact.online
It will be possible to have accounts on multiple instances, those that block Meta or federate with Meta. Then see what happens.
Not seeing a lot of Lemmy instances on there yet. Hopefully more will follow as it gets closer
Meta should be considered “harmful to humankind” (the list of atrocities is long) and I personally really don’t want anything to do with them.
It was only matter of time before one of the big players took interest. Too bad it had to be Meta, but I don’t think the others would have been much better.
The protocol itself isn’t secure, so if anyone is worried about data harvesting, better log off now and never return. Meta and anyone else can do that already (and is probably doing) without having to roll in with their own instances.
Federating with someone who might have 1.2 billion MAUs is kinda scary because most protocol implementations (like Mastodon) are huge mess of bloat and inefficiencies under the hood. Someone paying their hosting out of their own pocket or trusting on kindness of strangers should be wary of the amount of data that’s going to hit them with federation.
It’s probably silly to expect “unified blocklist”. Some people are fixated with the idea of growth and equate mass popularity with success. Others would rather “wait and see”. Let them. The fediverse used to be much more homogeneous place 3-4 years ago, but we’re nearing 10M users. That’s simply too many people and voices for there to be just one response.
Luckily there doesn’t need to be. The protocol allows for creation of spaces that don’t have to interact with Meta.
The protocol itself isn’t secure, so if anyone is worried about data harvesting, better log off now and never return
I’m more concerned about tracking tbh. But it’s good to know they’re planning to get a piece of the cake. I’m ready to block them.
Each instance admin decides which servers to block for themselves. If you visit the info pages of some systems they will list blocked systems, and there are a lot of them.
There are some very unsavoury communities out there. Blocking usually revolves around how effective moderation is.
As an example you can see a list of servers blocked by mastodonapp.uk on the About page.
Oliphant maintains a minimum block list that most systems take as a starter list.
I agree with your sentiment but I’m a fediverse noob, I’m confused: if a large company such as Meta bloats the spaces they federate with, wouldn’t that immediately get them blocked by people who cover their own hosting costs? (In which case I guess my instance probably would block them?) Or does it mean they will damage everything so fast only spaces with enough funding will be able to remain afloat, forcing us all to rebuild communities elsewhere?
I’m glad to see my server doesn’t plan on federating with anything Meta hosts. I really don’t like the ‘wait and see’ approach; Meta has shown its true colors time and time before, they have not earned their trust.
Mine seems to be defending the idea, so I’m looking to move soon just not sure where anymore or when. It’s frustrating because it’s hard to find any actual positions he actually has on this topic when his timeline is just endless boosts giving people props for defending this. indieweb.social if anyone is curious.
What I don’t understand with the “wait and see” people is the presupposition that it means to federate day 1 and see if they fuck things up to decide if defederation is needed. Their reasoning often includes “two clicks” as if the amount of effort defederation takes was the concern people had.
“Let’s wait and see how they behave first, and then decide if we can federate safely” is just as much a “wait and see” stance, and it should take two clicks as well.
Why do we have to get exposed first and react later when we can observe first and then decide if we want it or not?
I hate how it seems like anytime there’s an alternative to big tech, it gets immediately co-opted. Either by the far right or by corporations.
At least with this structure we can still defederate from them and go on about our merry way.
Until they take over and force a change that renders things back centralized into their hands.
That makes zero sense, that’s not how the fediverse works. Explain how they would take over completely independent and unconnected instances that are defederated from them.
Implement new features that only work when you integrate with Meta, then cut them out of the picture if they don’t do what Meta says. The majority of users will stick with the instances that have the stickers and emojis that their friends have. Similar to what Google is doing with it’s browser and the Internet.
So we’d have the exact structure we have now. A centralized platform, or instance, for the people that don’t care and our current federated instances for the people that do care.
This is all a big nothing burger. We’ll just continue to not use meta instances and platforms like we’re literally doing right now.
Agreed. Truth be told, should the fediverse become mainstream, the masses will want the shiny bells and whistles and stick to the instances that support them. Those of us that could care less aren’t going to be swayed by them, and steer clear. Unless FB somehow manages to take over the codebase and force everyone into their shit, I think we’ll be fine.
See also: Google with Gmail.
Good luck running your own mail server these days, and getting your messages actually delivered to Gmail and Outlook/O365 mailboxes. It’s possible, but a hassle, and the rug can get pulled at any moment.
