@HerraBRE true that. Is people's choice to use fb. I left it like 9 years ago. Never looked back but all my friends are on there. Not gonna preach to them to join the fediverse. People are the same everywhere. Morally superior nah. We are all strangers. I will never know what the other person is really thinking or feeling for that matter.

@HerraBRE what most people don’t get is that if you aren’t paying for the platform you’re using, it’s very likely that you are the product being sold. Not true all of the time, but it’s a good rule of thumb.

@HerraBRE Agreed that outrage is getting in the way of clear thinking here, also that FB is better able to defend users’ data than Mastodon (the only part of the Fediverse I know.)

But:

· FB collects vastly more data on users than Mastodon.

· What FB does with user data in its normal routine, short of any data breach, I won’t invite into my life.

@wrenpile Agreed on all counts. 😁

Facebook must die, I just want us to be cautious about what advice we give non-technical folks about the alternatives.

@wrenpile @HerraBRE

There are other "Fediverses". Check diaspora. (It's actually more Facebook-like.)

And yes, while FB collects userdata for advertisement, most(?) mastodon instances don't. But of course it's also possible. I think Mastodon has other advantages over FB and Twitter than being more privacy focused.

But I also wait for the FB hype to be over to publish my article about it :/

@wrenpile @HerraBRE Do we actually so far have, well, sort of an "ethical code of conduct" for people operating #mastodon / #gnusocial / #diaspora / #fediverse pods?

@HerraBRE Anyways, I'm out:

https://mastodon.social/@djoerd/99721532992424230

@quad Here you have identified one of the main failure modes of the Fediverse.

Statistically speaking, not only do you not know that, but your admin is more likely to take an interest in you than Facebook admins are, simply because you run in the same social circles.

That can be good, but it can also be really bad. From a privacy point of view, disinterested strangers are a safer choice.

(Compare with social dynamics and statistics around murder, rape, other such crimes - same thing.)

@HerraBRE Well that's quite possible. The more limited the selection the more likely that they pinpoint on a particular individual. But I still know plenty of people I'd trust not to do that, even if not all of them.

@Gargron Sorry, but you can't market Mastodon as a replacement for Facebook without assuming people will use it to solve roughly the same problems.

The fact that they can't just means it's not a credible replacement...

In all of the areas where Facebook and Mastodon offer the same functionality, Facebook privacy controls are vastly superior.

@bob
@Gargron @HerraBRE
Key based identity has really serious problems in the current computing environment (most people are on mobile, and may have multiple devices but definitely don't have backups). It's better in theory, but the way people actually use computers would have to change a lot for it to be viable for most people.

@bob @HerraBRE @gcupc Didn't you also mention Hubzilla uses keys to encrypt only from server to server? Which is not e2e at all? And pretty standard practice when you use TLS for connections?

@bob @HerraBRE @gcupc Well, Mastodon also does server to server encryption then.

@Gargron @bob @HerraBRE
IMO if you wanted to build a social network with strong e2e guarantees, you'd build it with messages over Matrix. But that still uses domain-based identity.

When I think of key-based identity, I think of Secure Scuttlebutt. Which I like, I think it's interesting and fun, but it makes multi-device *hard*.

@HerraBRE Facebook replaced MySpace despite being totally different to what people were used to. I don't think that's an obstacle. What matters is people's ability to talk to each other, the actual habits emerge from the design of the platform.

@Gargron @HerraBRE I agree with Ben Thompson that Facebook's strongest hand is being the world's phone book: https://stratechery.com/2016/what-facebook-is-and-isnt/

I don't really see the fedivese replacing FB in that regard anytime soon. If anything, people are switching back to pure phone numbers for identity, with all the popular messenger platforms using them.

(Similar situation with @-usernames on Twitter and Instagram. The simplicity is hard to beat with a user address.)

@raucao @Gargron @HerraBRE That’s what stopped me from #DeleteFacebook two years ago

@HerraBRE @Gargron They aren't though, restricting privacy on FB only affects the web frontend. It doesn't prevent any ad targeting using your full data and it doesn't limit what apps can access.

You can only limit what is seen by others on the frontend and whether you see targeted ads (the data is still collected here, it's just you don't see the result of the targeting)

@paul @Gargron This is like the toddler that assumes if they can't see someone, they are invisible. But in reverse.

Being able to target ads does not mean the advertiser knows who you are or has any of your data. They don't. It's not a privacy violation.

Yes, FB knows all. But they don't willingly give your data away because it is their entire business model to be gatekeepers.

The Fediverse OTOH gives your data to anyone who asks. It's only better because it has less data, fewer users.

@Gargron @paul ... but to be clear, that difference between the Fediverse and Facebook is no small thing.

One of the worst things about Facebook is how it encourages oversharing.

A social network that doesn't do that is a huge, huge step in the right direction. Just being free of the real name policy makes up for a lot.

I'm using this platform for a reason, I like it. But I'm also a privileged person who is comfortable putting things in the public space.

