Notices by The Nexus of Privacy (thenexusofprivacy@infosec.exchange), page 2

With today's news that Meta is getting rid of fact checkers and changing its policies to allow more hate speech directed at trans and queer people, seems like a good time to resurface these detailed instructions on how to block Threads.

https://privacy.thenexus.today/how-to-block-threads-on-mastodon/

If you want even more protection, your best bet is to move to an instance that's blocking threads -- see https://fedipact.veganism.social to check the status of your instance. And I agree with @kissane's recommendation in the excellent Untangling Threads

"I think the nearest thing to reasonably sturdy protection for people on fedi who have good reason to worry about the risk surface Threads federation opens up is probably to either…

• block Threads and post followers-only or or local-only, for fedi services that support it, or
• operate from a server that federates only with servers that also refuse to federate with Threads—which is a system already controversial within the fediverse because allowlists are less technically open than denylists."

#FediPact #meta #threads

Yes, Em's instructions will work for individual accounts. I've got more details and talk about about the limitations of this approach in https://privacy.thenexus.today/how-to-block-threads-on-mastodon/#from-profile

@fembot @Em0nM4stodon

Well, there are certainly a couple of companies who claim to be listening to voices via devices. For example:

"What would it mean for your business if you could target potential clients who are actively discussing their need for your services in their day-to-day conversations? No, it's not a Black Mirror episode—it's Voice Data, and CMG has the capabilities to use it to your business advantage.”

Of course they might be exaggerating but Google took the reporting seriously enough that they removed one of them from their Partners Program.

And of course that doesn't mean it's necessarily via a phone, and even if they (or somebody else) are getting it via an iPhone they're not necessarily getting it via Apple, and even if they're getting it from Apple it's not necessarily because Apple's misusing Siri QA logs.

You'd think Apple wouldn't want to take the risk of damaging their brand by misusing the data like that. Then again you'd also think Apple wouldn't want to take the risk of damaging their brand by non-consensually recording conversations between doctors and patients and sharing it with contractors, ... and it sure looks like they did that. So who knows, the only thing that's completely clear in all this is that Apple decided it was better to settle the lawsuit than risk further discovery and publicity.

Here's the original reporting (paywalled)
https://www.404media.co/heres-the-pitch-deck-for-active-listening-ad-targeting/

https://www.404media.co/mindsift-brags-about-using-smart-device-microphone-audio-to-target-ads-on-their-podcast/

And here's a non-paywalled summary

https://www.techtimes.com/articles/307372/20240904/cox-media-group-reveals-active-listening-software-spies-user-convos.htm

@inquiline @fivetonsflax

Just announced: "A New Social", a new non-profit focused on building cross-protocol services and tools for the open social web, is now leading development of Bridgy Fed.

https://www.anew.social/hello-social-web/

Exciting stuff! Bridging is an important approach that hasn't gotten enough attention, and this work really complements the other multi-polar efforts. Original Bridgy Fed developer @snarfed.org is CTO, and @quillmatiq is the CEO and Executive DIrector.

The press release has supportive comments from @mike, Emily Liu of Bluesky, the Threads team at Meta, @andypiper of Mastodon, Evan Prodromou of @swf, and @jaz of @iftas.

Bridgy Fed has set an important precdent here by prioritizing consent with their opt-in model, and it's really paid off. In fact the threats from Bluesky's current tolerance of anti-trans harassers and the multiple datasets of scraped Bluesky data are exactly the scenarios that advocates of an opt-in approach warned about -- an opt-out approach would have left people on fedi exposed by default. So let's hope that this focus on consent doesn't get lost as things more forward!

@fediversenews

#BridgyFed #bluesky #fediverse

I'm disabling Bridgy Fed on this account (at least for now) -- if you're at risk of harassment, consider doing the same

Harassment has increased significantly on Bluesky over the last week (which tends to be what happens when a site's moderators find an excuse not to take actionn against a coordinated anti-trans harassment campaign, but that's another story). Bluesky blocklists provide some protection, but unfortunately there's no way for fedi accounts to subscribe to Bluesky blocklists or labelers. So there's basially no protection for bridged accounts.

