thenexusofprivacy

thenexusofprivacy, 3 months ago to random

PCLOB (the Privacy and Civil Liberties Oversight Board) has received approval to release an unclassified version of its December 2020 classified report on the National Security Agency’s (NSA’s) use of XKEYSCORE, an intelligence analysis tool.

Read the report here: https://documents.pclob.gov/prod/Documents/OversightReport/900dc3c3-dc5f-4202-b7f8-55ce574afb1d/NSA%20XKEYSCORE%20REPORT.pdf

#nsa #surveillance

thenexusofprivacy, 3 months ago (edited 3 months ago) to microsoft

Business is business: Snap, Microsoft, and X endorse the anti-LGBTQ+, pro-censorship KOSA bill

https://privacy.thenexus.today/kosa-snap-x-microsoft/

Why would pro-LGBTQ+ companies like Snap and #Microsoft endorse #KOSA? Business is business! What's important is looking like they're trying to protect children -- even though KOSA would actually harm kids.

Politically, KOSA's anti-LGBTQ+ aspects gives Republicans (and anti-LGBTQ+ tech companies) a reason to get on board. If some of the Democrats who say they're pro-LGBTQ+ Democrats "reluctantly" decide to support it then it's got the votes to pass. On the other hand, if pro-LGBTQ+ Democrats and legislators of both parties who really do want to help kids stick to their guns, then Congress is a lot more likely to do something that actually helps kids.

With quotes from @evangreer of @fight, @melissagira, @zephoria @juliaserano, and @charliejane and links to actions like https://stopkosa.com

thenexusofprivacy, 3 months ago to microsoft

Microsoft endorses anti-LGBTQ online "child safety" bill KOSA night before Big Tech hearing (US Politics)

Worth noting: Microsoft owns LinkedIn, which wouldn't be particularly affected by KOSA.

There's a hearing on Wednesday, and potentially a Senate vote soon, so if you're in the US now's a good time to contact your Senators. https://stopkosa.com and EFF's page make it easy!

https://gazette.com/news/wex/microsoft-president-endorses-online-child-safety-bill-night-before-big-tech-hearing/article_cd2e8eb5-ba98-5e95-9333-5646dd6a249f.html

#kosa #microsoft

@bad_internet_bills

thenexusofprivacy, 3 months ago (edited 3 months ago) to random

Steps towards a safer fediverse (DRAFT)

https://privacy.thenexus.today/steps-towards-a-safer-fediverse-draft/

Feedback welcome!

There are some straightforward opportunities for short-term safety improvements, but this is only the start of what's needed to change the dynamic more completely.

#fediverse

thenexusofprivacy, 4 months ago to fediverse

What fediverse apps and software, support quote posts today?

Here's a great thread by @polotek about quoted posts.

https://social.polotek.net/@polotek/111699960916060256

What fediverse software platforms or apps supports quoted posts today (sometimes implemented as a link, a screenshot, or a reply)?

@thenexusofprivacy #fediverse #mastodon #quoteboost

thenexusofprivacy, 4 months ago to fediverse

Strategies for the free fediverses

https://privacy.thenexus.today/strategies-for-the-free-fediverses/

The fediverse is evolving into different regions

• "Meta's fediverses", federating with Meta to allow communications, potentially using services from Meta such as automated moderation or ad targeting, and potentially harvesting data on Meta's behalf.

• "free fediverses" that reject Meta – and surveillance capitalism more generally

The free fediverses have a lot of advantages over Meta and Meta's fediverses, some of which will be very hard to counter, and clearly have enough critical mass that they'll be just fine.

Here's a set of strategies for the free fediverses to provide a viable alternative to surveillance capitalism. They build on the strengths of today's fediverse at its best – including natural advantages the free fediverses have that Threads and Meta's fediverses will having a very hard time countering – but also are hopefully candid about weaknesses that need to be addressed. It's a long list, so I'll be spreading out over multiple posts; this post currently goes into detail on the first two.