@HerraBRE @Gargron It is still a privacy violation because FB knows and infers so much info about you. They aren't a passive overlord, they have proved again and again they will psychologically manipulate their users (social contagion study where no-one was informed) and manipulate democracy itself if the price is right (Russia/Trump) or the candidate is right (Zuck in the next election). They are actively malicious even if they don't give any data away to others

@Gargron @HerraBRE And they don't stop mining that data or manipulating you or using you in experiments no matter what privacy settings you change.

Yes the fediverse isn't perfect, but it's a much better starting point than Facebook

@paul @Gargron This is mostly true. But what I said is also true.

I think Facebook is evil and harmful. We do agree on that.

Now, set that aside, imagine you don't care. Or at least pretend Facebook isn't the scariest adversary in your life.

Maybe you have an abusive ex partner or you're an activist and some minor 3rd world government or mafioso wants you dead.

Now, which platform can you more safely use to connect with friends and family and co-workers?

Hint: It's not the Fediverse.

@HerraBRE @Gargron I can use a fake name on the Fediverse and set my account to locked. On Facebook I (+ all my friends) have to use real names and if my friends don't lock down their privacy settings my abusive partner can see me on their friend list and see my posts when mutual friends post replies.

Activism too is more suited to the fediverse as you can set up servers that only federate with each other so no corporation can see what is going on. + authorities cannot subpeona location data

@paul @Gargron No. Just no.

Broadly, you are assuming a level of technical competence that is way beyond what people should need to have to be safe online.

You are also suggesting that at-risk people congregate together in specific zones online, losing all anonymity afforded by using large shared platforms.

Your ideas are quite literally life threateningly dangerous to some people.

@HerraBRE @Gargron you are totally wrong. Anonymity? on Facebook? Don't ever tell me I don't know about problems of abuse, you have no idea mate. Facebook is NOT safe for anyone worried about being stalked by government or any other abusive human or algorithm. Just drop it.

@paul @Gargron Oh, I didn't say Facebook was safe. I just said it was less dangerous than the Fediverse.

But yes, let's drop it.

@HerraBRE @paul @Gargron I think you have to distinguish. If you want to have private conversations you should use XMPP+Omemo, Signal, etc Neither the Fediverse nor Facebook is the right tool for it. But if you want to get engaged in public discussions, the Fediverse is a much better option because it isn't a huge data silo, there is not one BigBrother who sees everything and it is not so susceptible to censorship and manipulation.

@Gargron @HerraBRE

Fediverse does not depend on your data. This is a huge difference, AFAIU

@Gargron @HerraBRE I think the more important thing about Mastodon is that it has no ranking or ads. Someone could try to target you with bot posts, and I'm sure that will eventually happen, but hopefully we give as much credence to random @s from strangers as they deserve (which is to say none).

Facebook has a bunch of tools that make it possible to get your message into people's consciousness without their being able to do anything about it.

@HerraBRE @Gargron Aside from @s from strangers there are also hashtags, of course. Maybe at some point we'll start strongly discouraging huge instances where people don't all know each other, where bots can easily blend in.

@seanl @HerraBRE @Gargron HerraBRE is lifting an important point here though. We shouldn't really compare with FB when it comes to safety. FB can never be that because of their business model. Mastodon can. It is not currently but it is an plausible for the future. We should try to think how to incorporate that more.

Mining data is an issue that will not become smaller with time. It will become an massive issue in the future. Just a thing like obfuscating the ip number would be a good start.

@seanl @HerraBRE @Gargron maybe I have faint hopes that muting/blocking will apply sufficient social backpressure. O'course, then the problem becomes default policies for handling new instances...

@tuxicoman @Technowix @HerraBRE
Federation means duplication of all the data (for mastodon, diaspora etc.) and makes harvesting easier if you just need to find the most laxist server as an access point.

@npze @tuxicoman @Technowix @HerraBRE

Would it be possible to remove the public information about who you follow ? Is this info is limited to the servers you follow it's fine as long as no server is too big (ie not gmail for email as example)

@tuxicoman @HerraBRE @Technowix
I'd 403 or completly rewrite /users/tuxicoman/following, /users/tuxicoman/followers, and the whole profile page so it would show less. I'll tell you about it if I do, it might be something useful to bring to the project.

@npze @tuxicoman @HerraBRE @Technowix

I guess there is an API to retrieve such info too (between servers, for androi apps). Your solution may block only the web page display.

@tuxicoman @Technowix @HerraBRE
When I say 403 it's at the webserver level, I also block remote hosts via ip, referrers, useragents...

@tOpenArt Most people don't! And they really shouldn't have to, beyond maybe a bit of basic internet-hygiene literacy.

I see it as our (techies) job to try and make things safer for everyone.

This is why I rant about these things. 😀

@ghostdancer You're telling me stuff I already know, and completely missing the point.

If you care, you can browse my time-line for the other discussions I've had today.

If not, carry on, have a nice day. 🙂