- cross-posted to:
- meta@lemm.ee
- cross-posted to:
- meta@lemm.ee
I sure hope there’s a large group of servers that refuse to federate with servers run for profit. I didn’t come to be a product and be manipulated with algorithms.
I don’t see anything inherently wrong with servers that try to generate some kind of income (servers don’t pay for themselves after all) but it’s absolutely the right of every server to choose whether or not to federate with them.
I’d take issue with free labour (e.g. unpaid mods) on a profit-making server.
I worry that through federation Meta will be able to track users of non-meta instances. Then you won’t even know you’re being traced
How would they do that? Is there a vulnerability in federation?
Shouldn’t be yet - for facebook (I’m not fucking calling them meta) to track you across the internet on websites you don’t use, they use a tracking pixel - a 1 pixel image that is included on the webpage which is loaded from facebook.com. To load this image your web browser sends facebook.com the cookies it always sends to facebook.com - i.e. your login information, and that’s how facebook knows that it’s you on that random-ass website that has nothing to do with facebook.
But note - you have to have cookies on facebook.com for this to work. So long as you never visit lemmy.facebook.com or whatever tf their federated instance is, they won’t be able to track you since they can’t associate you with your login via the tracking pixel - If I go to another lemmy instance, that lemmy instance has no idea that I’m actually @theblueredditrefugee@lemmy.dbzer0.com.
Well, this is based on my knowledge of how facebook tracking works. Maybe it’s changed since I worked there.
Edit: Should note that, obviously, everything you post on lemmy is public, keeping a log of everything a user posts should be pretty easy, like what they did with revddit and such before the apipockalypse.
It’d be a “vulnerability” of anything public. There’s nothing stopping me from building a bot that pulls posts/threads from any instance and storing all the comments, their owners, the posts and their owners, yadda yadda.
I suspect the up/downvotes are “private” but on any instance, the owners will have access to that. I can’t imagine all the data is encrypted at rest by default. But, don’t take my word on that as I haven’t read any of the specs. But, I’m pretty sure we’re just looking at the protocol, not the implementation with regards to how a federated instance works.
So, same precautions as anywhere else really. Your data that’s public WILL be tracked by someone and Meta is a damn likely culprit who absolutely would do that. I’m a total privacy nerd myself, but you’d be amazed at the things I want to track at work related to what/how/why people use the tools I work on. Granted, it’s 100% exclusively used to improve user experience, weed out bugs, and see what is used most frequently to focus on that stuff. But if it can be tracked, somebody is tracking it.
I like it when various programs at least ask before invasively scraping my data. If asked, I’ll often say yes because I want to help the developers, but when it’s silent and in the background I have no control and I don’t like that
1000% agree. This is how it should be done. And not hidden away somewhere deep. There are legit reasons for in depth tracking, but when used for advertising or something other than improving the user’s experience, count me out.
There’s a difference between generating income naturally through a platform and whatever the hell public companies are trying to do.
For instance sports teams would naturally have their own instance. They can generate more income naturally from their fans that way. Because their fans want to interact with them. They have a product that people want to pay money for.
In fact, I hope we sort out a fair and simple method to support servers in a way that makes people feel liket hey are also getting something.
One easy option is a server can have their own emojis like Twitch & Discord. A simple method is for Gold/Silver that goes to whatever server the comment was made to.
Please no. I don’t want this place to be emoji ridden. This is where people go to look for useful information and discussion, not a colour soup comment section.
I agree, instead let’s go with NFT profile pictures
Profile pictures are nice, but they force the comment section to have a lot of unused space.
On the bottom @Briongloid comment you see that the profile picture forces extra unused real estade. I’d prefer comment section to be much more compact. Similar to old.reddit.com
Maybe that could be an opportunity to make a unique twist for profile pictures on lemmy. Maybe crop them to an elongated square that fits within the line height.
Maybe something like this
This is one of my biggest “issues” with lemmy (first world problem basically). There is a lot of whitespace and I wish there was a good css to fix this. I searched for many lemmy themes but none of them fixes the white space issue.
I’m optimistic though. I’m sure with time, we’ll get plenty of options for everyone’s tastes.
Agreed. IMO that’s where Reddit began it’s steeper descent, when a bunch of the FB/Insta crowd began flooding in and bringing their mannerisms with.
