The free fediverses should focus on consent (including consent-based federation), privacy, and safety (privacy.thenexus.today)

submitted 8 months ago by thenexusofprivacy@lemmy.blahaj.zone to c/fediverse@lemmy.world

50 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[-] scrubbles@poptalk.scrubbles.tech 48 points 8 months ago

Privacy is a reverse idea on the Fediverse. I know it's a hot take, but by design the Fediverse is never going to be private and people should stop assuming it is.

When you send out a comment/like/post/whatever, you are literally broadcasting a message to any other instance listening. It essentially just says

{
  messageId: 42,
  message: "This is some message",
  action: "comment"
}

and if you want to delete that message it's essentially

{
  messageId: 42,
  action: "delete"
}

While Lemmy and Mastodon respect that, anyone can build any fediverse app and simply choose not to use it. Anyone can build a search engine and can choose to respect the delete or not. Any instance could defederate from them if they don't like that, or they may not care. The point however is that ActivityPub is designed this way, and there really isn't a better way.

If your comment has been sent out to other instances - well then it's there already. You can't delete it without some form of just asking politely that they delete it. They have it already, it could be stored in their DB, duplicated in other DBs, aggregated and sent to AI, searchable, whatever. They have it. There is no concept of "delete" on the fediverse. It's asking nicely for them to delete it.

[-] RmDebArc_5@lemmy.ml 12 points 8 months ago

The thing most people get wrong is privacy friendly =! private. If you say something publicly (on the internet) you can assume it will stay for ever, if not directly then via some sort of archive. The privacy part of Lemmy/Mastodon is them not collecting data on what you look at to sell it. If you want something private then don’t use Social Media, because what you say publicly will stay public.

[-] webjukebox@lemmy.world 3 points 8 months ago

The privacy part of Lemmy/Mastodon is them not collecting data on what you look at to sell it.

Nor requesting your real name and ID, phone number...

load more comments (20 replies)

[-] originalucifer@moist.catsweat.com 25 points 8 months ago

this seems like nonsense. as if youre going to limit who can see your public posts... the fediverse is opt-out not opt-in. you opted-in when you signed up with an AP federating platform.

if you dont want to federate, dont use a federating platform. if you want privacy, dont use a platform designed for public distribution.

[-] lambalicious@lemmy.sdf.org 2 points 8 months ago

It's not as much about seeing, it's about using, and profiting from.

This post under CC-BY-NC-SA.

[-] muntedcrocodile@lemmy.world 5 points 8 months ago

U know activpub supports adding licences to things but lemmy doesnt want it. Pixelfed and peertube already have it but lemmy told me i was an idiot for wanting to licence my content.

[-] RobotToaster@mander.xyz 23 points 8 months ago* (last edited 8 months ago)

If something is on a public unencrypted website, it isn't private.

Unfortunately certain people have chosen to mislead users about this.

You may as well post your ass on a billboard then complain that people look at it.

[-] thenexusofprivacy@lemmy.blahaj.zone 1 points 8 months ago

Fediverse software has followers-only posts, direct messages, local-only posts … Mobilizon and Streams even have private groups.

[-] Steve@communick.news 13 points 8 months ago* (last edited 8 months ago)

None of that is private. It's all readable by anyone with an admin account.
As a general rule. If it's not end to end encrypted, assume it's public.

[-] thenexusofprivacy@lemmy.blahaj.zone 0 points 8 months ago

"Readable by anybody with an admin account" is not the same as public. And as a bunch of people involved in January 6 found out, end-to-end-encrypting something doesn't keep mean it won't get revealed. So the general rule is assume anything you say online could be made public; use Signal (or some other encrypted messaging that you trust) and limit distribution to a small number of trusted people to reduce the chances of that happening -- but don't count on it!

[-] blue_berry@lemmy.world 20 points 8 months ago

It’s fine if single instances do consent-based federation that prioritize safety over openess, but why should it become the default for all instances? It will result in instance protectionism and an overall decline in discussion quality. Making it opt-in means people will connect less likely with folks from other instances, meaning people will mainly stay on their instances, meaning it supports tribalism in the Fediverse. More safety usually comes at a cost, too. In this case: less interaction with other instances.

