Just a reminder: it is possible to track you on #ActivityPub / #Mastodon because most of your data are public (messages posted, followers and following lists) . I have the feeling that not everybody realise that. We can tell a lot on who you are just with your following list.
Some data are private to your server (IP address, connection time - which can more or less be deducted from your public activity -, devices used), but a lot is public.
@mathieui the liked collection is not exposed by Mastodon at least indeed, I'll update the message. You can make any data private, but follower/following are public by default.
@mathieui that also means that even if "liked" collection is not exposed, if you have a big instance where lot of objects are liked, the instance knows a lot about your likes (which is related to the current topic of a huge instance coming).
You can have a lot of data by default, and if you have a huge instance you can have a crazy amount of data.
My point is that you can't hide much if you are using a service based on public messages.
@mathieui Do you know the behaviour of the followed actor if you have a private following list? My guess is that it appears in its followers list anyway, but I'm not sure (cause there is no flag in the spec to say that a following should be private).
and your server IP address is known, if you self-host your server IP is known (if you are hosting at home, that means your IP).
Of course this is the same for any service you self-host.
Collective and ethical hosting by associations, foundations, local groups, etc. are the way to go, as long as we can export/remove data and change service at anytime.
Add comment