thenexusofprivacy
@thenexusofprivacy@lemmy.blahaj.zone
- Comment on How are Misskey and its forks doing? 2 months ago:
Thanks for the clarifications!
- Comment on I for one welcome Bluesky, the ATmosphere, BTS ARMY, and millions of Brazilians to the fediverses! 2 months ago:
Yeah, it’s somewhat useful but certainly not a great solution. It’s great that they went the opt-in route, but there aren’t any good existing frameworks for how to do it, so they had to roll their own. There’s certainly room for improvement, it would be great if either Bluesky or the Social Web Foundation (or both) or somebody else invested in it, but hard to know if and when thta’ll happen.
- Comment on I for one welcome Bluesky, the ATmosphere, BTS ARMY, and millions of Brazilians to the fediverses! 2 months ago:
There isn’t direct federation between Mastodon and Bluesky; instead, Bridgy Fed connects them - fed.brid.gy/docs#fediverse-get-started
- Comment on Fediverse history piece from 2017: A Brief History of the GNU Social Fediverse and ‘The Federation’ 2 months ago:
As Strypey acknowledges, there’s a lot he didn’t know about at the time and left out. Before Mastodon: GNU Social and other early fediverses includes a lot of that.
- Comment on I for one welcome Bluesky, the ATmosphere, BTS ARMY, and millions of Brazilians to the fediverses! 2 months ago:
For what it’s worth, the guy who mostly maintains the Wikipedia page agrees with you. And yet even so, at least for now, the Wikipedia page states “The majority of fediverse platforms … create connections between servers using the ActivityPub protocol” – which pretty clearly implies that not all fediverse platforms use the ActivityPub protocol.
Anyhow whether or not you agree to disagree … we disagree. Time will tell how broad usage of the term evolves. In the original article I pointed to examples of TechCrunch and Mike Masnick using the term in the broader sense, but maybe those will turn out to be points off the curve. We shall see!
- Comment on X's idiocy is doing wonders for Bluesky. 2 months ago:
Yep. And also, like I said in …thenexus.today/bluesky-atmosphere-fediverse/
For one thing, most of the people who came to Mastodon in late 2022 didn’t have good experiences … so didn’t stay in the Fediverse.6 Flash forward to 2024, and Mastodon still hasn’t addressed the reasons why.
Bluesky, by contrast, has put a lot of work into onboarding and usability – as well as giving people better tools protect themselves and others, and find and build communities … So today, BTS ARMY and millions of Brazilians, and everybody else looking for a Twitter alternative are more likely to have a good experience on Bluesky than Mastodon.
- Comment on X's idiocy is doing wonders for Bluesky. 2 months ago:
Great point. And Jay won the power struggle with Jack, which almost nobody gives her credit for.
- Comment on A lot of good stuff is happening in the fediverses! 2 months ago:
Yeah, it’s a great name.
- Submitted 2 months ago to fediverse@lemmy.world | 2 comments
- Comment on I for one welcome Bluesky, the ATmosphere, BTS ARMY, and millions of Brazilians to the fediverses! 2 months ago:
Kuba’s link i that thread is good, it looks like there’s currently about 370 PDS’s – Bridgy Fed got an exception from Bluesky so is the only one that currently has more than 10 uses. blue.mackuba.eu/directory/pdses I know some people who just run the open-source code for Bluesky’s PDS (which is pretty straightforward) and some run other implementations.
- Comment on I for one welcome Bluesky, the ATmosphere, BTS ARMY, and millions of Brazilians to the fediverses! 2 months ago:
You’re not the only one who sees it that way. Historically the Fediverse was always multi-protocol but some people don’t think it shojld be today. I talked about this view some in …thenexus.today/is-bluesky-part-of-todays-fediver…
“Anyhow, if Evan and Eugen and SWF and fediverse.party want to choose a definition of Fediverse where history stopped with Mastodon’s 2017 adoption of ActivityPub, erases earlier Fediverse history, and ties the Fediverse’s success to a protocol that has major issues … they can do that. “The Fediverse” means different things to different people. It’s still worth asking why they choose that definition.”
- Comment on I for one welcome Bluesky, the ATmosphere, BTS ARMY, and millions of Brazilians to the fediverses! 2 months ago:
Thanks very much, fixed now!
- Comment on I for one welcome Bluesky, the ATmosphere, BTS ARMY, and millions of Brazilians to the fediverses! 2 months ago:
Correct. Dorsey’s early involvement is certainly grounds for concern – the way I think of it, he’s gone now but his stench lingers on – but he’s not influential there going forward.
