Skip Navigation

The fediverse is a privacy nightmare

ActivityPub, the protocol that powers the fediverse (including Mastodon – same caveats as the first two times, will be used interchangeably, deal with it) is not private. It is not even semi-private. It is a completely public medium and absolutely nothing posted on it, including direct messages, can be seen as even remotely secure. Worse, anything you post on Mastodon is, once sent, for all intents and purposes completely irrevocable. To function, the network relies upon the good faith participation of thousands of independently owned and operated servers, but a bad actor simply has to behave not in good faith and there is absolutely no mechanism to stop them or to get around this. Worse, whatever legal protections are in place around personal data are either non-applicable or would be stunningly hard to enforce.

You're viewing a single thread.

63 comments
  • Thanks @Bloonface for writing and sharing this. I think that it's fundamental to analyse what's happening with ActivityPub and the Fediverse. It's good to be here, it feels good to be freed of any disgusting CEO. But still I find it sane to ask ourselves about the quirks that should be addressed with the fediverse?

    I have a few on the top of my mind:

    • instance ownership - admin labour and mental charge, moderation, cost of the server and financing transparency
    • privacy
    • activityPub energy efficiency - is it efficient or should I refrain from posting?

    Not all instances are run as co-op. We rely on people who are doing a lot of work and paying server cost from their own pocket. Maybe they got funded by users, maybe not. It's not that transparent. And admin have some issues with each other, defederating, blocking instance for personal or non so personal reason. So at the end it's not a really sustainable way of building things in my opinion. Some instances are funded as co-op, but most are not. We are relying on individuals to keep things running. The mental charge is big.

    We need transparency about instance ownership to be able to choose what model we want to support.

    I'm also really interested on how the GDPR compliance will be enforced. Meta's threads couldn't launch in the EU, so I wonder about the status of Mastodon. Is it a work in progress situation or did the EU not reach out mastodon.social yet and wait for a bigger user base?

    Regarding the efficiency of the protocol, I couldn't find any discussion about it. I was wondering if the cost of being federated, posts and media being pushed from server to sever will have a negative impact regarding energetic consumption. I've read that mastodon was quite "hungry". So I asked one of ActivityPub co author about it, if they accounted energetic consumption when designing the protocol. The answer was "No." And they blocked me.

    Maybe it's not a big deal and the impact is not bad. But right now if have no idea. So I'm using a service without knowing the cost of it, the consequence, and this is not ok. And I find it really annoying that this topics is not being covered more and the discussion censored in a way.

    It's not a matter of ruining the nice thing we have. It's more about transparency, let users know where we are now, so we can all decide where we would go next.

    • Chat rooms and forums persisted for decades being run by small groups of users or individuals.

      This is completely sustainable and a return to what the Internet used to be before the sanitised corporate owned version you seem to think is important.

      Also do you know the cost and consequences of your ISPs internet connection you are using?

      Frankly your post sounds like some astroturfed concern-troll shit.

      • Well I'm sorry that you read it this way. I was not my intention.

        You didn't address any of my points and you just unequivocally judged it and dismissed it.

        • I addressed your point of sustainability through examples of this being sustainable in the past and queried the validity of your concerns about “using a service without knowing the cost of it, the consequence” by questioning if you ever bothered with this in any other aspect of your life up until now (e.x. the very Internet you would use to access such a service in the first place).

          Im sorry your reading comprehension wasn’t able to see that.

          • and for you throwing an example is enough to make a point? how do you know that I don't bother about it on other places on the web? do you know about whataboutism? do you think that the old "it was always like this so it's ok" is a relevant position?

            please keep your condescending tone to you. if you don't want to have a real discussion about this and just want to get upvotes, go for it. I don't care and leave me alone please

            • Mhmm because it’s so probable that any individual has actually gone to the length of questioning every ISP and only selecting the most ethical one, assuming you’re even in a location with multiple providers. Let alone every other aspect of their life. It’s far more likely concern trolling, especially coupled with this constant victimhood response you keep deflecting with.

              This is a real discussion, but you’re free to not respond … and let’s be honest you’ve addressed zero of my response so far so it’s not like anything would change.

63 comments