this post was submitted on 13 Jul 2023
117 points (98.3% liked)

Technology

3 readers
7 users here now

Talk about anything tech related!

founded 1 year ago
MODERATORS
top 37 comments
sorted by: hot top controversial new old
[–] HeartyBeast@kbin.social 34 points 1 year ago (1 children)

The Tl;dr is that ‘stuff you write using Fediverse protocols is effectively public, so don’t post stuff you want to keep private’

[–] Hyperreality@kbin.social 11 points 1 year ago (1 children)

The problem arises when facebook links stuff you posted anonymously, with your named account.

[–] HeartyBeast@kbin.social 2 points 1 year ago (1 children)

How are you suggesting Meta is going to do that?

[–] Maestro@kbin.social 14 points 1 year ago (1 children)

The same way they do on Facebook and Instagram. By using the vast amount of data they have already collected.

[–] HeartyBeast@kbin.social 1 points 1 year ago (1 children)

So really, the headline, according to you should be "only not writing anything on the public web will be enough to protect your privacy". You argument has nothing specifically to do with the Fediverse or Threads federating.

[–] ArbiterXero@lemmy.world 7 points 1 year ago (1 children)

I think the point is that we should all agree to limit Facebook’s access to our data.

Federating helps them do shitty things and that seems bad.

[–] HeartyBeast@kbin.social 0 points 1 year ago (1 children)

Yes, I agree about Facebook. But over exaggerating the threat to privacy that federation poses isn’t the way to do it, in my opinion. Instead there should be a clear, well-informed and accurate risk assessment

[–] ArbiterXero@lemmy.world 3 points 1 year ago (2 children)

Okay but his risk was still real.

Facebook will aggregate your online data and deanonymize things you didn’t want exposed.

Privacy matters and every inch is worth fighting for at this point because we’ve lost so much.

[–] HeartyBeast@kbin.social -1 points 1 year ago (1 children)

Sure, but that has nothing specifically to do about Federation with Threads.

[–] ArbiterXero@lemmy.world 3 points 1 year ago (1 children)

Yes…. It does… threads is owned by Facebook.

[–] HeartyBeast@kbin.social 0 points 1 year ago (1 children)

The suggestion in the article is that Facebook and Threads have some special way of gettimg information about you from the fediverse. From what I can tell that's not true. Your exposure is the same here, as it would be posting anywhere on the public internet - on Reddit, for example.

[–] ArbiterXero@lemmy.world 2 points 1 year ago

For sure!! The data they can get from federation isn’t a ton more than from scraping sites.

But scraping sites is HARD and we’re better off NOT making it easier for them.

Facebook is also likely to put effort into rebuilding existing communities on their federated version of the sites encouraging users to go there. They’ll make it really attractive.

And then they get MORE data because they will be able to see and aggregate which communities you look at and browse. They can’t get that without federation.

And that entirely ignores the “embrace extend extinguish” angle that I assure you is coming.

Because they’re bound to their stockholders to always produce the most profit, and letting people browse “other” services doesn’t play well with that.

[–] zos_kia@lemmy.fmhy.ml -3 points 1 year ago (1 children)

That's just fear mongering based on extremely contrived examples. It also has nothing to do with federation, it is trivial for any actor, whatever their resources, to access all the information in the fediverse.

Don't be a boomer. Leverage security in public. Have alts and personas. Stay focused instead of falling for corporate astroturfing that tries to decredibilize new initiatives.

[–] ArbiterXero@lemmy.world 3 points 1 year ago (1 children)

That’s just factually incorrect. Only the servers themselves know which articles I’m reading. Upvotes and comments are public, but that’s not ALL data.

It’s cute that you consider it fear mongering , but you’re not actually making any argument outside of an attempt at a personal argument and calling me a boomer.

I’m sure it feels silly to value privacy, because we haven’t been watching what they’re doing. Then suddenly an authoritarian gets power and you’re being jailed because Facebook sold you out to the authorities. You’re going to call that fear mongering too, except that it’s happening today with abortions.

But you won’t be interested in that because your health/life isn’t the one that’s being put at risk.

[–] zos_kia@lemmy.fmhy.ml -1 points 1 year ago (1 children)

No no let's be clear about the threat model we are discussing here : the possibility for Meta to de-anonymize me in a way that might hurt me, although i don't have accounts on Meta properties. That is a pipe dream. Even the example on the top of the article has nothing to do with federation it's just about a Meta property communicating your data to another Meta property which, no shit, Sherlock.

