David CarrollJun 9, 2023
in a weird way i think the existence of Bluesky suddenly made Mastodon better I can’t explain it and now it might be time for Mastodon to make Bluesky better; pre-cross-federated social is gonna be a ride; and then cross-federation; whooosh
Show threadMastodon Migration

@profcarroll Bridging content to Bluesky without consent violates users copyright to their content because Bluesky extracts a broad license to all content posted on their platform and transfered over their protocol. Bridge builders do not have the right to grant these wholesale licenses, so any such bridge is illegal. Just because you can technically do something does not make it legal or ethical.

#DataProtection

Jun 9, 2023 at 1:35amWeb
Show threadMastodon MigrationJun 9, 2023

@profcarroll Such bridges also violate Bluesky ToS which requires the poster to assert they have the legal right to post the content, since they don't.

#DataProtection

Show threadDavid CarrollJun 9, 2023
@mastodonmigration we gonna have to disagree about this unfortunately, I’m afraid
Show threadMastodon MigrationJun 9, 2023
@profcarroll No we are not. This is not about your opinion. This is about copyright law. Current copyright laws prohibit this kind of bridging. Mastodon users generally do not consent to having their content distributed to other services, and the other services claim a broad license to content presented on their platforms, including the right to data mine and monetize that content. Bridges do not have the legal right to convey this content. It is not their content to license.
1/
#DataProtection
Show threadMastodon MigrationJun 9, 2023

@profcarroll When you sign up for #Bluesky, #Twitter or #Meta you agree to give them a license to content you post. It is a very broad perpetual license giving them lots of rights to your content, including the right to sublicense. When you sign up for Mastodon, most instances do not take a license, the content rights you give them are defined in the privacy policy, and they do not include reposting your content to corporate sites that assume licenses to the content.

2/
#DataProtection

Show threadMastodon MigrationJun 9, 2023

@profcarroll Any bridge that takes content from Mastodon and without permission places that content on another platform is violating that user's copyright to the content. You can not authorize a license to something which you do not own.

3/
#DataProtection

Show threadMastodon MigrationJun 9, 2023

@profcarroll In fact, a hypothetical bridge that scoops up and posts content, which it does not own to a corporate platform, is also in violation of that platform's terms of service wherein the poster guarantees that they have the right to the content they are posting.

4/
#DataProtection

Show threadMastodon MigrationJun 9, 2023

@profcarroll It does not matter that you want to do this, or that you think it would be wonderful if all Fediverse content were available on Bluesky. As long as Bluesky extracts a license for all content posted on the site, a bridge that gives them content it does not own or have a license to sublicense is in violation of the content owners legal rights, and liable for copyright infringement.

5/
#DataProtection

Show threadGanWeavingJun 10, 2023
@mastodonmigration @profcarroll 🤷‍♂️
Show threadMastodon MigrationJun 9, 2023
@profcarroll This issue, at its core, is about content ownership rights. There has been much in the news lately about AI companies scaping the internet and improperly consuming content which they do not own to create derivative services. This is a very much related matter. In order for #Bluesky to use and exploit content, they need to have legitimate rights to the content. Such a bridge does not confer legitimate rights, and as such it is just scaping up unauthorized content.
Show threadsocJun 9, 2023
@profcarroll @mastodonmigration I'm afraid reality doesn't care about your disagreement with it.
Show threadRyan BarrettJun 9, 2023
I’m honestly curious about this, since federation in particular adds a lot of nuance here. Bluesky’s TOS may apply to its servers, but once it turns on federation, other federated ATProto servers will have other TOSes. Say someone has an account on an ATProto federated server that’s legally/ethically compatible with the fediverse, they follow some fedi people, and then someone on a Bluesky server sees a fedi post via that server. Has a TOS been violated? Which one? At what point? By whom? Has someone’s copyright been violated? At what point? By whom?I honestly don’t know. I suspect we’d need a lawyer to answer, maybe more than one, and I suspect they’d disagree.

Let’s forget Bluesky/ATProto entirely and limit ourselves to the fediverse. Fedi instances themselves have different TOSes and run on different software. If a fediverse instance asserts a TOS similar to Bluesky’s, and posts from other instances federate into it, has that TOS been violated? When, and by whom? How about copyright? If someone doesn’t want their posts federated into that instance, can they assert that their copyright has been violated? By whom? What’s their recourse?

