1 yr. ago • 68%

Fediverse privacy nightmare?

blog.bloonface.com The fediverse is a privacy nightmare

ActivityPub, the protocol that powers the fediverse (including Mastodon – same caveats as the first two times, will be used interchangeably, deal with it) is not private. It is not even semi-…

I think they are leaving out something quite important in this blog post - nobody is using their real names here.

It's very different from Meta or Google or whatever big tech company people have accounts on, where they know your real name and many more details, such as phone number and address.

I don't see the privacy danger in someone sweeping up what we are talking about here, since we are pseudo anonymous. Am I missing something?

Whats the value of random aliases discussing something and why is that a privacy issue?

You Should Know @lemmy.world YSK: The Fediverse is a privacy nightmare

Haupteingang @feddit.de The fediverse is a privacy nightmare

Fediverse @lemmy.world Is Your Privacy Safe? The Hidden Dangers of Fediverse

27 comments

If you have concerns that your posts will be public on a public message board, you're kind of fucking stupid. It's like being concerned that you will be visible if you leave your house to go to the store.

26
- Bloonface.com has been posting anti-fediverse propaganda for a while now. It's time to stop listening to what they have to say.
  
  16
It is not even semi-private. It is a completely public medium and absolutely nothing posted on it, including direct messages, can be seen as even remotely secure. Worse, anything you post on Mastodon is, once sent, for all intents and purposes completely irrevocable.

This guy is either actively trying to spread fear and doubt about decentralized services, or is somehow only now understanding what the internet is and how it works. Did I step into some kind of time vortex a while back and end up in a world where people ever believed that anything on the internet was private or revocable?

22
- I really think that the corporate systems we’ve all grown used to have tricked people into thinking their data was “safe” just because some big company was “taking care of it.”
  
  Also possible this person works for Reddit or something 🤪
  
  6
- Most of these discussions on privacy I run into are clearly filled with people who don't understand a damn thing about the internet. Many of which are on Facebook... Using their real name and real photo as a PFP. They don't actually care about privacy. They just like being scared and angry.
  
  6
The author of this blog post just realized that things posted publicly on the internet are indeed public, and that Ctrl+C and Ctrl+V exist.

This is not some special property of the Fediverse, it's how the internet has always worked. If you post something publicly (say on your personal blog) then others can see it, make copies and redistribute them, even if you later decide to delete the original content. Companies like Google build massive indexes of everything posted by anyone ever, and there is nothing you can do about it if you want your content to be publicly accessible. If you share something with just a group of people, and someone decides to make it public, then it's public. Nothing new about that.

The GDPR works in exactly the same way in the Fediverse as with the existing services right now. If you want something deleted you have to send a notice to every service that has your content. In reality you'll just send it to the X biggest services, because they represent 99% of the users that could potentially see that content, and that's usually enough. You can do the same with the X most popular Fediverse instances. Even better, we might be able to create a standardized and automated process for it, because they all run the same set of Fediverse apps using ActivityPub after all.

Afaik DMs work just like unencrypted (so regular!) emails. If you send your company secrets to john@we-leak-your-mails.com then you're probably screwed, same thing with @john@we-leak-your-dms.lemmy.

22
Brain dead take. Sums up as "Wah! Information you publicize is public!" This guy completely misses the fact the the privacy nightmare of corporate social media is the apps that scrape every piece of traceable information off your phone to sell, and the cookies and browser tracking so they can follow you all over the web. AFAIK fediverse sites aren't doing this.

16
- apps that scrape every piece of traceable information off your phone to sell
  
  The word "scrape" is a little bit generous IMO. Threads in particular with its endless scrolling list of required permissions is literally handing your entire phone to Facebook/Meta - saved contacts, payment information, fitness tracker and health information... half of those permissions I didn't know even existed 😳
  
  6
This is sadly a text written with much confidence about something they understand very little about. Especially the part about the GDPR is IANAL completely wrong.

Yes, DMs over AP are not secure. That's why there is the big banner above it in nearly every AP implementation. The rest is pretty much FUD.

13
- Permanently Deleted
  
  1
  
  if I sent you a private message, is that viewable in plain text by not just the instance owner we’re both on
  
  Yes.
  
  other federated instances too?
  
  Not by design, but instances can misbehave.
  
  private messaging over AP
  
  Private is misleading here: for messaging to be private, no third party should be able to read the messages. In practice, this usually requires end-to-end encryption.
  
  3
This is 100% FUD. The content of your profile, and the posts you send out to the world are not supposed to be private. What's supposed to be private is:

Your IP address

Your location

Your email address

your contacts

your browsing data

your health data

your purchase history

Etc. etc. These are the privacy issues you should be concerned with.
12
- There are two options when you communicate in a wide channel way that the fediverse implements. A single-owner gate keeps for everyone, aka Facebook, or it's all public. The former means your posts are owned by tht entity and they control your data. In the later your data is held by no one. Then at least, you are not an exploitable commodity. This at least means the platform is protected from a class of abuse driven by ownership.
  
  2
If you don't register with an email address, I'm not sure there's much privacy violation going on. We're all posting to a public forum (like reddit, Meta, Twitter, Nextdoor, LinkedIn and countless other places) so use common sense and don't post anything truly private or self-identifying.

8
- Permanently Deleted
  
  1
Well, i think i saw several posts about this topic popping up in the last few days. And posts questioning things like this one. I'm not sure. I think this is fearmongering. Other services know even more about you and they even harvest and analyze this kind of data actively... I bet your Facebook-friends also know who you are. So what's the point? True. We need GDPR compliance and to save as little data as possible. But if you want something anonymous: Install Tor or anything suited for that task. Don't write blog posts and spread FUD about this platform. (Or do it, but then don't be a hypocrite and also write about what reddit/google/twitter/amazon do with your ip and browser fingerprint)

7
deleted by creator

... Lol, not really. Never¹.

This article speaks to the horror of edgelords who are just now realizing that no, the Real Internet isn't a placewheree you can drop edgelord bullshit and fade into the crowd. 🌎 👨‍🚀 🔫 👨‍🚀 Never was.

¹ Literally never. Not even on Reddit.

4
If a 3rd party entering the fediverse is a nightmare then we probably built it incorrectly.

3
The person who wrote this blog has no brain wrinkles.

3
pseudoymous, even

2

You've viewed 27 comments.