thenexusofprivacy

@thenexusofprivacy@infosec.exchange

A newsletter about #privacy, #technology, #policy, #strategy, and #justice.

Currently at @nexusofprivacy, but looking for a new home and so checking out infosec.exchange

This profile is from a federated server and may be incomplete. Browse more on the original instance.

thenexusofprivacy, (edited ) to fediverse

Mastodon and today's fediverse are unsafe by design and unsafe by default – and instance blocking is a blunt but powerful safety tool

Part 1 of "Golden opportunities for the fediverse – and whatever comes next"

https://privacy.thenexus.today/unsafe-by-design-and-unsafe-by-default/

Over the course of this multi-part series, I'll discuss Mastodon and the fediverse's long-standing problems with abuse and harassment; the strengths and weaknesses of current tools like instance blocking and blocklists; the approaches emerging tools like and take, along with potential problems; paths to improving the situation; and how the fediverse as a whole can seize the moment and build on the progress that's being made; . At the end I'll collect it all into a single post, with a revised introduction.

This first installment has three sections:

  • Today's fediverse is unsafe by design and unsafe by default

  • Instance-level federation choices are a blunt but powerful safety tool

  • Instance-level federation decisions reflect norms, policies, and interpretations

thenexusofprivacy,

Compare and contrast: Fediseer, FIRES, and The Bad Space

https://privacy.thenexus.today/fediseer-fires-and-the-bad-space/

Part 4 of "Golden opportunities for the fediverse – and whatever comes next"

The Bad Space is only one of the projects exploring different ways of moving beyond the fediverse's current reliance on instance-level blocking and blocklists. It's especially interesting to compare and contrast The Bad Space with two somewhat-similar projects:

  • Fediseer is another instance catalog, including endorsements as well as negative judgments about instances.
  • FIRES (an acronym for Fediverse Intelligence Recommendations & Replication Endpoint Server) is infrastructure for moderation advisories and recommendations.

(I originally shared this post here but forgot to included it in this thread. Oops! So I'm cut-and-pasting and sharing again. There's some interesting dialog in the comments in the original post.)

thenexusofprivacy, to fediverse

Should the Fediverse welcome its new surveillance-capitalism overlords? Opinions differ!

https://privacy.thenexus.today/should-the-fediverse-welcome-surveillance-capitalism/

Contents:

  • Two views of the fediverse
  • The case for "Trust but verify"
  • Wait a second. Why should anybody trust Facebook, Instagram, or Meta?
  • Why the Anti-Meta FediPact is good strategy
  • We're here, we're queer, fuck Facebook
  • A few words about digital colonialism
  • Now's a good time for instance admins to discuss with their communities
  • In chaos there is opportunity!

@fediverse @fediverse

thenexusofprivacy, to fediverse

Strategies for the free fediverses

https://privacy.thenexus.today/strategies-for-the-free-fediverses/

The fediverse is evolving into different regions

  • "Meta's fediverses", federating with Meta to allow communications, potentially using services from Meta such as automated moderation or ad targeting, and potentially harvesting data on Meta's behalf.

  • "free fediverses" that reject Meta – and surveillance capitalism more generally

The free fediverses have a lot of advantages over Meta and Meta's fediverses, some of which will be very hard to counter, and clearly have enough critical mass that they'll be just fine.

Here's a set of strategies for the free fediverses to provide a viable alternative to surveillance capitalism. They build on the strengths of today's fediverse at its best – including natural advantages the free fediverses have that Threads and Meta's fediverses will having a very hard time countering – but also are hopefully candid about weaknesses that need to be addressed. It's a long list, so I'll be spreading out over multiple posts; this post currently goes into detail on the first two.

  • Opposition to Meta and surveillance capitalism is an appealing position. Highlight it!