Questions like these predate the fediverse entirely. When you view a web page, copies (both ephemeral and durable) are made in servers, caches, and devices along the path to your computer or phone. If your favorite web site has a TOS that forbids scraping, you may still have many of its pages stored in your browser cache. Have you violated that TOS?

Web crawlers and search engines, even more so. robots.txt is nice, but it’s not a TOS. Here, we actually do have case law and precedent, eg Google News, Cambridge Analytica, etc, but they’re complicated.

I’m not trying to be difficult here, I’m honestly struggling with how to think about all this. TOSes and copyright are useful, but way underpowered for handling the complexities we’re piling on top of them here. We’ve already started inventing techniques outside them to provide these kind of norms and consent, eg https://www.tootfinder.ch/ ‘s “searchable” profile tag for opting in. That kind of thing seems maybe more promising to me!

Show threadMastodon MigrationJun 9, 2023

@snarfed.org Actually, most Fedi instances do not have a ToS, they have a privacy policy wherein they describe what they will do with the data, publish it etc. This creates a narrow implied license which gives the instance the right to publish it, but does not convey any other rights including no right to sublicense the content. So you still have pretty much full ownership of your content, except the instance can publish it.

1/
#DataProtection

Show threadMastodon MigrationJun 9, 2023

@snarfed.org The difference with these corporate sites is that they take a license https://bsky.app/support/tos :

"By making any User Content available through the Services, you hereby grant to Bluesky and its subsidiaries, affiliates, licensee, successors, and assigns (the “Bluesky Parties”) an irrevocable, non-exclusive, perpetual, transferable, worldwide, royalty-free license, [...more]

https://bsky.app/support/tos

2/
#DataProtection

Bluesky

Show threadMastodon MigrationJun 9, 2023

@snarfed.org

"with the right to sublicense (through multiple tiers of sub-licensing), to use, copy, modify, adapt, crop, edit, creative derivative works, distribute, publicly display, publicly perform and otherwise exploit in any media now known or hereafter devised, your User Content, in whole or in part, in connection with (i) providing the Services and Content to you and to others; (ii) promote and market Bluesky and our Services..."

3/
#DataProtection

Show threadMastodon MigrationJun 9, 2023

@snarfed.org They define their Services as the Bluesky app and the AT Protocol. So effectively they are saying that anything transferred over the AT Protocol becomes subject to their license. Which is pretty crazy.

These problems don't exist in the Fediverse (as much) because no one is taking draconian content licenses away from the user.

4/
#DataProtection

Show threadTim ChambersJun 9, 2023

@mastodonmigration @snarfed.org

But the BlueSky servers that are used in federation will be MIT open source too, right?

Plus I think the word from the top Dev team at BlueSky has been that they would support any Bridge work between them and ActivityPub as long as it did not cause functionally a denial of service attack or a degrading of their network performance (both reasonable asks)... And I do think they have said they are re-doing their legal docs on the ownership issues...

Show threadMastodon MigrationJun 9, 2023
@tchambers @snarfed.org Open source is immaterial. What is at issue is their assumption of a license to all content. In order to grant a license you need to either own the content or own the right to sub-license it.
Show threadRyan BarrettJun 9, 2023
(Note the critical difference between federation and cross-posting here. If you cross-post something from network A to network B, whether manual or automated via bridge, you need to explicitly create an account on B and post to it. With federation – bridged or otherwise – someone on B can see your posts on A directly, without anyone ever explicitly posting them to B.)
Mastodon Migration (@[email protected])

@[email protected] Such bridges also violate Bluesky ToS which requires the poster to assert they have the legal right to post the content, since they don't. #DataProtection

Mastodon
Show threadMastodon MigrationJun 9, 2023
@snarfed.org Right, if you give consent that is fine. You are authorizing the license. The problem is with a bridge that scoops up everything without consent or authorization from the content owner and moves it to someplace that extracts a license from the content owner.
Show threadRyan BarrettJun 9, 2023
Understood. I guess I’m still struggling to see the difference between federating to a fediverse instance you don’t authorize or consent to vs a non-fediverse instance you don’t authorize/consent to. (Other than pure technical protocol, of course.)