- Comment on I for one welcome Bluesky, the ATmosphere, BTS ARMY, and millions of Brazilians to the fediverses! 2 months ago:
Yep. And that’s far from the only way it could work out badly. I talk about this a bit in the section on “Bluesky is a useful counterweight to Threads”
Bluesky is far from perfect. They’re venture-funded, so likely to end with an exploitative business model. They’ve got a surveillance-capitalism friendly all-public architecture. It’s great that Jack Dorsey’s no longer on the board but he was.
- Comment on I for one welcome Bluesky, the ATmosphere, BTS ARMY, and millions of Brazilians to the fediverses! 2 months ago:
Blueksy’s approach to decentralization is very different from ActivityPub but it’s definitely decentralized. (Also that article’s over a year old, and some things have changed since then.). But, like I say in the article, not everybody is so welcoming!
- I for one welcome Bluesky, the ATmosphere, BTS ARMY, and millions of Brazilians to the fediverses!privacy.thenexus.today ↗Submitted 2 months ago to fediverse@lemmy.world | 25 comments
- Comment on It's time for a hard fork of Mastodon (DRAFT, REVISION IN PROGRESS) 8 months ago:
To get feedback! I often send out drafts to newsletter subscribers and post them on Mastodon and in the !thenexusofprivacy@lemmy.blahaj.zone community … I got a lot of good feedback on this one which is incorporated in the revised version.
- Comment on Eight tips about consent for fediverse developers 8 months ago:
Thanks for the tipoff on having to turn off the VPN, it’s not at all intentional – and it’s not a good look for a site with privacy in its name! I’ll try to figure out what’s going on, it’s pretty vanilla Ghost / nginx hosted on a Digital Ocean droplet so not immediately obvious.
And yeah, it’ll be interesting to see how well the messaging you for approval works out in practice. As you could say it could look like phishing; and even if it’s fine when just one app is doing it, it’ll be annoying if there are hundreds. Also, there’s a Mastodon setting to silently ignore DMs (and I think other platforms have similar options as well). And for Bridgy Fed, it would be great to have a mechanism that works symmetrically between the fediverse and Bluesky … but Bluesky doesn’t have DMs. Tricky!
I should probably mention something about being a good ally in that section, that’s a good suggestion. That’s not the main message I’m trying to convey though, I really do mean it as a warning to cis guys to be careful. These firestorms are tiresome for everybody, ould we please just not? Also btw sometimes particularly unpleasant for whoever sets them off. But maybe there’s a better way to word it.
- Comment on Eight tips about consent for fediverse developers 8 months ago:
Thanks, glad you think they’re reasonable. I don’t see it as using ActivitiyPub implying consent; it’s more that ActivityPub doesn’t provide any mechanisms to enforce consent. So mechanisms like domain blocking, “authorized fetch”, and local-only posts are all built on top of ActivityPub. I agree that many people want something different than ActivityPub currently provides, it’ll be interesting to see how much the protocol evolves, how far people can go with the approach of building on top of the protocol, or whether there’s shift over time to a different protocol which has more to say about safety, security, privacy, and consent.
- Comment on Eight tips about consent for fediverse developers 8 months ago:
Thanks for the feedback – and thanks for reading them despite the bristling. I couldn’t come up with a better way to put them … I know they’ll cause some people to tune out, but oh well, what can you do.
I don’t think these solutions are inherently unscalable, it’s more that there hasn’t ever been a lot of effort put into figuring out how to make things scalable so we don’t have any great suggestions yet. I wrote about this some in The free fediverses should focus on consent (including consent-based federation), privacy, and safety (the article is focused on instances that don’t federate with Threads, but much of it including this section is true more generally):
There aren’t yet a lot of good tools to make consent-based federation convenient scalable, but that’s starting to change. Instance catalogs like The Bad Space and Fediseer, and emerging projects like the FIRES recommendation system. FSEP’s design for an"approve followers" tool, could also easily be adapted for approving federation requests. ActivityPub spec co-author Erin Shepherd’s suggestion of “letters of introduction”, or something along the lines of the IndieWeb Vouch protocol, could also work well at the federation level. Db0’s Can we improve the Fediverse Allow-List Model? and the the “fedifams” and caracoles I discuss in The free fediverses should support concentric federations of instances could help with scalability and making it easier for new instances to plug into a consent-based network.
(The post itself has links for most of these.)
- Submitted 8 months ago to fediverse@lemmy.world | 16 comments
- Comment on Instances in the free fediverses should consider "transitive defederation" from instances that federate with Meta 11 months ago:
Indeed, the entire point is that instances should decide for themselves – I say it multiple times in the article and I say it in the excerpt. If they think that you federating with Meta puts them at risk, then they should defederate. And yes, it says more about the instances making the decisions than it does about Meta – Meta’s hosting hate groups and white supremacists whether or not people defederate or transitively defederate.
