Overview:
The community to discuss buying European goods and services.
Rules:
Be kind to each other, and argue in good faith. No direct insults nor disrespectful and condescending comments.
Do not use this community to promote Nationalism/Euronationalism. This community is for discussing European products/services and news related to that. For other topics the following might be of interest:
Feddit.uk's instance rules apply:
Benefits of Buying Local:
local investment, job creation, innovation, increased competition, more redundancy.
Related Communities:
Buy Local:
Buying and Selling:
!flohmarkt@lemmy.ca
Boycott:
!boycottus@lemmy.ca
Stop Publisher Kill Switch in Games Practice:
!stopkillinggames@lemm.ee
Banner credits: BYTEAlliance
For their use case it makes sense.
They want heightened privacy features like making likes and follows private, which is something that is incompatible with the current state of activitypub.
You're telling me I brought this pitchfork all the way over here for nothing ?
You can go turn that garden bed over if ya want.
People probably should be more aware that what happens on here is mostly public and also why that's a better alternative to only giving data to private networks run by companies with trade secrets.
Giving data out to everyone prevents an outsized amount of leverage being given to single companies. Facebook doesn't have anywhere near as much kingmaking power if the same methods can be used by competitors or exposed and mitigated for outright.
Being open source, you also can know exactly what the fediverse is collecting and it's currently a fuck load less than the massive data stream companies like Facebook record.
Their reasoning isn't necessarily bad:
They do explain their reasoning:
Expand for alt text
"The ActivityPub protocol, standardised by W3C and governing exchanges within the Fediverse, requires us to clearly identify you when you interact with another platform, which is normal in order to prevent falsification of exchanges.
Opening such a breach would go against our commitments and philosophy on data protection and anonymity.
If we don't expose your likes and follows it's not to make them public on platforms that can be hosted anywhere and by anyone thanks to decentralised applications such as Mastodon.
This would also be a problem regarding our commitments in terms of moderation and the protection of minors, since profiles moderated by other platforms, with their own rules, could interact with Veklar users.
The Fediverse is open and anyone can decide to join in the future. This is particularly the case for Meta, which has already prepared Threads for its foray into the Fediverse, and is also thinking about integrating Instagram. Google could also join the Fediverse with YouTube. In all its principles, Veklar is committed to protecting you from GAFAM and ensuring the sovereignty of your personal data and your public image."
They use Threads as an example of what could happen to the Fediverse, but who knows how many companies are out there with fake Mastodon/Lemmy servers, subscribing to as many feeds as they can, letting the Fediverse handle delivering structured, scrapable data for them so they can work on their AIs or thread intel or marketing profiles.
They also have a point with their attempts to keep likes/follows private: that's something a lot of users want, and something a lot of users are surprised to learn doesn't exist on the Fediverse. The Fediverse is more metadata than data and that's not something everyone likes sharing. With monoliths like Veklar, you only need to trust one server not to datamine your every move rather than thousands of servers.
Speaking of privacy, most of the Fediverse isn't compatible with any privacy laws I've seen. For a bunch of hobbyists that's probably fine because privacy enforcement agencies have better things to do, but for a company that intends to make money and wants to actually become an alternative, that's a problem. A GDPR-compliant Fediverse server would need to record which other servers which bits of PII have been shared, how that information is protected (does lemmy.world even encrypt their database?), and with what other servers that information was shared in turn. That's practically impossible. The Fediverse exists in Europe because it's unimportant and unprofessional enough not to attract lawsuits.
They also have a good point about moderation. I could trivially spam every Lemmy server full of CSAM with maybe $100 in cloud credit to the point the FBI becomes interested. The Fediverse, and in particular Lemmy, is a bit like the Old Internet, assuming everyone has good intentions and that the minority with bad intentions can be handled by human interaction. New servers don't get vetted, new moderation environments don't get verified, and server administrators are left to their own devices to get rid of botnets and other malicious entities if they don't want their server to become a spam relay.
I think the upsides of the Fediverse are worth the risks. Veklar clearly thinks otherwise. They're not necessarily wrong, they just have different priorities.
Mastodon and Lemmy don't actually share any data actually protected by GDPR, unless the users actively make it public (like using their real name).
Am I right in my understanding that if you run a federated Lemmy instance, you can see who has upvoted what, even on other instances?
Is that not something protected by GDPR?
No, things like your home address, your IP address, birth date, health conditions, religion, etc are PII.
Upvotes almost certainly falls into "legitimate purposes" since the data is required for moderation.