• Opposition to Meta and surveillance capitalism is an appealing position. Highlight it!

• Focus on consent (including consent-based federation), privacy, and safety

• Emphasize "networked communities"

• Support concentric federations of instances and communities

• Consider "transitively defederating" Meta's fediverses (as well as defederating Threads)

• Consider working with people and instances in Meta's fediverses (and Bluesky, Dreamwidth, and other social networks) whose goals and values align with the free fediverses'

• Build a sustainable ecosystem

• Prepare for Meta's (and their allies') attempts to paint the free fediverses in a bad light

• Reduce the dependency on Mastodon

• Prioritize accessibility, which is a huge opportunity

• Commit to anti-fascist, anti-racist, anti-colonial, and pro-LGBTQIA2S+ principles, policies, practices, and norms for the free fediverses

• Organize!

#fediverse #freefediverse #threads @fediverse @fediversenews

thenexusofprivacy, 5 months ago (edited 5 months ago) to fediverse

Embrace, Extend, and Exploit: Meta's plan for ActivityPub, Mastodon and the fediverse

https://privacy.thenexus.today/embrace-extend-and-exploit/

1. Embrace #ActivityPub, , #Mastodon, and the #fediverse
2. Extend ActivityPub, Mastodon, and the fediverse with a very-usable app that provides additional functionality (initially the ability to follow everybody you're following on Instagram, and to communicate with all #Threads users) that isn't available to the rest of the fediverse – as well over time providing additional services and introducing incompatibilities and non-standard improvements to the protocol
3. Exploit ActivityPub, Mastodon, and the fediverse by utilizing them for profit – and also using them selfishly for Meta's own ends

thenexusofprivacy, 5 months ago to meta

There's been a lot of discussion about potential parallels between the situation with #Meta / #Threads / #ActivityPub today and #Google / Google Talk / #XMPP back in the day -- see for example @ploum How to Kill a Decentralised Network (such as the Fediverse) and @evan's perspectives here.

But there are also some important differences! For one thing, we've got the benefit of learning from the XMPP experience. And that's only the tip of the iceberg ...

What do others see as key similarities and differences between the two situations?

#FediMeta

thenexusofprivacy, 5 months ago to fediverse

Compare and contrast: Fediseer, FIRES, and The Bad Space

https://privacy.thenexus.today/fediseer-fires-and-the-bad-space/

The Bad Space is only one of the projects exploring different ways of moving beyond the fediverse's current reliance on instance-level blocking and blocklists. It's especially interesting to compare and contrast The Bad Space with two somewhat-similar projects:

• Fediseer is another instance catalog, including endorsements as well as negative judgments about instances.

• FIRES (an acronym for Fediverse Intelligence Recommendations & Replication Endpoint Server) is infrastructure for moderation advisories and recommendations.

Many thanks to @thisismissem and @Db0 for feedback on earlier versions of this post!

(Part 4 of "Golden opportunities for the fediverse – and whatever comes next")

#TheBadSpace #Fediseer #FIRES #fediverse

thenexusofprivacy, 5 months ago (edited 5 months ago) to meta

A poll: if you're planning on blocking Threads , do you want your posts to federate there so that hate groups can interact with them and Meta can track you?

The way blocking works on Mastodon, if your instance hasn't enabled "authorized fetch", blocking Threads won't actually prevent your posts from federating there if somebody on another instance who hasn't blocked Threads boosts your post. This means that anybody on Threads can still potentially see your posts, including hate groups like Libs of TikTok and Gays Against Groomers. And Meta's privacy policy says they'll use the information to target advertising and improve their products by training AIs. And most large Mastodon instances today haven't turned on authorized fetch.

If you're planning on -- or considering -- blocking Threads, do you still want your posts to federate there?

