We’re in an exciting time for users who want to take back control from major platforms like Twitter and Facebook. However, this new environment comes with challenges and risks for user privacy, so we need to get it right and make sure networks like the Fediverse and Bluesky are mindful of past...
And people say what instance you choose doesn’t matter. Wild that the choice often seems to be between giving your info to mega corps or trusting a random person who’s servers could be raided at any moment for entirely unrelated reasons.
Given what we’ve learned about illegal and secret government surveillance from whistleblowers like Edward Snowden, I wouldn’t trust a megacorp any more than “a random person”.
The government already has the keys to all the megacorps’ kingdoms. The only possible way to protect your data is to make sure it uses client-side encryption, and that those encryption keys never under any circumstances travel over the internet.
You should assume that any information you give to ANY site is readily available to all major world governments.
Keep your private messages on end-to-end encrypted platforms like Signal or Matrix. Consider everything else public.
IMO the end goal of a decentralized network should be to have a large number of small servers. Any raid/takedown should only affect a small subset of users.
Right but the instance I’m on could get taken over by an asshole, and get defederated by, or defederates from, my favourite subs. Then I’ve got to abandon that account and start a whole new one, same as I did leaving Reddit. I’m really not sold on this model until I can transfer my account somehow.
I believe Mastodon has a “transfer accounts” feature. I don’t know if Lemmy and Kbin do though.
It’s tricky to implement though. Unfortunately ActivityPub didn’t really consider account transfers as part of the initial protocol design.
It’s something Bluesky is doing better, since they designed their system to be able to handle transfers from day 1, as a core part of the protocol. (it’s going to become federated, eventually, but using their own protocol instead of ActivityPub).
Federating user accounts gets into difficulty with GDPR and similar privacy laws that make it challenging to do right and legally in all jurisdictions.
Yeah… For EU users, I guess it’d have to be limited based on the relevant data transfer laws (i.e. if your account is on an EU instance, only allow transferring to other EU instances).