Eg, you may be right that _most_ fedi instances don’t have ToSes, and most people are ok with their content getting federated to them, but it only takes one "bad" instance, regardless of protocol.

Mastodon Migration (@[email protected])

@[email protected] Right, if you give consent that is fine. You are authorizing the license. The problem is with a bridge that scoops up everything without consent or authorization from the content owner and moves it to someplace that extracts a license from the content owner.

Mastodon
Show threadMastodon MigrationJun 9, 2023
@snarfed.org Because you do authorize the your instance to display content on other Fediverse servers by virtue if the Privacy Policy. What you don't agree to is having someone pick up your content and license it to some corporate entity permitting them to monetize your content.
Show threadMastodon MigrationJun 9, 2023
@snarfed.org Let's try this a different way. What if Bluesky announced they had developed and were opening a bridge to all Twitter content and implicitly now had a license to everything posted on Twitter by virtue of the fact it was now on their platform. You see how absurd that would be. Functionally no different however what is being discussed here bridging Fediverse content.
Show threadJonathan Kamens 86 47Jun 9, 2023
@mastodonmigration @profcarroll You seem awfully sure about things which are not at all as well-established as you seem to think they are.
The most glaring flaw in your reasoning is your mistaken belief that Bluesky can "extract" IP rights from content they didn't create, created by people who didn't consent to their terms of use, merely by virtue of that content being bridged onto their platform by a third party (not the content creator).
Show threadJonathan Kamens 86 47Jun 9, 2023
@mastodonmigration @profcarroll Can Bluesky use people's content in ways they didn't consent to? Legally, no. Practically abso-fucking-lutely. Will they? You betcha. Does that suck? Yup, it does.
Is that the same as saying that the Fediverse can't bridge with Bluesky because bridging would "grant" Bluesky the "right" to "extract" IP rights from that content? No, absolutely not.
If a content creator didn't agree to Bluesky's Terms of Service, nothing in it is binding on their content.
Show threadJonathan Kamens 86 47Jun 9, 2023
@mastodonmigration @profcarroll The way someone agrees for the content they create to be bound by Bluesky's Terms of Service is to sign up for Bluesky and create the content on Bluesky. That's it. Content created anywhere else, whether it's bridged to Bluesky or not, does not fall under Bluesky's Terms of Service.
Show threadJonathan Kamens 86 47Jun 9, 2023
@mastodonmigration @profcarroll The argument you are advancing here would, if true, imply that if I take someone else's content and post it to Bluesky without their consent, Bluesky suddenly has IP rights in that content merely because it appeared on their platform. That's poppycock.
Show threadMastodon MigrationJun 9, 2023
@jik @profcarroll You are correct that if someone illegally posts content to #Bluesky without authorization of the content owner that Bluesky's license to the content can be challenged. The person that does the posting did not have the right to do so, so they can also be subjected to copyright infringement claims. And the person that post unauthorized content can also be pursued by Bluesky for violating their ToS wherein they assert they have rights to any data they post.
Show threadMatthieuJun 9, 2023
@mastodonmigration @jik @profcarroll

Bluesky is going to be federated using the AT protocol. The "bluesky" ToS is actually only "bsky.social’s" ToS. Bluesky can only apply their terms on their own server and to users who signed the ToS when creating their account. The terms apply to people who created an account not to the usage of their network API. And they have the technical means to know if a post is local or remote because they know the PDS associated to a username/DID. If you didn’t provide an email and password, you’re simply not a bsky.social users, there is no way they cannot know that you are a remote user.

Their terms does not and cannot apply to posts that are not local, if they assume they have a sub licence to IP, it’s their fault not the other server/bridge’s fault.

The same will apply to meta with their barcelona/project 92/Threads. In the leaked screenshots, we can see a "@ mastodon.social" user, they KNOW it’s a remote user. There is a possibility that they’ll try to monetize remote users, but it’s really asking for a class-action suit.

