thenexusofprivacy

@thenexusofprivacy@infosec.exchange

A newsletter about #privacy, #technology, #policy, #strategy, and #justice.

Currently at @nexusofprivacy, but looking for a new home and so checking out infosec.exchange

This profile is from a federated server and may be incomplete. Browse more on the original instance.

ploum, to random
@ploum@mamot.fr avatar

How Meta could kill the Fediverse, a look at historical precedents.

https://ploum.net/2023-06-23-how-to-kill-decentralised-networks.html

At the end of this post, you will find many translations: French, Spanish, German, Italian, Turkish, Russian

thenexusofprivacy,

@ploum timely! it's a great article, we were just talking about it in a chat room.

thenexusofprivacy, (edited ) to Polls

Two polls about federating with Threads (1/2)

Threads (a fairly new social network from Facebook's parent company Meta) is testing integration with the fediverse.

Opinions differ on whether or not this is a good thing.

Some people think this is great: if all goes well, it's an opportunity for people on Mastodon, Pixelfed, Misskey, and other fediverse platfirms to follow (and eventually communicate with) friends and public figures on Threads.

Others see it as a threat -- because of Meta's long history of exploiting people's data without consent, hosting hate groups and harassers, discriminating against LGBTQ+ people, Black activists, and Palestinians, and contributing to genocides.

When the prospect of Threads federating was first discussed last summer, most polls showed that opinions were roughly split.

What do people think now that it's getting real?

This poll asks about what you personally plan to do; the followon poll asks about what you want your instance to do.

@fediversenews

thenexusofprivacy, (edited )

Two polls about federating with Threads (2/2)

Threads (a fairly new social network from Facebook's parent company Meta) is testing integration with the fediverse. The first poll asked about how you personally are reacting; this poll asks about what you want your instance to do.

Just as with individuals, opinions differ as to what instances should do about Threads.

Some instances are blocking Threads. The #FediPact site has some of the reasons why

Others are silencing Threads. This reduces the chance of harassment, and the load on moderators, but doesn't prevent people's data from being shared with Threads (unless they individually block Threads)

And some aren't taking any action against Threads -- at least for the time being, if Threads starts behaving badly they can always revist the decision.

What do you want your instance to do?

#threads #fediverse #meta @fediversenews

thenexusofprivacy,

FYI @Jdreben @jens @stux @pearlbear here's a poll on threads following up on the polls you did six months ago -- https://infosec.exchange/@thenexusofprivacy/111577595664776073

exchgr, to random
@exchgr@mastodon.world avatar

that’s alright, i’ve preemptively blocked threads.net. yep, all of it. i don’t want it subsuming my content into its ai

thenexusofprivacy,

@paninid It's more complex than that. Today< there are legal barriers to them scraping public information, technical barriers to them scraping non-public information (followers-only posts), and opportunities to add additional technical barriers to scraping currently-public info. Of course Meta, Facebook, and Instagram have a history of breaking the law and acquiring data without consent even when it's illegal, stringing out the legal process as long as possible, and then paying the fine as a cost of doing business ... but then again EU data protection authorities have been coming down hard on them, and recently issued a strong statement about scraping, so for the limited value of today's fediverse Meta might not see it as worth flagrantly breaking the law.

There are some links at the start of "They can't scrape it if they can't fetch it" in
https://privacy.thenexus.today/fediverse-threat-modeling-privacy-and-meta/#no-fetching to the various articles with more detail.

@exchgr @mrcompletely

thenexusofprivacy, to threads

Should the Fediverse welcome its new surveillance-capitalism overlords? Opinions differ! (UPDATED)

https://privacy.thenexus.today/should-the-fediverse-welcome-surveillance-capitalism/

With Meta's announcement today that is starting to test limited integration, it seemed like a good time to update this deep dive on the different perspectives on Threads and the -- including discussions of the

@fediversenews

thenexusofprivacy,

One straightforward way: when posts from Threads get shared to the fediverse, if you interact with them (like, sharing, or replying), all that information will goes to Meta -- which they can then share with authoritarian governments (as well as use for training their AIs, targeting ads, etc etc etc). Or, if you're followed by somebody on Threads, your posts go to Threads.

