• The Nexus of Privacy@lemmy.blahaj.zoneOP
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 months ago

    As you say though it’s only shared to any other instance listening. The point of consent-based federation is that you get to choose which instances do and don’t get to listen. So if your comment hasn’t been sent out out to other instances, they don’t have it.

    • rglullis@communick.news
      link
      fedilink
      English
      arrow-up
      4
      ·
      10 months ago

      So if your comment hasn’t been sent out out to other instances, they don’t have it.

      What’s stopping malicious actors to create an account on the same instance as you and follow you (or your RSS feed) exclusively to pull your data?

      Remember “information wants to be free”? That adage works both ways. If people want (or need) real privacy, they need to be equipped with tools that actually guarantee that their communication is only accessible to those intended to. The “ActivityPub” Fediverse is not it. They will be better off by using private Matrix (or XMPP rooms) with actual end-to-end encryption.

      • The Nexus of Privacy@lemmy.blahaj.zoneOP
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        Agreed that people who need strong privacy should use something like Signal (or maybe Matrix or XMPP). And also agreed that RSS feeds are a privacy hole on most of the fediverse; Hometown and GoToSocial both disable them by default, Mastodon should do the same.

        Nothing prevents malicious actors who want to make enough of an effort from creating accounts on instances (or for that matter Matrix chat rooms). But that’s not feasible for broad data harvesting by Meta.

        • rglullis@communick.news
          link
          fedilink
          English
          arrow-up
          3
          ·
          10 months ago

          Your whole wordlview is hinging on two conflicting realities:

          • social networking is an inherently public activity, and this is the way that the majority of people want it to be.
          • the only way to be free from surveillance capitalism is by having private communications, and while this is something that affects everyone, only a minority of people seem to be actively opposed to it.

          The “consent-based” social media does not work well for a small business owner who wants to promote their place to their local community, or the artisan that wants to put up a gallery with their work online. They want to be found.

          If you tell them that they have to choose between (a) a social network that makes it easier for them to reach their communities or (b) a niche network that is only used by a handful of people who keeps putting barriers for any kind of contact; which one do you think they will choose?

          What your recent articles are trying to do is (basically) try to shove the idea that the majority should change their behavior and completely reject a public internet. You are basically saying that the “social” networks should be "anti-"social in nature. This is, quite honestly, borderline totalitarian.

          But that’s not feasible for broad data harvesting by Meta.

          Why? You keep writing about how evil Meta is and their infinite amount of resources. If you really believe that, why do you think they would stop at the mere wall of “federation consent”?

          • The Nexus of Privacy@lemmy.blahaj.zoneOP
            link
            fedilink
            English
            arrow-up
            0
            ·
            10 months ago

            I totally agree that there isn’t a lot of privacy on the fediverse today – in fact I even say that in the article and link off to recommendations for how to improve things. But also I think there’s a huge difference between the situation on the fediverse where there’s no privacy because developers haven’t prioritize it and with Meta, where their model is focused on exploiting data that they’ve acquired without consent and they’ve repeatedly broken privacy laws (although to be fair they break other laws too, not just privacy).

            And it’s true, many people don’t care about privacy, and many more care some but it’s not important eough to them to make it their primary reason for choosing a social network. But a lot of people do care, at least to some extent, so the free fediverses will be a lot more appealing to them if they improve privacy. And even though I think privacy by itself won’t the major driver for most people who choose the free fediverses, improving privacy also works well with that I think will be the major drivers – like safety, pro-LGBTQIA2S+ focus, and (for people who want nothing to do with Meta) highlighting the core differences from Meta.

            Circles’ approach is certainly interesting, I remember looking at it when they did their kickstarter. Did it go forward? It looks like their blog hasn’t been updated since 2021.

    • Scrubbles@poptalk.scrubbles.tech
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      Its documentation, for example, describes consent-based allow-list federation as “contrary to Mastodon’s mission.”

      and I would agree with them. Consent based federation would fundamentally change the fediverse and create large tenants overnight. Small instances like mine would be at the mercy of large instances to be federated with them. It relies on people being kind and open, something we have already seen that some instance owners can be, others are not. I would even argue that that isn’t even federation anymore, it’s just slightly more open walled gardens

      • The Nexus of Privacy@lemmy.blahaj.zoneOP
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        Yeah, as I say in the article Mastodon makes other decisions that are also hostile to the idea of consent, so I also agree that they see it as contrary to their mission. In terms of large tenants, though, Mastodon changed the defaults to put sign people on mastodon.social, which as a result now has 27% of the active Mastodon users, so I don’t think that’s the basis of their objection.

        And no, consent-based federation doesn’t rely on people being kind and open. To the contrary, it assumes that a lot of people aren’t kind, and so the default should be that they can’t hassle you without permission. It’s certainly true that large instances might choose not to consent to federate with smaller instances (just as they can choose to block smaller instances today), but I don’t see how you can say that’s not even federation anymore. Open source projects approve PRs and often limit direct checkins to team members but that doesn’t mean they’re not open source.

        • Scrubbles@poptalk.scrubbles.tech
          link
          fedilink
          English
          arrow-up
          3
          ·
          10 months ago

          I’m not saying that it’s not open source, I’m saying that I would argue it’s not federation anymore. Open source is irrelevant here, I’m not talking about the code.

          I’m saying instances being “Closed to federation by default” and “whitelist only” is not true federation in my book.

          I also am saying that instance owners are the ones who all of a sudden get a ton of power, specifically larger instance owners because they can decided arbitrarily not to federate with an instance they don’t deem worth federating with. The larger userbase aside, instance owners I believe can become power hungry and greedy and refuse to federate.

          For example, even I, a teeny tiny instance owner, felt a pang of annoyance when someone created a duplicate community on their instance. It was fleeting and I told myself that that’s what the federation is, and that it’s okay, but not everyone will react that way. It’s inevitable that larger instances will say things like “Why should I federate with you, we have all of those communities over here”

          • The Nexus of Privacy@lemmy.blahaj.zoneOP
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            10 months ago

            My open source analogy wasn’t great, but the point I was trying to make is that even things we usually think of as open are compatible with consent. Similarly we’re used to thinking of federation as unconstrained (well except for Gab) (and everybody else who gets blocked) but that’s just the specific flavor of federation that’s been practiced on the fediverse so far -federation’s compatible with consent, at least in my books.

            Power-hungry instance owners can already decide not to federate with other instances, arbitrarily or for any reason – counter.social’s an example. Consent-based federation just changes the default. It’s true that this changes the equation a bit; today there’s a small amount of effort required not to federate, a consent-based approach flips that and there’s a small amount of effort required to federate. At the end of the day, though, power-hungry instance owners are gonna do what power-hungry instance owners are gonna do; threads.net and mastodon.social are going to make their own decisions about federation policies no matter what the free fediverses decide.