The fediverse has a bullying problem
-
Everyone I ever talked to told me "well yes we have to implement our own version of ActivityPub because AP is under-defined". In most cases it is defined what AP does, but not how. Therefore individual programers go in and figure out on their own how a certain thing they are building for their platform should be structured in AP.
Now, every project could simply go "I will copy the way Pixelfed implements it". But why should PF have that priviledge?
I shared a bit about exactly this here: https://lemmyverse.link/lemmings.world/comment/14476151
-
Yeah, the whole thing of "if #public is in
toand the user is incc, it means one thing, but if it's the other way around, it means something different" just reeks of "IDK I just wanted to hack it up and move on and IDGAF how platforms other than Mastodon are going to wind up handling it." Which is fine... as long as your users universally understand that that's your level of care towards honoring non-public visibility settings they're setting on their posts.Yep. Sadly, Lemmy will move on to implement this exact horrible mess in future versions.
The current ChatMessage approach is much better than crazy shenanigans with to/cc/mentions.
-
Privacy and encryption are inalienable human rights, even in authoritarian hells like North Korea.
There's is no reason to comply with bs laws.If you don't see mocking a fascist government as a form of protest, I'm not so sure how I can help you see the harm in leaving.
That last paragraph is the problem, they know they are a line of defense for many vulnerable people in France. So leaving them to their own devices is a form of complicit acceptance.
There is a reason: you will be sued out of existence. And the bit about North Korea made me laugh, so thanks.
-
There is a reason: you will be sued out of existence. And the bit about North Korea made me laugh, so thanks.
You get sued no matter what authoritarian country your tools get used in, it doesn't mean Signal Technology Foundation han to comply with French law, as they are not beholden by their jurisdiction.
That is why I used North Korea as an e.g. Kim Jong Un can't sue the world. -
You get sued no matter what authoritarian country your tools get used in, it doesn't mean Signal Technology Foundation han to comply with French law, as they are not beholden by their jurisdiction.
That is why I used North Korea as an e.g. Kim Jong Un can't sue the world.But if you officially operate somewhere, they can sue you, I thought that was common knowledge?
Anyway, not complying with local laws and operating in the country can get you in some serious trouble. And the trouble will escalate until you comply or pull out of the country.
Kim Jong Un can sue anyone. Like, they can sue Signal if they want. Sure, they have no way to enforce it, but they can sue (and win the case). It's not like this would be a first, that happened quite a few times. Especially in dictatorship.
-
Using Laravel as a framework should be the first red flag, I yet have to meet a Laravel dev who understands architecture (and I interviewed quite a bit of them). That framework is several anti-patterns bundled into a nice package.
I mean, I completely agree but last time I said that people flamed me over it. If it was still 2013 then I'd look more into it, but today it's such a monolithic architecture
-
Well, where are you all when the Fedi cheerleading squad keeps posting about how bad it is that this or that competitor stores this or that information and how secure and private and great it is in Fedi servers because they don't store anything?
Because I've spent years chiming in to explain these things in those and it normally just gets people angry and complaining that you're shilling for corporate social media or whatever. The image being projected, both accidentally and on purpose is that no centralized data collection means your data on Fedi is private when it is extremely not.
-
They're nasty pieces of shit when they don't have to look at the person they're hurting or putting in danger, but that only supports my theory. There's an empathy disconnect that's created when there isn't a human face or voice immediately in front of them. Once they aren't in danger of an in-person interaction all the venom comes out. Online, that's basically all of our interactions.
I should point out the phenomenon where a minority in a community will magically become "one of the good ones" so that the bigots can continue hating minorities while empathizing with their neighbor. This is also becoming less common as we grow more isolated from each other and everyone moves online, destroying the potential for that face-to-face interaction.
I do concede that there has been a trend towards xenophobia that has been exacerbated by filter bubbles and even more by algorithms. But the balance is that people who once had no choice but to suffer ostracism and extreme isolation have been able find community online and have improved mental health and outcomes in many ways.
