polygon

Most people don’t understand what this is or why it’s important. And that’s not their fault. The kneejerk reaction to having data collected is justified due the amount of companies who abuse it. I mean the amount of stuff you have to turn off (and block the stuff you can’t turn off) just to use Windows in a reasonable manner is insane.

I don’t fault people for reacting to this news, even though it’s not even really news. Developers need to know how people use their products if they want to make them better. And it’s opt-in, which is the right way to do it. 1Password certainly knows this and the fact they’re trying to be so transparent shows that they know they need to prove what they claim.

1Password has built a lot of trust with it’s users over the years. There was some controversy over switching to a subscription model, but realistically $3.50/month to have the most important data you possess hosted securely (and they’ve been super transparent about that security too) seems like a no-brainer. To my mind, 1Password isn’t going to do anything to jeopardize their place in the market when there are free and self-hosted services out there. Probably they want to use their app, which is already the best of any password manager I’ve ever used, to be the thing that sets them apart from the competition. And to do that, they need to know how people use it to know what could be better.

Thank you for the clarification there. I hope you don’t mind having this conversation with me, I’m learning a lot by interacting with people on this topic. I don’t want you to feel like I’m arguing with you though. So the GDPR seems fairly bullet proof, but it only applies within the EU. So how about a scenario like this:

Your instance is hosted in the EU and has the full protection of the GDPR. My instance is hosted in the US where the GDRP does not apply. Your instance federates with mine. I federate with Meta. Meta now has your data but they didn’t get it from a GDPR protected source. You consented to give it to me, and I consented to give it to them. They have no obligation to uphold the GDPR because they’ve had no interaction with your instance whatsoever, they’ve simply accepted what I gave them and that transaction occurred within the jurisdiction of the US.

Maybe the GDPR still works here, I don’t know. But I guess my point is that if I can come up with endless scenarios like this, lawyers can too, and they know infinitely more about the law than I do. Hell, they can even come up with their own interpretations of law and act on them for years, only changing their practices when they’re forced to by someone actually suing them. Which by then they’ve already collected and sold millions worth of data.

Thank you for your clarification! I don’t know any of the legal specifics of this stuff and I very much appreciate you taking the time to help educate me and anyone else who needs it. I can only give a conceptual argument based on the history I’ve seen with these companies, but not any sort of specific knowledge of law.

The gist of what you’re saying, and what we’ve actually seen play out recently, is technically they shouldn’t be able to do this, but they’re going to lawyer it in such a way that they’ll get away with it unless/until someone actually sues them which is prohibitively expensive. We have recently seen class action suites against Meta, but realistically the damage has already been done, the money has already been made, and they go on with finding the next cash cow. Even a multimillion dollar settlement is a drop in the bucket, simply the cost of doing business for these people.

Yes, this is exactly the sticky issue we get into. And I’m wondering if lawyers would be able to make a case that using ActivityPub alone automatically gives your consent to have your data exist on an instance outside your own. Once they have data you’ve consented to give they can do with it as they please, essentially arguing you’ve become a consenting party when you consented to federation. I don’t know the GDPR well enough to have any answers, but you can bet Meta lawyers do.

I don’t think Facebook would be having high level NDA-protected talks with Mastodon people if they weren’t trying to work all this out. And by work out, I mean how to monetize/data mine. I’ve been talking about this with people all day, many of whom didn’t see a problem with this, but eventually all of them have had the lightbulb turn on when they realize the potential abuse Meta could do with/to ActivityPub.

If, by some miracle, Meta wants to be the good guy for a change, let them prove it. I would love to see defederation by default, and let Meta prove they’re trustworthy to federate to. And even then, have a really itchy defederate trigger finger if they even hint at pulling another Cambridge Analytica fiasco. But getting everyone on-board with that is probably impossible, especially if Meta starts throwing money around.

What I’m taking issue with is essentially the same thing that is getting Reddit into hot water. Spez is acting like all the content on Reddit is exclusively his. And legally, it probably is, since it exists on his servers. Now if you extrapolate that out to Meta on ActivityHub, any instance that federates with them immediately puts all of your content directly onto Meta’s servers. Once it’s in their possession, it’s legally theirs to do with as they please. If they want to pull a Facebook or Reddit, using your data, they can with no way for you to opt-out. Sure, nothing is stopping people from doing it already, but Meta does not have your best interest in mind. Ever. They’ve shown it again and again. So I think people are preemptively wanting to cut off this spigot of user data to Meta because their abuse of it is a matter of when, not if. Any other company might deserve the benefit of the doubt, but Meta? We know who they are already.

Also, as I said elsewhere, Meta could already use a bot to scrape Lemmy instances, but you can’t sell a bot to investors. But you can sell a platform. Meta will build a slick platform to sell to investors and sit back while federation fills up their instance with data which they’ll turn around and sell the same way they do on Facebook. And the insidious part of it is that they’ll take your data even though you didn’t use their platform. Right now I can decide not to be data mined by Meta simply by not using Facebook. To do that here if instances start federating your data onto Meta servers, you’d have to not use ActivityPub at all. Either that or the fediverse fractures into Meta and not-Meta, which also sucks.

