Blocking Threads won't be enough to protect privacy once they join the Fediverse

If you have personal information you do not wish bad actors to see, do not publish it using an open protocol explicitly designed to allow anyone to read said information.<p>Defederating from Meta as a solution is stupid - Meta can (and will if they actually care enough) just rejoin undercover.<p>Furthermore, when it comes to the fediverse, Meta is actually one of the <i>more</i> trusted actors compared to whatever else is on there - at least they&#x27;re a known legal entity instead of some random.<p>Finally, the fact that publishing private information publicly on the fediverse wasn&#x27;t considered an issue before Meta came along shows just how irrelevant the whole thing is - the data has been public all this time, but the network is so irrelevant that not even bad actors cared enough to actually scrape it (or at least do anything with it).

The problem I see with Threads isn&#x27;t what Meta will do with fediverse data, it&#x27;s the power they have with owning 97% of the entire fediverse network [1].<p>Embrace, Extend, Extinguish. Owning the vast majority of the fediverse userbase will cause them to have a large amount of power to compel users or servers to do whatever they want. What do you do when Facebook implements a new feature and all of your followers complain that your using a Mastodon server instead of joining Threads that has this feature they want? You either go against your entire community or let Meta takeover your account.<p>As such, the resolution is to not let anyone have this much power. It being Meta makes it easier to hate on them, but no single server should own the vast majority of the network, let alone (100M &#x2F; (100M + 2M + 1M)) = 97% of it [1].<p>[1] Threads has 100M users and is rising fast, Mastodon was recently stated to have 2M active users, the rest of the fediverse can be estimated to be, say, 1M. As such, Threads has about 97% of the userbase.

What&#x27;s the point of joining a decentralized federated platform if you don&#x27;t want other instances or people to see what you post?<p>Meta scraping your name and doing other shenanigans is a different subject and obviously bad, but the rest is like complaining joining a public torrent tracker and being mad about leaking your ip address to its peers.

A lot of privacy problems (including every single one raised in that article) will be solved by just not posting your personal business on social media, but people are somehow unwilling or unable to accept it.<p>If you post incriminating content on a Mastodon server it is still out there whether Facebook can officially connect to it or not. It is archived forever out of your control. The server owner can be subpoenaed. Anyone can scrape the website, take a screenshot, or share it in a hundred different ways. Regardless of what pseudonym you use it can be tied to your real identity with 5 minutes of internet sleuthing.<p>&quot;Private&quot; online social media is an oxymoron. If you put something out there in the world you don&#x27;t get to control whose eyeballs land on it. Facebook isn&#x27;t the problem, your expectations are.

I want it to be blocked for a different reason. The fediverse has always been small enough that the content is &quot;underground&quot; and interesting. Some of the people on there are weird or completely different than me and that&#x27;s what makes them so interesting. That&#x27;s not the case on something like Twitter and Instagram. Good and actually interesting content is drowned out between your average tweets and posts about nothing at all. Or all the content sucks and is there for the sake of exposure, likes, clicks etc. But I don&#x27;t want mastodon to be overrun by 100M users&#x27; uninteresting content! I don&#x27;t even want them in the replies of posts. Mastodon has consistently been great before this while Twitter fiasco. I wish it never happened, I don&#x27;t want the space I have liked for years to change and be ruined. Maybe an apt analogy would be the difference between Marginalia and Google as search engines. Why would one want the interesting underground search engine to be filled with SEO spam and ads?

&gt;Mastodon (and most other fediverse software) wasn&#x27;t designed with privacy and user safety in mind<p>this is the real problem. Mastodon and lemmy share way more information than they actually need to (like lemmy shares a list of usernames who upvoted or downvoted a post, not just a count), and if you&#x27;re using one of those services you should expect that all your data and interactions are public. that&#x27;s the actual threat here, not the possibility that facebook might suck up that data. Blocking Threads from federating is just a short-term patch over mastodon&#x27;s bad privacy controls.

