@profcarroll Bridging content to Bluesky without consent violates users copyright to their content because Bluesky extracts a broad license to all content posted on their platform and transfered over their protocol. Bridge builders do not have the right to grant these wholesale licenses, so any such bridge is illegal. Just because you can technically do something does not make it legal or ethical.

#DataProtection

@profcarroll Such bridges also violate Bluesky ToS which requires the poster to assert they have the legal right to post the content, since they don't.

#DataProtection

Let’s forget Bluesky/ATProto entirely and limit ourselves to the fediverse. Fedi instances themselves have different TOSes and run on different software. If a fediverse instance asserts a TOS similar to Bluesky’s, and posts from other instances federate into it, has that TOS been violated? When, and by whom? How about copyright? If someone doesn’t want their posts federated into that instance, can they assert that their copyright has been violated? By whom? What’s their recourse?

Questions like these predate the fediverse entirely. When you view a web page, copies (both ephemeral and durable) are made in servers, caches, and devices along the path to your computer or phone. If your favorite web site has a TOS that forbids scraping, you may still have many of its pages stored in your browser cache. Have you violated that TOS?

Web crawlers and search engines, even more so. robots.txt is nice, but it’s not a TOS. Here, we actually do have case law and precedent, eg Google News, Cambridge Analytica, etc, but they’re complicated.

I’m not trying to be difficult here, I’m honestly struggling with how to think about all this. TOSes and copyright are useful, but way underpowered for handling the complexities we’re piling on top of them here. We’ve already started inventing techniques outside them to provide these kind of norms and consent, eg https://www.tootfinder.ch/ ‘s “searchable” profile tag for opting in. That kind of thing seems maybe more promising to me!

@snarfed.org Actually, most Fedi instances do not have a ToS, they have a privacy policy wherein they describe what they will do with the data, publish it etc. This creates a narrow implied license which gives the instance the right to publish it, but does not convey any other rights including no right to sublicense the content. So you still have pretty much full ownership of your content, except the instance can publish it.

1/
#DataProtection

@mastodonmigration @snarfed.org

But the BlueSky servers that are used in federation will be MIT open source too, right?

Plus I think the word from the top Dev team at BlueSky has been that they would support any Bridge work between them and ActivityPub as long as it did not cause functionally a denial of service attack or a degrading of their network performance (both reasonable asks)... And I do think they have said they are re-doing their legal docs on the ownership issues...