I think Gold/Silver/Bronze awards would be cool.
If Lemmy introduced those kind of awards, I would love for them to be simple and recognisable.
We could even have a revenue split between the server and the Lemmy development team.
I think that’s dependent on how each instance decides to sustain the server costs. Some might do that with donations, some might want a monetized feature. But I’m weary of those that monetize functional features.
This is my take as well.
Everyone who cares about their instance and the fediverse as a whole needs to defederate and block their instances as soon as they pop up.
aa
The problem is that the blocking will have to be layers deep. If your instance has defederated from Meta, but is federated with an instance that does federate with Meta, then Meta still has access to all your data through that mutual server. So not only would people have to defederate from Meta, they’d have to defederate with anyone who does federate with Meta. If everyone isn’t on board with this, it’ll cause a huge fracture to form.
Make no mistake: Meta wants to sell your data. They know all it takes is one server to federate with them and they’ve unlocked the entire fediverse to be harvested. I would not be shocked to see large amounts of cash flowing in exchange for federation rights.
aa
There has been some good commentary about this on Mastodon, but the long and short of it seems to be that federation is actually a pretty terrible way to harvest data.
The entire fediverse is based heavily on openly accessible APIs - Meta doesn’t need to federate with your instance to scrape your data, there’s really not much that can be done about it.
The real solution to Meta’s unethical behaviour is unfortunately going to be legislation, not technical.
Meta has access to my data anyway. Everything I post here is public, and there’s nothing stopping them from scraping it. That’s not the problem. The problem is Meta controlling the Fediverse, not merely observing it.
Yeah Meta are a scourge. If I had a friend who worked for them I’d look down on them the same if they worked for Big Tobacco or lobbying for the fossil fuel industry.
tbh, I doubt they would federate with anyone they don’t have at least some control over. Like a contract or terms agreement or something.
Yeah I really don’t want Meta to federate with us. They have enough users to completely drown the mostly positive, thoughtful, and inclusive community we’ve built so far with the toxic algorithm brain rotted right wing zombie army that makes up most of their user base. I have such a happy little community on my instance and my little sublemmy rn and I dont want it to be swamped 😭
My question is : how do we keep our block list up to date to stop every new data crawler from Meta ? And also, they could gather what is posted on public…
They can already gather what’s posted publicly 🤷♀️
Someone had to be the first that I de-federate with and I’m glad it was facebook.
I think among other issues would be the Gmail-ification and iMessage-ification of the fediverse. What I mean by that is open standards like email are dominated today by many people using Gmail accounts as it is popular, “free”, and comes with a ton of features. Then google started “walling off their garden” by adding features that only work between gmail accounts. Similarly, apple also took the open standard SMS and started adding on features only available between other iPhones.
What we might see is some of the coolest features the fediverse has ever seen, but it will come at the cost of most users ignoring or dealing less with “irrelevant” things not on meta ran instances.
Hope we can resist such a change, but that is what I am concerned about.
deleted by creator
We have the power over ActivityPub
Who is ‘we’? And who doesn’t say that there’s something on top of activitypub?
Plus, if they do create cool features, why would we not also add them?
Because we don’t have multiple thousands of paid developers.
@Helix we have a legion of trans coders in pink striped programmer socks. They can do anything!
One of the “powers” of OSS is that the license usually required changes to be fed back upstream.
If Meta were not to do that the authors of Lemmy could ask someone like EFF to take legal proceeding against them.
Facebook can easily circumvent most requirements like that if the license isn’t invasivively copyleft. Usually web standards have permissive licenses.
i’m not sure if ActivityPub is copyleft or not. meta might be able to build proprietary features on top of it if the license isn’t viral.
If it is copyleft, they will probably try to reimplement it permissively.
ActivityPub itself is just a protocol, everybody can reimplement it. Lemmy and Mastodon are AGPL3 and thus copyleft along with “you must release source code for your server”.
Though if Meta does anything, I’d expect it to be written from scratch and MIT licensed. Companies don’t like to get near anything GPL as long as they can avoid it.
Because we don’t have multiple thousands of paid developers.
Having worked at a company with thousands of developers, that’s a significant advantage for us.