Just configure your SPF record properly and you should be fine having emails delivered to gmail. I work in tech support for a small software company and every single time a customer is having issues with our email server not delivering to GMail, it’s due to their SPF record being borked (which is on the customer’s IT department, not us)
Capitalism only functions when it can absorb the things that can be an alternative to it.
Aren’t those the same group?
No, but they both work for the same people.
Capitalism gonna capitalise
Defederate-Block-Ban
deleted by creator
I mean, it’ll probably be obvious, however they end up doing it. Just look for all the trackers and cookies 😂
Communities: Basically impossible, unless Meta/Facebook has a public list somewhere.
Instances: That will be public, because they have to register the domain somewhere and I’ll also assume that they will actually want people to know which ones are theirs, so their users join those.
I truly can’t imagine a world where they do it in secret. They’ll advertise it and slap their branding all over it.
Oh there’s a list of all their known domains and a mastodon bot that keeps track of new ones. I run my own mastodon instance and I have everything preemptively blocked.
Meta can never be trusted for anything. This could very easily be them trying to make tools to snuff out our “rebellion”.
I will remove myself from any servers that federate with Meta.
apparently some Mastodon admins got contacted by Meta and met with them after signing an NDA. I’m quite surprised how many Masto admins want to “just wait and see, maybe it’s not gonna be that bad”.
“Meta and met with them after signing an NDA”
This should tell quite enough.
What? Have you never worked with any company anywhere?
lol, I had to sign nda just to do an interview.
I’d guess they were made an offer they couldn’t refuse, ie money.
I’m guessing you haven’t been on the #Fediverse very long so not picked up on the ethos of most of the folk who run the various instances.
Most are very protective of what they have created as a community and are definitely not in it for the money. Some are vehemently anti-capitalist.There are many ways to get rich. Running an instance is not one of them.
deleted by creator
Maybe we can counter offer an offer they couldn’t refuse, ie eat their donors.
Who are these donors and what does “eating” them actually entail?
I’m surely misinterpreting you, because it sounds like you’re suggesting murdering people over SoMe bullshit.
Pretty sure parent is making a glib reference to the common “eat the rich” saying. It’s meant to be a provocative way to illustrate a larger message of anti-capitalism and the immorality of extreme wealth disparity.
Let’s demonise a subset of the population and joke about murdering them just like my ideological comrades did in the 19th century! Look how provocative I’m being.
Defending billionaires is an even more ammoral act than making a joke you don’t like, comrade.
I dislike seeing radicals joke about murdering their enemies. It dehumanises them which helps extremism takes hold.
Of course that is the point of such jokes, but you shouldn’t be surprised if people call you out on it.
Won’t someone think of the poor billionaires!
Save the Rich! https://www.youtube.com/watch?v=ej7dfPL7Kho
I am a donor on various instances.
I’d take a dim view of being eaten.
What iffing a possible scenario: Meta positions itself as an instance host, like how WordPress hosts blogs. “We’ll take the headache out of setting up an instance, but you control everything else!” Free? Low cost? Removing the technical hurdles of hosting your own instance could entice a lot of would be admins to go this route.
It gives the illusion of control, but Meta still back channel collects all data.
My money says you’re right.
Time to learn how to host your own instance everybody.
…and then a couple years down the line when people have come to depend on it and the code base has become simpler due to the platform capabilities that their hosting provides (nobody is self-hosting anymore anyway, because Meta hosting is so simple, easy, and cheap/free), they’ll start exercising more control anyway. “Come into compliance with our corporate terms of service and Community Server Guidelines™ or you’ll lose our hosting. Oh shit, there’s nowhere else for you to go for hosting anymore? Gosh, gee, shucks! What a shame.”
But in your scenario, how could there be nowhere else to host? In theory, I can spin up an instance on my own physical server, obtain space on AWS, or install my own hardware in a CoLo IX. Your scenario assumes Meta owns all of the hardware on the net, or somehow acquires sole rights to the ActivityPub codebase.
What I’m saying is that Meta will create a platform on which Fediverse instances can be hosted. They’ll add features to that platform that make it easier and easier to host such an instance. They’ll offer APIs or whatever that’ll support instances in ways that other hosting environments won’t. And then when the code base has changed to depend on their particular hosting environment, they’ll use the power that gives them over us.