@MrLee @fediversenews

thenexusofprivacy,

@MrLee Yeah, nothing on the fediverse is secure so if they want to make the effort authoritarian governments could get at all your information today -- in fact last spring the FBI seized a copy of Koletiva's database (not because they were investigating Kolektiva, it just happened to be on some hardware they seized). But, giving it all to Meta makes it a lot easier.

thenexusofprivacy, (edited ) to random

FISA Section 702 Reauthorization: House GOP leadership pulls dueling FISA bills amid backlash!

https://www.cnn.com/2023/12/11/politics/house-gop-leadership-pulls-dueling-fisa-bills/index.html

Instead, a four-month extension is attached to the NDAA -- unless it gets removed. Dozens of civil rights and racial justice groups oppose extending FISA in the NDAA.

If you agree, call your Senators TODAY and with a simple ask: "DO NOT put 702 in the NDAA."

@privacy

thenexusofprivacy,

@ophiocephalic Sometimes we can use paralysis to our advantage! But FISA is unusual in that both parties are split between surveillance hawks and reformers. FreedomWorks and Demand Progress are on the same side on this one!

thenexusofprivacy,

@drwho Not necessarily. In the short term, the huge split in the Republican party means that the NDAA's already not a slam-dunk, so throwing gasoline on the fire with FISA activism could potentially have an impact. It also adds to pressure on Speaker Johnson, who's under a lot of fire from Republicans for how badly he's handled this mess.

And even if they do the short-term reauth (which I agree is more likely than not), it's still very much an open question as to what happens next -- it could be anything from GSRA or PLEWSA (with significant reforms) to a straightforward longer-term reauth with minimal reforms as a "compromise" to the odious FFRA (which broadens the scope). So pressure now is also a preparation for the next battle.

thenexusofprivacy, (edited ) to random

House Judiciary Committee advances FISA Section 702 bill with warrant requirements, 35-2

Sen. Ron Wyden says "This is great news for anyone who cares about protecting their privacy from government overreach."

So far the only coverage is @tonya_riley's paywalled Bloomberg News article

https://news.bloomberglaw.com/ip-law/house-panel-oks-bill-to-renew-rein-in-electronic-surveillance

The bill is H.R. 6570, the Protect Liberty and End Warrantless Surveillance Act, sponsored by Rep. Andy Biggs (R-AZ). It has a lot of similarities to the bipartisan Government Surveillance Reform Act (where Wyden and Sen. Mike Lee are the Senate sponsors). But there are other bills potentially moving forward as well.... (1/3)

@privacy

thenexusofprivacy, (edited ) to random

Are followers-only posts public? A poll

Followers-only posts are only visible to your followers -- and to admins of any instances your followers on. But if you haven't turned on "approve followes", anybody who's logged in to an instance you haven't blocked can folloow you and get access to your followers-only posts.

In your view, are followers-only posts public?

thenexusofprivacy, (edited )

Does the term "public posts" include "unlisted posts"?

The Mastodon privacy policy says "Public and unlisted posts are available publicly." But when you choose post visibility, there are separate choices for "public" and "unlisted", and the icons representing them are different.

In your view, does the term "public posts" also include "unlisted posts" ?

thenexusofprivacy,

@webhat Good point! That's certainly true ... so in your view, that makes them public?

thenexusofprivacy,

@webhat oh drat. I added a new choice to the poll for this and it wiped out the two people who had voted so far (presumably including you). Sorry about that!

thenexusofprivacy,

@django yes, the question is just whether people consider it public as a result

thenexusofprivacy,

@tim Good question! Yes, it was intentional. In Eugen's post welcoming Meta to the fediverse he said that they would only be able to access your "public posts" (using that term) and I was wondering how people interpreted that specific language.

For the previous one I was more wondering how people thought of it. The implementation doesn't make them availble to not-logged-in users, and the way the privacy policy clearly distinguishes them from posts that are available publicly, so they're clearly not "public posts". But how do people view them in practice?

