Avoid The Hack!I’m not going to sit here and pretend like the current #fediverse without Threads is “perfect” for #privacy … But just look at the data #threads collects.
This is insane.
#threads also has a supplemental #privacy policy to the #meta privacy policy: (caution this is an Instagram link) https://help.instagram.com/515230437301944
There’s a section, “Information From Third Party Services and Users,” where it states “we collect information about Third Party Services and Third Party Users who interact with Threads.”
(Third Parties would naturally include other Fediverse instances and their users.)
Federated Fediverse platforms share some data, but this seems to be a whole other level.
In this section of their #privacy policy, it’s stated “We collect information about the Third Party Services and a third party users who interact with threads…”
Interaction includes following #threads users, interacting with threads content, and especially threads users following/interacting with your “third party” content.
Data collected includes IP address, instance info, profile information
So, in theory, any interaction with a Threads user would subject you to this data collection…
Brett@avoidthehack @DaveMasonDotMe The only thing interacting with a Threads user would expose of your data is that which is already public on your Mastodon profile and instance. Mastodon servers service data requests so they’d get the public IP of your instance, not your personal IP. There’s no way for another federated server to see anything but the public posts and profile information your Mastodon server would provide should a Threads user follow you.
@avoidthehack @DaveMasonDotMe Mastodon is not private. The largest instances are already being scraped and indexed. If you don’t want Facebook or Google or Microsoft to have your social media posts you have to stop posting publicly and basically only use Signal. The lack of systems architecture awareness surrounding all of this is appalling. I would never use Threads. Ever. The threat from Threads is not data harvesting it the lack of moderation and potential for abuse and creation of a new silo.
I agree with you Mastodon is not private, but it lends itself more to #privacy than traditional social media.
There is still absolutely the threat of #metadata collection from #threads - just not first-party collection (if you are not on their platform.)
Similar context: you may not use WhatsApp, but I do. I have your contact info... and I share that info with WhatsApp. Well, now WhatsApp has it too. And they can infer we interact.
With #threads and the fediverse, over time gives the "how" and "how often." Do you DM? Boosts and favorites? Bookmark? Does the third-party interact with the #threads user? When and how often?
It's the power of metadata and collection + correlation over time I'm stressing here. Still speculation, but I am positive they will use/process/share/sell the metadata - especially because tracking their own users will give them a front row seat, an easy ingestion point.
Their business model relies on it. The core of the issue is that this data wouldn't exist in a vacuum - whatever is ingested from interaction with #threads users goes back to Meta.
They are tracking their own millions of users so closely, even while interacting with the fediverse, that it will have implications for users on other instances.
Pile on that the concerns of lack of moderation on the threads platform and high potential for abuse and wow, we have a problem.
Also, thanks for clarification on the IP address issue. I mentioned it because it would be an issue for the small(er) servers. Same user profile + same IP address (of a small or single-user server) could be an easy identifier. I should have mentioned this when I brought it up.
At the end of the day, they are asking Mastodon admins to federate for *some* reason. They could just scrape what is public, but I don't think that gives them the real time metadata.