How do kbin instances (and all aggregator protocols) work to maintain privacy and safety? What can we put up on the roadmap (when there is one)? (Instance members at least; ppl posting on fedi in general)

JanoRis, 11 months ago

Both kbin and lemmy don't have 2FA yet. What is protecting me from getting my account hacked? Is 2FA on the roadmap?

0xtero, 11 months ago

My two federated cents:

political (extend, embrace, extinguish playbook means standards-setting work will be under threat of an eventual oligopoly);

Bringing over potential 1.2bn users is going to change the landscape. We'll get access to brands, advertising and influencers. New people tend to gravitate towards larger instances and Meta will make sure they market Threads heavily. This will be a huge concern for those that want to see fedi "succeed" (in terms of popularity). Meta doesn't really have to do anything malicious. Just by existing, they'll attract most new people who would have gone to mastodon.social or pixelfeed otherwise.

For me, personally - it's not an concern. I'm fine with instances with far less people. I'm not here to see fediverse "succeed". In my opinion more people isn't the same as successful service. In fact the best communities are just around 150 engaged people discussing the stuff they love. Dunbar's Number is important here. I like high signal with minimal noise. For me, fedi is just that right now. So I'm firmly in the "defederate the shit out of Meta"-camp (also because it's a shit company, with shit people).

privacy (data scraping and surveillance capitalism is a known thing, legal or otherwise);

Meta/whoever can do this already today, and they don't really need much for it. They certainly don't need to develop a whole new service for it. The fedi is full of public APIs. Mining and surveillance is easy to do and hard to detect in federated environment. If someone wants to be malicious, there's really very little we can do to stop them. So apply that to your personal threat model when you post.

But in general I'd like better moderation tools - being able to control where my stuff ends up, how long it lives and what I see in my feeds is a priority for me. Fedi services have been historically very bad with this - we should be better. Mastodon has nice features like auto-delete content based on time, filter incoming messages based on hashtags, words etc - we should have them here on kbin as well.

infrastructure (the full blast of new Threads accounts and the way AP and esp Masto does JSON will mean the perpetual fetching will overwhelm smaller instances)

This is my biggest concern. The ActitivyPub implementations in fediverse are a hot mess of inefficiencies and bloat. Especially at Mastodon. One "viral" toot will generate silly amount of traffic in federation status updates. It's a shitty situation with a potential to "DDoS" small instances or overwhelm them with hosting bills. Especially if the population explodes to +1bn new users suddenly.

This would suck.

cendawanita, 11 months ago

And just to provide an example, copying straight from my comment here https://mefi.social/@cendawanita/110585975153683699:

Yup that's happening rn. It really got driven home for me when my kbin account gave me a comment alert... For this account. It went to the correct person because the usernick is the same. Also the comment is to a post that is uh untagged 🙃 https://kbin.social/m/random/p/498351/I-m-thinking-once-there-s-a-protocol-i-really-like-just

NotTheOnlyGamer, 11 months ago

I accepted Eternal September on Usenet & IRC. I've seen it everywhere, now, and often driven by the profit motive. That said, I don't mind. This is corporate action. The Internet Wild West is dead and gone, and attempts like this are about as authentic as Gunsmoke or the Lone Ranger at recapturing it.

There's no place for the console cowboys or codeslingers anymore. Just like a century ago, there was no place for the real cowboys and gunslingers.

cendawanita, 11 months ago

@NotTheOnlyGamer it's still worth worrying. Like, in the examples i gave in the comments, i can't login to kbin.social with my other account, and i can't delete my posts. (ETA: but the larger problem is the flood of traffic and kbin hasn't had time to sort out proper instance blocks yet. Spam is already an issue)

NotTheOnlyGamer, 11 months ago

I haven't seen anywhere near the spam problem that I see on other social media here on kbin. As long as people using Threads are posting normally, I'd assume most of it will fall into /m/random as untagged Mastodon-esque content. Your other account seems to be hosted on another site, so anything that needs to be handled should be coming from there. I don't see how it's kbin.social's problem.

cendawanita, 11 months ago

@NotTheOnlyGamer ah ok, you haven't seen either the posts here, or on the fediverse magazine, or just the fact the fedidb (who tracks usage stats) had to pause on their count for threadiverse accounts because spam accounts inflated the count, or lemmy.blahaj.zone having to take a minute to delete all the spam accounts...

