1. 5

    I am not ignorant to the fact that there’s very little rich user data on the Fediverse to capture. Facebook is an extremely rich trove of user data so the risks are much higher when that data is shared than the risk of my relatively meagre Fediverse data being shared. However, the richness of Fediverse user data is not inherently restrained in the protocol so there’s room for that pool of data to get richer over time and privacy controls may not develop at the same rate.

    this point is somewhat understated imo. The fediverse simply has a different privacy model than profit-driven social media. The way data on the fedi is structured makes less usefull for targetted advertising, as they’re not specifically engineered to be, and the vast majority of instances aren’t driven by profit motive, making it unlikely that the protocol will evolve to support easier processing of data for advertising purposes any time soon. Although you can collect as much data as you can from the fediverse, there’s little incentive and no way to recoup the cost of collecting and storing that data.

    Fedi’s main privacy issue, imo, is that private messages can be leaked. The main threat model would be something like a group like kiwifarms trying to collect such data to harass people. This is essentially the same issue as jack twitter/zuckerberg/whoever owns the platform being able to read your dms except everybody owns the platform, and the only failsafe solution is to make users aware of this and push them to use end-to-end encrypted protocols when they need that kind of privacy

    1. 1

      I wonder how hard it would be to train an AI that can tell generated faces from real ones. I’ve heard concerns from people suggesting that e.g. twitter bots could use these generated faces as profile pics to be harder to detect (they often reuse a number of stolen pictures right now and that makes them somewhat easier to detect) but I feel it’s probably feasible to train an AI to detect these generated faces with high enough confidence that you’d get a better fingerprint for bots than with stolen pictures.

      1. 6

        What are key differences between ActivityPub and RSS+WebSub/pubsubhubbub? Its spec is long and verbose, I can’t tell at a glance what does it represent. I see that it supports likes and subscription lists, but what are other differences to RSS? Does it support comments? Is it just for twitter-like websites, or suitable for blogs and reddit-like websites too?

        What I like in ActivityPub is that it’s RDF-based. It’s cool technology based on romantic ideas of expert systems, Prolog, rule-based AI, etc.

        1. 7

          Besides mastodon and pleroma which are twitter clones using ActivityPub, there’s also peertube for videos, PixelFed for images and Plume for blogging. Those projects are all pretty new though, so it’s too early to say whether ActivityPub works well for this kind of stuff, but it looks promising imo

          1. 1

            RSS+Webmention can be used to realize a very rudamentary version of federation (I’m currently developing a platform and testing simple federation using RSS+WM).

            However, ActivityPub allows much more versatility and provides the endpoint with a low-overhead, machine-readable version of actions (AP is not like RSS in that stuff operates as feeds, rather, it’s actors doing actions on other actors or objects)