Threads' New Terms and Conditions Affects the Fediverse

Provided that a Third Party User is followed by or following a Threads account, Meta will ingest these pieces of data specifically:

Username

Profile Picture

IP Address

Name of Third Party Service

Posts from profile

Post interactions (Follow, Like, Reshare, Mentions)

So if you follow a threads user or even if a threads user just follows you, they pull all this data?

IMO this seems like reason to defederate across the board. Someone else can leak your info to Meta.

Permanently Deleted

If someone had any doubts about federation with Threads, they shouldn't by now. Facebook is trying to turn Fediverse into Shittyverse and Fedizens should resist that

Everybody, please understand what defederating means. It will not stop the defederated instance from getting the data. It just means you don't pull theirs.

If you want to actually control who gets data, you'd have to switch to a service like Streams. ActivityPub cannot prevent anyone from pulling data. It only allows an instance to decide not to pull from a specific location.

Mother fuckers are moving to take ownership of the fediverse by calling us "third party users".

Looks like there's a lot of FUD around this, so I decided to jump into the ActivityPub spec and see exactly what they can and can't get with the spec as is.

First off, they cannot get a users individual IP unless the instance owner publishes it in the profile data as part of a "public" activity stream. I don't know of any instance that does this currently (feel free to correct me if I'm wrong).

It looks like what Meta is looking to do is scrape the information in the "public" tagged activity streams:

In addition to [ActivityStreams] collections and objects, Activities may additionally be addressed to the special "public" collection, with the identifier https://www.w3.org/ns/activitystreams#Public.

Activities addressed to this special URI shall be accessible to all users, without authentication.

This is similar to what most instances do to show the posts of a user or community - they send a request to get "public" tagged data to publish to their end users. Within this data is all the activity information on that post - who upvoted what and who, and who commented. Again, this is the same way federation works now - your server has an activity stream of all your followed and followers that it can make available to view by tagging their activity as "public". Many instances have this information tagged as "public" as a default.

Now, this system works fine if you're dealing with small actors that don't have nefarious designs on the network, or the resources to dominate it.

When you have a digital behemoth with grand AI designs that's already embroiled in lawsuits where it was grabbing your medical data and regularly allows law enforcement to stroll through its records, it's an entirely different situation. Meta has the power and capacity to not only engage in an "embrance, extend, extinguish" campaign against the Fediverse, but also to seriously threaten the privacy and well-being of Fediverse users in a way no single instance owner can.

I think the solution here will be for individual instance owners to harden their security and if not outright de=federate from Threads, ensure that posts are private by default and that their users are made well aware in the TOS that following a Threads user will result in sharing data about their profile that could (and most likely will) be matched back to their Facebook account.

Instances that don't allow visibility control on posts, like Kbin and Lemmy, should look at adding an option to post only to the local server, or have the capacity to block threads.net outgoing publication based on user profile settings.

Instances that don't allow follow request filtering probably should look at adding it (Mastodon has it implemented - Kbin and I think Lemmy would need to catch up) - otherwise users could be unaware that they're sending their data to threads.net when someone from that service follows them.

I think it goes without saying that any data Meta gets will get the AI treatment - both to identify users and to sell your activity to marketers. That activity is the real goldmine for them - that's a stream of revenue for marketing that rivals what Meta tracks on its own platform.

As such, it may be worthwhile for instance owners to look at removing voting and boosting counts from the "public" activity feed. This would mean more fragmentation for communities whose populations span instances (vote counts would be more off than they are now), but it would prevent bad actors from easily scraping that data for behavioral analysis.

All in all, though, I don't believe it's going to be a positive event when Threads does start federating. One of the nice things about the Fediverse is that the learning curve is high enough to keep the idiot count down, and I don't really see our content or commentary here improving once Meta's audience enters the space.

I don't know what you're getting excited about here; this is all publicly available information which Facebook could scrape at any time they wanted (federated or not), even right this very second.

Wtf. Can't they just be defederated. Get that shit outta here.

Permanently Deleted

Stupid question, couldn't instances just say they don't allow scraping specifically from Facebook in their ToS and then report them for GDPR violations if they do?

As in say that have the ToS says that "we'll give your data to other instances because that's how the Fediverse works, we won't give your data to Facebook" and also "Facebook is not allowed to federate, and is not allowed to pull data".

Then just say that your data subjects don't consent to any data pulling by Facebook, and Facebook scraping your system even through ActivityPub is a violation of GDPR.

No, they don't. Please leave the click-baity bullshit out of here.

Any instance that federates with this garbage should be mass defederated

They're literally just taking data they need to federate, like all the other instances. Eventually people around here are going to get sick of this paranoid "fuck Meta because it's Meta" attitude because people keep posting lame misinformation like this. I know I'm getting sick of it.

All instances should start blocking them. Lemmy.world Admins should be on high alert but something tells me they won't block meta.

Guys, everyone move to small instances so that all the power doesnt go to one instance. I joined aussie.zone just for this reason.

Do they get my IP if I reply to somebody or a post on Threads?

I was under the impression that I submit to my instance and then that passes the message along.

I had a quick look at the posts and comments bits of the schema and it doesn't appear to list an IP address field, unless I'm blind. Which is always possible.

Petition your instance admin to defederate from Threads!

@deadsuperhero Well, they have to collect this data to be able to federate. Question is only, what they are doing with this data. When they don't block communication with European servers, they have to follow GDPR here. And these rules limit what they are allowed to do - and the fines for breaching the rules hurt even large companies.

One additional point: Most (all?) AP services perform signed requests when querying the profile and the profile related endpoints. So in the current Friendica version we already added a coding, so that unsigned requests only get some basic data that is needed for the communication, but nothing more. AFAIK some other services are doing so as well.

This coding can be extended so that signed requests from Threads will always result in only returning the basic profile data.

Yep. If “world” doesn’t defederate from Threads l am going to main another instance

This will be the death knell of any instance that does no defederate/blacklist them.

I finally got a nice little piece of hardware. I wanted to spin up my own private instance and the first thing I’m doing is defederating with Meta.

Provided I can get my kBin instance up and running 😅

Spookbook is . Everything you say and do on there will be held against you. The company is notorious for fishing expeditions.

Can someone please explain why this matters. Almost all madtadon instances are public and can be data mined by any company. Why is it such a large concern if threads is able to see a portion of the posts on the fediverse like any other mastadon instance. To me the only thing threads federation changes is allowing me to view posts on threads without the amount of MS my cursor is over the podt being data mined to know what food Ill be craving in a week.

So they'll grab what is needed to federate? The same stuff every instance grabs?

There seems to be a general consesnus that feddiverse users don't want anything to do with meta and that instances will defederate with threads. I'm curious if the majority will follow this trend to avoid yet another EEE, or if there will be some exceptions. I bet meta will be open to pay good money to instance admins for "colaboration" if the instance is big enough.

Zuck’s Dad should’ve defederated him on the wall

Wouldnt the name of your profile be more specific than your ip address so it doesnt matter if they get your ip address or not?

Also, why would they store the data? They cant show you ads

Like tentacles of a blood sucking octopus...

So if I read this right, no big deal as long as you don't interact with threads stuff on the fediverse?