Conversation

Notices

1. Embed this notice
   BeAware (beaware@social.beaware.live)'s status on Sunday, 16-Jun-2024 00:25:58 JST BeAware

   Question:

   How can Fediverse be more "private" while also not ruining the experience for those who like things the way they are?

   There's already a way to make your posts private so that there's no way for anyone to see them without your permission.

   Could there be another way without destroying discoverability?

   I can't think of any, but I'm obviously not the sharpest tool in the shed.

   Obviously Mastodon needs to start by removing the RSS feed or make it an option to turn off. As it stands, most people don't even know it's a thing because it's not documented.

   Thoughts?

   #Fediverse #Fedi #ActivityPub #Mastodon

   • Embed this notice
     Charlie (cdp1337@social.veraciousnetwork.com)'s status on Sunday, 16-Jun-2024 00:36:13 JST Charlie

     in reply to

     @BeAware "How can the fediverse be more private"...

     Hang on, let us exchange GPG public keys before we proceed. ;)

     BeAware repeated this.
   • Embed this notice
     Stefan Bohacek (stefan@stefanbohacek.online)'s status on Sunday, 16-Jun-2024 00:37:41 JST Stefan Bohacek

     in reply to

     @BeAware Adding a thought from the other day: https://stefanbohacek.online/@stefan/112604352640135688

     Yes, I'm aware of the pitfalls of looking for technological solutions to deeper social/societal problems, but maybe something like this would help?

   • Embed this notice
     Darren Nevares :vm: (darrennevares@mas.to)'s status on Sunday, 16-Jun-2024 01:12:43 JST Darren Nevares :vm:

     in reply to

     @BeAware If I wanted more privacy I probably wouldn't be on social media or even reveal too much about myself in the first place. 🤷

   • Embed this notice
     Larvitz :fedora: :redhat: (larvitz@burningboard.net)'s status on Sunday, 16-Jun-2024 01:30:06 JST Larvitz :fedora: :redhat:

     in reply to

     • Charlie

     @cdp1337 @BeAware

     -----BEGIN PGP SIGNED MESSAGE-----
     Hash: SHA512

     Well, that sounds like a good idea :)
     -----BEGIN PGP SIGNATURE-----

     iHUEARYKAB0WIQRyIN0gFN9zYWzDHVl/t9Q2Af9hYQUCZm2/sgAKCRB/t9Q2Af9h
     YUUEAP9HLcjmxZcCf+uqAfRHCTF+Pwb+VkmDyWeEG8kqdP0RWQD9Gc+Paqoy+l+D
     V9CS89guNju+q3iCId5TnNh7U9gbVw8=
     =7b54
     -----END PGP SIGNATURE-----

   • Embed this notice
     volkris@qoto.org's status on Sunday, 16-Jun-2024 03:14:50 JST volkris

     in reply to

     @BeAware this is an ax I grind because people need to be aware:

     NO, there is no way to make your posts private so that there’s no way for anyone to see them without your permission.

     Anyone posting to Fediverse need to be aware that by virtue of how this thing is engineered, there is absolutely no guarantee of such privacy.

     A lot of people are posting things they think are private when they’re not, and I find that hugely problematic.

   • Embed this notice
     volkris@qoto.org's status on Sunday, 16-Jun-2024 03:32:50 JST volkris

     @BeAware but it’s not though!

     Scrapers are very much able to scrape your content, and everybody needs to be aware of that as they post on here.

     People are posting content here left and right and saying they love to do it because it’s safe from the big corporations or whatever, and I would be absolutely amazed if those exact businesses aren’t having a field day vacuuming it all up.

     This is why it’s so important to me to spread the word about how insecure this platform is, for better or worse. There are trade-offs, and I’m comfortable with them, but there’s a lot of people who don’t know the risks they’re taking here.

   • Embed this notice
     volkris@qoto.org's status on Sunday, 16-Jun-2024 03:37:45 JST volkris

     @BeAware again, that’s not how this platform works.

     Behind the scenes, it doesn’t matter if you make your posts followers only or not, the way this platform is engineered behind the scenes, the content goes to people who aren’t followers.

     Maybe it will only be shown to followers. Or maybe not. You have no way to know. That’s just how this platform is programmed.

     Again to be clear what I’m saying is, you need to be aware that if you make your posts followers only, they will still be subject to going to people who aren’t followers.

     This is a design choice that the programmers made, that I disagree with, but you need to know that it is happening.

   • Embed this notice
     volkris@qoto.org's status on Sunday, 16-Jun-2024 04:08:05 JST volkris

     @BeAware

     It’s all in the ActivityPub protocol that I’ll link below. If you read it, it’s strikingly clear that there is no actual guarantee that your permissions will be honored. In fact, the standard uses the term “SHOULD” quite a lot when leaving servers free to ignore your privacy notation.

     Are you familiar with the FRS radios? They had a feature called privacy codes, where a group of people would set the same code to communicate. BUT, really all of the comms were all on the same channel, but the codes simply filtered out what one wanted to hear.