<a href="https:&#x2F;&#x2F;news.yahoo.com&#x2F;teen-mom-plead-guilty-abortion-230802922.html" rel="nofollow noreferrer">https:&#x2F;&#x2F;news.yahoo.com&#x2F;teen-mom-plead-guilty-abortion-230802...</a><p>&gt;A Nebraska woman has pleaded guilty to helping her daughter have a medication abortion last year. The legal proceeding against her hinged on Facebook&#x27;s decision to provide authorities with private messages between that mother and her 17-year-old daughter discussing the latter&#x27;s plans to terminate her pregnancy.<p>If you have information you don&#x27;t want others to know, then don&#x27;t tell your secrets to a multi-billion dollar pseudo-governmental organization that has even less data collection protections than the governments it serves. There&#x27;s more you should do, but that&#x27;s a big one.

This reminds me of the &quot;embrace, extend, extinguish&quot; strategies Microsoft used extensively with Linux and open source software in the 90s. From [1]: &quot;a phrase that the U.S. Department of Justice found that was used internally by Microsoft to describe its strategy for entering product categories involving widely used standards, extending those standards with proprietary capabilities, and then using those differences in order to strongly disadvantage its competitors.&quot;<p>[1] <a href="https:&#x2F;&#x2F;en.m.wikipedia.org&#x2F;wiki&#x2F;Embrace,_extend,_and_extinguish" rel="nofollow noreferrer">https:&#x2F;&#x2F;en.m.wikipedia.org&#x2F;wiki&#x2F;Embrace,_extend,_and_extingu...</a>

I wonder if all of this hoopla over Meta joining the Fediverse is even justified. If Meta wanted to suck up all of that data right now, they could do that without creating an entire social network to do so, by literally grabbing it from the source, where it is publicly available, and they can do this with basically no fear of ever getting called on it. By merely federating with and supporting ActivityPub, all they do is make it reciprocal, and opt-in, at least from our PoV.<p>The real risk here in my opinion is the influence that Threads could have over the Fediverse indirectly. What if they become an integral part of it and threaten to leave, or just leave? What if they become the defacto censor of what instances you can federate with, by virtue of cutting off anyone that doesn&#x27;t defederate certain instances? Etc, etc.<p>The privacy concerns, while they hold some validity, are a little bit moot for people who weren&#x27;t going to consider using Threads in the first place. Google hoovers up all of this data already if only indirectly, and nobody seems to bat an eye.

My prediction on how this goes down...<p>Meta has zero interest in ActivityPub or the Fediverse, a tiny speckle of users hostile to them. In less than a week, they&#x27;ve created an &quot;instance&quot; 50 times the size of all of Mastodon and the rest of the fediverse combined. The projection&#x2F;goal is to grow towards 1B MAU, which would make it 500 times larger than all of the rest of the fediverse.<p>Why would Meta possibly care about this tiny group of misfits? The only reason I can think of is to give legislators the idea that they are &quot;doing good&quot;.<p>Say it is done, and we have this Threads cosmos-sized instance. Tiny vocal Mastodon instances will defederate out of principle, and nobody cares. Because they are anti-growth anyway, they object to anything.<p>Larger Mastodon instances will consider federating but will then find out Threads will only do this under conditions. You have to serve ads, have to comply with a moderation policy, treat user data in a certain way. You effectively work for Meta now, but unpaid.<p>Then you turn the thing on and the flood gates open. The first thing you&#x27;ll notice is your bankruptcy as your few tens of thousands of users now having follow access to a billion users, including very active and popular ones, spiking your infra. 10x? 100x? Who knows? And what about storage? Yesterday I&#x27;ve read how a mid-sized Mastodon instance (few thousand users) was adding 1GB of media storage every 15 mins. Do that times a 100 (or 1,000) as well. Your moderation inbox...well, good luck.<p>This entire thing isn&#x27;t going to work, at all.

This is very akin the dilemma of getting yourself a very secretive and secured email: all the privacy and security stops the matter the moment you send an email to somebody with a GMail; the entire thread is visible below (through a chain of quote blocks) and it&#x27;s game over.<p>If you want true privacy, make a centralized self-hosted service where people have to be allowed in explicitly.<p>Don&#x27;t see what the problem is in the OP, they are kind of expressing displeasure that a service that technically can be scraped by almost anyone is... you know, scheduled for scraping and exposed. And at the same time nobody actually bothered to prevent the scenario from happening.<p>And this also looks very much like the early internet: people didn&#x27;t think others are malicious so security was minimal.<p>This kind of naivete really needs to get clubbed to death. We can&#x27;t afford being as naive nowadays.