#meta #threads #fedipact #fedimeta @fediverse @fediversenews

thenexusofprivacy, 5 months ago to meta

Since there's so muich discussion of Meta in the fediverse, it's a good time to call attention to the Stop Silencing Palestine campaign from @7amleh @eff @fight @article19 and other digital rights and human rights groups.

"We renew our call to Meta to stop its systemic censorship of Palestinian voices by overhauling its content moderation practices and policies that continue to restrict content about Palestine. Two years after our initial campaign, our demands remain unmet. Given the ongoing conflict, the urgency for Meta to address our—now updated—recommendations is greater than ever."

https://stopsilencingpalestine.com/

#Meta #StopSilencingPalestine #palestine

thenexusofprivacy, 5 months ago (edited 5 months ago) to Polls

Two polls about federating with Threads (1/2)

Threads (a fairly new social network from Facebook's parent company Meta) is testing integration with the fediverse.

Opinions differ on whether or not this is a good thing.

Some people think this is great: if all goes well, it's an opportunity for people on Mastodon, Pixelfed, Misskey, and other fediverse platfirms to follow (and eventually communicate with) friends and public figures on Threads.

Others see it as a threat -- because of Meta's long history of exploiting people's data without consent, hosting hate groups and harassers, discriminating against LGBTQ+ people, Black activists, and Palestinians, and contributing to genocides.

When the prospect of Threads federating was first discussed last summer, most polls showed that opinions were roughly split.

What do people think now that it's getting real?

This poll asks about what you personally plan to do; the followon poll asks about what you want your instance to do.

#threads #fediverse #meta @fediversenews

thenexusofprivacy, 5 months ago to threads

Should the Fediverse welcome its new surveillance-capitalism overlords? Opinions differ! (UPDATED)

https://privacy.thenexus.today/should-the-fediverse-welcome-surveillance-capitalism/

With Meta's announcement today that #Threads is starting to test limited #ActivityPub integration, it seemed like a good time to update this deep dive on the different perspectives on Threads and the #fediverse -- including discussions of the #FediPact

@fediversenews

thenexusofprivacy, 5 months ago (edited 5 months ago) to random

FISA Section 702 Reauthorization: House GOP leadership pulls dueling FISA bills amid backlash!

https://www.cnn.com/2023/12/11/politics/house-gop-leadership-pulls-dueling-fisa-bills/index.html

Instead, a four-month extension is attached to the NDAA -- unless it gets removed. Dozens of civil rights and racial justice groups oppose extending FISA in the NDAA.

If you agree, call your Senators TODAY and with a simple ask: "DO NOT put 702 in the NDAA."

#FISA #Section702 @privacy

thenexusofprivacy, 5 months ago (edited 5 months ago) to random

House Judiciary Committee advances FISA Section 702 bill with warrant requirements, 35-2

Sen. Ron Wyden says "This is great news for anyone who cares about protecting their privacy from government overreach."

So far the only coverage is @tonya_riley's paywalled Bloomberg News article

https://news.bloomberglaw.com/ip-law/house-panel-oks-bill-to-renew-rein-in-electronic-surveillance

The bill is H.R. 6570, the Protect Liberty and End Warrantless Surveillance Act, sponsored by Rep. Andy Biggs (R-AZ). It has a lot of similarities to the bipartisan Government Surveillance Reform Act (where Wyden and Sen. Mike Lee are the Senate sponsors). But there are other bills potentially moving forward as well.... (1/3)

#fisa #surveillance @privacy

thenexusofprivacy, 6 months ago (edited 5 months ago) to random

Are followers-only posts public? A poll

Followers-only posts are only visible to your followers -- and to admins of any instances your followers on. But if you haven't turned on "approve followes", anybody who's logged in to an instance you haven't blocked can folloow you and get access to your followers-only posts.

