Question:
How can Fediverse be more "private" while also not ruining the experience for those who like things the way they are?
There's already a way to make your posts private so that there's no way for anyone to see them without your permission.
Could there be another way without destroying discoverability?
I can't think of any, but I'm obviously not the sharpest tool in the shed.
Obviously Mastodon needs to start by removing the RSS feed or make it an option to turn off. As it stands, most people don't even know it's a thing because it's not documented.
Thoughts?
@BeAware this is an ax I grind because people need to be aware:
NO, there is no way to make your posts private so that there’s no way for anyone to see them without your permission.
Anyone posting to Fediverse need to be aware that by virtue of how this thing is engineered, there is absolutely no guarantee of such privacy.
A lot of people are posting things they think are private when they’re not, and I find that hugely problematic.
@volkris Well, safe from the scrapers is what I mean. That's what people are worried about mostly.
@BeAware but it’s not though!
Scrapers are very much able to scrape your content, and everybody needs to be aware of that as they post on here.
People are posting content here left and right and saying they love to do it because it’s safe from the big corporations or whatever, and I would be absolutely amazed if those exact businesses aren’t having a field day vacuuming it all up.
This is why it’s so important to me to spread the word about how insecure this platform is, for better or worse. There are trade-offs, and I’m comfortable with them, but there’s a lot of people who don’t know the risks they’re taking here.
@volkris but there's a *way* to do that if you just make your posts Followers only. That's what I was getting at. Your preaching to THE choir. I don't know anyone else who talks about this stuff more than me, as I'm sure you've seen in the past. I sure know how it all works.🤷♂️
@BeAware again, that’s not how this platform works.
Behind the scenes, it doesn’t matter if you make your posts followers only or not, the way this platform is engineered behind the scenes, the content goes to people who aren’t followers.
Maybe it will only be shown to followers. Or maybe not. You have no way to know. That’s just how this platform is programmed.
Again to be clear what I’m saying is, you need to be aware that if you make your posts followers only, they will still be subject to going to people who aren’t followers.
This is a design choice that the programmers made, that I disagree with, but you need to know that it is happening.
@volkris I've never seen it happening, but if it is, it definitely needs to be known. Can I see verifiable proof of this happening?
If so, I'll definitely call it out.
It’s all in the ActivityPub protocol that I’ll link below. If you read it, it’s strikingly clear that there is no actual guarantee that your permissions will be honored. In fact, the standard uses the term “SHOULD” quite a lot when leaving servers free to ignore your privacy notation.
Are you familiar with the FRS radios? They had a feature called privacy codes, where a group of people would set the same code to communicate. BUT, really all of the comms were all on the same channel, but the codes simply filtered out what one wanted to hear.
So they provided no actual privacy, just the illusion of it.
Same thing here, unfortunately. The ActivityPub protocol is largely a broadcast protocol, sending content into the cloud with only suggestions as to who should see it.
You can believe that every link in the chain will behave and respect your wishes, but a scraper is free to ignore them and do what they want even if your post is marked private.
@volkris Sure, but has it actually happened?
What *could* happen if things go awry vs what actually happens are different.
@BeAware how about putting it this way: we here ARE broadcasting content that companies are free to use, and so many of us don’t know we’re doing that.
Do companies use it? Well I imagine so, and it might be largely undetectable. As Fediverse grows it seems like a goldmine for training AIs, collecting marketing stats, etc, all without encumbrances of TOS agreements.
But sure, you’re asking what has actually happened, and what’s actually happened is that all of these users are making content available to companies. That part’s true.
And my personal focus is that it’s being done without the consent or knowledge of so many users here.
@volkris that's exactly what I said in my OP. 👍