But if you federate with instances that you trust good enough in the first place, constent-based federation is not necessary imo.

[-] pewgar_seemsimandroid@lemmy.blahaj.zone 1 points 8 months ago

@ada@lemmy.blahaj.zone

prioritize safety over openess

[-] blue_berry@lemmy.world 1 points 8 months ago* (last edited 8 months ago)

No wait, I was wrong Its not necessarily instance protectionism. For especially vulnarable groups consens-oriented federation might make sense.

The question is whether this is the desired state for all instances and I would disagree here. I think this falls under a bigger societal debate: should the fediverse become a place were all potentials of harm are completely erased? In other words: should the Fediverse become a safer space?

First of all, minorities should be protected as by the laws of many countries. However, what harm looks like beyond that should be dynamically defined in social debate. Now you want to skip that and erase all potential out of the stand.

This ignores that these societal norms change over time and that a certain risk is part of the human condition. There always needs to be a balance between freedom and protection for the whole society. But as said before, safer place are also needed, but they dont work as blueprint for the whole society.

Early christian groups can also considered safe places. You are aligned here with what to me are totalitarian argumentation patterns that thrive for a garden eden that will never exist.

That doesnt mean that we shouldnt thrive for certain ideals but not for things that cannot and shouldnt be expected of people, like giving up their free will for complete safety.

load more comments (11 replies)

[-] muntedcrocodile@lemmy.world 20 points 8 months ago

Might spund a little conspiratorial but this fubdamentally breaks what federation means and specificly gives enormaus power to larger instances. Also the language of it by calling it consent feels like its meant to evoke a certain emotional reaction almost like its part of a larger phyop.

Also there is no such thing as privacy on the fediverse. There is anonymity if ur carefull.

[-] Fizz@lemmy.nz 17 points 8 months ago

I don't expect anything I post here to be private.

[-] thenexusofprivacy@lemmy.blahaj.zone 6 points 8 months ago

On Lemmy? Certainly not. But on other fediverse software, there are followers-only posts, direct messages, local-only posts ... none of it's encrypted, but still it's not public.

[-] CrayonMaster@midwest.social 2 points 8 months ago* (last edited 8 months ago)

Tbh I'm struggling to imagine what this would look like in something like Lemmy. It seems to be describing an extreme form of setting your account to private, but this only really makes sense in a situation where you have followers who are friends and family. How would I decide who to "approve"?

[-] thenexusofprivacy@lemmy.blahaj.zone 1 points 8 months ago

Great point, I should be more explicit in the article. On Lemmy, it would look like a couple of things:

today, another instance's request to federate is accepted unless it's explicitly blocked. This means that bad actors can get away with stuff until they're discovered and blocked (although it makes it easier for good actors to federate). Consent-based federation turns that around: a request to federate isn't accepted unless it's approved. One way an instance admin could decide whether or not to approve a request is to look at FediSeer to see what other instances are saying about the requestor.
at the individual level, it would mean that people would start out by participating in local communities (and maybe even just seeing posts from their instance, not sure about that), and could then choose to have their posts federated out

[-] CrayonMaster@midwest.social 4 points 8 months ago

That sounds like it punishes small instances... a lot. What would starting an instance look like? Do you start with a huge list of servers to inspect and approve?

[-] thenexusofprivacy@lemmy.blahaj.zone 1 points 8 months ago

For new instances, the easiest thing is to start with the list of an instance that the kind of moderation you agree with. If I were starting up an instance in the Lemmy world, I might go with the current federation list of lemmy.blahaj.zone or beehaw.org (although others might make differnet choices), in the Mastodon world I might use awoo.space as a starting point.

There's certainly a need for tools to make this more scalable. "Recommended lists" are a likely next step; there isn't much software support for this yet, but it's similar enough to blocklists that they're also fairly straightforward; it would be up to the new instance admin to decide how many to inspect or whether just to trust the list. And tools are also needed to address the challenge in the other direction: how do existing instances decide whether or not to accept the request? Instance catalogs like fediseer can help. Another possibility that I mention and link to in the article is "letters of introduction"; federations of instances (which I'll talk about in the next installment) are another.