Fediverse

52 readers

1 users here now

This magazine is dedicated to discussions on the federated social networking ecosystem, which includes decentralized and open-source social media platforms. Whether you are a user, developer, or simply interested in the concept of decentralized social media, this is the place for you. Here you can share your knowledge, ask questions, and engage in discussions on topics such as the benefits and challenges of decentralized social media, new and existing federated platforms, and more. From the latest developments and trends to ethical considerations and the future of federated social media, this category covers a wide range of topics related to the Fediverse.

founded 1 year ago

The fediverse is a privacy nightmare (blog.bloonface.com)

submitted 1 year ago by Bloonface@kbin.social to c/fediverse@kbin.social

60 comments fedilink hide all child comments

ActivityPub, the protocol that powers the fediverse (including Mastodon – same caveats as the first two times, will be used interchangeably, deal with it) is not private. It is not even semi-private. It is a completely public medium and absolutely nothing posted on it, including direct messages, can be seen as even remotely secure. Worse, anything you post on Mastodon is, once sent, for all intents and purposes completely irrevocable. To function, the network relies upon the good faith participation of thousands of independently owned and operated servers, but a bad actor simply has to behave not in good faith and there is absolutely no mechanism to stop them or to get around this. Worse, whatever legal protections are in place around personal data are either non-applicable or would be stunningly hard to enforce.

you are viewing a single comment's thread
view the rest of the comments

[–] 0xtero@kbin.social 4 points 1 year ago

It's a very good, well articulated post that anyone new to fedi should read and be aware of and try to internalize.

I like the fediverse because it builds on the idea of small communities exchanging information, but I do agree that the protocol is somewhat lacking when it comes to data integrity and confidentiality - it's too easy to act in bad faith and there's very little we users can do to protect us from it. The protocol does excel in availability though, your posts are everywhere! So yay?

This behavior, may, or may not be suitable for your personal threat model. You have to make that call, but I from what I've seen, it's one of those "oh this is too complicated"-things that surround fediverse adaption. Spreading awareness around this is hard. Your blog was well written and full of facts, but I doubt many got through the whole thing. It's more fun to discuss if we should call ourselves kbinners or kedditors.

I've been debating this back and worth in my head ever since I joined - right now I'm still posting under my real name and try to post my content with that in mind. That means I have to moderate my posting. I think I might be too old school to not to, but who knows, at some point, I might run into that RaspberryPi armed nazi and that will probably change things.

Ideally, I'd like to see some W3C activity around this. I was hopeful that perhaps one of the big tech players would throw money and resources to update the spec, but now that it's apparent Meta took that spot, I'm not very hopeful we'll ever see significant protocol improvements on that field.

I'm interested in finding out how Meta is going to deal with federation - they do have to worry about regulators and privacy watchdogs after all - I'd imagine they won't enable their outgoing federation at all, because at that point they lose control over the data - or - maybe they'll just federate with couple of "big instances" (even though, that will be dodgy enough, as you point out in your post).

The GDPR angle is interesting. I'd imagine someone will try to enforce it, sooner or later, but I doubt you'll find much interest from the law enforcement to go and bust someones lonely RaspberryPi, just because it isn't in compliance with GDPR. If you admin a large instance though... thoughts and prayers..

Anyway - good info and well written. Worth a read if you're new to fedi!