I haven't yet hard any reports of harassment getting directed at bridged accounts ... but then again if somebody on Bluesky who hasn't opted in to Bridgy fed is spewing hate speech in bridged posts replies, we wouldn't necessarily know about it. So, better safe than sorry.

If you're currently bridging to Bluesky consider doing the same! You can disable Bridgy Fed by blocking @bsky.brid.gy@bsky.brid.gy -- here's the FAQ https://fed.brid.gy/docs#opt-out

Here's the bug I just filed in the Bridgy Fed Github. https://github.com/snarfed/bridgy-fed/issues/1632

Bridgy Fed's development is very resource constrained right now; as far as I know it's still just @snarfed.org working on it part-time, and they've had their hands full just keeping up with the increased load. So, not sure how quickly they''ll be able to respond.

EDIT updated with the FAQ on how to opt-out, as well as the correct instructions.

#BridgyFed #bluesky #trans

Bluesky-social-network, Bluesky's Relay will never not be the only one.

It depends on how you define Bluesky-the-social-network. If it's just in terms of Bluesky-the-AppView, then you may well be right. If it's defined as "the people currently using Bluesky", I think it's very likely we'll see alternate Relays and AppViews within the next year. Time will tell!

as in, this is significantly different from early Mastodon days when there was only one Mastodon instance.

Agreed. So we'll see how Bluesky and the ATmosphere evolve. My perspective is that Mastodon evolved in a way where Mastodon gGmbH had enough influence that aribtary decisions by Eugen led to innovation basically flatlining -- and Mastodon's dominance within the fediverse, combined with SWICG's inaction, has held everything back. So there's room for Bluesky and the ATmosphere to do better ... or to hit the wall in different ways. Once again, time will tell!

@rysiek @damon

I totally agree about the large instance problem on fedi. One way to look at Bluesky is as a very large instance with internal structure attempting to avoid moderation and monoculture problems, tbd how well it succeeds on that front. And Bluesky PBC currently is far more dominant in the ATmosphere than Mastodon gGmbH is in the fediverse, so the consequences of somebody buying it are more significant than somebody buying Mastodon gGmbH (which could certainly happen although it doesn't strike me as particularly likely).

In terms of data portability, if somebody gets kicked off of .social they lose their posting history and social graph unless they've backed it up. If they have backed it up (or if they migrate before getting kicked off) they can largely recreate their social graph someplace else (although .social can still block them from communicating with anybody on .social, and there might be other instance-blocking issues, plus migraton often loses some followers). In principle the Bluesky situation is somewhat better: you can import your posting history into a new PDS, and if you're running your own PDS you don't need even the separate import/export step. In practice though right now there isn't a meaningful "someplace else" (and it's not clear if and when that will change) so the reality's not as good -- if you're blocked from the Bluesky AppView you basically can't communicate with anybody.

That said, Bluesky's story is much better story than fedi's "we didn't design for this and haven't made any progress in the last N years but since BLuesky started giving us a hard time about it there's now a SWICG working group that's got a draft spec that nobody's implementing!"

It's frustrating because this absolutely could be solved in an AP framework but nobody with resources has any incentive to solve it. In Cory's piece on Bluesky he said something like "Any system where users can leave without pain is a system whose owners have high switching costs and whose users have none", hmm I wonder why Mastodon gGmbH hasn't tried to reduce the pain of people being able to move?

@rysiek @damon @nyquildotorg

@strypey Bluesky is currently to the ATmosphere what StatusNet was to the Identiverse back in the day (only moreso): a venture-funded startup that controls the protocol and runs what's by far the largest server.