Well think of the iMessage example for a second, other phone manufactures wanted to extend upon SMS with RCS to enable cross-platform read-receipts, better image quality on messages, and more… and you can use RCS between various android phones, but apple has not yet adopted RCS. Then because of the pre-existing market share of iPhones being so high, if you want read-receipts, high quality image messages, and more you with most of your contacts will either have to convince all of your friends and loved ones to use a third party app or cave and get an iPhone.
The features don’t have to be revolutionary, they just have to find ways to flex their market share with their features. And their market share is almost destine to be huge if they put any meaningful effort or money behind it.
That’s an interesting example, but note that in Europe, at least, WhatsApp is king. I only mention it because the walled-garden approach Apple favours isn’t necessarily a guaranteed outcome, and third-party apps can happily become the norm among non-tech people.
This is true, and line is king in Japan and yet I believe the most common third party messenger app in the US is Facebook messenger despite its obvious flaws. Why, because it has more features than sms, and most people already have an account.
No matter which way you slice it, companies that can profit off communication will try to wall off their market share. Which is one of the things the fediverse aims to cure.
Yup, hard agree with you on that last point.
Just a different walled garden.
My Russian friends are all in VK, my Russian relatives are all in Telegram, my Armenian relatives are all in Facebook Messenger, and my American relatives are all in WhatsApp and Skype.
I’m so tired of this shit TBF. Is it so hard to just install Conversations once for Android and whatever for iOS?
@emi @shipp I think an open standard converted to a walled garden is still better than a garden walled from the beginning.
I can still send emails to GMail accounts.
I can still send SMS to my friend’s iPhone.I wish everything was fully open, but at least I get to chose my email provider or my SMS app. (Although SMS is completely irrelevant in Europe these days, due to providers still charging money per message.)
True, if they integrate with federation in good faith it won’t matter that much for those not using them. But until we see what they do I won’t hold my breath on Facebook doing something in good faith.
We’ll probably have to create our own implementations, but I don’t see the issue in that either.
In the Fediverse you are still 100% under the control of whoever runs the server. Your user accounts can’t move between servers. There is no easy way to export communities and import them on other hosts. On top of that, all the federated features are completely optional and can be switched off.
Fediverse really doesn’t offer any securities beyond what a plain old Web forum does, all the federation aspects depend on everybody playing nice with each other.
At the moment even basic GDPR conformity isn’t given, as there is no way to export all your data from an instance, a deletion request for your data also doesn’t seem to be guaranteed to make it to other instances.
If Facebook builds something with ActivityPub and it gets popular they can play the whole embrace, extend, and extinguish game from start to finish.
If there are some big players (like in email), i think the biggest risk is that the big players would end up only talking to each other.
Similar to email, where a random host is likely to be spamming, that might happen here too. (Although I’m not that familiar with the protocols here)
Plus, if they do create cool features, why would we not also add them?
Limited developer time.
deleted by creator
Ah. Yes, in the asymptotic future limit everything can be implemented twice as long as there’s social opportunity to do so. I wonder if that applies back to Gmail as well, will we see an open-source federated G-suite?
deleted by creator
so are you expecting there to just be zero progress in the future?
… You’re OP. You said you were referring to the far future. I was literally just agreeing with you.
And yes, there are foss tools to replicate all of gsuite.
Individually. Nothing that’s all integrated, though. Like, I can use Proton for certain things, but only with other Proton users, and it’s not seamless and feature-rich the way G-suite is (again, yet, maybe that will change).
Even though email is supposedly “open”, and federated, is no longer is really the case. Big services like Gmail are suspicious of non-big-name servers, and often flag email coming from them as spam.
About a year ago I came across an article from a guy who’d been running his own email server since the 90s, and finally gave up. I couldn’t find that article in my quick search, but I did find this:
https://twitter.com/greg_1_anderson/status/1425113874722820100
“I run my own email server. It’s no longer a good idea, because the anti-spam arms race makes delivery from small independent servers very difficult, even when you keep yourself off the block lists, so it’s a continuous struggle. Would switch, but I have too many domains/addresses”
This is very true, I have hosted my own email before and if you are doing it yourself and not going through a big player like google to host it then your stuff sometimes gets treated as suspect by filters. Used to beg people with Gmail accounts to flag my emails as “not spam” whenever it showed up in the spam folder.
