Avoid The Hack!I’m not going to sit here and pretend like the current #fediverse without Threads is “perfect” for #privacy … But just look at the data #threads collects.
This is insane.
#threads also has a supplemental #privacy policy to the #meta privacy policy: (caution this is an Instagram link) https://help.instagram.com/515230437301944
There’s a section, “Information From Third Party Services and Users,” where it states “we collect information about Third Party Services and Third Party Users who interact with Threads.”
(Third Parties would naturally include other Fediverse instances and their users.)
Federated Fediverse platforms share some data, but this seems to be a whole other level.
In this section of their #privacy policy, it’s stated “We collect information about the Third Party Services and a third party users who interact with threads…”
Interaction includes following #threads users, interacting with threads content, and especially threads users following/interacting with your “third party” content.
Data collected includes IP address, instance info, profile information
So, in theory, any interaction with a Threads user would subject you to this data collection…
It looks like Meta could use the #fediverse to collect metadata on… a lot of people. In my opinion, it’s similar to the Facebook Pixel - which allows Meta to collect data on users who are off its platforms.
This could seem like no big deal (and I guess it could be), but let’s face it: Meta isn’t exactly #privacy friendly and has been accused (with proof) of abusing collected information.
Realize this data wouldn’t exist in a vacuum or even as a “single data point.”
Meta has many avenues for data collection for users on its platforms (WhatsApp, Facebook, Instagram, etc) and off (Facebook Pixel and buying/using third party data). If just by interacting with #threads users, you are now subject to their (Meta’s) policies… how crazy is that?
Stay safe out there, folks.
Strypey@avoidthehack
> It looks like Meta could use the
fediverse to collect metadata on… a lot of people
Only to the degree that they always could. The same way anyone can. By scrapping public-facing posts from URLs.
According to the creator of Mastodon, the first developer to implement ActivityPub;
"A server you are not signed up with and logged into cannot get your private data or track you across the web. What it can get are your public profile and public posts, which are publicly accessible."
@avoidthehack I really hope people stop spreading FUD about magical fediverse superpowers that Meta do not have.
@avoidthehack
Sorry, forgot to provide the link for that quote from the Mastodon creator:
https://blog.joinmastodon.org/2023/07/what-to-know-about-threads/
Brett@avoidthehack @DaveMasonDotMe The only thing interacting with a Threads user would expose of your data is that which is already public on your Mastodon profile and instance. Mastodon servers service data requests so they’d get the public IP of your instance, not your personal IP. There’s no way for another federated server to see anything but the public posts and profile information your Mastodon server would provide should a Threads user follow you.
@avoidthehack @DaveMasonDotMe Mastodon is not private. The largest instances are already being scraped and indexed. If you don’t want Facebook or Google or Microsoft to have your social media posts you have to stop posting publicly and basically only use Signal. The lack of systems architecture awareness surrounding all of this is appalling. I would never use Threads. Ever. The threat from Threads is not data harvesting it the lack of moderation and potential for abuse and creation of a new silo.
I agree with you Mastodon is not private, but it lends itself more to #privacy than traditional social media.
There is still absolutely the threat of #metadata collection from #threads - just not first-party collection (if you are not on their platform.)
Similar context: you may not use WhatsApp, but I do. I have your contact info... and I share that info with WhatsApp. Well, now WhatsApp has it too. And they can infer we interact.
With #threads and the fediverse, over time gives the "how" and "how often." Do you DM? Boosts and favorites? Bookmark? Does the third-party interact with the #threads user? When and how often?
It's the power of metadata and collection + correlation over time I'm stressing here. Still speculation, but I am positive they will use/process/share/sell the metadata - especially because tracking their own users will give them a front row seat, an easy ingestion point.
Their business model relies on it. The core of the issue is that this data wouldn't exist in a vacuum - whatever is ingested from interaction with #threads users goes back to Meta.
They are tracking their own millions of users so closely, even while interacting with the fediverse, that it will have implications for users on other instances.
Pile on that the concerns of lack of moderation on the threads platform and high potential for abuse and wow, we have a problem.
Also, thanks for clarification on the IP address issue. I mentioned it because it would be an issue for the small(er) servers. Same user profile + same IP address (of a small or single-user server) could be an easy identifier. I should have mentioned this when I brought it up.
At the end of the day, they are asking Mastodon admins to federate for *some* reason. They could just scrape what is public, but I don't think that gives them the real time metadata.
Erk709@avoidthehack Was about to say, atleast my hat size stays secret, but that's probably covered under "Other data".
As an experiment, I decided to download my info from Meta. Let's see if I fare better than this guy: https://ruben.verborgh.org/facebook/
But generally: https://proton.me/blog/facebook-data-privacy-revelation
I.e. not even FB knows what they know about me...
"The only way to prevent Big Tech from abusing your data is to stop giving it to them."
So happy I never installed the FB mobile app!
Jackcontrol@avoidthehack well, it is meta, wasn't expecting anything different coming from them.
@avoidthehack sadly a lot of people are gonna be using that pile of crap unless it does not become a trend.