The Nexus of Privacy @ thenexusofprivacy @lemmy.blahaj.zone

[The Nexus Of Privacy](https://privacy.thenexus.today/) looks at the connec

---

Read more

Posts

32

Comments

154

Joined

2 yr. ago

That's good to see -- seems like they've made a lot of progress. I'll check it out!

Yeah, one of my takeaways is that I should have been clearer that this isn't a proposal for the whole fediverse. And not sure what the best term to use is, "free fediverses" is what I'm going with for now (based on the freefediverse.org).

In the short term, they'll be much smaller than Meta's fediverse (because mastodon.social and most of the big instances are federating with Threads) and of course much smaller than Threads. Longer term, we'll see, but I wouldn't expect them to be as big as Threads for a long time if ever.

"Readable by anybody with an admin account" is not the same as public. And as a bunch of people involved in January 6 found out, end-to-end-encrypting something doesn't keep mean it won't get revealed. So the general rule is assume anything you say online could be made public; use Signal (or some other encrypted messaging that you trust) and limit distribution to a small number of trusted people to reduce the chances of that happening -- but don't count on it!

Yep, I agree that instances and social networks that focus more on safety will attract some people but others will leave. Today, there are a whole bunch of social networks that don't focus on safety, and very few that do. So there are a lot of options for people who prefer "openness" and very few for people who prefer safety. Strategically, that's an opportunity for the free fediverses today.

I totally agree that there isn't a lot of privacy on the fediverse today -- in fact I even say that in the article and link off to recommendations for how to improve things. But also I think there's a huge difference between the situation on the fediverse where there's no privacy because developers haven't prioritize it and with Meta, where their model is focused on exploiting data that they've acquired without consent and they've repeatedly broken privacy laws (although to be fair they break other laws too, not just privacy).

And it's true, many people don't care about privacy, and many more care some but it's not important eough to them to make it their primary reason for choosing a social network. But a lot of people do care, at least to some extent, so the free fediverses will be a lot more appealing to them if they improve privacy. And even though I think privacy by itself won't the major driver for most people who choose the free fediverses, improving privacy also works well with that I think will be the major drivers -- like safety, pro-LGBTQIA2S+ focus, and (for people who want nothing to do with Meta) highlighting the core differences from Meta.

Circles' approach is certainly interesting, I remember looking at it when they did their kickstarter. Did it go forward? It looks like their blog hasn't been updated since 2021.

I agree that different instances will make different choices based on their priorities, but follow this through. Take trans people as an example of an especially vulnerable group that consent-oriented federation makes sense for -- so trans people will be be less safe on instances that don't take a consent-based approach. What instances do you think trans people will prefer to be on?

And there must be something I'm issing, because I don't understand how you got from consent-based federation to "giving up free will". Consent is literally about having the ability to choose, so exercising your free will.

It's not that I think that most people will (or should) reject a public internet. In fact I don't even think most people will reject surveillance capitalism-based social networks. As I say in the article "many people who make their home in the free fediverses (including me!) are likely to have other accounts for now – on Threads, or in Meta's fediverses – just as many do today on Facebook, Instagram, Xitter, TikTok, LinkedIn, and other surveillance capitalism social networks." As you say, small business owners and artists will want the broadest possibility for their work; and there are lots of other situations where that's what people want.

And I wouldn't frame the choice between (a) and (b) the way you do. With queer and trans people, I'd frame it as an opportunity to have an account on a smaller pro-queer social network that's gone to great lengths to insulate itself from hate groups like Libs of TikTok, and a choice of whether their other account is better on Threads or in Meta's fediverses. With progressive or leftist people, I'd frame it in terms of being on a social network that's not actively working with white supremacists, fascists, and authoritarians. With people who hate Facebook / Instagram / etc, I'd phrase it in terms of being as far away from Meta as possible. And so on ...

Some will say "two accounts? I think not! And there's a lot of stuff on Threads that's valuable for me, so I'm not interested." Oh well. But most people already have a bunches of accounts on various social networks -- none of which are particularly queer-friendly, all of which work with white supemacists, fascists, and authoritarians -- so (if signup is easy, the software's easy to use, if it's well-moderated and they don't have to deal with harassment, if there are enough interesting people there, etc etc etc) won't be averse to one more.

Also, why do you think most people want social networking to be an inherently public activity? Look at the most popular social network. Facebook gorups are extremely popular. Facebook supports friends-only posts and viritually everybody I know uses them at least part of the time. Facebook events allow posts that are only visible to people attending the event. The list goes on ... And it's not just Facebook. Reddit has private subreddits. Twitter has private profiles. Most fediverse microblogging software has local-only posts. Heck even Mastodon has followers-only posts. So, I'd say it's the other way around. Most people want social networking to be a mix of public and private activity.

Agreed that people who need strong privacy should use something like Signal (or maybe Matrix or XMPP). And also agreed that RSS feeds are a privacy hole on most of the fediverse; Hometown and GoToSocial both disable them by default, Mastodon should do the same.

Nothing prevents malicious actors who want to make enough of an effort from creating accounts on instances (or for that matter Matrix chat rooms). But that's not feasible for broad data harvesting by Meta.

Fediverse software has followers-only posts, direct messages, local-only posts … Mobilizon and Streams even have private groups.

On Lemmy? Certainly not. But on other fediverse software, there are followers-only posts, direct messages, local-only posts ... none of it's encrypted, but still it's not public.

My open source analogy wasn't great, but the point I was trying to make is that even things we usually think of as open are compatible with consent. Similarly we're used to thinking of federation as unconstrained (well except for Gab) (and everybody else who gets blocked) but that's just the specific flavor of federation that's been practiced on the fediverse so far -federation's compatible with consent, at least in my books.

Power-hungry instance owners can already decide not to federate with other instances, arbitrarily or for any reason -- counter.social's an example. Consent-based federation just changes the default. It's true that this changes the equation a bit; today there's a small amount of effort required not to federate, a consent-based approach flips that and there's a small amount of effort required to federate. At the end of the day, though, power-hungry instance owners are gonna do what power-hungry instance owners are gonna do; threads.net and mastodon.social are going to make their own decisions about federation policies no matter what the free fediverses decide.

Yeah, as I say in the article Mastodon makes other decisions that are also hostile to the idea of consent, so I also agree that they see it as contrary to their mission. In terms of large tenants, though, Mastodon changed the defaults to put sign people on mastodon.social, which as a result now has 27% of the active Mastodon users, so I don't think that's the basis of their objection.

And no, consent-based federation doesn't rely on people being kind and open. To the contrary, it assumes that a lot of people aren't kind, and so the default should be that they can't hassle you without permission. It's certainly true that large instances might choose not to consent to federate with smaller instances (just as they can choose to block smaller instances today), but I don't see how you can say that's not even federation anymore. Open source projects approve PRs and often limit direct checkins to team members but that doesn't mean they're not open source.

As you say though it's only shared to any other instance listening. The point of consent-based federation is that you get to choose which instances do and don't get to listen. So if your comment hasn't been sent out out to other instances, they don't have it.