That’s still better than the unfederated status-quo, though.
I’m glad to see my server doesn’t plan on federating with anything Meta hosts. I really don’t like the ‘wait and see’ approach; Meta has shown its true colors time and time before, they have not earned their trust.
Mine seems to be defending the idea, so I’m looking to move soon just not sure where anymore or when. It’s frustrating because it’s hard to find any actual positions he actually has on this topic when his timeline is just endless boosts giving people props for defending this. indieweb.social if anyone is curious.
What I don’t understand with the “wait and see” people is the presupposition that it means to federate day 1 and see if they fuck things up to decide if defederation is needed. Their reasoning often includes “two clicks” as if the amount of effort defederation takes was the concern people had.
“Let’s wait and see how they behave first, and then decide if we can federate safely” is just as much a “wait and see” stance, and it should take two clicks as well.
Why do we have to get exposed first and react later when we can observe first and then decide if we want it or not?
Meta should be considered “harmful to humankind” (the list of atrocities is long) and I personally really don’t want anything to do with them.
It was only matter of time before one of the big players took interest. Too bad it had to be Meta, but I don’t think the others would have been much better.
The protocol itself isn’t secure, so if anyone is worried about data harvesting, better log off now and never return. Meta and anyone else can do that already (and is probably doing) without having to roll in with their own instances.
Federating with someone who might have 1.2 billion MAUs is kinda scary because most protocol implementations (like Mastodon) are huge mess of bloat and inefficiencies under the hood. Someone paying their hosting out of their own pocket or trusting on kindness of strangers should be wary of the amount of data that’s going to hit them with federation.
It’s probably silly to expect “unified blocklist”. Some people are fixated with the idea of growth and equate mass popularity with success. Others would rather “wait and see”. Let them. The fediverse used to be much more homogeneous place 3-4 years ago, but we’re nearing 10M users. That’s simply too many people and voices for there to be just one response.
Luckily there doesn’t need to be. The protocol allows for creation of spaces that don’t have to interact with Meta.
The protocol itself isn’t secure, so if anyone is worried about data harvesting, better log off now and never return
I’m more concerned about tracking tbh. But it’s good to know they’re planning to get a piece of the cake. I’m ready to block them.
Each instance admin decides which servers to block for themselves. If you visit the info pages of some systems they will list blocked systems, and there are a lot of them.
There are some very unsavoury communities out there. Blocking usually revolves around how effective moderation is.
As an example you can see a list of servers blocked by mastodonapp.uk on the About page.
Oliphant maintains a minimum block list that most systems take as a starter list.
I agree with your sentiment but I’m a fediverse noob, I’m confused: if a large company such as Meta bloats the spaces they federate with, wouldn’t that immediately get them blocked by people who cover their own hosting costs? (In which case I guess my instance probably would block them?) Or does it mean they will damage everything so fast only spaces with enough funding will be able to remain afloat, forcing us all to rebuild communities elsewhere?
I hate how it seems like anytime there’s an alternative to big tech, it gets immediately co-opted. Either by the far right or by corporations.
At least with this structure we can still defederate from them and go on about our merry way.
Until they take over and force a change that renders things back centralized into their hands.
That makes zero sense, that’s not how the fediverse works. Explain how they would take over completely independent and unconnected instances that are defederated from them.
Implement new features that only work when you integrate with Meta, then cut them out of the picture if they don’t do what Meta says. The majority of users will stick with the instances that have the stickers and emojis that their friends have. Similar to what Google is doing with it’s browser and the Internet.
So we’d have the exact structure we have now. A centralized platform, or instance, for the people that don’t care and our current federated instances for the people that do care.
This is all a big nothing burger. We’ll just continue to not use meta instances and platforms like we’re literally doing right now.
Agreed. Truth be told, should the fediverse become mainstream, the masses will want the shiny bells and whistles and stick to the instances that support them. Those of us that could care less aren’t going to be swayed by them, and steer clear. Unless FB somehow manages to take over the codebase and force everyone into their shit, I think we’ll be fine.
See also: Google with Gmail.
Good luck running your own mail server these days, and getting your messages actually delivered to Gmail and Outlook/O365 mailboxes. It’s possible, but a hassle, and the rug can get pulled at any moment.