There is no technical proof that our identities on the fediverse are in danger because of Threads. Litterally zero. There is barely any functioning threat model, and the authors of this one admit readily, in the abstract of the paper, that these models would apply to any bad actor. They just take Threads as a notorious example.

Now, is Lemmy particularly subject to paranoid thinking, or are some trolls shilling on Lemmy to decredibilize the solution, i don't know. But this is all wild speculation.

[–] ArbiterXero@lemmy.world 2 points 1 year ago (1 children)

You might not have any meta accounts but that’s not the norm.

Giving meta access to cross pollenate their data is a terrible idea, that’s the entire problem with meta and Google, they have too much information on us to the point they can identify us without the accounts. Their ad tracking in the background of other sites gives them information that you gave a third party.

The threat model is the same as Cambridge analytica, selling “manipulation” and everyone thinks they’re above it, they aren’t. You aren’t.

So yes, the threat models apply to any bad actor, you’re right, but it’s the larger and more coordinated ones that pose the bigger threats here.

A bad actor with access to only Lemmy has more limited data and options for threats.

That that ignores the fact that Facebook/meta is going to use Microsoft’s “EEE” model to push traffic to their own version. Google is doing it today with chrome.

[–] zos_kia@lemmy.fmhy.ml 0 points 1 year ago (1 children)

What's disheartening to me in this kind of conversation is that when you boil it down to specifics it becomes super vague. "Cross pollenating data", well i'm a data engineer and i have no idea what that means. "Selling manipulation" is a threat model ? "Embrace Extend Extinguish" ? I'm sorry but that's word salad to me. If we take those arguments far enough they just become "yeah well bad people can do bad things to you on the internet" and while true, this is entirely irrelevant to the fediverse conversation.

The OP blog article does not support the positions you see every day in Lemmy comments such as yours. All he's saying of tangible value is that if Meta federates then your account & instance names will be potentially visible by people on Threads. That is not a credible threat to your privacy in the fediverse - that is just the system of federated social networks working as intended.

Whatever attack vector there is against you already existed before the fediverse or Threads. And Lemmy was never designed or marketed as adequate protection for people who need full-stack privacy.

[–] ArbiterXero@lemmy.world 2 points 1 year ago

There’s absolutely new threat vectors.

Let’s get specific, since you claim to work in analytics.

If I can link your lemmy account to a Facebook account, then I can uniquely identify you.

Any posted links from the meta federation that open in a browser can use standard fingerprinting to identify you. That still exists today, but given I served your ip the lemmy-article and you then clicked the link in it, I can now join the two by ip alone. Now there could be multiple people browsing at your house, so this will have to be a time series and probability, but the correlation will eventually be strong enough to say with reasonable certainty. This works especially well if I put something like “google amp” or a url shortened in the middle of the links, because then I don’t need to have my advertising/tracking code on the website. Without the federation I can’t link it to an account and I can’t see your browsing history on pages that my “analytics code” isn’t on.

There’s your netsec threat vector.

From the social perspective, the threat vector is exactly the same as Cambridge analytica. I notice that you as a unique user fit pattern x and I start tailoring the links you see and don’t see based on what I want to change about you. Now it’s not AS effective because the real effectiveness there was removing articles that disprove some of my bullshit. Because I’m just a node in the federation, I can’t prevent other nodes from showing you conflicting info.

Selling manipulation is a social threat vector, but if you want netsec, you now have both.

EEE becomes important because it increases effectiveness and value of the manipulation that I sell.

Then suddenly you wake up, everyone has voted for brexit or some orange scammer against their own self interest. If you work with big data, then you know that you can change a lot of individual points in small nearly imperceptible ways (to that specific data) that can make huge changes to the dataset as a whole.

[–] MrJameGumb@lemmy.fmhy.ml 23 points 1 year ago

Facebook goes out of its way to ruin everything, big surprise there... I got rid of Facebook years ago and I'm amazed that anyone still uses it. They've gone out of their way to spread hate, steal data, publish misinformation etc why are so many people still supporting it?

The answer is that people today would gladly give their souls away for free if it saves them the minor inconvenience of having to put in the minimal effort required to find something better

[–] dusk@lemmy.fmhy.ml 12 points 1 year ago (1 children)

What kind of privacy expectations do people even have around an open microblogging platform???

[–] freeman@lemmy.pub 6 points 1 year ago (1 children)

I have generally taken to the principle that I wouldnt say anything here I wouldnt say in mixed company or in public.

Its less stressful that way.

