Jerry Bell :verified_paw: :donor: on Nostr: Apparently Meta has been contacting some instance admins about their plans for the ...
Apparently Meta has been contacting some instance admins about their plans for the fediverse. I am not sure whether to be happy or sad, but they didn’t contact me.
I am seeing a rift emerging in the fediverse that is a bit reminiscent of my own CISA episode back in November of 2022. At the time, the people who objected fell into two overlapping camps:
ACABs that couldn’t see past CISA’s placement in the DHS and simply object to the concept of any law enforcement affiliated person being on the fedi (NB: there are a LOT of them here and they’re all over the fediverse)
Instance admins that wanted to protect their constituents from the surveillance that comes along with DHS.
While the context is materially different, the Meta situation seems to come down on similar lines: conceptual rejection of Meta because of who Meta is; and a concern for the privacy of one’s fedi-data.
Regarding the former point, I think it is fundamental to the fediverse for people and instances to be able to pick who they want to participate with, almost for whatever reason. If there are people who really dislike bald guys, I’m one to block. The latter reason is more problematic. As with the DHS situation, Meta creating an account or an instance is really not an effective way to conduct a surveillance operation (either to send people to jail or to show them ads) - not on an infrastructure that has oodles of open APIs that make it far easier to collect data using direct connections vs creating an instance.
Said another way, the lack of a branded Meta or CISA account or instance is not an indication that such data extraction isn’t happening. We generally wouldn’t know if it were.
I’ve heard the “embrace/extend/extinguish” accusation about every 6 months in the 7+ years I’ve been here. The company that bought Pawoo was going to take over the fediverse. Medium was going to be installing paywalls and feeding ads across the fediverse. Vivaldi and Mozilla were going to bring so much trash into our timelines that we should just preemptively block them.
If I, or any instance admin, finds that Meta or any other company is surreptitiously collecting data from our instances, we will take action. I will highlight that suspending instances and accounts won’t be very effective here - we would have to implement firewall level blocks, assuming we can identify where they are coming from. And I doubt it will be coming from a branded instance. Sadly, even this is trivial to work around if they connect to a relay or set up an account on an instance that doesn’t isn’t blocked. The major concern, of course, is that your fedi data is linked to a record they maintain about you in their own databases, and then use your content to help tailor ads as you visit other parts of the internet.
If we identify that an instance is behaving badly, of course they are going to get suspended, just as happens today. But be aware that this only prevents YOU from seeing THEIR content. If Meta does set up an instance and start spamming out ads, that is exactly what will happen.
In the mean time, if you want to block Meta owned domains and instances who aren’t blocking Meta owned domains and instances who are not blocking instances who are not blocking meta owned domains, that’s ok.
For me, I am going to wait until I know more to make a decision.
Published at
2023-06-19 02:24:44Event JSON
{
"id": "711e32c63fe6f528f6c805275a6e802300c8ba01350ff623c38d531738ec6cc5",
"pubkey": "a69cac96fd8b825a67e39aa0aa526220f64b5fff88d3e49d7cfa45d54d3ea842",
"created_at": 1687141484,
"kind": 1,
"tags": [
[
"content-warning",
"Regarding Meta"
],
[
"mostr",
"https://infosec.exchange/users/jerry/statuses/110568504315575784"
]
],
"content": "Apparently Meta has been contacting some instance admins about their plans for the fediverse. I am not sure whether to be happy or sad, but they didn’t contact me. \n\nI am seeing a rift emerging in the fediverse that is a bit reminiscent of my own CISA episode back in November of 2022. At the time, the people who objected fell into two overlapping camps: \n\nACABs that couldn’t see past CISA’s placement in the DHS and simply object to the concept of any law enforcement affiliated person being on the fedi (NB: there are a LOT of them here and they’re all over the fediverse)\n\nInstance admins that wanted to protect their constituents from the surveillance that comes along with DHS. \n\nWhile the context is materially different, the Meta situation seems to come down on similar lines: conceptual rejection of Meta because of who Meta is; and a concern for the privacy of one’s fedi-data. \n\nRegarding the former point, I think it is fundamental to the fediverse for people and instances to be able to pick who they want to participate with, almost for whatever reason. If there are people who really dislike bald guys, I’m one to block. The latter reason is more problematic. As with the DHS situation, Meta creating an account or an instance is really not an effective way to conduct a surveillance operation (either to send people to jail or to show them ads) - not on an infrastructure that has oodles of open APIs that make it far easier to collect data using direct connections vs creating an instance. \n\nSaid another way, the lack of a branded Meta or CISA account or instance is not an indication that such data extraction isn’t happening. We generally wouldn’t know if it were. \n\nI’ve heard the “embrace/extend/extinguish” accusation about every 6 months in the 7+ years I’ve been here. The company that bought Pawoo was going to take over the fediverse. Medium was going to be installing paywalls and feeding ads across the fediverse. Vivaldi and Mozilla were going to bring so much trash into our timelines that we should just preemptively block them. \n\nIf I, or any instance admin, finds that Meta or any other company is surreptitiously collecting data from our instances, we will take action. I will highlight that suspending instances and accounts won’t be very effective here - we would have to implement firewall level blocks, assuming we can identify where they are coming from. And I doubt it will be coming from a branded instance. Sadly, even this is trivial to work around if they connect to a relay or set up an account on an instance that doesn’t isn’t blocked. The major concern, of course, is that your fedi data is linked to a record they maintain about you in their own databases, and then use your content to help tailor ads as you visit other parts of the internet. \n\nIf we identify that an instance is behaving badly, of course they are going to get suspended, just as happens today. But be aware that this only prevents YOU from seeing THEIR content. If Meta does set up an instance and start spamming out ads, that is exactly what will happen. \n\nIn the mean time, if you want to block Meta owned domains and instances who aren’t blocking Meta owned domains and instances who are not blocking instances who are not blocking meta owned domains, that’s ok. \n\nFor me, I am going to wait until I know more to make a decision.",
"sig": "e4a117623f3ca3c9cfb696fd7eb56c585464bdc4d5f99cea42ce56bcca4e210ca73b46222a9c1099e634fcb598c653903bc5aa7cc0f9f10a735d19cc3a8e6bda"
}