I certainly found this myself in the early days of the internet before the iron fist of corporatism grabbed this fledgling space, determined to extract value from it, and creating the nightmares of isolation and hate that are now Farcebork and its ilk. Fedi has been a welcome return to smaller communities that have to do the necessary work of self management, which reduces the hate and isolation that is promoted by antisocial media, even if it doesn't stop it altogether.
My point is, the internet isn't worse. Humans can be good or bad, but certain environments make them behave in worse ways, and these environments can exist both online and off.
-
But if you officially operate somewhere, they can sue you, I thought that was common knowledge?
Anyway, not complying with local laws and operating in the country can get you in some serious trouble. And the trouble will escalate until you comply or pull out of the country.
Kim Jong Un can sue anyone. Like, they can sue Signal if they want. Sure, they have no way to enforce it, but they can sue (and win the case). It's not like this would be a first, that happened quite a few times. Especially in dictatorship.
How can non-enforceable laws be laws?
Your majesty, the peasants are rebelling, they have overtaken the army, what do we do?
-
Some people have privacy expectations that are not realistic in an unencrypted, federated, heterogeneous environment run by hobbyist volunteers in their spare time.
It you have something private and sensitive to share with a small audience, make a group chat on Signal. Don't invite any reporters.
This poster... its like every other social media platform is not anonymous?!
Why should this one be?
Did you really think i.e. reddit wouldn't corpo-analyze the fork out of your data with data science practices? Anonymous upvotes? LOL -
I’m genuinely curious what you would call this and what distinguishes it from a vulnerability.
Leaving aside responsibility, the system could have been set up in a way that wouldn’t have exposed user data but wasn’t. This is now fixed and user data isn’t exposed via this method any longer. What is the right word for what it was at the moment this flaw was discovered?
Not me who downvoted you, FYI.
To me, a vulnerability is something unforeseen, that allows bad actors to exploit the system in an unintended manner. In this case, the system is working perfectly as designed. Just because another system decided to implement a new feature without consulting anybody else, does not make it a vulnerability. Or perhaps it does, but with the vulnerability on the side of Mastodon, since they're the ones telling their users their post is private when it is actually nothing of the sort.
What would I call it? An unsupported feature. One that Mastodon forced everybody else to implement without asking or any respect.
-
How can non-enforceable laws be laws?
Your majesty, the peasants are rebelling, they have overtaken the army, what do we do?
I mean, have you ever read anything about any dictatorship?
-
It’s not meant to be a messenger, it’s not meant for privacy. Everything being public and transparent is part of the core design of the Fediverse. The idea of private groups/posts on the Fediverse seems counterintuitive to me.
Just want to counter this: Privacy is in fact a part of ActivityPub. Stuff is only meant to be public if it is sent to the Public collection, otherwise it should only be delivered to the intended recipients, much like email. This is part of the core protocol, not any extension.
-
I definitely agree, it's advertised as private, when really it's more "open" so that it's not profitable I think
I think the confusion from fediverse’s claims of privacy stem from poor enunciation from its proponents. It is more private in the amount of passive data mining for ad tracking purposes compared to for profit social media. The architecture is designed to discourage these practices from the people that manage the infrastructure. And the price for that mechanism is, making public, data that cannot be monetised on a large scale, which for profit social media guaranteed “privacy” to(in quotes because it was private from prying eyes through E2EE but not your keys not your data.)
I can see where the confusion might arise for nontechnical people who aren’t familiar with the technical aspects of ActivityPub implementations. I don’t think there should be any confusion for technical people in understanding the architecture clearly guarantees a total lack of private data, seeing as how decentralisation works.
-
Nothing is private on the fediverse, and Mastodon's bodge only gives the illusion of privacy. There should be zero expectation that any fediverse software will follow their non-standard extensions.
