Fediverse

3 readers

1 users here now

This magazine is dedicated to discussions on the federated social networking ecosystem, which includes decentralized and open-source social media platforms. Whether you are a user, developer, or simply interested in the concept of decentralized social media, this is the place for you. Here you can share your knowledge, ask questions, and engage in discussions on topics such as the benefits and challenges of decentralized social media, new and existing federated platforms, and more. From the latest developments and trends to ethical considerations and the future of federated social media, this category covers a wide range of topics related to the Fediverse.

founded 2 years ago

The fediverse is a privacy nightmare (blog.bloonface.com)

submitted 1 year ago by Bloonface@kbin.social to c/fediverse@kbin.social

61 comments fedilink hide all child comments

ActivityPub, the protocol that powers the fediverse (including Mastodon – same caveats as the first two times, will be used interchangeably, deal with it) is not private. It is not even semi-private. It is a completely public medium and absolutely nothing posted on it, including direct messages, can be seen as even remotely secure. Worse, anything you post on Mastodon is, once sent, for all intents and purposes completely irrevocable. To function, the network relies upon the good faith participation of thousands of independently owned and operated servers, but a bad actor simply has to behave not in good faith and there is absolutely no mechanism to stop them or to get around this. Worse, whatever legal protections are in place around personal data are either non-applicable or would be stunningly hard to enforce.

you are viewing a single comment's thread
view the rest of the comments

[–] TiffyBelle@feddit.uk 63 points 1 year ago* (last edited 1 year ago) (12 children)

I'm not sure this blog post is the "ah-ha!" revelation you think it is.

If you're posting something, you're choosing to put that out there on the public internet which should henceforth be considered "public." This isn't a privacy violation unless you choose to make it one by violating your own privacy by oversharing sensitive information.

This has been the case online since time immemorial. Once something's out there, consider it non-retractable. This isn't specific to the Fediverse/ActivityPub. Even in centralized forums/reddit the things you post were cached by web archive/scraped by unscrupulous sites/used to train AI, etc. even if you tried to delete them from the source server. "Deletion" has never truly been a thing on the internet, which is precisely why people should really consider what they post. Heck, there were specific sites dedicated to showing which comments were "deleted" from reddit in full.

I don't consider any of these things "privacy violations." A privacy violation would be if the email address you signed up to your instance with was being broadcast to other servers in the open. What you choose to put out there is up to you and the inherent danger with interacting with any form of social media.

[–] bathrobe@kbin.social 10 points 1 year ago (10 children)

@TiffyBelle

@Bloonface

Maybe you didn’t read where it says even DIRECT MESSAGES aka private messages you send to people, and don’t choose to post in public, is easily and easily available.

This place is already an echo chamber. Jesus that’s bad. Everyone is on a new team and now we love this team and this team is never wrong and all criticisms are invalid. Even the really bad ones.

I don’t really care. I’m old enough to have never trusted the internet. But let’s not pretend this isn’t a huge fucking deal, and isn’t completely fucked just because Reddit bad and fediverse good

[–] TiffyBelle@feddit.uk 23 points 1 year ago (3 children)

There are literally warnings when you try to DM someone on Fediverse apps that say it should not be treated as a secure medium:

Even on traditional centralized platforms I've never treated DMs as "private." Anything not end-to-end encrypted cannot be considered private and never has been able to be.

[–] melmc@kbin.social 4 points 1 year ago* (last edited 1 year ago)

Of course you can have encrypted group chats on Signal, if you're not concerned about meta data. Or xmpp group chats with encryption if you want decentralization. You can keep your secret stuff secret and your public stuff public simply by using different apps.

load more comments (2 replies)

load more comments (8 replies)

load more comments (9 replies)