Just configure your SPF record properly and you should be fine having emails delivered to gmail. I work in tech support for a small software company and every single time a customer is having issues with our email server not delivering to GMail, it’s due to their SPF record being borked (which is on the customer’s IT department, not us)
By having “the masses”, they can simply force things by not federating themselves. Email was already brought up and still federates but xmpp is a prime example where Facebook and google acquired a bunch of users and then walled off their access to federation. It all but killed xmpp as a tool in regular use outside of technically inclined circles.
Meta already has the masses right now and is currently defederated from us as we speak, them making an instance and not federating would change literally nothing for us from our current structure.
Besides, it would be a benefit if they defederated themselves voluntarily. They’ve already shown their moderation to be shit and no telling what they’ll try to do with our data, I wouldn’t want to be on any instance that federates with the Meta instance(s).
Capitalism only functions when it can absorb the things that can be an alternative to it.
Aren’t those the same group?
No, but they both work for the same people.
Capitalism gonna capitalise
List of Fediverse admins pledging to pre-block Meta instances: https://fedipact.online
It will be possible to have accounts on multiple instances, those that block Meta or federate with Meta. Then see what happens.
Not seeing a lot of Lemmy instances on there yet. Hopefully more will follow as it gets closer
What iffing a possible scenario: Meta positions itself as an instance host, like how WordPress hosts blogs. “We’ll take the headache out of setting up an instance, but you control everything else!” Free? Low cost? Removing the technical hurdles of hosting your own instance could entice a lot of would be admins to go this route.
It gives the illusion of control, but Meta still back channel collects all data.
My money says you’re right.
Time to learn how to host your own instance everybody.
…and then a couple years down the line when people have come to depend on it and the code base has become simpler due to the platform capabilities that their hosting provides (nobody is self-hosting anymore anyway, because Meta hosting is so simple, easy, and cheap/free), they’ll start exercising more control anyway. “Come into compliance with our corporate terms of service and Community Server Guidelines™ or you’ll lose our hosting. Oh shit, there’s nowhere else for you to go for hosting anymore? Gosh, gee, shucks! What a shame.”
But in your scenario, how could there be nowhere else to host? In theory, I can spin up an instance on my own physical server, obtain space on AWS, or install my own hardware in a CoLo IX. Your scenario assumes Meta owns all of the hardware on the net, or somehow acquires sole rights to the ActivityPub codebase.
What I’m saying is that Meta will create a platform on which Fediverse instances can be hosted. They’ll add features to that platform that make it easier and easier to host such an instance. They’ll offer APIs or whatever that’ll support instances in ways that other hosting environments won’t. And then when the code base has changed to depend on their particular hosting environment, they’ll use the power that gives them over us.
Glad you brought up AWS. Amazon and other tech companies have created kubernetes platforms (Amazon’s is EKS, which runs on top of AWS and its services like EC2) that make it really easy to spin up clusters, auto-scale them, use custom objects that are specific to their platforms, control external access to them, monitor them, etc. While “bare metal” kubernetes implementations exist, they are a royal pain in the ass to setup and run, and they support a fraction of those bells and whistles. And as time goes on, the difference between one of these “native cloud environments” and anything anyone would (try to) setup themselves gets greater and greater. And systems that are developed for kubernetes rely more and more on those bells and whistles (e.g. despite kubernetes being allegedly agnostic to what it is running on underneath, companies choose to support “just EKS” or “EKS and GKS” and no other environments). Perhaps a particular software suite depends on PersistentVolumes that can be moved between nodes, or mounted on multiple nodes simultaneously, or whatever. EKS might support this when other environments don’t. Or a custom AWS annotation on a LoadBalancer Service might provide some kind of control that the software depends on to function properly and be externally accessible in a way that the software depends on. So this is a nice corollary to how things might go with the Fediverse.
Ah I see what you’re saying, thank you for clarifying. It seems then that a primary goal should be to ensure a form of feature parity that rivals anything Meta delivers, but within the open source realm. Considering the existing codebase (for Lemmy at least) is licensed AGPL3, wouldn’t any derivative works be required to be released under the same license? Forgive me, I’m still getting up to speed on all this, and I’m quite far removed from FOSS these days.