  • Focus on consent (including consent-based federation), privacy, and safety

  • Emphasize "networked communities"

  • Support concentric federations of instances and communities

  • Consider "transitively defederating" Meta's fediverses (as well as defederating Threads)

  • Consider working with people and instances in Meta's fediverses (and Bluesky, Dreamwidth, and other social networks) whose goals and values align with the free fediverses'

  • Build a sustainable ecosystem

  • Prepare for Meta's (and their allies') attempts to paint the free fediverses in a bad light

  • Reduce the dependency on Mastodon

  • Prioritize accessibility, which is a huge opportunity

  • Commit to anti-fascist, anti-racist, anti-colonial, and pro-LGBTQIA2S+ principles, policies, practices, and norms for the free fediverses

  • Organize!

@fediverse @fediversenews

thenexusofprivacy, (edited ) to meta

A poll: if you're planning on blocking Threads , do you want your posts to federate there so that hate groups can interact with them and Meta can track you?

The way blocking works on Mastodon, if your instance hasn't enabled "authorized fetch", blocking Threads won't actually prevent your posts from federating there if somebody on another instance who hasn't blocked Threads boosts your post. This means that anybody on Threads can still potentially see your posts, including hate groups like Libs of TikTok and Gays Against Groomers. And Meta's privacy policy says they'll use the information to target advertising and improve their products by training AIs. And most large Mastodon instances today haven't turned on authorized fetch.

If you're planning on -- or considering -- blocking Threads, do you still want your posts to federate there?

@fediverse @fediversenews

thenexusofprivacy, (edited ) to random

Are followers-only posts public? A poll

Followers-only posts are only visible to your followers -- and to admins of any instances your followers on. But if you haven't turned on "approve followes", anybody who's logged in to an instance you haven't blocked can folloow you and get access to your followers-only posts.

In your view, are followers-only posts public?

thenexusofprivacy, to fediverse

Threat modeling Meta, the fediverse, and privacy

https://privacy.thenexus.today/fediverse-threat-modeling-privacy-and-meta/

There's very little privacy on the fediverse today. Mastodon and other fediverse software wasn't designed and implemented with privacy in mind. Even the underlying protocol that powers the fediverse has major limitations. But it doesn't have to be that way!

Meta's new product means that it's critical for the fediverse to start focusing more on privacy. Of course, 's a threat in many other ways as well; that said, the privacy aspects are important too.

For one thing, if Meta does indeed follow through on its plans to work with instance admins and others "partners" who to monetize their users (and their data), people in the region of the fediverse that's not Meta-friendly will need stronger privacy protections to protect their data. And Meta's far from the only threat to privacy out there; changes that reduce the amount of data Meta can gather without consent will also help with other bad actors.

More positively, there's also a huge opportunity here. Privacy's even worse on Facebook and Instagram than it is in the fediverse. So If the fediverse can provide a more private alternative, that will be hugely appealing to a lot of people.

Any way you look at it, now's a good time for the fediverse to take privacy more seriously.

The bulk of the article focuses on threat modeling, a useful technique for identifying opportunities for improvement. It's a long article, though, so if you don't want to wallow in the details, feel free to skip ahead to the section at the end on the path forward and the specific recommendations.

And if you're already bought in to the idea that the
should focus more on privacy, and just want to know how you can help make it happen, it also suggests specific actions you can take -- and there's a section with some thoughts for

Here's the table of contents:

  • There's very little privacy on the fediverse today. But it doesn't have to be that way!
  • Today's fediverse is prototyping at scale
  • Threat modeling 101
  • They can't scrape it if they can't fetch it
  • Different kinds of mitigations
  • Attack surface reduction and privacy by default
  • Scraping's far from the only attack to consider
  • Win/win "monetization" partnerships, threat or menace?
  • A quick note to instance admins
  • Charting a path forward
  • Recommendations

This is still a draft, so as always feedback is welcome. And thanks to everybody for the feedback on previous drafts!

https://privacy.thenexus.today/fediverse-threat-modeling-privacy-and-meta/

thenexusofprivacy, to kbin

Don't tell people "it's easy", and six more things KBin, Lemmy, and the fediverse can learn from Mastodon

https://privacy.thenexus.today/kbin-lemmy-fediverse-learnings-from-mastodon/

Reddit's strategy of antagonizing app writters, moderators, and millions of redditors is good news for reddit alternatives like KBin and Lemmy. And not just them! The fediverse has always grown in waves and we're at the start of one.