But fundamentally you're still not wrapping your head around what federation means. Just before Reddit Migration, the biggest and flagship instance mastodon.social, were put on silence or defed a few times this year because their open signups caused spam being sent across the fediverse.

Kierunkowy74, 11 months ago

kbin.social has already turned CAPTCHA on, compared to mastodon.social that time.

cendawanita, 11 months ago

@Kierunkowy74 yup that's a good move. But overwhelming traffic from legit users is still however an issue.

One rl illustration: https://ar.al/2022/11/09/is-the-fediverse-about-to-get-fryed-or-why-every-toot-is-also-a-potential-denial-of-service-attack/

@NotTheOnlyGamer

NotTheOnlyGamer, 11 months ago

I have wrapped my head around it - I was on multiplexed BBSes back in the day and my folks ran a local booster server for a few months. ActivityPub isn't a new concept, just a new application. Mind you, with most of the ActivityPub-enabled websites I use, I stick to the "local" community, whenever possible. I turn it on only if there's nothing to read in the local community.

cendawanita, 11 months ago

@NotTheOnlyGamer that is definitely a good practice as an individual user. At instance-level, do you share my concerns tho?

NotTheOnlyGamer, 11 months ago

Honestly, no. I get where you're coming from, but I have no concerns.

I expect the E^3 mindset nowadays and I've come to accept the fact that the users don't own the Web. When Facebook launches Threads, I'll decide at that point whether or not to join, based on whether my friends do or not, and whether my local groups can be contacted more easily there than Meetup. As far as privacy, I expect that post-2001, if I touch a computer that's connected to the internet, someone knows, and someone has figured out how to monetize that fact. As far as the stability of fediverse sites when the Fb traffic hits, I guess my feeling is basically the same as I had about websites when Prodigy & AOL got the open Web. If you can't take it, stop hosting yourself and move to a cheaper, more robust, and more centralized host.

None of these things bother me anymore; I've given up. This is what the Internet is, this is what it was always going to be. Accept it or disconnect. Companies win.

I've commented already that I expect the monetization and corporatization of the fediverse within two years. This just confirms I was right. People generally want monolithic platforms, they want to join already strong communities. If Facebook can offer that, you're going to see many new users. I've just learned to give up, and look forward to talking to local people again. I'm a user, not a customer. I'll use whatever the best website or software is for a purpose I choose. I'm not invested in KBin, or Lemmy, or Mastodon, or Pixabay, or PeerTube. I'm interested in being able to read interesting content and talk to people. Wherever the Web takes me on that journey is fine.

cendawanita, 11 months ago

@NotTheOnlyGamer ah okay, i see where you're coming from. I'm still quite strident about it only because AP being open source, the current Fedi discourse is as much political as well as technical - and you're right, the era of corporate internet is not winding down just yet. But it's also not a given i can't advocate for better controls especially because fediverse means i have more control than a user of corporate socmed over which server to go and what software to use. It's slightly easier to feel that there is something that i can do because i think there is. We wouldn't be here otherwise (instead we'll tolerate what Twitter has become, what reddit continues to become). I come from the livejournal era, and that code was forked many which ways and the various journal clones became where the migration headed to when sixapart bought it (then later Russia via corporate proxy). But it was slightly too early in tech and user quality - but I feel like I'm reliving the days I'm on dreamwidth, still in touch with ppl who moved to insanejournal etc.

Because it's possible, I'm still motivated enough to talk about it. And you know, thank you. Despite posting it in the meta community for this instance, barely anyone engaged in these concerns, not even those otherwise active. Ernest I'm sure is busy, but now I'm concerned not even those who'd sum up what's going on here would talk about this. So I really appreciate the exchange.