Bsky knows your PDS server, barcelona knows your home server. ToS only applies to local users.
Show threadMastodon MigrationJun 9, 2023
@matthieu_xyz @profcarroll @jik The current Bluesky ToS includes everything transfered over their AT protocol as part of the "Services" which subject the content to their license.
Show threadMatthieuJun 9, 2023
@mastodonmigration @profcarroll @jik

Are they even allowed to bind users to their terms when they can’t be identified by a registered account on their service nor any kind of API key. Usually when you want to apply terms to a network service, you at least ask users to authenticate in some way.
Show threadMastodon MigrationJun 9, 2023
@matthieu_xyz @profcarroll @jik The fact that they would have a hard time enforcing a license is immaterial. It's like say we can do it because we won't get caught.
Show threadMatthieuJun 9, 2023
@mastodonmigration @profcarroll @jik

The bsky team is a bit amateurish and making things as they go. I wouldn’t be surprise if those ToS were invalid and changing in the near future.

When they start to actually serve ads and monetize data, I doubt they’ll be able to monetize remote users, especially not in Europe.
Show threadMastodon MigrationJun 9, 2023
@matthieu_xyz @profcarroll @jik Agreed
Show threadMastodon MigrationJun 9, 2023
@matthieu_xyz @profcarroll @jik The user they can identify is the bridgebuilder who is posting content without consent.
Show thread#?.info Jun 9, 2023

@mastodonmigration @profcarroll I think the mistake here is to assume "bridging" is the only way to enjoy both platforms.

Once Bluesky opens up, it'll federate with any server that supports the AT protocol - at least, that's the advertised feature. Just as Mastodon servers will federate with any server that supports ActivityPub. And while I wouldn't describe the exercise as trivial, it seems probable that people will create servers that support AT and AP. Which means users of those servers can follow and interact with people on BlueSky and other AT servers, and follow and interact with those on AP servers.

Note a combined AT/AP server is not a bridge. It's not copying content between networks. It's not replicating Mastodon.online posts on BlueSky.com. It's just ensuring users who are on such a server can see posts from AT and AP users on their timeline, and AT and AP users can both see the timeline of a user who chooses to be on the combined AT/AP server.

The nearest issue I can think of to a problem is that those who aren't supporting both protocols will only see half conversations. And there's the concerns, I guess, over whether someone boosting a post should be able to boost that on both networks or just the origin network.

But that's a whole different thing from whether we can't all benefit from Bluesky. We can, if it lives up to its promises, and opens up. Much as I mistrust its founder, if people are happier there, then as long as I can talk to my friends who choose to be there, I'm OK with that.

Show threadMastodon MigrationJun 9, 2023

@poundquerydotinfo @profcarroll If Bluesky were to alter there ToS in some fundamental way, there may be a legal way to do what you say. But any bridge by that posts unauthorized content to Bluesky now violates the content owner's copyright and the current Bluesky ToS.

You should also be aware that the broad Bluesky ToS content license covers any content transfered over their protocol, not just their social media application.

Show thread#?.info Jun 9, 2023

@mastodonmigration @profcarroll "any Bridge" suggests you didn't read what I wrote. I wasn't describing a bridge. I wasn't describing bridging. I literally started my comment with "I think the mistake here is to assume "bridging" is the only way to enjoy both platforms."

Where the hell did you get it from that I was proposing bridging or anything that would violate Bluesky's TOS? What line of Bluesky's TOS would I be violating by using an AT server to interact with Bluesky's users?

Show threadMastodon MigrationJun 9, 2023
@poundquerydotinfo @profcarroll Understand what you wrote. Not commenting on some sort of hypothetical integration below the user level here, so do not necessarily disagree with you.
Show threadMastodon MigrationJun 9, 2023
@poundquerydotinfo @profcarroll Also not addressing here any issues with AT servers interacting with Bluesky users. Though will point out again that the current Bluesky aToS covers both the app and the protocol.
Show threadCorn Woman 🌽Jun 9, 2023

@mastodonmigration @profcarroll I am surprised to hear they have a ToS for the protocol too.

Do you have a link or section name where they assert that?

Show threadMastodon MigrationJun 9, 2023

@WomanCorn @profcarroll Great question.

Right at the top in the definitions:

"To make these Terms easier to read, our Site, Protocol, and App, and our content and services provided therein, are collectively called the “Services.” "

https://bsky.app/support/tos

Bluesky