For Amusement Purposes Only.

Changeling poet, musician and writer, born on the 13th floor. Left of counter-clockwise and right of the white rabbit, all twilight and sunrises, forever the inside outsider.

Seeks out and follows creative and brilliant minds. And crows. Occasional shadow librarian.

#music #poetry #politics #LGBTQ+ #magick #fiction #imagination #tech

  • 0 Posts
  • 50 Comments
Joined 1 year ago
cake
Cake day: June 24th, 2023

help-circle






  • The instance owner determines what’s on their “public” tagged activity feeds. If they remove the “public” tag from a post or user account, it’s restricted from non-authenticated requests from outside servers. You’re correct that this shouldn’t grab user IP addresses, but they could if an instance owner is including that information in what they mark as “public” profile feed data. I should reiterate that I know of no instance that does this, but the capability is there in theory (and I do know that certain forum software packages outside the Fediverse collect and publish this level of information, although it’s a dying practice).

    I’m not advocating instance owners turn everything private, but it’s clear they’re going to have to examine what they’re providing through their feeds to Threads if they’re serious about their users’ security and privacy. The safest bet is to defederate from Threads until it’s clear what Meta’s intentions are (aside from their rhetoric, which is always deceitful when it comes to user privacy).

    As to what Meta will do, they absolutely will scrape that activity data for marketing use, if they aren’t already. It’s what their entire business model on Facebook is built around - targeted ads based on user activity. Anything they say about protecting that data is lip service at best given their past performances and lawsuits. It also very likely that they’ll merge it with their existing data hoards, and do their best to de-anonymize accounts so that they can increase their data accuracy and thus their profit margin.


  • Looks like there’s a lot of FUD around this, so I decided to jump into the ActivityPub spec and see exactly what they can and can’t get with the spec as is.

    First off, they cannot get a users individual IP unless the instance owner publishes it in the profile data as part of a “public” activity stream. I don’t know of any instance that does this currently (feel free to correct me if I’m wrong).

    It looks like what Meta is looking to do is scrape the information in the “public” tagged activity streams:

    In addition to [ActivityStreams] collections and objects, Activities may additionally be addressed to the special “public” collection, with the identifier https://www.w3.org/ns/activitystreams#Public.

    Activities addressed to this special URI shall be accessible to all users, without authentication.

    This is similar to what most instances do to show the posts of a user or community - they send a request to get “public” tagged data to publish to their end users. Within this data is all the activity information on that post - who upvoted what and who, and who commented. Again, this is the same way federation works now - your server has an activity stream of all your followed and followers that it can make available to view by tagging their activity as “public”. Many instances have this information tagged as “public” as a default.

    Now, this system works fine if you’re dealing with small actors that don’t have nefarious designs on the network, or the resources to dominate it.

    When you have a digital behemoth with grand AI designs that’s already embroiled in lawsuits where it was grabbing your medical data and regularly allows law enforcement to stroll through its records, it’s an entirely different situation. Meta has the power and capacity to not only engage in an “embrance, extend, extinguish” campaign against the Fediverse, but also to seriously threaten the privacy and well-being of Fediverse users in a way no single instance owner can.

    I think the solution here will be for individual instance owners to harden their security and if not outright de=federate from Threads, ensure that posts are private by default and that their users are made well aware in the TOS that following a Threads user will result in sharing data about their profile that could (and most likely will) be matched back to their Facebook account.

    Instances that don’t allow visibility control on posts, like Kbin and Lemmy, should look at adding an option to post only to the local server, or have the capacity to block threads.net outgoing publication based on user profile settings.

    Instances that don’t allow follow request filtering probably should look at adding it (Mastodon has it implemented - Kbin and I think Lemmy would need to catch up) - otherwise users could be unaware that they’re sending their data to threads.net when someone from that service follows them.

    I think it goes without saying that any data Meta gets will get the AI treatment - both to identify users and to sell your activity to marketers. That activity is the real goldmine for them - that’s a stream of revenue for marketing that rivals what Meta tracks on its own platform.

    As such, it may be worthwhile for instance owners to look at removing voting and boosting counts from the “public” activity feed. This would mean more fragmentation for communities whose populations span instances (vote counts would be more off than they are now), but it would prevent bad actors from easily scraping that data for behavioral analysis.

    All in all, though, I don’t believe it’s going to be a positive event when Threads does start federating. One of the nice things about the Fediverse is that the learning curve is high enough to keep the idiot count down, and I don’t really see our content or commentary here improving once Meta’s audience enters the space.





  • I totally hear you there and agree with you re: the business choices Spez made. Reddit lost a 20 year contributor when I walked away, and even if they rolled back all the changes, I won’t be returning.

    I was more looking at applying your suggestions to a fresh publishing model, as your ideas intrigued me (having run a publishing forum in the days of the early internet). I want to have a space on the internet where content creators can keep ownership of their content and get adequately paid for publishing - I think properly run, it could become a vital hub for our cultural legacy (as Reddit was, albeit clumsily and destructively). The incoming revenue is the biggest challenge, which is why I focused on that element.