Glad you brought up AWS. Amazon and other tech companies have created kubernetes platforms (Amazon’s is EKS, which runs on top of AWS and its services like EC2) that make it really easy to spin up clusters, auto-scale them, use custom objects that are specific to their platforms, control external access to them, monitor them, etc. While “bare metal” kubernetes implementations exist, they are a royal pain in the ass to setup and run, and they support a fraction of those bells and whistles. And as time goes on, the difference between one of these “native cloud environments” and anything anyone would (try to) setup themselves gets greater and greater. And systems that are developed for kubernetes rely more and more on those bells and whistles (e.g. despite kubernetes being allegedly agnostic to what it is running on underneath, companies choose to support “just EKS” or “EKS and GKS” and no other environments). Perhaps a particular software suite depends on PersistentVolumes that can be moved between nodes, or mounted on multiple nodes simultaneously, or whatever. EKS might support this when other environments don’t. Or a custom AWS annotation on a LoadBalancer Service might provide some kind of control that the software depends on to function properly and be externally accessible in a way that the software depends on. So this is a nice corollary to how things might go with the Fediverse.
Ah I see what you’re saying, thank you for clarifying. It seems then that a primary goal should be to ensure a form of feature parity that rivals anything Meta delivers, but within the open source realm. Considering the existing codebase (for Lemmy at least) is licensed AGPL3, wouldn’t any derivative works be required to be released under the same license? Forgive me, I’m still getting up to speed on all this, and I’m quite far removed from FOSS these days.
It’s not necessarily so much the license, but resisting the temptation of taking advantage of things special to the hosting environment, and staying as cross-platform as possible, supporting a range of accessible environments no matter how tempting it is to take advantage of the benefits of one (or some) over others.
Gotcha, makes sense. Thanks for the replies!
good theory, I’m sure they will offer custom domain names as well to sweeten the deal since I doubt most people want to be stuck with a .meta handle or something
Absolutely! And given that they have a gazillion users they can willingly move around they can drown us out in a day if they want
They will drown us out even if they don’t want in that case. Them just using the service normally will flood all our feeds with posts from their service based on the sheer number of them.
That’s why every instance worth its salt will defederate from day one
I expect to see zero posts from Facebook on my feed
I think (and hope) so too. Some pro leniency stances from mastodon bigwigs got me a little worried, that’s all.
I don’t really care about Gargron and the other growth-focused admins, I literally use an instance that hides stuff from mastodon.social lol
switch to white list mode after certain point I guess. Or introduce some protocol level cooldown thresholds where if you are an instance with 1m users or just 3 bots, then you auto block those.
I doubt they would be willing to let people host and control their own versions of federated facebook, and I’m wondering then what would make it “decentralized” exactly. Are they just using decentralized as a buzz word because they are using ActivityPub?
deleted by creator
They’d probably appreciate to have control of instances they don’t have to pay for.
I’m personally happy to take a wait and see approach - because the whole point is that WE have the power. Meta HAVE to play by the rules, because if they don’t they get defederated, and it’s going to be very difficult for them to convince people to federate with them again after that. If lots of instances start defederating them, then their users are going to start complaining to them that they don’t understand why they can talk to some people, but not other people. We have the power here folks.
EDIT: To add - the Fediverse is supposed to be an inclusive place…
Well, the big issue here is that we sort of don’t have the power you think we do.
What I mean is, say you have 10 servers. 7 are Lemmy, 3 are kbin. Great, each admin has control over those servers. Then you have Meta. They’ll run 1 huge server. When the 10 other servers enable Federation, Meta now has 10 servers of content that isn’t even on their own platform that they can sell. Your data will literally exist on the Meta server because your data is not contained within your instance/platform once it’s Federated. Meta can then harvest the entire Fediverse for data like this. It’s like an absolute wet dream for them. They don’t even have to coax people to use their own platform!
Meta must be defederated the second they so much as dip a toe into the Fediverse or everything you’ve ever done, or do, on any ActivityHub platform will be scooped up and sold.
I’m confused about what kind of data you want to protect. If you mean your posts and comments, they are already publicly availible on the Internet. Meta doesn’t need to make a activitypub app that gets federated with Lemmy to aggregate and sell this data.
Is there an other kind of data that is visible only to server administrators?
Edit: Been corrected, the following is NOT how it works! Original Text follows
Someone correct me if I’m getting details wrong, but from reading this post it appears as if fediverse admins are provided both the username and email accounts registered by those users that have visited their instances.If that’s true, one problematic scenario I can imagine is when someone has registered on the fediverse with a pseudonym, but has an e-mail address they also use on their real-life Facebook profile. Visiting a Facebook-run ActivityPub instance while logged in would give Facebook enough data to link both the pseudonymous account (with past and future post history), and the real-life Facebook profile.
