this post was submitted on 07 Jul 2023
27 points (90.9% liked)

Technology

59377 readers
4087 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

So this has been going around my head for a while now: What if they do not care about their users per se but want the few users they get to exploit the federation to shamelessly crawl the fediverse?

I mean... they get enough users that will subscribe to enough of the fediverse to make instances of every shape and size proactively deliver them our post and interaction data with free shipping, right?

So is defederating in the end not only a prevention against company controlled content that might flood the fediverse, but a measure to protect the users on the fediverse right now from ending up in Meta's databases just in the same way they would if they just had used facebook in the first place?

top 25 comments
sorted by: hot top controversial new old
[–] Aftermath6187@vlemmy.net 15 points 1 year ago (2 children)

I don't think meta is threatened by the fediverse yet. They're just trying to grab twitters market share.

[–] norgur@discuss.tchncs.de 4 points 1 year ago* (last edited 1 year ago)

Oh, I don't think they're threatened by the fediverse either. I think that there is no chance in hell that they have not built some tool internally that will try to funnel every bit of data on the fediverse into their data pools, using users as a means to get the instances they want to scrape to deliver the data to them without any consent of the other instance's users whatsoever.

[–] starman@programming.dev 1 points 1 year ago (1 children)

Then why they will implement ActivityPub?

[–] jecxjo@midwest.social 1 points 1 year ago

Why reinvent the wheel when you have a FLOSS service that has active developers and millions of "beta testers"?

[–] lobster_irl@kbin.social 11 points 1 year ago (1 children)

I don’t think so because they can just crawl the fediverse now without threads as far as I’m aware. We’re all posting publicly right?

[–] norgur@discuss.tchncs.de 4 points 1 year ago (2 children)

They could do classic web crawling, yes. But that is -super slow -easy to detect -easy to block -illegal for companies to do for the sake of selling shit in many places, since the users have not given you consent to use their data

I think they try to pull the WhatsApp stunt here: when you sign up to WhatsApp, WhatsApp will send your whole contact list to Meta and update it on every change in order to "connect the phone numbers on your phone with WhatsApp users" (or so they say). They have structured this process in a way that they're not at fault, but the user is. Since the user "sent" them the numbers, they are not the ones who need consent to use the data, the user needed that. Same with the fediverse. "No. We didn't steal any data without consent! Our users should have had that consent when they subscribed to technology@lemmy.world! The data was pushed to us from there, we ain't doin' nothin' wrong!"

[–] drmoose@lemmy.world 5 points 1 year ago (2 children)

I don't think anyone needs consent to do research using your public posts though. You can literally scrape the whole Twitter and run sentiment analysis and nobody can do anything about it for example.

[–] norgur@discuss.tchncs.de 2 points 1 year ago

Yes, you can. Yet, that will not give you the interaction history (who liked what and such) and is way less convenient to do compared to "set up ActivityPub in own app real quick and have the whole fediverse send shit to me nicely formatted with interaction data ready to be used". Legal issues arise in some spots when doing web-scraping-things like when you copy and use copyrighted imagery or happen to scrape stuff you weren't allowed to see for some reason.

All of those hurdles are out of the way automatically when you literally just use the inner workings of the service the data is from. No user can complain when Mate collects data sent to them via ActivityPub. That is literally what this protocol is used to do and the inner core of any application running it. If you don't want your data to be sent to other instances around the world: Don't use the protocol, right?

They can get the data in many different ways, this is just the most convenient one.

[–] jecxjo@midwest.social 1 points 1 year ago

What does that do for Thread users though? They can't interact with the posts. Would make Thread suck more as suddenly there is this group of users in some strange parallel universe you can see but can't interact with and they can't see you.

[–] lobster_irl@kbin.social 2 points 1 year ago

Interesting thanks for that I didn’t think of it that way!

[–] ward2k@lemmy.world 6 points 1 year ago (1 children)

Correct me if I'm wrong but defederating only stops us from being able to view posts from Threads, our posts/comments will still be completely accessible to Threadz/Meta

In terms of "protecting" your data from Meta, defederating will achieve nothing

[–] jecxjo@midwest.social 3 points 1 year ago (2 children)

I believe they would not get any content from the other servers if they are following ActivityPub protocol. Basically when they query for posts all those who defederated them would return a 400.

They could get around that an access the public side of everything but that causes a bigger call center issue. "Why can I see posts from lemmy.world but I can't reply?!?"

[–] SkyNTP@lemmy.ml 3 points 1 year ago* (last edited 1 year ago) (1 children)

Defederation does not protect user data/privacy, not in the slightest. Anyone can spin up a Fediverse instance, play nice, and secretly sell or transmit the database to any third party. (I'm not even sure defederation blocks read access by the blocked server, regardless it's moot as a read access block on a single server is trivial to circumvent.