Don&#x27;t have public accounts on a platform if you are concerned about privacy. Don&#x27;t use threads, don&#x27;t use Mastadon.

The sex worker real name reveal has to be bullshit.<p>I&#x27;m quite convinced that Meta actually does have the real name of most of us as well as the ability to link it to other accounts. But the idea that Meta would willingly reveal this without the user&#x27;s consent means a planet-scale doxxing event. It could lead to actual deaths in the real world, and they would be legally crushed.<p>What is far more likely to have happened is that the user had an Instagram account with their real name and used that to log in&#x2F;sign up to Threads. There is no stand-alone account on Threads currently.

Claiming control over information that you’ve made publicly available is nothing but claiming control over other people.

If a message is public then I shouldn&#x27;t care if Meta has access to it or not; they can access it if they want to do. However, if I wish to send a private message to someone, even on a different server, it should not have to go through Meta to do so (unless the recipient is on Meta, although then the sender should be made aware of that before sending the message).<p>I don&#x27;t use Fediverse nor Meta&#x2F;Threads, but I write stuff that is public and anyone can view it, or private which only the recipient should read, like anything else, whether I post on Hacker News, or on Usenet, or on a public IRC channel, or whatever else it might be. (Some people don&#x27;t like public IRC logs, but if it is a public channel then I would prefer that it does have logs; fortunately some IRC channels do.)

The unfortunate thing about the Fediverse, relative to a (hypothetical) walled garden, is that this sort of information leaking is inevitable.<p>Meta has the scale and scope to make it scary, but the point of the Fediverse is that it is federated, which implies some openness. If you&#x27;re federated, you are publishing content to other people that they might do whatever they want with. That includes crawling it, storing it, indexing it, and building mass profiles. You can certainly protect yourself by blocking bad actors, but since the network is, well, a network, an aggressor that <i>wants</i> your published data need only find access to a node you <i>do</i> want to share with and copy from there.<p>So you either default-close your data and choose very, very carefully who you federate your node to or... You don&#x27;t put that data in the fediverse at all.<p>(Contrasting to a walled garden, where monolithic control of the data storage and transfer means a single entity is responsible for where the data goes and can constrain at will. If someone&#x27;s kicked off Facebook, they&#x27;re <i>off</i> Facebook; they have a single attack surface they have to reenter to get to that data, not O(nodes) they could make an account on to reach the data of someone who&#x27;d rather not share it with them).

As the crypto industry discovered: the paradox of decentralization is that every downside it has can only be solved in a centralized way.<p>You can&#x27;t have perfect privacy in a system that has the exact opposite goal: federation. It means your data spreads by design and enforcement of any privacy-preserving feature is optional per instance.<p>The very loud minority on Mastodon that obsesses over safety has picked the wrong software. They should have just created a Telegram group.

&gt;Trans people at risk of being targeted by groups like Libs of Tik Tok<p>It&#x27;s my understanding that Libs of Tik Tok simply reposts public videos. Say you manage to find a way to block them specifically from seeing your content what&#x27;s to stop another account springing up and doing the same thing. The only option is to keep your content among friends. But then you have another trust model where your friend could be the next Libs of Tik Tok.

ActivityPub has a problem of laying all data out, nicely structured, just waiting to be scraped and mined and machine-processed, in perpetuity by default, as if it was something people inherently need when communicating. Is it, though?<p>It does look like something idealistically-minded early techies would justifiably find really cool.<p>It may indeed be desirable for, say, Dutch government (and perhaps any government that wants to be transparent).<p>However, I’d argue it may be from suboptimal to harmful for regular people.<p>Regular people may have to worry about future governments, which may or may not end up less transparent to hostile towards them, as well as other powerful adversaries. Regular people may want to be careful and value features like transience, privacy, and plausible deniability.<p>Perhaps we can do better and come up with a protocol that combines openness and those values. Whether Facebook enters the Fediverse with its new product or not, ActivityPub in its current shape and implementation seems to be a liability.