So, even if you’re not signed up for Facebook’s version of ActivityPub, engaging with it could still be giving Facebook a source of ongoing data for building personal profiles and targeted advertisement that people would not provide on their own.
I guess the fear is that they’ll monetize others’ content without giving anything back. Like imagine if there was Reddit2 that just took all the content from Reddit but didn’t add their oc back to Reddit. Basically just leeching off and your average user would be incentivized to join “Reddit2” since it had all the content that Reddit has and more. They’d slowly drain users from Reddit to Reddit2 and THEN monetized turning everything to shit (you can use your imagination how’d that look).
Well, they could do that regardless of whether they’re running an ActivityPub service. Nothing’s stopping them from a technical viewpoint
Nothing stopping them, except, you know, the law… They can certainly display content that was not marked for public display. They will then proceed to get sued out of existence… If they do this automatically I’ll just privately post a music file with copyright protected music. Which is perfectly fine to do if it is indeed hidden from everyone. If they then publicly post it that’s on them and now I get to see the Music Industry fight the Zuck :D
Right… But…
ActivityPub is not a protected encrypted protocol. Everything anyone says on any service using ActivityPub can already be intercepted and harvested by anyone, even blocked instances. The defederating is software based. But for example if someone wanted they could simply do https://mastodon.social/tags/fediverse.rss and there were go, instant access to data from the Fediverse. You can query any Mastodon server for any hashtag you like. That’s just one of many endpoints that will spit out Fediverse content.What I’m taking issue with is essentially the same thing that is getting Reddit into hot water. Spez is acting like all the content on Reddit is exclusively his. And legally, it probably is, since it exists on his servers. Now if you extrapolate that out to Meta on ActivityHub, any instance that federates with them immediately puts all of your content directly onto Meta’s servers. Once it’s in their possession, it’s legally theirs to do with as they please. If they want to pull a Facebook or Reddit, using your data, they can with no way for you to opt-out. Sure, nothing is stopping people from doing it already, but Meta does not have your best interest in mind. Ever. They’ve shown it again and again. So I think people are preemptively wanting to cut off this spigot of user data to Meta because their abuse of it is a matter of when, not if. Any other company might deserve the benefit of the doubt, but Meta? We know who they are already.
Also, as I said elsewhere, Meta could already use a bot to scrape Lemmy instances, but you can’t sell a bot to investors. But you can sell a platform. Meta will build a slick platform to sell to investors and sit back while federation fills up their instance with data which they’ll turn around and sell the same way they do on Facebook. And the insidious part of it is that they’ll take your data even though you didn’t use their platform. Right now I can decide not to be data mined by Meta simply by not using Facebook. To do that here if instances start federating your data onto Meta servers, you’d have to not use ActivityPub at all. Either that or the fediverse fractures into Meta and not-Meta, which also sucks.
This is really a lot more than simply setting up an RSS feed.
I completely agree with the overall point you’re making, but would like to correct the legal aspects. I am not a lawyer, but I do have a pretty good understanding of US copyright law which is the most relevant in this case.
Having possession of data isn’t sufficient to legally establish the rights to do as a company pleases. In general, an individual author immediately has copyright on a creative work as soon as it’s recorded in any medium. The main exception to this is “work for hire” — a legal agreement that employers hold copyrights since they’re paying for the work. It’s usually part of the paperwork an established company has you sign when you start a job.
Because of this, and because we users aren’t employees of Reddit, they need a license to duplicate and display our copyrighted posts. The terms of service for any online service almost always stipulate a “worldwide, non-exclusive, perpetual license”. In other words: you still own the copyright to your post and can still share it elsewhere, but by sending it to Reddit, they get to put it anywhere they want and you can’t ever take that right away from them.
If Meta begins slurping up data from the Fediverse, things get tricky. They’re probably violating copyright law if they do that, just as ChatGPT, Google Bard, etc… likely have. However, legal enforcement of our rights would be near-impossible. Everyone who has ever had an account with any of Meta’s properties has most likely agreed to an binding arbitration provision. (These are utterly immoral, they force you — as a precondition of doing business! — to preemptively waive your legal rights before anything occurs that would cause you to need them.) These provisions also prohibit any sort of class action, so each individual person would have to initiate their own case against Meta. And then you’d have to somehow prove to an arbitrator from an organization selected by and paid by Meta that Meta violated your copyright. And Meta’s high-priced lawyers will have all kinds of ways of referencing prior cases to argue why what they did is fine.