    Some users will pay if you have a paywall, but only if you already have a substantial amount of content they want to access. This works for a search engine crawling pre-existing content, but not so well for a forum style site like Reddit, where most of the content creation is driven by engagement with other content. If you reduce the engagement rate (aka through a paywall), you’re actually reducing your incoming content in the long run (something we’re seeing on Reddit after the blackout).

    I don’t know what the ultimate solution here is, but I really do like your payout concept with Monero. If I did build another publishing attempt, it’s something I’d try to implement if I could get the incoming revenue to support it.


  • Excellent points. That being said, Reddit will never pay contributors. They have never had interest in quality of the content on the platform, only it’s engagement rate - the years of publishing subs like jailbait and The_Donald speak to that. Engagement, now that they’ve got a critical mass of users and 20 years worth of content, can be maintained with bots, sockpuppet accounts, and reposts (all of which have become the course du jour for the front page and /r/all since the API revolt began)… at least until they go IPO, after which it’s not their problem anymore.

    The biggest problem with online publishing is that without that critical mass of readership, it’s very difficult to become profitable enough to pay your contributors. Reddit’s never gotten to this point, even with millions of users. It’s my hope that with contributors moving off of Reddit, we’ll see new publishing models appear that utilize some of the excellent ideas you’ve outlined above. I particularly like the suggestion of using Monero as a currency to ensure anonymity.

    Tying voting to currency is an interesting idea, but I think that voting should be free, as my experience running forums is that only about 10% of your viewers will care enough to vote, and maybe 10% of those choose to post actual content. Putting a paywall in front of voting will kill engagement. However, limiting the number of free votes an account gets per day, then allowing people to buy more votes with currency, and earn currency for posting content could work very well if run correctly. The trick is balancing the actual profit you make off of the contribution with the need to pay your contributors, and here it becomes a question of determining the proper margins and payouts.

    The other problem is that the only real revenue source outside of the users of the site is going to be Google Adwords or a similar platform (unless you go for ancillary streams of revenue, like attaching an e-commerce store to the site). If you charge for access to the content, you’re killing your engagement. I haven’t used Adwords for awhile now, but when I did the payouts were absolutely abysmal (like less than a penny per click). They were so bad that it wasn’t even worth dedicating the visual real estate to put up the ads.

    Ultimately, this is the same challenge traditional publishing has had for a long time. It’s generally unprofitable unless you have a runaway hit or ancillary streams of revenue (like syndication deals with other media types) - most of the actual content almost never makes money, which is why so much of our traditional media is paid for by advertising and subsequently controlled by corporate interests.



  • They’re doing it because it worked in the 90s. Different companies involved, but same ballgame, same playbook.

    Here’s some relevant info from a Reddit post 6 years ago from Bruce Kushnick, well known for his activism and writing on the topic:

    I’ve been tracking the telco deployments of fiber optics since 1991 when they were announced as something called the Information Superhighway. The plan was to have America be the first fiber optic country – and each phone company went to their state commissions and legislatures and got tax breaks and rate increases to fund these ‘utility’ network upgrades that were supposed to replace the existing copper wires with fiber optics – starting in 1992. And it was all a con. As a former senior telecom analyst (and the telcos my clients) i realized that they had submitted fraudulent cost models, and fabricated the deployment plans. The first book, 1998, laid out some of the history “The Unauthorized Bio” with foreword by Dr. Bob Metcalfe (co-inventor of Ethernet networking). I then released “$200 Billion Broadband Scandal” in 2005, which gave the details as by then more than 1/2 of America should have been completed – but wasn’t. And the mergers to make the companies larger were also supposed to bring broadband-- but didn’t. I updated the book in 2015 “The Book of Broken Promises $400 Billion broadband Scandal and Free the Net”, but realized that there were other scams along side this – like manipulating the accounting.

    We paid about 9 times for upgrades to fiber for home or schools and we got nothing to show for it – about $4000-7000 per household (though it varies by state and telco). By 2017 it’s over 1/2 trillion.

    Finally, I note. These are not “ISPs”; they are state utility telecommunications companies that were able to take over the other businesses (like ISPs) thanks to the FCC under Mike Powell, now the head of the cable association. They got away with it because they could create a fake history that reporters and politicians kept repeating. No state has ever done a full audit of the monies collected in the name of broadband; no state ever went back and reduced rates or held the companies accountable. And no company ever ‘outed’ the other companies-- i.e., Verizon NJ never said that AT&T California didn’t do the upgrades. --that’s because they all did it, more or less. I do note that Verizon at least rolled out some fiber. AT&T pulled a bait and switch and deployed U-Verse over the aging copper wires (with a ‘fiber node’ within 1/2 mile from the location).

    Here’s a direct link to the PDF of his book,The Book of Broken Promises: $400 Billion Broadband Scandal & Free the Net that he still provides for free from his website, www.irregulators.org.

    For reference sake, here’s the link to his post on the bad place. Note I usually try to use better sourcing than Reddit, but Google’s search on this topic is either flailing or details on how this went down have undergone an active scrubbing attempt.