Previous waves have led to innovation but also major challenges and limited growth. It's worth looking at what tactics worked well in the past, to use them again or adapt them and build on them. It's also valuable to look at what went wrong or didn't work out as well in the past, to see if there are ways to do better.

Here's the current table of contents:

  • I'm flashing!!!!!
  • But first, some background
  1. Don't tell people "it's easy"
  2. Improve the "getting-started experience"
  3. Keep scalability and sustainability in mind
  4. Prioritize accessibility
  5. Get ready for trolls, hate speech, harassment, spam, porn, and disinformation
  6. Invest in moderation tools
  7. Values matter
  • This is a great opportunity – and it won't be the last great opportunity

https://privacy.thenexus.today/kbin-lemmy-fediverse-learnings-from-mastodon/

Thanks to everybody for the great feedback on the draft version of the post!

@fediversenews @fediverse @fediverse

thenexusofprivacy, (edited ) to Polls

Two polls about federating with Threads (1/2)

Threads (a fairly new social network from Facebook's parent company Meta) is testing integration with the fediverse.

Opinions differ on whether or not this is a good thing.

Some people think this is great: if all goes well, it's an opportunity for people on Mastodon, Pixelfed, Misskey, and other fediverse platfirms to follow (and eventually communicate with) friends and public figures on Threads.

Others see it as a threat -- because of Meta's long history of exploiting people's data without consent, hosting hate groups and harassers, discriminating against LGBTQ+ people, Black activists, and Palestinians, and contributing to genocides.

When the prospect of Threads federating was first discussed last summer, most polls showed that opinions were roughly split.

What do people think now that it's getting real?

This poll asks about what you personally plan to do; the followon poll asks about what you want your instance to do.

@fediversenews

thenexusofprivacy, to meta

There's been a lot of discussion about potential parallels between the situation with / / today and / Google Talk / back in the day -- see for example @ploum How to Kill a Decentralised Network (such as the Fediverse) and @evan's perspectives here.

But there are also some important differences! For one thing, we've got the benefit of learning from the XMPP experience. And that's only the tip of the iceberg ...

What do others see as key similarities and differences between the two situations?

thenexusofprivacy, (edited ) to queer

We're here, we're queer, we're federated: How queer, trans, and non-binary people helped create Mastodon and are shaping today's fediverse

https://privacy.thenexus.today/here-queer-and-federated-on-mastodon-and-the-fediverse/

Happy !

THis is a draft version, so feedback is very welcome!

@lgbtq_plus

.

thenexusofprivacy, to mastodon

How to choose the right Mastodon instance

https://privacy.thenexus.today/choosing-a-mastodon-instance/

An excerpt:

...

One of the challenges for newcomers to Mastodon is that you're faced with a major decision you face when signing up: what server (aka "instance") to choose? Different instances have different focuses: are geographically focused (sfba.social), identity-based (tech.lgbt), interest-based (mastodon.art), professional (infosec.exchange), a group of friends (friend.camp), or even lipogrammatic (oulipo.social, which doesn't allow the letter 'e' in posts). Others are "general purpose", without a specific focus – like mastodon.social, mastodon.ai, and hachyderm.io. The choice isn't irrevocable – you can migrate your account to another instance and keep the list of who you're following and who's following you – but it's still daunting.

Newcomers are often told that it doesn't matter what instance you're on, or encouraged to join mastodon.social (the "flagship" instance, which is the default for mobile apps and spreadmastodon.com). This is really horrible advice, because what instance you're on has a big effect on your experience – and for most people, mastodon.social is not a good place to start.