In your view, are followers-only posts public?

thenexusofprivacy, 6 months ago (edited 6 months ago) to fediverse

Mastodon and today's fediverse are unsafe by design and unsafe by default – and instance blocking is a blunt but powerful safety tool

Part 1 of "Golden opportunities for the fediverse – and whatever comes next"

https://privacy.thenexus.today/unsafe-by-design-and-unsafe-by-default/

Over the course of this multi-part series, I'll discuss Mastodon and the fediverse's long-standing problems with abuse and harassment; the strengths and weaknesses of current tools like instance blocking and blocklists; the approaches emerging tools like #TheBadSpace and #Fediseer take, along with potential problems; paths to improving the situation; and how the fediverse as a whole can seize the moment and build on the progress that's being made; . At the end I'll collect it all into a single post, with a revised introduction.

This first installment has three sections:

• Today's fediverse is unsafe by design and unsafe by default

• Instance-level federation choices are a blunt but powerful safety tool

• Instance-level federation decisions reflect norms, policies, and interpretations

#fediverse #mastodon

thenexusofprivacy, 6 months ago to random

Asian Americans Raise Alarm Over ‘Chilling Effects’ of Section 702 Surveillance Program

https://www.wired.com/story/aapi-section-702-letter/

Dozens of prominent Asian American groups are asking United States lawmakers this morning to hold fast in the face of an anticipated campaign by congressional leaders to extend the Section 702 surveillance program by securing it, like a rider, to another “must pass” bill.

#FISA

thenexusofprivacy, 6 months ago to random

Urgent: Call Congress to stop KOSA:

From @EFF's Call Congress to Stop KOSA;

The Senate may have a simple voice vote in the next week to move the Kids Online Safety Act (KOSA) quickly through the legislature, without debate, but any one senator can stop it with a hold. We need you to call your senator's office today to tell them to stop KOSA. KOSA would censor the internet and would make government officials the arbiters of what young people can see online, and would likely lead to age verification.

Just last week more than 70 LGBTQ+ organizations came out against this dangerous and misguided bill, which would make kids less safe rather than more safe and especially harm LGBTQ+ youth. So it's crucial to stop it from moving forward!

EFF's page makes it easy to call your Senators; or, https://www.stopkosa.com/ makes it easy to send a letter (and find out more about the bill).

#kosa

thenexusofprivacy, 8 months ago to random

Great live-tooting thread from today's #pepr23 session by @irenes

https://mastodon.social/@irenes/111048397258634492

thenexusofprivacy, 8 months ago to privacy

College Board shares SAT Scores with Facebook, TikTok, and others

https://gizmodo.com/sat-college-board-tells-facebook-tiktok-your-scores-gpa-1850768077

"Gizmodo observed the College Board’s website sharing data with Facebook and TikTok when a user fills in information about their GPA and SAT scores. When this reporter used the College Board’s search filtering tools to find colleges that might accept a student with a C+ grade-point average and a SAT score of 420 out of 1600, the site let the social media companies know. Whether a student is acing their tests or struggling, Facebook and TikTok get the details.

The College Board shares this data via “pixels,” invisible tracking technology used to facilitate targeted advertising on platforms such as Facebook and TikTok. The data is shared along with unique user IDs to identify the students, along with other information about how you use the College Board’s site. Tok, and a variety of companies."

#privacy @privacy

thenexusofprivacy, 10 months ago to fediverse

Threat modeling Meta, the fediverse, and privacy

https://privacy.thenexus.today/fediverse-threat-modeling-privacy-and-meta/

There's very little privacy on the fediverse today. Mastodon and other fediverse software wasn't designed and implemented with privacy in mind. Even the underlying #ActivityPub protocol that powers the fediverse has major limitations. But it doesn't have to be that way!

Meta's new #Threads product means that it's critical for the fediverse to start focusing more on privacy. Of course, #Meta's a threat in many other ways as well; that said, the privacy aspects are important too.