&quot;Decentralized access for everyone, unless it gets popular enough that somebody actually wants to interop with it&quot;<p>I understand the Meta hate, but joining a very explicitly public and intentionally republishable service and then being unhappy that your data is public and intentionally republishable is bizarre to me.

I stopped reading the article as soon as it criticised LibsOfTikTok, arguably one of the best and funniest social media accounts.

A million years ago there was P3P, <i>Platform For Privacy Preferences</i>, which pages&#x2F;resources could use to declare what kind of sharing&#x2F;privacy rights surrounded a document. <a href="https:&#x2F;&#x2F;www.w3.org&#x2F;P3P&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.w3.org&#x2F;P3P&#x2F;</a><p>The working group was closed after browser implementers failed to express interest. As I recall, Microsoft Internet Explorer was the only browser participating. <a href="https:&#x2F;&#x2F;learn.microsoft.com&#x2F;en-us&#x2F;openspecs&#x2F;ie_standards&#x2F;ms-p3p&#x2F;a4defcb3-2504-4a73-abb5-954a8b1b1adc" rel="nofollow noreferrer">https:&#x2F;&#x2F;learn.microsoft.com&#x2F;en-us&#x2F;openspecs&#x2F;ie_standards&#x2F;ms-...</a><p>I could be mistaken&#x2F;mislead about the purpose here. But this idea of having the data be able to advocate for itself what rights other people have seems semi-obvious. It won&#x27;t prevent abuse, but the age of ultra-Legalistic DMCA corporate hawkishness seems largely to have won above almost all others, in most arenas, and this idea of sticking a &quot;you can&#x27;t do that&quot; label on stuff thus seems like a pretty obvious first level defense. One that big data warehouses &amp; big companies in particular probably couldn&#x27;t violate &amp; keep under-wraps.

I know the main image in the article claims Meta scraped their posts and updated their profile, but is it not feasible they used the same email address or phone number they use on IG &#x2F; FB and Meta just filled in the missing blanks using information they have already? Which mind you, Facebook buying IG was under the premise that they would NOT merge IG and FB, but they&#x27;ve been doing that for a while now, they are arguably already merged to the hip.

1. The renaming thing happened to me, and it wasnt that Facebook had scraped something and made some super AI decision, its that one of the things you can report people for on the platform is using an alias, because its against T&#x27;s and C&#x27;s, and that form (last I checked) let you identify the actual user.<p>2 Said well elsewhere but its daft to want to hide public info from a subset of users on a protocol designed to distribute public data.

Meta should use an event loop to avoid blocking Threads

Whoever wrote this needs to be flogged. So melodramatic...

&#x27;I had a FB account as Mistress Matisse, but FB scraped my legal name from somewhere else and then changed my displayed NAME on my account without notice&#x2F;consent.&#x27;<p>Who gave FB permission to conflate two different identities?

The best way to handle it is to make a &quot;minimum viable&quot; account and do absolutely nothing with it, ever, except login and logout annually. Set up a spam filter to trash every single notice from the company.

&quot;Privacy&quot; and &quot;fediverse&quot; are like water and oil: they don&#x27;t mix.<p>Meta would have no more (extra) access to Fedi posts than an large Mastodon instance like Mastodon.social would have.

Meh, I&#x27;m posting on a public forum, I don&#x27;t consider any of it private. Anyway, they&#x27;re not going to do the Fediverse, I&#x27;m 100% positive at this point. There is no benefit to them anymore. Nobody wants them there, and their target user doesn&#x27;t want the complications inherent to the system. I love Mastodon and Lemmy specifically for these reasons. Go there. Forget this nonsense. It&#x27;s a beautiful place to be.

