Fediverse privacy nightmare? - eviltoast

I think they are leaving out something quite important in this blog post - nobody is using their real names here.

It’s very different from Meta or Google or whatever big tech company people have accounts on, where they know your real name and many more details, such as phone number and address.

I don’t see the privacy danger in someone sweeping up what we are talking about here, since we are pseudo anonymous. Am I missing something?

Whats the value of random aliases discussing something and why is that a privacy issue?

  • shrugal@lemmy.world
    link
    fedilink
    arrow-up
    22
    ·
    edit-2
    1 year ago

    The author of this blog post just realized that things posted publicly on the internet are indeed public, and that Ctrl+C and Ctrl+V exist.

    This is not some special property of the Fediverse, it’s how the internet has always worked. If you post something publicly (say on your personal blog) then others can see it, make copies and redistribute them, even if you later decide to delete the original content. Companies like Google build massive indexes of everything posted by anyone ever, and there is nothing you can do about it if you want your content to be publicly accessible. If you share something with just a group of people, and someone decides to make it public, then it’s public. Nothing new about that.

    The GDPR works in exactly the same way in the Fediverse as with the existing services right now. If you want something deleted you have to send a notice to every service that has your content. In reality you’ll just send it to the X biggest services, because they represent 99% of the users that could potentially see that content, and that’s usually enough. You can do the same with the X most popular Fediverse instances. Even better, we might be able to create a standardized and automated process for it, because they all run the same set of Fediverse apps using ActivityPub after all.

    Afaik DMs work just like unencrypted (so regular!) emails. If you send your company secrets to john@we-leak-your-mails.com then you’re probably screwed, same thing with @john@we-leak-your-dms.lemmy.

  • cyanarchy@sh.itjust.works
    link
    fedilink
    arrow-up
    23
    arrow-down
    1
    ·
    1 year ago

    It is not even semi-private. It is a completely public medium and absolutely nothing posted on it, including direct messages, can be seen as even remotely secure. Worse, anything you post on Mastodon is, once sent, for all intents and purposes completely irrevocable.

    This guy is either actively trying to spread fear and doubt about decentralized services, or is somehow only now understanding what the internet is and how it works. Did I step into some kind of time vortex a while back and end up in a world where people ever believed that anything on the internet was private or revocable?

    • norb@infosec.pub
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      I really think that the corporate systems we’ve all grown used to have tricked people into thinking their data was “safe” just because some big company was “taking care of it.”

      Also possible this person works for Reddit or something 🤪

    • Most of these discussions on privacy I run into are clearly filled with people who don’t understand a damn thing about the internet. Many of which are on Facebook… Using their real name and real photo as a PFP. They don’t actually care about privacy. They just like being scared and angry.

  • ScreaminOctopus@sh.itjust.works
    link
    fedilink
    arrow-up
    16
    ·
    1 year ago

    Brain dead take. Sums up as “Wah! Information you publicize is public!” This guy completely misses the fact the the privacy nightmare of corporate social media is the apps that scrape every piece of traceable information off your phone to sell, and the cookies and browser tracking so they can follow you all over the web. AFAIK fediverse sites aren’t doing this.

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      apps that scrape every piece of traceable information off your phone to sell

      The word “scrape” is a little bit generous IMO. Threads in particular with its endless scrolling list of required permissions is literally handing your entire phone to Facebook/Meta - saved contacts, payment information, fitness tracker and health information… half of those permissions I didn’t know even existed 😳

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    13
    ·
    1 year ago

    This is sadly a text written with much confidence about something they understand very little about. Especially the part about the GDPR is IANAL completely wrong.

    Yes, DMs over AP are not secure. That’s why there is the big banner above it in nearly every AP implementation. The rest is pretty much FUD.

      • McSinyx@slrpnk.net
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        if I sent you a private message, is that viewable in plain text by not just the instance owner we’re both on

        Yes.

        other federated instances too?

        Not by design, but instances can misbehave.

        private messaging over AP

        Private is misleading here: for messaging to be private, no third party should be able to read the messages. In practice, this usually requires end-to-end encryption.

  • HughJanus@lemmy.ml
    link
    fedilink
    arrow-up
    12
    ·
    1 year ago

    This is 100% FUD. The content of your profile, and the posts you send out to the world are not supposed to be private. What’s supposed to be private is:

    • Your IP address
    • Your location
    • Your email address
    • your contacts
    • your browsing data
    • your health data
    • your purchase history

    Etc. etc. These are the privacy issues you should be concerned with.

    • hglman@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      There are two options when you communicate in a wide channel way that the fediverse implements. A single-owner gate keeps for everyone, aka Facebook, or it’s all public. The former means your posts are owned by tht entity and they control your data. In the later your data is held by no one. Then at least, you are not an exploitable commodity. This at least means the platform is protected from a class of abuse driven by ownership.

  • h3ndrik@feddit.de
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    1 year ago

    Well, i think i saw several posts about this topic popping up in the last few days. And posts questioning things like this one. I’m not sure. I think this is fearmongering. Other services know even more about you and they even harvest and analyze this kind of data actively… I bet your Facebook-friends also know who you are. So what’s the point? True. We need GDPR compliance and to save as little data as possible. But if you want something anonymous: Install Tor or anything suited for that task. Don’t write blog posts and spread FUD about this platform. (Or do it, but then don’t be a hypocrite and also write about what reddit/google/twitter/amazon do with your ip and browser fingerprint)

  • Boozilla@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    If you don’t register with an email address, I’m not sure there’s much privacy violation going on. We’re all posting to a public forum (like reddit, Meta, Twitter, Nextdoor, LinkedIn and countless other places) so use common sense and don’t post anything truly private or self-identifying.

  • SolidGrue@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    deleted by creator

    … Lol, not really. Never¹.

    This article speaks to the horror of edgelords who are just now realizing that no, the Real Internet isn’t a placewheree you can drop edgelord bullshit and fade into the crowd. 🌎 👨‍🚀 🔫 👨‍🚀 Never was.

    ¹ Literally never. Not even on Reddit.