Forget it.

Defederation only has one effect: protecting write access on the defederating server. It does not prevent people writing about content from the defederating server on other servers (in the same way that you could comment about a Twitter post on Reddit by posting a screenshot), and it certainly will not stop read access.

[–] jecxjo@midwest.social 1 points 1 year ago

I think people are misunderstanding what defederating gets us. Yes what you stated is all correct. You don't even need to have a server you can get the vast majority of the data you need from the public API and scraping the pages. It's more work but totally feasible.

What defederating gets us is that Thread would need to come up with a convoluted way of pulling in all the data and their users wouldn't be able to interact with other federverse accounts. You could see my Toots but not be able to comment or +1 them. You'd just see them as if you didn't even have an account.

So what is the benefit of that? Sounds to me like a shittier service than had they not tried to federate at all.

[–] ward2k@lemmy.world 1 points 1 year ago (2 children)

No, users still see content from defederated instances

For example BeeHaw has defederated from lemmy.world however lemmy.world users are still perfectly able to see posts from BeeHaw communities, they just can't interact with them

The point Is if you're wanting to Defedrate from Threads from a privacy perspective you're achieving nothing

If you're defederating/blocking Threads because you don't want to see their content or want their users interacting with you/your instance then fair enough

[–] lagomorphlecture@lemmy.world 2 points 1 year ago

Well, it might not be a 100% effective solution then but it does save users the trouble of accidentally interacting with content on Threads. If it doesn't show up in my feed, I don't click on it without noticing where it came from.

[–] jecxjo@midwest.social 1 points 1 year ago (1 children)

I thought you could block defederated domains from making public API calls, though maybe they is a step done outside of ActivityPub.

The point Is if you’re wanting to Defedrate from Threads from a privacy perspective you’re achieving nothing

I think people need to stop thinking privacy is a thing with a public service like this. It's not. All we'd get is making Thread crappier if they had this ghost version of all Federverse accounts.

[–] ward2k@lemmy.world 2 points 1 year ago

Yeah absolutely, I think people really need to understand that Meta won't be the last to try to integrate with the Fediverse, as it grows it's unfortunately unstoppable that ad companies (as well as more malicious actors) will start harvesting as much useful user data as they can

People need to be more careful with what they post as even small things like who has upvoted/downvoted a comment is viewable

[–] Illecors@lemmy.cafe 4 points 1 year ago

Yes, it is.

[–] skillissuer@lemmy.world 3 points 1 year ago (1 children)

you can hoover up everything even without instance and through API, but it takes a well motivated actor to do so. fb has this capability

[–] norgur@discuss.tchncs.de 4 points 1 year ago (1 children)

Or they can sloppily slam a little ActivityPub into their new attack on Twitter, use the fediverse's anti-giant-corp-shenanigans-image for advertising ("Have you heard of the super open and user-run and "good" and super data protective fediverse thing? You can have that through us and it will still feel like the big-corp-world you are used to but shomehow make you feel all anti-capitalism and warm inside! DOWNLOAD TODAY!), boost the availability of content from launch and then, as the cherry on top, eliminate the need for any real ressources that would be required to scrape the web and avoid any legal issues that come with that. ActivityPub will make the rest of the fediverse bring all that content to them free of charge. NO APIs, nothing to call, nothing to monitor. The ActivityPub component on their end just needs to be running and all that nice, juicy user data from people who did not want them to have their data will come rushing in just like that.

[–] skillissuer@lemmy.world 2 points 1 year ago (1 children)

or they can just set up single user instance, populate it with bots that subscribe everywhere, and get the same effect

[–] norgur@discuss.tchncs.de 1 points 1 year ago

Yes and no. Coding a bot that actually runs reliably when dealing with mass-inputs to other servers isn't as easy as having users do the stuff for free. Time isn't important to them I guess. Plus: As an added bonus you get the "embrace, divide and conquer" approach that has worked for services like XMPP for example.

[–] SkyNTP@lemmy.ml 1 points 1 year ago

Threads can only attack Fediverse in two ways: spam (business as usual), and convincing existing fediverse users to use Threads instead.

Assume everything you do and post on Fediverse (or Threads, or anywhere else for that matter) is public, and has been scraped by three letter agencies, advertisers, and archivers.

Being anywhere on the internet is like being in a public cafe. You think no one is watching, but people are, they just aren't paying attention to you untill you do something worth watching.

[–] lagomorphlecture@lemmy.world 0 points 1 year ago

Many instances have proactively signed a pact to defederate from them but I don't think lemmy.world did, and if they don't I'll be looking for another instance that does.

load more comments
view more: next ›