There's very little privacy on the fediverse today. Mastodon and other fediverse software wasn't designed and implemented with privacy in mind. Even the underlying #ActivityPub protocol that powers the fediverse has major limitations. But it doesn't have to be that way!
Meta's new #Threads product means that it's critical for the fediverse to start focusing more on privacy. Of course, #Meta's a threat in many other ways as well; that said, the privacy aspects are important too.
For one thing, if Meta does indeed follow through on its plans to work with #Mastodon instance admins and others "partners" who to monetize their users (and their data), people in the region of the fediverse that's not Meta-friendly will need stronger privacy protections to protect their data. And Meta's far from the only threat to privacy out there; changes that reduce the amount of data Meta can gather without consent will also help with other bad actors.
More positively, there's also a huge opportunity here. Privacy's even worse on Facebook and Instagram than it is in the fediverse. So If the fediverse can provide a more private alternative, that will be hugely appealing to a lot of people.
Any way you look at it, now's a good time for the fediverse to take privacy more seriously.
The bulk of the article focuses on threat modeling, a useful technique for identifying opportunities for improvement. It's a long article, though, so if you don't want to wallow in the details, feel free to skip ahead to the section at the end on the path forward and the specific recommendations.
And if you're already bought in to the idea that the #fediverse
should focus more on privacy, and just want to know how you can help make it happen, it also suggests specific actions you can take -- and there's a section with some thoughts for #MastoAdmin
Here's the table of contents:
There's very little privacy on the fediverse today. But it doesn't have to be that way!
Today's fediverse is prototyping at scale
Threat modeling 101
They can't scrape it if they can't fetch it
Different kinds of mitigations
Attack surface reduction and privacy by default
Scraping's far from the only attack to consider
Win/win "monetization" partnerships, threat or menace?
A quick note to instance admins
Charting a path forward
Recommendations
This is still a draft, so as always feedback is welcome. And thanks to everybody for the feedback on previous drafts!
@sabret00the Yup. #ActivityPub is not enough for video distribution. PeerTube is interesting indeed but the storage/bandwidth issue represents a challenge in terms of business model. You need to have a HUGE infrastructure to deal with volumes of video distribution. And that's costly. Not sure it's a business model that can work only through donation/subscription.
@TNLNYC We might be at a tumblr one soon. They want to "update the core experience" to make things "easier for new users" and are talking algorithm rather than linking posts or rolling out the ActivityPub integration they've been silent on.
Someone should start like a service or non profit or organization or you know whatever you want to call it to help public services, non profits, and emergency services start up there own instances on the fediverse to help solve the communication issue they were left with when Twitter went to shit.
Maybe an organization with chapters in different regions/states that helps set up a server or multiple servers that are dedicated to that areas emergency services and things.
Get them either set up self hosting if they have the ability or get them connected and setup with a hosting provider.
They would be verified by domain name, in person in the community, and this new organization.
This would help solve future issues from big social media breaking their communication and would get more people onto the fediverse.
I guess I have a warning for would-be social media influencers checking out the #fediverse. The warning is that while the fediverse may appear to be similar to #twitter, the similarities remain superficial. If you've come here in the hopes of some algorithm to assist, you will be sorely disappointed. Furthermore, most participants in the #ActivityPub realm have chosen to be here precisely because they found attempts to be influenced or manipulated tiresome and annoying.
Social media influencers will probably find more traction at Bluesky. The fediverse world is independent-minded and less likely to be swayed by an individual opinion, even regardless of celebrity status. We are more apt to question the influencer's point of view than to take it in faith.
In short, the fediverse isn't a popularity contest. It's merely a platform for exchanging ideas and learning from other people.
Head twist: How do #ActivityPub server implementations like Mastodon not understand that account transfer means the whole digital content related to an account, not just selected pieces.
Analogy: This is operating like old school bank accounts where followers are direct debits and who you follow are standing orders. Your content (transactions) don’t move to your new bank but you have statements (export of data).
It’s digital and data plus 2023. We can do so much better. Wander pondering.
@dahukanna 100% agreed. Someone build an content import tool on top of Mastodon (in very early testing). But thats definitely not an excuse for it to be natively included like other servers do
@dahukanna 💯. The explanation though is pretty straightforward: Eugen, who makes the decisions about what funcationliaty to prioritize in mainline Mastodon, also is CEO of the non-profit that runs mastodon.social. From that perspective, not having a migration tool helps keep people there and ensure that remains the largest instance. So even though it's something people have clamored for since forever ... somehow it never really gets prioritized in mainline Mastodon. It's better than it was but still not what it should be. Meanwhile Calckey has implemented post importing, and @tokyo_0's made good project on post important with #MastodonContentMover -- so it's not like it defies the laws of physics for Mastodon to get a lot better.