For one thing, if Meta does indeed follow through on its plans to work with #Mastodon instance admins and others "partners" who to monetize their users (and their data), people in the region of the fediverse that's not Meta-friendly will need stronger privacy protections to protect their data. And Meta's far from the only threat to privacy out there; changes that reduce the amount of data Meta can gather without consent will also help with other bad actors.

More positively, there's also a huge opportunity here. Privacy's even worse on Facebook and Instagram than it is in the fediverse. So If the fediverse can provide a more private alternative, that will be hugely appealing to a lot of people.

Any way you look at it, now's a good time for the fediverse to take privacy more seriously.

The bulk of the article focuses on threat modeling, a useful technique for identifying opportunities for improvement. It's a long article, though, so if you don't want to wallow in the details, feel free to skip ahead to the section at the end on the path forward and the specific recommendations.

And if you're already bought in to the idea that the #fediverse
should focus more on privacy, and just want to know how you can help make it happen, it also suggests specific actions you can take -- and there's a section with some thoughts for #MastoAdmin

Here's the table of contents:

• There's very little privacy on the fediverse today. But it doesn't have to be that way!
• Today's fediverse is prototyping at scale
• Threat modeling 101
• They can't scrape it if they can't fetch it
• Different kinds of mitigations
• Attack surface reduction and privacy by default
• Scraping's far from the only attack to consider
• Win/win "monetization" partnerships, threat or menace?
• A quick note to instance admins
• Charting a path forward
• Recommendations

This is still a draft, so as always feedback is welcome. And thanks to everybody for the feedback on previous drafts!

https://privacy.thenexus.today/fediverse-threat-modeling-privacy-and-meta/

thenexusofprivacy, 10 months ago to mastodon

How to choose the right Mastodon instance

https://privacy.thenexus.today/choosing-a-mastodon-instance/

An excerpt:

...

One of the challenges for newcomers to Mastodon is that you're faced with a major decision you face when signing up: what server (aka "instance") to choose? Different instances have different focuses: are geographically focused (sfba.social), identity-based (tech.lgbt), interest-based (mastodon.art), professional (infosec.exchange), a group of friends (friend.camp), or even lipogrammatic (oulipo.social, which doesn't allow the letter 'e' in posts). Others are "general purpose", without a specific focus – like mastodon.social, mastodon.ai, and hachyderm.io. The choice isn't irrevocable – you can migrate your account to another instance and keep the list of who you're following and who's following you – but it's still daunting.

Newcomers are often told that it doesn't matter what instance you're on, or encouraged to join mastodon.social (the "flagship" instance, which is the default for mobile apps and spreadmastodon.com). This is really horrible advice, because what instance you're on has a big effect on your experience – and for most people, mastodon.social is not a good place to start.

...

[This is an an updated version of the post I originally did last November. I've tried to double-check that the links all still work, please let me know if I missed any!]

@fediverse @fediverse #TwitterMigration #Mastodon

thenexusofprivacy, 10 months ago (edited 10 months ago) to queer

We're here, we're queer, we're federated: How queer, trans, and non-binary people helped create Mastodon and are shaping today's fediverse

https://privacy.thenexus.today/here-queer-and-federated-on-mastodon-and-the-fediverse/

Happy #Pride!

THis is a draft version, so feedback is very welcome!

@lgbtq_plus #queer #trans #lgbtq #lgbtqia

.

thenexusofprivacy, 11 months ago to fediverse

Should the Fediverse welcome its new surveillance-capitalism overlords? Opinions differ!

https://privacy.thenexus.today/should-the-fediverse-welcome-surveillance-capitalism/

Contents:

• Two views of the fediverse
• The case for "Trust but verify"
• Wait a second. Why should anybody trust Facebook, Instagram, or Meta?
• Why the Anti-Meta FediPact is good strategy
• We're here, we're queer, fuck Facebook
• A few words about digital colonialism
• Now's a good time for instance admins to discuss with their communities
• In chaos there is opportunity!

@fediverse @fediverse #fediverse #Meta #FediPact