...

[This is an an updated version of the post I originally did last November. I've tried to double-check that the links all still work, please let me know if I missed any!]

@fediverse @fediverse

thenexusofprivacy, (edited ) to random

FISA Section 702 Reauthorization: House GOP leadership pulls dueling FISA bills amid backlash!

https://www.cnn.com/2023/12/11/politics/house-gop-leadership-pulls-dueling-fisa-bills/index.html

Instead, a four-month extension is attached to the NDAA -- unless it gets removed. Dozens of civil rights and racial justice groups oppose extending FISA in the NDAA.

If you agree, call your Senators TODAY and with a simple ask: "DO NOT put 702 in the NDAA."

@privacy

thenexusofprivacy, to threads

Should the Fediverse welcome its new surveillance-capitalism overlords? Opinions differ! (UPDATED)

https://privacy.thenexus.today/should-the-fediverse-welcome-surveillance-capitalism/

With Meta's announcement today that is starting to test limited integration, it seemed like a good time to update this deep dive on the different perspectives on Threads and the -- including discussions of the

@fediversenews

thenexusofprivacy, (edited ) to kbin

Don't tell people "it's easy", and seven more things Kbin, Lemmy, and the fediverse can learn from Mastodon (UPDATED)

https://privacy.thenexus.today/kbin-lemmy-fediverse-learnings-from-mastodon/

This adds several new sections to the previous version -- including an update on what's happened since then. Here's the new table of contents:

I'm flashing!!!!!
But first, some background

  1. Don't tell people "it's easy"
  2. Improve the "getting-started experience"
  3. Keep scalability and sustainability in mind
  4. Prioritize accessibility
  5. Get ready for trolls, hate speech, harassment, spam, porn, and disinformation
  6. Invest in moderation tools
  7. Experiment to find what approaches are a good fit for the current state of the software
  8. Values matter

This is a great opportunity – and it won't be the last great opportunity
Ten days later ...
A few more thoughts on moderation

@lemmy @fediversenews

thenexusofprivacy, to fediverse

Compare and contrast: Fediseer, FIRES, and The Bad Space

https://privacy.thenexus.today/fediseer-fires-and-the-bad-space/

The Bad Space is only one of the projects exploring different ways of moving beyond the fediverse's current reliance on instance-level blocking and blocklists. It's especially interesting to compare and contrast The Bad Space with two somewhat-similar projects:

  • Fediseer is another instance catalog, including endorsements as well as negative judgments about instances.

  • FIRES (an acronym for Fediverse Intelligence Recommendations & Replication Endpoint Server) is infrastructure for moderation advisories and recommendations.

Many thanks to @thisismissem and @Db0 for feedback on earlier versions of this post!

(Part 4 of "Golden opportunities for the fediverse – and whatever comes next")

thenexusofprivacy, (edited ) to fediverse

Embrace, Extend, and Exploit: Meta's plan for ActivityPub, Mastodon and the fediverse

https://privacy.thenexus.today/embrace-extend-and-exploit/

  1. Embrace , , , and the
  2. Extend ActivityPub, Mastodon, and the fediverse with a very-usable app that provides additional functionality (initially the ability to follow everybody you're following on Instagram, and to communicate with all users) that isn't available to the rest of the fediverse – as well over time providing additional services and introducing incompatibilities and non-standard improvements to the protocol
  3. Exploit ActivityPub, Mastodon, and the fediverse by utilizing them for profit – and also using them selfishly for Meta's own ends
thenexusofprivacy, to privacy

College Board shares SAT Scores with Facebook, TikTok, and others

https://gizmodo.com/sat-college-board-tells-facebook-tiktok-your-scores-gpa-1850768077

"Gizmodo observed the College Board’s website sharing data with Facebook and TikTok when a user fills in information about their GPA and SAT scores. When this reporter used the College Board’s search filtering tools to find colleges that might accept a student with a C+ grade-point average and a SAT score of 420 out of 1600, the site let the social media companies know. Whether a student is acing their tests or struggling, Facebook and TikTok get the details.