- Comment on Instances in the free fediverses should consider "transitive defederation" from instances that federate with Meta 11 months ago:
It’s good feedback, thanks – I thought I had enough of explanation in the article but maybe I should put in more. Blocking Threads keeps Threads userws from being able to directly interact with you, but it doesn’t prevent indirect interactions: people on servers following quoting or replying to Threads posts, causing toxicity on your feeds (often called “second-hand smoke”); hate groups on Threads encouragiingtheir followers in the fediverse to harass people; and for people who have stalkers or are being targeted by hate groups Threads, replies to your posts by people who have followers on Threads going there and revealing information.
- Comment on Instances in the free fediverses should consider "transitive defederation" from instances that federate with Meta 11 months ago:
And complement the FediBlock tag with FediBacon! It’s got success written all over it!
- Instances in the free fediverses should consider "transitive defederation" from instances that federate with Metaprivacy.thenexus.today ↗Submitted 11 months ago to fediverse@lemmy.world | 104 comments
- Comment on The free fediverses should support concentric federations of instances 11 months ago:
Very much agreed that part of the problem relates to scale – and, great analogy! It’s an interesting thought experiment: if each school had an Lemmy instance, how would they work together to host communities and make it easy for people (in all the schools) to find the communities they’re interested in? If they each had a Mastodon instance, how would they share blocklists? And so on.
And great point about the different dynamics between large instances and smaller / more focused instances. There’s always a question of which communities an instance sees itself as in service to – and similarly there’s always a question of which instances and communities the team developing the software is in service to.
- Comment on The free fediverses should support concentric federations of instances 11 months ago:
Thanks, I didn’t know that – I’ll update the post!
- Comment on The free fediverses should support concentric federations of instances 11 months ago:
Not yet, as far as I know, although there are some groups of instances whose admins and mods have a shared chat room and cooperated on blocklists which has some of these aspects.
- Submitted 11 months ago to fediverse@lemmy.world | 16 comments
- Comment on The free fediverses should emphasize networked communities 11 months ago:
A website like that would be very helpful. A lot of people I talk to think that unlisted gives more protection than it actually does (they’re used to how it behaves on YouTube where it’s harder to discover), don’t realize that it’s still likely to get indexed by Googe et al even if they haven’t opted in to search engines (because their post may well appear in a thread by somebody who has opted in), don’t understand the limited protection of blocking if authorized fetch isn’t enabled, don’t realized that RSS leaves everything open etc.
Yes, I think in terms of protecting data generally, not just from Meta but also data brokers, Google, and other data harvesters – as well as stalkers. Meta’s a concrete and timely example so it’s a chance to focus attention and improve privacy protections, both for instances that don’t federate and for instances that do. I agree that most (although not all) of the information Meta can get from federating they already can by scraping and they certainly could scrape (and quite possibly are already scraping) most if not all profiles and public and unlisted posts on most instances, and so could everybody else … it’s a great opportunity to make progress on this. …thenexus.today/fediverse-threat-modeling-privacy… has more about how I look at it.
Specifically in terms of data that flows to Threads through federating that isn’t otherwise easily scrapable today, three specific examples I know of are
- followers-only posts for people who have followers on Threads, or who have approve followers turned off
- some unlisted posts from people who have opted out of discovery and search engine indexing that aren’t visible today (i.e. haven’t been interacted with via a boost or reply by somebody who has opted in). it’s very hard to predict how many of these there are; it’s not just posts that are boosted by somebody who has followers on threads, it also relates to how replies are retrieved
- identifying information in replies to followers-only posts by people who have followers on Threads. This can flow to Threads even if the original poster has blocked Threads (because blocking information doesn’t get inherited by replies)
That said this isn’t based on a full analysis so there may well be other paths. As far as I know the draft privacy threat model I did last summer is the deepest dive - And the software is buggy enough in general that it wouldn’t surprise me if there are paths that shouldn’t exist.
In terms of concerns about tracking others have about federating … like I say for most people this isn’t the top concern. To the extent it is about data going to Threads, for a lot of people it’s about consent and/or risk management, full stop. They do not want to give Meta or accounts on Threads easy access to data from their fediverse account, even if Meta can get it without consent now (and even if they have some other Meta accounts). There’s also a lot of “well Eugen said it’s all fine”, and especially from techies a lot of “well they can scrape it all anyhow, whatever” and “everything is public anyhow on social networks”.