BUT - privacy is still important. When I was on reddit I had people witchunt me for relatively mundane hot takes. Luckily (for me) they didn't string together the details correctly to identify me specifically but they tried, and probably harassed some innocent bystander in the process. So even while my main principle applies, I also tend to try and keep things vague and non-specific. Of course though, that gets more difficult as topics change, your account becomes more "seasoned" etc. I dont really care if my co-workers know my handle. Just dont want some random crazy person trying to get me fired because i go fishing or something.

Every action on the Fediverse is inherently public. Every server operator can see every post, comment, like, dislike, favorite, etc.

[–] NeoLikesLemmy@lemmy.fmhy.ml 7 points 1 year ago (1 children)

Even commercial 'social' media need anonymity.

[–] chris@l.roofo.cc 6 points 1 year ago (3 children)

You control how anonymous you are. If you post non personal stuff under a pseudonym you are anonymous. Even to meta.

[–] db0@lemmy.dbzer0.com 6 points 1 year ago* (last edited 1 year ago) (1 children)

Not accurate. Due to how widespread facebook trackers are, it can identify you from the behaviour of others. People in your social circle linking to your content. People in your subnet using facebook services. People who hgave your phone numbers linking to your content on whatsapp etc. It's scary how easy it is for a massive corpo to remove anonymity from anyone if they want to.

[–] StantonVitales@beehaw.org 4 points 1 year ago

Thank God I don't have a social circle

[–] fuck_u_spez@lemmy.fmhy.ml 4 points 1 year ago (1 children)

Not really, the way you write, leaves a fingerprint itself, so with a little bit of AI it's possible to link personal/identifiable profiles with pseudonymous/anonymous ones.

[–] chris@l.roofo.cc -3 points 1 year ago (1 children)

I doubt it. But even if your only way of circumventing it is not to use social media. Because social media is not private. That is the point.

[–] Umbrias@beehaw.org 2 points 1 year ago

I doubt it

It has been demonstrated time and time again that social graph fingerprinting is not only widespread but extremely effective.

your only way of circumventing it is not to use social media

This article literally demonstrates a way of circumventing it. Blocking all instances that federate with threads.

Additional tracking options can further improve your privacy and difficulty to be fingerprinted in general, things like librewolf, for example.

[–] NeoLikesLemmy@lemmy.fmhy.ml 1 points 1 year ago* (last edited 1 year ago)

That's not the question here.

The 2 problems here are

that F*book scrapes this user's personal data from other random places (very illegal)

and that they change the FB profile without asking the user specifically (should be illegal, but maybe they find an excuse in their terms & conditions)

[–] MavTheHack@lemmy.fmhy.ml 6 points 1 year ago* (last edited 1 year ago) (3 children)

Anyone wanna give the tldr?

There's a cookie in it for ya 🍪

[–] Hillock@kbin.social 11 points 1 year ago (2 children)

Even if you and the instance you are using is blocking Threads your information still becomes visible to Threads if someone on an instance that isn't blocking Threads interacts with you. The interaction can come in the form of following, boosting, or mentioning your name.

Then the fear, according of the article, is for hate groups going out of their way to harass vulnerable groups.

[–] amio@kbin.social 4 points 1 year ago

And it's worth mentioning that the article has specific cases of that happening already.

[–] fuckyou_m8@lemmy.fmhy.ml 2 points 1 year ago* (last edited 1 year ago)

They don't even need to go through a middle third party instance, they just have to have a ghost instance that nobody know it belongs to them and this one will federate with everybody else

For example if you go to FMHY federated instances, there is one called evil.social , that could be from Meta or Google or NSA... nobody knows

[–] amio@kbin.social 4 points 1 year ago

Threads has an influx of bad actors (right-extremist, anti-LGBT racists and any permutation) who intentionally target vulnerable groups on the FV.

You can't rely on individual blocks, including for the whole Threads "instance". If Threads ends up in a federation, everything else on that federation is now compromised because that's simply how public content works on AP. There's no real way around this without keeping Threads out of federation.

[–] aka_oscar@beehaw.org 2 points 1 year ago* (last edited 1 year ago)

tldr: Its no use.

I dont remember the reason but that was basically it.

[–] Nitrousoxide@lemmy.fmhy.ml -1 points 1 year ago

I agree wholeheartedly with this. Block Threads if they do a shitty job moderating their users and they post stuff not permitted by our instance like homophobia, transphobia, racism, etc. Preemptively blocking them to "protect privacy" won't do that and gives the false impression that what you're posting to the fediverse can't be just hoovered up by google/meta anyway.

load more comments
view more: next ›