The College Board shares this data via “pixels,” invisible tracking technology used to facilitate targeted advertising on platforms such as Facebook and TikTok. The data is shared along with unique user IDs to identify the students, along with other information about how you use the College Board’s site. Tok, and a variety of companies."

@privacy

thenexusofprivacy, to microsoft

Microsoft endorses anti-LGBTQ online "child safety" bill KOSA night before Big Tech hearing (US Politics)

Worth noting: Microsoft owns LinkedIn, which wouldn't be particularly affected by KOSA.

There's a hearing on Wednesday, and potentially a Senate vote soon, so if you're in the US now's a good time to contact your Senators. https://stopkosa.com and EFF's page make it easy!

https://gazette.com/news/wex/microsoft-president-endorses-online-child-safety-bill-night-before-big-tech-hearing/article_cd2e8eb5-ba98-5e95-9333-5646dd6a249f.html

@bad_internet_bills

thenexusofprivacy,

@olives Very true. And it won't make kids safer. @bad_internet_bills

thenexusofprivacy, to random

Great live-tooting thread from today's session by @irenes

https://mastodon.social/@irenes/111048397258634492

thenexusofprivacy, to fediverse

What fediverse apps and software, support quote posts today?

Here's a great thread by @polotek about quoted posts.

https://social.polotek.net/@polotek/111699960916060256

What fediverse software platforms or apps supports quoted posts today (sometimes implemented as a link, a screenshot, or a reply)?

@thenexusofprivacy

thenexusofprivacy, (edited ) to random

Steps towards a safer fediverse (DRAFT)

https://privacy.thenexus.today/steps-towards-a-safer-fediverse-draft/

Feedback welcome!

There are some straightforward opportunities for short-term safety improvements, but this is only the start of what's needed to change the dynamic more completely.

#fediverse

thenexusofprivacy, (edited ) to microsoft

Business is business: Snap, Microsoft, and X endorse the anti-LGBTQ+, pro-censorship KOSA bill

https://privacy.thenexus.today/kosa-snap-x-microsoft/

Why would pro-LGBTQ+ companies like Snap and endorse ? Business is business! What's important is looking like they're trying to protect children -- even though KOSA would actually harm kids.

Politically, KOSA's anti-LGBTQ+ aspects gives Republicans (and anti-LGBTQ+ tech companies) a reason to get on board. If some of the Democrats who say they're pro-LGBTQ+ Democrats "reluctantly" decide to support it then it's got the votes to pass. On the other hand, if pro-LGBTQ+ Democrats and legislators of both parties who really do want to help kids stick to their guns, then Congress is a lot more likely to do something that actually helps kids.

With quotes from @evangreer of @fight, @melissagira, @zephoria @juliaserano, and @charliejane and links to actions like https://stopkosa.com

thenexusofprivacy, to random

PCLOB (the Privacy and Civil Liberties Oversight Board) has received approval to release an unclassified version of its December 2020 classified report on the National Security Agency’s (NSA’s) use of XKEYSCORE, an intelligence analysis tool.

Read the report here: https://documents.pclob.gov/prod/Documents/OversightReport/900dc3c3-dc5f-4202-b7f8-55ce574afb1d/NSA%20XKEYSCORE%20REPORT.pdf

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • osvaldo12
  • mdbf
  • Youngstown
  • cisconetworking
  • slotface
  • rosin
  • thenastyranch
  • ngwrru68w68
  • khanakhh
  • megavids
  • ethstaker
  • tacticalgear
  • modclub
  • cubers
  • Leos
  • everett
  • GTA5RPClips
  • Durango
  • anitta
  • normalnudes
  • provamag3
  • tester
  • lostlight
  • All magazines
    •