Interestingly last week's reporting on Meta's Project 92 says it'll the ability to import posts from Mastodon. Who knows whether it actually well but they clearly know it's a valuable feature.
Since the lemmy issue is getting overrun with people talking about other proposals, I'm thinking about submitting this as a #FEP. Is that still a useful process? I don't know how many projects look to FEPs for implementation guidance.
@0x1C3B00DA My issue with this proposal as a moderator is how conflicting moderation styles will work. Moderators would either have to do double the work (if everything is sent over) or they may lose out on posts that would be fine in one community but not another (if each community moderates separately).
The only way to fix it would be to "unfollow" the communities and that in turn can cause users to get upset. I think a multireddit approach is probably better TBH.
We really should consider services that are not #ActivityPub based but still a federated to be part of the #Fediverse and promote them accordingly. Self-hosting is a plus.
#Usenet is also federated and has been since 1979! There are free providers: https://www.big-8.org/wiki/News_service_providers. If one excludes binaries groups, it's possible to peer with other providers via #NNTP. Posts and groups are linkable in HTML.
I still haven't made up my mind about blocking Meta's #Threads, codenamed #Project92 or #P92, supposedly supporting #ActivityPub, should it actually launch. As far as I can see, it's basically "keeping the evil surveillance corp. out" vs "avoiding nerdy self-marginalization".
Both are fair points. I guess, it depends. But on what? For me, the key point is if Threads (or whatever its name) supports easy migration (as Mastodon does). If that's the case, I would prefer not to block it, as it could be an offramp from the walled garden. If this feature is omitted, then I would be much more open to blocking.
But in the end, this should not be a decision by the admins, but a collective one by the users of the instance. #fedipact#Project92
@festal
The issue is more complex than just 'surveillance' (which they don't need to join the fediverse to do). The fear is that they'll do basically what google and big providers did to email, which is now much more impractical to self host, by swamping out with sheer volume everyone else and being the big voice that ends up dictating the evolution of the fediverse to its own detriment, opportunistically grabbing more users and then cutting off support for little servers. There's a rumor circulating that they want to PAY big servers to federate with them, and demand that content meet their guidelines, which could obviously fuck over people as it would create a vicious cycle of dependency as big servers would become incentivized to do whatever they want in order to keep the cash flow going - you could no longer trust them, and I guarantee you big social companies will be tempted to start using advertisement bots and artificial upvotes on influencers and toxic controversy to increase clicks and engagement.
I dunno about you, but I don't want ads or upvote-bots in my fediverse or big servers becoming beholden to a for-profit corporation for money. We've seen where that story goes - worse and worse.
If they actually do pay big servers, I am all in favor of defederating immediately as that is a huge red flag to me. But so far it is just a rumor. If they behave well (which would mean not tolerating Neo-Nazis, which, y'know, twitter does) I could be okay with them getting a probationary entry.
Does anybody really implement pure #ActivityPub (and ActivityStreams 2)? Looking at the actor (and/or attributedTo) fields, for example. There can be multiple of each. The JSON representing them could have a string/URI, a mapping, a Link, or a list of a combination of those types. Assuming a server handles all those variations (I doubt any server does), how does it interpret it in a context where a specific inbox/outbox POST is authenticated using HTTP signatures (single actor)?
Really excited for the #activityPub developer tools I’ve been working on lately, there are a few different tools that will aid in debugging and development of your AP projects!
Eventually I’d like to build a test suite using a corpus of community contributed projects to test compatibility with various projects
It will be open source, and you’ll be able to download single file scripts that you can run locally to test without requiring a prod/tls stack
I know there is a need for this, and a group that is trying to organize something like this.
Nothing against them, but I think I can built a foundation for this myself without bureaucracy or countless meetings, and then hand it off to them or a trusted fediverse entity.
I’m all for collaboration, but sometimes it’s better to go alone and then release an MVP instead of trying to organize a project with many devs who can’t decide on what lang or code style to use.
“Fediverse can only win by keeping its ground, by speaking about freedom, morals, ethics, values. By starting open, non-commercial and non-spied discussions. By acknowledging that the goal is not to win. Not to embrace. The goal is to stay a tool. A tool dedicated to offer a place of freedom for connected human beings. Something that no commercial entity will ever offer.”