     So they provided no actual privacy, just the illusion of it.

     Same thing here, unfortunately. The ActivityPub protocol is largely a broadcast protocol, sending content into the cloud with only suggestions as to who should see it.

     You can believe that every link in the chain will behave and respect your wishes, but a scraper is free to ignore them and do what they want even if your post is marked private.

     https://www.w3.org/TR/activitypub/#outbox

     https://en.wikipedia.org/wiki/Family_Radio_Service

   • Embed this notice
     Charlie (cdp1337@social.veraciousnetwork.com)'s status on Sunday, 16-Jun-2024 06:53:39 JST Charlie

     in reply to

     • Larvitz :fedora: :redhat:

     @Larvitz @BeAware

     -----BEGIN PGP MESSAGE-----

     hQIMAz/xeSfb2GPLARAAvok7PE5LzLgQKS4bFdRyVbrpYikRuygzb4X8qPUvJfOx
     pKvHf1ltGbrzmhHznosIwVyZdU9TGJlB8q83H/SofS8EcABeSTfTObhbYCGjIVle
     73iPcoa46xq+IYLP5Gh6lkAjyBUUUSCJz9+p+O7rE/bcthuyUYgKm9pEXXj9+jWg
     yaIk4HHcoLkmbdJPea5wtRV0GJHxKxerCwmOYbLn8qJAwWRPX2uHEfI/L5ufm8aU
     DBQFKsBcPCrr0l/5mCSA7CoRc40gyjvg+X69lVMHmF6NalAsTaEBN8yLl6qCidGH
     TgT/YxeQhAfnq5a06ve6ssqa9hBnR3tBhOcEOFr/XceKmlBJT/Yo0yRzeYzO+6FW
     /hxFeWD8KCL6A2l9Ww15ovGVLYEzyKO+li2ESghlrt84i3BFPo3xFDkgovjzlFi6
     1PT5m09LBcxpTC9bpnEwvoTAK/77IsdK5XbiAMGs5kvFqpNWiAGjHtnEp0hGBRdK
     EVw6zBxb3VY1JlDowGLwgYVmmOsg91D9kN4KH9ZyDQ1VYF4Xu6BVfXlAkdfhDmOK
     eRpp5hnUcjQL3M9jHLfL559ZvaYIYMFYu0OWn+eWta5AEIbf8l9Tw/Hj99fCu3wD
     WyNpsCa2UuQH6ezMpmKJnPu3o7gB5Lhz6Ak1N4DWy9wUO6MxvbLq17BdHCQYLhPS
     fQGq5H/vjkDc0mdUnSu8N5fmjAAjxYlcIu6A/vyDP1vrlVMtMVqZeDrhfcFKm+tk
     Az8BBWHXuZR7Van5xi1gu4ILB1hmLb8jmvKAtqAlKsSn072mT20uRgKo/spwQrLj
     GjhFuG0T66XlvdNkNKXQhhSUkI81vq7KTu8cDVI/
     =/NT0
     -----END PGP MESSAGE-----

   • Embed this notice
     Charlie (cdp1337@social.veraciousnetwork.com)'s status on Sunday, 16-Jun-2024 07:09:52 JST Charlie

     • Larvitz :fedora: :redhat:

     @BeAware @Larvitz In short, each key is in 2 parts; the public and the private.

     I (as a third party), can take your public key and use it to encrypt a message that only the matching private key can reveal.

     You can also use multiple public keys to encrypt a message, so you can chat with multiple recipients at once.

     Signing works on a similar premise, where you can sign a plain text message with your private key, and me (again as a third party), can use your public key to verify the plain text message was not altered.

     The main unfortunate part is access to the private key; email clients like Thunderbird support it natively and transparently, (sending/receiving encrypted messages "just works"), but Mastodon being a web application, doesn't have access to your private key, so a desktop app would be required (or a browser plugin would be needed).

   • Embed this notice
     Charlie (cdp1337@social.veraciousnetwork.com)'s status on Sunday, 16-Jun-2024 07:29:29 JST Charlie

     • Larvitz :fedora: :redhat:

     @BeAware @Larvitz Oh yeah, when I encrypted that message to Larvitz, I just entered their email as the recipient.

     Unfortunately I'm not aware of any desktop clients for Mastodon which have native support for this, but that would be an amazing feature for one!

   • Embed this notice
     volkris@qoto.org's status on Sunday, 16-Jun-2024 23:38:46 JST volkris

     @BeAware how about putting it this way: we here ARE broadcasting content that companies are free to use, and so many of us don’t know we’re doing that.

     Do companies use it? Well I imagine so, and it might be largely undetectable. As Fediverse grows it seems like a goldmine for training AIs, collecting marketing stats, etc, all without encumbrances of TOS agreements.

     But sure, you’re asking what has actually happened, and what’s actually happened is that all of these users are making content available to companies. That part’s true.

     And my personal focus is that it’s being done without the consent or knowledge of so many users here.