I don&#x27;t see why people think this is the issue it is: the community, at large, will refuse to federate with Threads, and then anything that Meta steals is just a simple DMCA away.<p>And guess what happens when Meta refuses those DMCAs? You go to the networks they peer with. You don&#x27;t screw with tier 1 transit providers, not even Facebook has some magical power here.<p>This isn&#x27;t, and was never, about privacy. It is 100% about Meta stealing data and displaying it so they can pretend people are using their product, so it looks active, and then they can tell their shareholders it was a successful launch. Nobody in the Fediverse wants to help Zuck profit from people&#x27;s hard work that they didn&#x27;t donate to him (ie, post on Facegram and thus license it to him).<p>The flip side of this is also, how will they moderate data that isn&#x27;t theirs? They will have to unfederate from certain servers and users, thus solving the problem.... and if you&#x27;ve seen the fediverse, its 20% trans catgirls who code in rust, are part of a polycule, wear programmers socks, and have spicy opinions about niche Linux distros, all of which are persona non-grata on the Instabook platform.<p>The catgirls are going to save us from Zuck slathering the Internet in Sweet Baby Rays. This wasn&#x27;t the future I was expecting.

In theory it shouldn&#x27;t be hard to block Threads. If they&#x27;re only using one domain for all their users it&#x27;s trivial to block it.<p>But privacy is not the issue with Threads. The issue with Threads is that they&#x27;re going to attempt to destroy the Fediverse through standard Embrace, Extend, Destroy tactics.<p>You see this with Bluesky as well. The point is to interoperate when it&#x27;s in your interests and then break interoperability when you have enough of the audience. Thus, thereby capturing the lion&#x27;s share of the audience.<p>Just wait. Threads will soon have a &#x27;new feature&#x27; that only works with Threads and that does not work on other Fediverse nodes. Then they&#x27;ll try and poison the standards bodies working on ActivityPub. They could increase the velocity of new &#x27;features&#x27; to ActivityPub so fast that unpaid OSS developers couldn&#x27;t keep up. Like Google and that cartel do with browsers. Eventually Meta and maybe a couple other large players will control the standards, or atleast make it obtuse enough to prevent new entrants. This playbook is tried and true.

I’m surprised that a followers-only post’s author’s information would be available to followers of original author’s followers. I would think that a non-public discussion started by one account should be nonexistent to anyone without access to follow that account.

If Mastodon block Threads, I don&#x27;t know what to think anymore. Mastodon should be open to all. That&#x27;s the whole unique selling point, no federation from US companies etc.<p>This will make Mastodon pretty much useless if it can just block networks..

Hunting down your personal details and publishing them is a crime¹, isn&#x27;t it?<p>1 - I mean on the US where Meta really cares about. It&#x27;s probably one on most countries where Meta has revenue, but that won&#x27;t send anybody to jail.

&gt; Threads has rolled out the welcome mat to Nazi supporters, anti-LGBTQ extremists, and white supremacists, including groups like Libs of TikTok that harass trans people.<p>It&#x27;s hard to take the post seriously when they make statements like that, From the linked article:<p>&gt; Fuentes, who claims to have been banned from Meta&#x27;s platforms, announced in a livestream on July 6, “I signed up for it last night. I made a fake Instagram. I got on a fake Thread.”<p>I&#x27;d guess of the 100M users that have signed up lots of people that are banned, or post content that gets banned on FB and Instagram have managed to make accounts too. But I&#x27;m sure the same content moderation policies on FB&#x2F;IG will apply once they start posting, some will get through, but that is far from being welcomed.

Beyond copyright, why wouldn&#x27;t restrictive licensing fill that need? ex: by accessing content on this server, you agree to the terms of service..blah blah ?

So I was going to try threads but can&#x27;t figure out how. I&#x27;m not interested in using a phone. I&#x27;m on a computer. Is there no web version?

My hope is that people will give up on all social media.

Looks like some Mastodon users wanted an interpersonal communication channel and didn&#x27;t realize they were using a publishing platform.

How would meta know tyhey were the same person though?<p>I&#x27;m glad I just routinely obfuscate my online presence by lying on every different platform.

Now that I know the term &quot;garden path sentence&quot; I can accurately spot them.<p>Blocking threads? Do we need a mutex here? Faster I&#x2F;O?

You can&#x27;t exactly keep privacy if you choose to broadcast your message with a &quot;loud speaker&quot;

I don&#x27;t think Meta is ever going to federate in the first place.<p>What would they gain?

Every single comment on this story qualifies to be in &quot;Shit HNer&#x27;s say.&quot;

tl;dr:<p>Things you post publicly are public.

not a problem for 99.99 percent of people.

What an asinine concern. Don’t want your data on threads? Don’t use threads.