So, are you saying that Facebook holds basically no data covered by GDPR?
How'd you get that from that???
Well, ok, of that list they have my ip address, but nothing else.
Your instance has data covered by GDPR, but the data it sends to other instances is covered by the same exceptions as the data you send in a email. Without exceptions for legimitate interests it would be illegal to send an email from, say, mailbox to Gmail or Yandex Mail.
I guess that could be in regards to user profiling.
Since no fedi platform aggregates user data like "user xy always upvotes topic a, therefore I will show him more on topic a via an algorithm", or shows algorithmic advertisements, or sells user data for advertisements etc, I don't think it's relevant to GDPR at the moment.
PII includes any information that can be used to link or correlate personal information. That includes usernames and account IDs. Every like/upvote contains that information, as well as a timestamp, indicating a unique account but also behaviour. The system doesn't just share a list of names, it shares a list of names with a lot of context. Stuff like this is also why pseudonymisation isn't sufficient to avoid GDPR obligations.
Usernames aren't sensitive information, so you can handle it without too much special care (although you do need to ensure basic protection of login credentials against data leaks, for instance by encrypting databases as a minimum requirement). They are PII, though, which means you're obligated to take some level of care and ensure that the information can be corrected or redacted everywhere.
The GDPR simply wasn't written with something like the Fediverse in mind. My server knowing when your account upvoted what posts on a third server would be ridiculous if we're talking about Twitter and Facebook, but it's the core of vote counting on Lemmy.
GDPR doesn't include things you choose to make public, otherwise no social media could show your posts or username to anyone. My only doubt about Lemmy and Mastodon is about DMs where people have a reasonable expectation that they are private but they are not.
Edit: and thinking about it, even DMs probably fall into the same exception as email.
That is wrong. GDPR of course covers public information. It simply does not force platforms to hide this kind of information. But transmission of these informations without user's consent and especially sale of these informations could possibly be prohibited by a court referencing GDPR.
But simply transmitting it for the purposes of making the protocol work, falls under legimitate purposes, like sending an email to email server in China
Absolutely.
But if a fedi software/instance decided to do something else with this public data, it could get legally problematic. That is the point I'm making.
Well, we are an evil and creepy lot, aren't we?
This will always be Morticia and Gomez Addams in my head.
Is it not?
For those of us that grew up with the TV show, no. John Astin literally named the character he played. Before the television show the characters didn't all have names.
The movies are fine, and there's nothing wrong if you enjoy them. But for myself John Astin and Carolyn Jones are the iconic couple. But then I was born over a decade before the movies. But just two years after the television shows 1975 Halloween special. So it may be a generational thing.
There's been multiple actors in the parts over the years but these two were perfect I think.
I don't really feel I need protecting from the Fediverse, more from the "regular" social networks
To play devils advocate though, any "regular social media company" can tap into the fediverse and harvest all of the data and do whatever fucked up things they want to it. The fediverse doesn't protect you from them, it just puts you outside their algorithm control. Though even that is debatable because it is possible that a lot of posters on Lemmy may have first seen the content from algorithm-driven sources.
Right!?! I'm ok with anarchy, and a non-commercial, non-corporate social media. Not in any need of being protected, whatsoever.
@Blaze@feddit.nl they even made a cute little graphic including some niche softwares, so cute
Definitely the biggest threats around
@Blaze@feddit.nl oh I see
Basically they see the Fediverse as a data breach with no actual control over what happen to data the moment it gets to other servers (actually true) and especially if GAFAM gets involved. I mean, I get this they want to stay super-private. But I think that private social networks is a bit naive as an idea
If google actually integrates yt to the fediverse it might genuinely be the best thing they ever did, I genuinely hope they do cuz it's the one centralised social media I actively use and the only google service I use in general.
Plus it goes without saying it objectively has the largest amount of high quality content regularly posted by thousands of people.
It could be the thing that would let a lot of users fully degoogle/decouple from google's monopoly and bring a LOT more eyes onto the fediverse as a whole.
I kind of see where they come from too, but the way they present it just seems strange
@Blaze aaaaaaaaaah..... La frase es como el forro, pero es una incompatibilidad de principios que se traduce en aspectos técnicos (y una critica fuerte al hecho que Meta y google buscan federar)
@Blaze aaaaaaaaaah..... La frase es como el forro, pero es una incompatibilidad de principios que se traduce en aspectos técnicos (y una critica fuerte al hecho que Meta y google buscan federar)