I think the confusion from fediverse’s claims of privacy stem from poor enunciation from its proponents. It is definitely more private in the amount of passive data mining for ad tracking purposes compared to for profit social media. The architecture is designed to discourage instance managers from implementing ad-tech from building sophisticated user profiles of your behaviour in order to serve you more targeted ads from the people that manage the infrastructure. There’s no monitoring of clicks, click through rates, time spent on the platform, the type of content you like, etc. And the price for that mechanism is, making public, data that cannot be monetised on a large scale, which for profit social media guaranteed “privacy” to(in quotes because it was private from prying eyes through E2EE but not your keys not your data.)
I can see where the confusion might arise for nontechnical people who aren’t familiar with the technical aspects of ActivityPub implementations. I don’t think there should be any confusion for technical people in understanding the architecture clearly guarantees a total lack of private data, seeing as how decentralisation works.
-
Not me who downvoted you, FYI.
To me, a vulnerability is something unforeseen, that allows bad actors to exploit the system in an unintended manner. In this case, the system is working perfectly as designed. Just because another system decided to implement a new feature without consulting anybody else, does not make it a vulnerability. Or perhaps it does, but with the vulnerability on the side of Mastodon, since they're the ones telling their users their post is private when it is actually nothing of the sort.
What would I call it? An unsupported feature. One that Mastodon forced everybody else to implement without asking or any respect.
I appreciate your reply and understand your perspective. I still don’t fully agree, it might be a matter of the point of view from which you look at this issue. But I think in essence we are on the same page.
Thanks for not abandoning the discussion!
-
the problem lies within the underlying protocol.
The problem lies with Gargron doing what Gargron does, implementing whatever the f he wants for "the Mastodon network" and not giving a crap how it affects the health of the overall fediverse.
Hell, this isn't even the first time there's been drama over Mastodon's advisory post scopes, not by a long shot. I kinda wish I'd saved receipts from the last couple times, some highly experienced devs have chimed in in the past.
Mastodon is just one of many applications that uses AP for their own custom purposes. MissKey and derived software has some kind of emoji response feature to posts that's basically unimplemented anywhere else. Lemmy's boosting trick to make comment sync make interoperability with timeline based social media a spamfest.
Maybe I should check again, but last time I looked into it there were no commonly used ActivityPub compliant servers. Everyone does their own thing just a little different to make the protocol work for their purposes. Even similar tools (see: MissKey/Mastodon, Lemmy/Kbin) took a while to actually interoperate.
As far as I can tell, the idea behind the original design, where servers are mostly content agnostic and clients decide on rendering content in specific ways, hasn't been executed by anyone; servers and clients have been mixed together for practical reasons and that's why we get these issues.
-
Mastodon moving to the ActivityPod (I think that’s the proposal name) Nomadic Identity/DID model like bluesky where the user holds their private key will be essential at some point if mastodon is going to compete with bluesky seriously for twitter refugees
Can you share the proposal? ActivityPods is something else. https://activitypods.org/
-
Yeah, you're not wrong. I definitely don't think it is a fediverse-only problem. Something changed culturally between Usenet and the things that came after.
I was thinking about this earlier today: There was a wonderful little renaissance that happened around the time of the Napster / Slashdot / flash game era, when "it's the internet so of course it is awful" was in abeyance for a little bit of time and things were cool (as well as being pretty creative, and generally sensible.) I think a lot of what I'm upset about here is not so much that people are being catty (as you said, that's just kind of the nature of the beast), but that it's so disconnected from reality. People will say wild made-up nonsense and then other people will take it seriously. Of course, yes, that's not exactly new or a fedi specific problem...
I get what you lot are getting at but my objection is this, at least when it comes to the Mastodon part of the Fediverse it gets advertised as the nicest social experiences. Mastodon not the Fediverse has a moat on civility, some of the most nasty experiences I’ve seen people have is on fedi. That creates a very different expectation and thus people don’t want to hear “that’s the internet for you”. If it wasn’t marketed as such then I’d completely agree with the points being made.
-
Can you share the proposal? ActivityPods is something else. https://activitypods.org/
This is wedistribute’s blogpost on the proposal
I thought it had some sort of branding beyond nomadic identity but I guess I was just misremembering