So yeah. But again, I completely agree with your main point. Meta will (if they haven’t already) collect all the data they please from the Fediverse and use it to further their business interests. And those business interests are not aligned with our best interests.
Thank you for your clarification! I don’t know any of the legal specifics of this stuff and I very much appreciate you taking the time to help educate me and anyone else who needs it. I can only give a conceptual argument based on the history I’ve seen with these companies, but not any sort of specific knowledge of law.
The gist of what you’re saying, and what we’ve actually seen play out recently, is technically they shouldn’t be able to do this, but they’re going to lawyer it in such a way that they’ll get away with it unless/until someone actually sues them which is prohibitively expensive. We have recently seen class action suits against Meta, but realistically the damage has already been done, the money has already been made, and they go on with finding the next cash cow. Even a multimillion dollar settlement is a drop in the bucket, simply the cost of doing business for these people.
Exactly so! 🙂😭
You bring up an interesting point, because of how the fediverse works, every server (that has an active subscription) essentially has a mirror of the original data. So if Facebook have data from people who never consented to that, then they would surely be breaking GDPR rules? GDPR rules say that they can only PROCESS the data (or mine it - if you want to use a more realistic term) if a user has explicitly agreed to that, implicit agreement doesn’t count. So this is going to interesting to see how they manage this - providing that they don’t process the data and simply present it, as is - they don’t break GDPR, but the second that they start processing it, they breach GDPR. Now - they can process data that belongs to their users, but they would have to write code that ensures they don’t ingest posts from any user that is not a meta user - for the purposes of harvesting it.
Yes, this is exactly the sticky issue we get into. And I’m wondering if lawyers would be able to make a case that using ActivityPub alone automatically gives your consent to have your data exist on an instance outside your own. Once they have data you’ve consented to give they can do with it as they please, essentially arguing you’ve become a consenting party when you consented to federation. I don’t know the GDPR well enough to have any answers, but you can bet Meta lawyers do.
I don’t think Facebook would be having high level NDA-protected talks with Mastodon people if they weren’t trying to work all this out. And by work out, I mean how to monetize/data mine. I’ve been talking about this with people all day, many of whom didn’t see a problem with this, but eventually all of them have had the lightbulb turn on when they realize the potential abuse Meta could do with/to ActivityPub.
If, by some miracle, Meta wants to be the good guy for a change, let them prove it. I would love to see defederation by default, and let Meta prove they’re trustworthy to federate to. And even then, have a really itchy defederate trigger finger if they even hint at pulling another Cambridge Analytica fiasco. But getting everyone on-board with that is probably impossible, especially if Meta starts throwing money around.
Meta can have the data, that part yes you consent to by using ActivityPub software, though there is a whole other argument to get into later about whether “normal” users really understand that. But no Meta absolutely cannot process that data, for creating shadow profiles or anything like that - unless the user explicitly opts in. GDPR is quite clear that you cannot infer that a user agree based on some other influence (in this case the user using ActivityPub) - the user MUST have been presented with a dialog explaining what Meta would do with the data and giving the user the option to say they agree or disagree with it.
Thank you for the clarification there. I hope you don’t mind having this conversation with me, I’m learning a lot by interacting with people on this topic. I don’t want you to feel like I’m arguing with you though. So the GDPR seems fairly bullet proof, but it only applies within the EU. So how about a scenario like this:
Your instance is hosted in the EU and has the full protection of the GDPR. My instance is hosted in the US where the GDRP does not apply. Your instance federates with mine. I federate with Meta. Meta now has your data but they didn’t get it from a GDPR protected source. You consented to give it to me, and I consented to give it to them. They have no obligation to uphold the GDPR because they’ve had no interaction with your instance whatsoever, they’ve simply accepted what I gave them and that transaction occurred within the jurisdiction of the US.
Maybe the GDPR still works here, I don’t know. But I guess my point is that if I can come up with endless scenarios like this, lawyers can too, and they know infinitely more about the law than I do. Hell, they can even come up with their own interpretations of law and act on them for years, only changing their practices when they’re forced to by someone actually suing them. Which by then they’ve already collected and sold millions worth of data.
I’m personally happy to take a wait and see approach
I am not. Facebook is largely responsible for poisoning the Well that is the internet. They have shown what they truly stand for. I am completely uninterested in any platform that has a single thing to do with that company.
EDIT: To add - the Fediverse is supposed to be an inclusive place…
Yes, inclusive of human beings. NOT large corporate interests. Your views are wrong and you should feel bad.
