- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
This shouldn’t come as a huge surprise. Meta is moving forward with their plans for Theads and the Fediverse, and their adjusted terms reflect a new impending reality for Fediverse users.
I agree that this is nothing to panic over, but I want to clarify that Lemmy is not safe from this. Lemmy and Mastodon both use the same protocol (ActivityPub) and that’s also the protocol that Threads will use to federate. Just as Mastodon users can like, boost, and reply to Lemmy threads / comments, Threads users will be able to do the same. That’s why it’s important to defederate Threads on all ActivityPub-enabled instances.
Technically. Yes.
But doing so is onerous enough that I can’t see it as any sort of “threat”.
And again… Defederating does absolutely zero to restrict Meta from being able to access your info. Defederating means you don’t see Meta. It doesn’t block Meta from seeing you.
You don’t even need to dip your toes into ActivityPub to scrape most of the data. It’s public – aside (I think) from just user IP addresses on Mastodon. And in the case of Lemmy, I don’t think there’s anything you can’t access from outside of ActivityPub.
Defederating actually does stop Meta from accessing data (at least through ActivityPub) if you enable AUTHORIZED_FETCH / similar. That setting requires remote instances to authenticate themselves, which prevents blocked instances from querying anything. IIRC, Lemmy either already supports or plans to support that same feature.
Meta could, of course, just use web scraping, but that can be prevented with DISALLOW_UNAUTHENTICATED_API_ACCESS. Although admittedly, I don’t think Lemmy has this feature yet.
Even DISALLLOW_UNAUTHENTICATED_API_ACCESS can be easily bypassed by creating a client that logs into mastodon.social (for example), and just gobbles up the Federated feed.
It’s what the FediBuzz relays are now doing in order to keep single-user instances viable and not funnel everyone to the same 3 instances.
Unfortunately, if Meta wants to be shitty, they’ll be shitty. Even stuff like robots.txt & nofollow tags are just polite requests that can be ignored by shitheads.
kbin includes a “microblog” feature which is a mastodon-like implementation of ActivityPub.
Without jumping through flaming hoops, though… does the “Threads” tab really ever talk to the “Microblog” tab? (aside from your kbin account being able to interface with both)
(I do find it funny that kbin’s “Threads” is their Lemmy/Reddit-like, and not their Mastodon/Threads/Twitter-like)
I don’t use it, so I’m not super clear on it. It does feel like a bit of an afterthought.
I do know that I’ve interacted with Mastodon users in fediverse comment threads via kbin in the “regular, reddit-like” interface. My understanding is that APub is APub is APub, and the client implementations define the format you see content in, and implement or do not implement different APub features based on how the developer(s) want to shape their client.