@inquiline

thenexusofprivacy,

@sourcejedi great answer, you win the poll!

thenexusofprivacy,

It is super confusing! You're both right: unlisted influences whether it shows up in local, federated, and hashtag timelines; and it influences whether or not it shows up searches within Mastodon (and I think other fediverse software).

Another reason it's confusing is that it's different than unlisted on YouTube. YouTube unlisted isn't available on your profile, Mastodon unlisted is. So that's also not great. I doubt it'll get renamed at this point though

@LauraLangdon @luca

thenexusofprivacy,

@jaz yeah the icons aren't great. Visibility is more accurate but it's been "post privacy" for so long both here and on Facebook not sure how likely it is to change.

And agree that there's a lot of different aspects of "public" in the conversation!

thisismissem, to random
@thisismissem@hachyderm.io avatar

This was a good read by @thenexusofprivacy on “Blocklists in the Fediverse” — https://privacy.thenexus.today/blocklists-in-the-fediverse/

As noted in that article, FIRES is attempting to shift away from blocklists in favour of moderation recommendations and advisories. It also introduces finer-grain controls than just “defederate or silence”.

FIRES will support not just domains but also the ability to provide moderation advisories and recommendations on other entities, e.g., hashtags, actors, links, media, etc.

thenexusofprivacy,

@thisismissem I see blocklists more as recommending an action -- although in situations where they're automatically applied that turns into prescribing the action. But Seridy for example is very clear that his blocklists are just recommendations.

thenexusofprivacy, (edited ) to fediverse

Mastodon and today's fediverse are unsafe by design and unsafe by default – and instance blocking is a blunt but powerful safety tool

Part 1 of "Golden opportunities for the fediverse – and whatever comes next"

https://privacy.thenexus.today/unsafe-by-design-and-unsafe-by-default/

Over the course of this multi-part series, I'll discuss Mastodon and the fediverse's long-standing problems with abuse and harassment; the strengths and weaknesses of current tools like instance blocking and blocklists; the approaches emerging tools like and take, along with potential problems; paths to improving the situation; and how the fediverse as a whole can seize the moment and build on the progress that's being made; . At the end I'll collect it all into a single post, with a revised introduction.

This first installment has three sections:

  • Today's fediverse is unsafe by design and unsafe by default

  • Instance-level federation choices are a blunt but powerful safety tool

  • Instance-level federation decisions reflect norms, policies, and interpretations

thenexusofprivacy,

@apophis good calibration, thanks. I should have been blunter: you and shitposter.club free to shitpost, others are free to block you as a result. It's not an "authoritarian power grab" when people don't want to hear what you have to say.

thenexusofprivacy,

@Jain Sorry I missed this comment earlier. Thanks for the feedback.

  • agreed that Mastodon's current behavior of just silently ignoring DMs isn't great, I should have mentioned that -- next time I do an edit pass I'll put that in.

I certainly didn't mean to imply that authorized fetch is made to supress others talking about something. Authorized fetch makes blocking more effective. You're right that there are still holes, and I should probably be clearer about that. But, incremental progress is useful. And instances may well decide they need to lock down and only federate with other locked-down instances, different approaches to social networks work for different people.

  • agreed that admins could change the settings on follow requests -- although I believe it requires customizing code, so not an option for people using hosted installations (and a hassle for everybody else).
thenexusofprivacy,

@mikedev Thanks for starting that other thread, although the responses still leave it ambiguous. Anyhow I reworked things a bit and included your comment about how it's not a problem in your sector of the fediverse.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • GTA5RPClips
  • cubers
  • osvaldo12
  • khanakhh
  • DreamBathrooms
  • magazineikmin
  • Youngstown
  • mdbf
  • everett
  • slotface
  • InstantRegret
  • rosin
  • provamag3
  • tacticalgear
  • cisconetworking
  • normalnudes
  • Durango
  • thenastyranch
  • Leos
  • ngwrru68w68
  • ethstaker
  • tester
  • anitta
  • megavids
  • modclub
  • lostlight
  • All magazines
    •