Oh I’m sorry. I was under the mistaken impression that we were talking about billions of humans. But I see now that you have forgotten about them because you are only interested in Meta, and not the actual humans using meta.
Also thank you so much, apparently instead of just having a debate. You immediately resort to bullying and insults.
Guess this really is Reddit 2.0 🙄
I was under the mistaken impression that we were talking about billions of humans. But I see now that you have forgotten about them because you are only interested in Meta, and not the actual humans using meta.
Those billions of humans can still be free to come use the Fediverse through non-Meta instances. Nobody’s forgetting about them; just rejecting Meta’s ability to exploit those people as they interact with our platforms and infrastructure. You are attempting to co-opt the language of inclusivity here. Not cool.
But the vast majority of them don’t know about the fediverse, and will stick with the status quo. They are only going to find out about the fediverse by becoming part of it, without necessarily knowing that they are becoming part of it. The vast majority of meta users, either on facebook or instagram, or even whatsapp - just want to be able to talk to their friends.
Irrelevant. See above.
Hey man, not cool with the dialog. That’s not the kind of place Beehaw is. This is an important discussion and you have an important voice that deserves to be heard, but that’s not the way to go about doing it. I encourage you to next time choose grace.
Meta will try to have good content. Then they’ll add features rapidly calling them “standards”. The open source community won’t be able to keep up. Meta content will not work fully on Lemmy and other clients. People will migrate to meta controlled instances to keep the good content. The open source and community versions will end up being a pain and only for the true believers like Linux desktop.
The open source and community versions will end up being a pain and only for the true believers like Linux desktop.
Which may not end up being a bad thing to a certain extent
“Good content”? You mean like the stuff that’s on Facebook now?
Agreed. I don’t see the point in trying to ban something before it exists and before we even know anything about how it would work. I get it, Meta has done some shit. But on the other hand, having such a big player in the Fediverse could be huge for its growth, especially since the Fediverse has a serious UX issue and UX is Meta’s strength.
I don’t really understand the privacy concerns. Just don’t use their instances? Have y’all seen how the Fediverse already works? Stuff like your votes are already public and that can’t be easily changed. And a nifty thing is that if Meta makes a product for the Fediverse that is federated, it’s just as easy for its users to migrate to another Fediverse platform if we find out Meta pulls some shit.
The whole point of the Fediverse is to add a human-based trust component. Why would a company that has repeatedly shown itself to not be trustworthy get the benefit of the doubt?
IMO, Meta can start their own instance and ask to be invited to the larger system, assuming they first prove to be worth taking that risk.
I get it, Meta has done some shit. But on the other hand, having such a big player in the Fediverse could be huge for its growth
Isn’t that exactly how “embrace, extend, extinguish” works? Meta’s huge numbers and publicity means that once it joins the Fediverse it will become the Fediverse, by sheer mass. Every other instance will be not even be a blip on the radar compared to theirs.
We get exactly one chance to refuse and it’s here, at the start.
What is even their saving grace? Publicity? People will only see “Meta” and “Facebook” plastered everywhere. And you know they’ll use their instance to archive and analyze everything, and build fake profiles, and cross-match them to Whatsapp and Facebook and Instagram, and push their algorithms to generate the top posts they want, and so on and so forth.
Meta/Facebook/Zuckerberg have done some of the most vile stuff to privacy. They’ve preyed on the personal data of billions of people. If there was such a thing as privacy genocide they’d be guilty of it.
This is like getting into the pool with a big hungry shark with syphilis. For goodness’s sake, stop to think about it for a second.
If lots of instances start defederating them, then their users are going to start complaining to them that they don’t understand why they can talk to some people, but not other people.
I don’t think so. The most probable result is Meta (and maybe Google, Amazon, etc) running the mainstream instances, and sn alt-fediverse of smaller, tech-savy instances that defederate them. Most people will have only an account in the Meta-fediverse, and only a minority in the alt-fediverse or in both. Similar to most people now having a WhatsApp account, and only a few using Telegram or Signal.
The largest instances have either already announced their intent to block Facebook or stated that they are monitoring the situation and will react quickly and decisively should anything untoward happen. There is no Fediverse without federated third parties. All Facebook could show in that case was… Literally their own walled garden. How is that different to them not even implenting activitypub in the first place? It isn’t. Their only power is to ask if they can participate. Literally no one is going to waste a minute on any efforts of theirs that could even remotely be perceived as taking control.
I don’t trust Meta with anything, no way they will do this well