It’s not necessarily so much the license, but resisting the temptation of taking advantage of things special to the hosting environment, and staying as cross-platform as possible, supporting a range of accessible environments no matter how tempting it is to take advantage of the benefits of one (or some) over others.
Gotcha, makes sense. Thanks for the replies!
good theory, I’m sure they will offer custom domain names as well to sweeten the deal since I doubt most people want to be stuck with a .meta handle or something
Defederate-Block-Ban
deleted by creator
I mean, it’ll probably be obvious, however they end up doing it. Just look for all the trackers and cookies 😂
Communities: Basically impossible, unless Meta/Facebook has a public list somewhere.
Instances: That will be public, because they have to register the domain somewhere and I’ll also assume that they will actually want people to know which ones are theirs, so their users join those.
I truly can’t imagine a world where they do it in secret. They’ll advertise it and slap their branding all over it.
Oh there’s a list of all their known domains and a mastodon bot that keeps track of new ones. I run my own mastodon instance and I have everything preemptively blocked.
apparently some Mastodon admins got contacted by Meta and met with them after signing an NDA. I’m quite surprised how many Masto admins want to “just wait and see, maybe it’s not gonna be that bad”.
“Meta and met with them after signing an NDA”
This should tell quite enough.
What? Have you never worked with any company anywhere?
lol, I had to sign nda just to do an interview.
I’d guess they were made an offer they couldn’t refuse, ie money.
I’m guessing you haven’t been on the #Fediverse very long so not picked up on the ethos of most of the folk who run the various instances.
Most are very protective of what they have created as a community and are definitely not in it for the money. Some are vehemently anti-capitalist.There are many ways to get rich. Running an instance is not one of them.
deleted by creator
Maybe we can counter offer an offer they couldn’t refuse, ie eat their donors.
Who are these donors and what does “eating” them actually entail?
I’m surely misinterpreting you, because it sounds like you’re suggesting murdering people over SoMe bullshit.
Pretty sure parent is making a glib reference to the common “eat the rich” saying. It’s meant to be a provocative way to illustrate a larger message of anti-capitalism and the immorality of extreme wealth disparity.
Let’s demonise a subset of the population and joke about murdering them just like my ideological comrades did in the 20th century! Look how provocative I’m being.
Won’t someone think of the poor billionaires!
Save the Rich! https://www.youtube.com/watch?v=ej7dfPL7Kho
Defending billionaires is an even more ammoral act than making a joke you don’t like, comrade.
I dislike seeing radicals joke about murdering their enemies. It dehumanises them which helps extremism takes hold.
Of course that is the point of such jokes, but you shouldn’t be surprised if people call you out on it.
I am a donor on various instances.
I’d take a dim view of being eaten.
Meta can never be trusted for anything. This could very easily be them trying to make tools to snuff out our “rebellion”.
I will remove myself from any servers that federate with Meta.
I doubt they would be willing to let people host and control their own versions of federated facebook, and I’m wondering then what would make it “decentralized” exactly. Are they just using decentralized as a buzz word because they are using ActivityPub?
aa
They’d probably appreciate to have control of instances they don’t have to pay for.
Yeah I’d love to see some more concrete info on what they mean by decentralized.
A bunch of people paying their own server costs to host their own mini facebook servers that they have to moderate and that show them ads? Lol. Horrifying.
But it seems like they just mean that it will be able to communicate with other decentralized networks, not that it is decentralized itself.
If it begins looking that way, the (m/f)etaverse could always be defederated. There’s no reason we need to connect with them.
…fetaverse? :)
Mmmmmm feta
Where do I join?
Fetaverse 😂
What about the nb verse though?
I don’t trust Meta with anything, no way they will do this well
Absolutely! And given that they have a gazillion users they can willingly move around they can drown us out in a day if they want
They will drown us out even if they don’t want in that case. Them just using the service normally will flood all our feeds with posts from their service based on the sheer number of them.
That’s why every instance worth its salt will defederate from day one
I think (and hope) so too. Some pro leniency stances from mastodon bigwigs got me a little worried, that’s all.
I don’t really care about Gargron and the other growth-focused admins, I literally use an instance that hides stuff from mastodon.social lol
switch to white list mode after certain point I guess. Or introduce some protocol level cooldown thresholds where if you are an instance with 1m users or just 3 bots, then you auto block those.