Bluesky's Relay is currently to the ATmosphere what Google' search engine is to the modern web (only moreso)

@strypey I meant StatusNet the company, including the servers they ran, the software they provided, the proprietary protocol they developed. And yes the Gnu Social network survived the pumpocalypse, if Bluesky does something similar or shuts down I’d expect the ATmosphere to survive as well

@strypey well, if you want to try to convince other AP loyalists that AT’s not proprietary just because specs have been published and they’ve let people know about the relatively infrequent breaking changes, go for it, but my impression is that most people think protocols controlled by a single company are proprietary. But whatever, if the analogy don’t work for you it doesn’t work for you!

Thr impression I get from people who are looking at setting up relays is that there’s no way they’d do it on a fediverse infrastructure so I’m not sure why you think otherwise. AP isn’t good for flat all-public networks and that’s what they’re interested in. In practice it’s probably a moot point because I don’t Bluesky’s going away any time soon, but time will tell!

It sounds like the only two things that we we agree on in this discussion is that Bluesky's whole-network Relay is currently to the ATmosphere what Google's search engine is to the modern web, and that people can use "proprietary" however they want and some meanings are more effective than others.

The actually-existing fediverse is not good at being a large flat network -- missing replies, the challenges of global search (especially on small instances), etc. So if the belief that AT's better for a large flat network seems obviously wrong to you, you're either ignoring these issues, or optimistically assuming there's a solution.

Conversely, parts of the actually-existing fediverse are actually quite good at scoped-visibility (as opposed to all-pulblic) networked communities (as opposed to a flat Twitter-like network). Unfortnantely that's not the model Eugen likes, so Mastodon doesn't support it particularly well. So if you think it's obviously wrong that AP is currently better than AT for this, you're probably confusing Mastodon with the broader fediverse. Of course, people are working on scoped-visibility networked communities in the AT ecosystem as well, so AP's lead might be tenuous, but it's still experimental over there. Time will tell!

@strypey

@mastodonmigration read what she said carefully. She did get say “no ads”, she said “no ads that enshittify the network”

@mastodonmigration which is what she’s saying now, with “user intent”. Of course it’s one thing to say it, and another to actually do it, but there are enough situations where enough people are ok with ads that it’s not impossible — and there’s no real value in showing ads to people who don’t want to see them, so there business model still works if you implement an easy-to-use opt-out or even opt-in

(Even in that situation, ads are arguably still problematic, so I’m not endorsing that model, I’m just saying that “only ads people want to see “ is a potentially non-enshittifying model, so what they’ve been saying is consistent)

@mastodonmigration they’ve always been careful not to rule out advertising so I doubt anybody there is surprised by this. A lot depends on market conditions when they do their next raise - they were smart to close the $15 M when they did, and my guess is their server costs won’t eat into that too quickly, but then again they’re hiring 100 contract trust and safety people and that might be just the tip of the iceberg. It wouldn’t surprise me if they try some kind of premium subscription before advertising but it’s hard to know far get they can get with that. Time will tell!

For those who are concerned about harassment, stalking, and data harvesting threats from Threads ... if you're on an instance that doesn't block Threads, the risks just increased substantially.

How to block Threads on Mastodon - and a reminder that blocking on the fediverse only provides limited protections has instructions on how to block Threads, with screenshots -- although moving to an instance that does block Threads gives more protection. Here's a post with information about how to reduce the risks.

And @Gargron @mosseri and everybody else who does see the connection with Threads as a good thing, please understand that some people are in fact at risk here. It would be great to. have official statements on this both from Mastodon and Threads for how people who do feel they're at risk can protect themselves. Until that happens, please share information from me or (if these links aren't to your taste) others.

It looks like Threads has taken their next incremental step in two-way federation: according to Mark F***ing Zuckerberg "now you'll be able to follow people from other fediverse servers who liked, followed or replied to federated profiles on Threads." As always in the fediverse, opinions differ:

• If you're concerned about harassment, stalking, and data harvesting threats from Threads ... the risks just increased substantially. This post is for you, with information about how to dcerease them.

• if on the other hand you're one of the many people here who see federaton with Threads as a good thing, then Zuckerberg's announcement is good news, and this post is for you to share with friends who are at risk.