This is really a lot more than simply setting up an RSS feed.

it’s either about ruining the ethos, stealing the data and/or changing the protocol.

Honestly, it’s probably all 3 and more we haven’t even though of yet. I don’t think anyone could have predicted all the scandals Facebook has been involved in regarding misuse of user data, and that was just on their own platform. ActivityPub literally hands them the keys to the castle. Add in all the toxic political stuff and… it just makes my head hurt.

Anyway, I appreciate having the conversation with you. Discussing it has helped solidify my feelings about it.

You’re right of course. People will flock to Meta, it will probably become the poster boy of the Fediverse over a few years, and then little by little the evil will creep in until it’s so established we just accept it, same as we’ve done with Facebook. The terrible thing is that it will not be something we can just op-out of. I can chose not to use Facebook. With this situation, I would have to chose not to use the entire ActivityPup protocol, not just Meta’s platform.

It’s a disaster waiting to happen. Like you said, I don’t think we can do much, and even if we try, it’ll fracture the whole fediverse concept. But when you ask “Why are people concerned about Meta using ActivityPub?” this is why.

Sure, but you can’t get investors interested in a bot. You can sell them a platform though. Meta will make the flashiest UI the fediverse has ever seen and sell that to investors, while harvesting and selling everything on the fediverse whether you use their platform or not. The only possible way to keep your data out of Meta’s hands is to defederate anyone and everything associated with them. I know it sounds tinfoil hat, but honestly evaluate how Facebook does business and then imagine how ripe ActivityPub is for that sort of exploitation. If I used Facebook I have agreed to allow myself to be data mined, but if I use kbin I have not agreed, and yet, Meta can still do it if even one mutual server has agreed (or been paid) to federate to both platforms.

I feel a little lame quoting myself, but I was just having this discussion elsewhere so I’m just going to copy/pate my thoughts rather then thinking of a different way to say it this time.

Say you have 10 servers. 7 are Lemmy, 3 are kbin. Great, each admin has control over those servers. Then you have Meta. They’ll run 1 huge server. When the 10 other servers enable Federation, Meta now has 10 servers of content that isn’t even on their own platform that they can sell. Your data will literally exist on the Meta server because your data is not contained within your instance/platform once it’s Federated. Meta can then harvest the entire Fediverse for data like this. It’s like an absolute wet dream for them. They don’t even have to coax people to use their own platform!

If your instance has defederated from Meta, but is federated with an instance that does federate with Meta, then Meta still has access to all your data through that mutual server. So not only would people have to defederate from Meta, they’d have to defederate with anyone who does federate with Meta. If everyone isn’t on board with this, it’ll cause a huge fracture to form.

Make no mistake: Meta wants to sell your data. They know all it takes is one server to federate with them and they’ve unlocked the entire fediverse to be harvested. I would not be shocked to see large amounts of cash flowing in exchange for federation rights.

Meta must be defederated the second they so much as dip a toe into the Fediverse or everything you’ve ever done, or do, on any ActivityHub platform will be scooped up and sold.

I’ll just add that Meta will state that anything on their server is their property, and Federation will put your data directly on their server, even if you’re not a member of their platform.

The problem is that the blocking will have to be layers deep. If your instance has defederated from Meta, but is federated with an instance that does federate with Meta, then Meta still has access to all your data through that mutual server. So not only would people have to defederate from Meta, they’d have to defederate with anyone who does federate with Meta. If everyone isn’t on board with this, it’ll cause a huge fracture to form.

Make no mistake: Meta wants to sell your data. They know all it takes is one server to federate with them and they’ve unlocked the entire fediverse to be harvested. I would not be shocked to see large amounts of cash flowing in exchange for federation rights.

Well, the big issue here is that we sort of don’t have the power you think we do.

What I mean is, say you have 10 servers. 7 are Lemmy, 3 are kbin. Great, each admin has control over those servers. Then you have Meta. They’ll run 1 huge server. When the 10 other servers enable Federation, Meta now has 10 servers of content that isn’t even on their own platform that they can sell. Your data will literally exist on the Meta server because your data is not contained within your instance/platform once it’s Federated. Meta can then harvest the entire Fediverse for data like this. It’s like an absolute wet dream for them. They don’t even have to coax people to use their own platform!

Meta must be defederated the second they so much as dip a toe into the Fediverse or everything you’ve ever done, or do, on any ActivityHub platform will be scooped up and sold.

Edit: And it’s even worse because all it takes is 1 server to Federate with Meta. If server A is Federated with your sever B, Meta can sill pull your data from server A they Federated with, even if your local server B has Defederated with Meta. This is a huge problem.

Not sure what I make of that. He quoted a guy, rather than giving his own opinion. We can make a lot of assumptions about why he quoted the guy, but without stating an opinion it can only ever be speculation. In a massive list of essays, which I admittedly haven’t read all of, one quote seems to be the big uproar about fascists running Lemmy?

And then being like “Hey maybe don’t delete posts just because they’re about China? That doesn’t break any rules,” suddenly makes them in love with the CCP? I don’t have any context to judge the quote and posts regarding China literally do not break any rule. “Orientalism” is a ridiculous reason to delete a post.

This all seems completely blown out of proportion like typical Twitter drama.