So, if you don't want your posts going to Threads, now's a good time to move to an instance that blocks Threads.

If you're on an instnace that doesn't block Threads and don't want to move yet, you can still block the domain yourself. This doesn't provide as much protection as being on an instance that blocks Threads, but it's certainly better than nothing. How to block Threads on Mastodon - and a reminder that blocking on the fediverse only provides limited protections has instructions, with screenshots.

Still, if you're concerned about Threads, it really is much better to move to an instance that blocks them. Even this doesn't provide bulletproof protection, but it's stronger than individual domain blocking. Unfortunately, you can't move your posts (although you can create an archive), but you can usually keep of your followers.
@FediTips Transferring your Mastodon account to another server is a thorough guide. Erin Kissane's Notes From a Mastodon Migration and Cutie City's Migrating Servers are also very useful -- it's worth reading all of these before you move!

And if you're really concerned about the risks and want to have protection be as bulletproof as possible, I agree with Kissane's suggestions in Untangling Threads

"I think the nearest thing to reasonably sturdy protection for people on fedi who have good reason to worry about the risk surface Threads federation opens up is probably to either…

• block Threads and post followers-only or or local-only, for fedi services that support it, or
• operate from a server that federates only with servers that also refuse to federate with Threads—which is a system already controversial within the fediverse because allowlists are less technically open than denylists.

We're starting to see examples of that second approach now -- The Website League is one, an island network where none of the servers federate with Threads; see their December update for more. I expect we'll see more of these over time.

#threads #fedipact #fediverse

I don't think decentralized is meaningless, I think it has different meanings and interpretations.

• Does decentralized refer to network topology, power dynamics, or both?

• If we're talking about network topology, does it matter if different nodes in the network are owned by different entities?

• If an architecture is in principle decentralized, but the current implementation has one or ore single points of failure, is it in fact decentralized?

• If one layer of the system is decentralized (web, PDSs) but power is heavily concentrated in another layer (search engines, relays) is it a decentralized network?

• If we're talking about equitable distribution of power, what kinds of power are we talking about, and how equitable does it have to be to be considered decentralized?

etc etc etc

@rysiek @nyquildotorg

Minor clarification: oposts reside on PDSes, so they're still not ephemeral with non-archival relays.

I'm not sure about relays talking to each other, it might happen more at the appview level -- appviews talking to other appviews, appviews listening to multiple relays. There are various projects looking at independent and semi-independent subnetworks, I'm not sure what architectures they're experimeting with ... It's hard to predict at this point what will and won't work.

@rysiek @cyrus

@rysiek there are still Black-led networks of people and servers here -- and Bluesky has also pushed away a lot of Black people. And rapid growth here has in the past diluted the power of marginalized groups (trans and queer people most noticeably), so to the extent the growth on Bluesky is increasing Blacksky's relative power, that highlights a difference in how power is diffused there than here.

If you look at the specific dynanics of the decentralization here, it's always revolved around white dominance. Check out the pic of the invitation-only 2010 Fedierated Web Summit at the start of Before Mastodon: GNU Social and other early fediverses. For the last 6-7 years, ever since Mastodon's embrace-and-extend of ActivityPub, Mastodon gGmbH and SWICG have the instititional power -- organizations which have in practice been unsupportive of Black-led projects and Black people as individuals (which in turn reinforces the dynamics that keep chasing Black people away).

My guess is that most if not all of the people I've seen commenting on the decentralization question would agree would this characterization. But it doesn't show up in their power analyses of decentralization -- like I say In the article, the power analyses of Bluesky's and ActivityPub's different approaches to decentralization I've seen from white people are deracialized.

@rysiek Blacksy is super-interesting, so it's great that you're diving into it. Maybe I'll tweak the article to highlight that as the key takeaway earlier.

In terms of diffusion of power, is there any Black-led network of people and servers in the ActivityPub Fediverse that has as much current and potential power as Blacksky does within the ATmosphere -- or even within Bluesky? To me, that's an interesting aspect of how power is distributed.