The fediverse is a public forum.

Your posts are only as secure as the admins of every instance that your home server federates with, in terms of private and followers-only messages.

If you're going to talk about sensitive information, keep it to Signal or other secure 1-on-1 channels.

Assume that everything you post to the fediverse, is being scooped up by multiple gov agencies around the world.

The Milan scrape was only notable because they made their findings public.

If a university scraping feeds did it, it's safe to assume other, bigger organizations have been doing it for much longer.


Thesis: a study of the content hidden beneath content warnings on Mastodon

Anti thesis: Putting your name to a letter of complaint being put together by sunbeamcity

Synthesis: using content warnings to raise the issue of the use of SciHub in Italian universities

@Anarkat Mastodon is an example of a security disaster being a direct result of a user interface. The fact that the platform doesn't support private messages isn't a security problem...

... provided that the users understand this and use the platform accordingly.

The problem is that the platform has had features added to it that imply that this capability _does_ exist and a user interface that encourages this behavior.

It's... bad.

@Anarkat This can't be said enough: PMs are not private.
If a message you send isn't managed with strong, end to end crypto... It is NOT private, but public to anyone with an interest. Anyone.
Mind you, if you do become one of us oddballs who actually use end-to-end crypto, you Will attract the attention of your friendly neighbourhood government spooks.
This will continue to happen until we all encrypt by default. At that point, it's all just *noise* for govts and corps alike.

@Anarkat in Britain, the #BBC (yes, our state broadcaster!) has carried out this task for about 20+ years at BBC Monitoring (formerly in Caversham, SE England and recently relocated to London).

Most of their findings are used for news reports but other "intelligence" is sold commercially and anything perceived by their journalists to be "illegal/problematic" (especially related to youth subcultures) is shared with the Police/NCA and other authorities.

@vfrmedia @Anarkat Looked into this a bit and it seriously blows my mind. I feel like this has some serious implications on journalism's role as a watchdog of the political powers. Even state funded media should - ideally - be able to be critical of it's government and I feel like this kinda makes that impossible? I can't really wrap my head around what this would mean if this was happening in Germany (where I'm from). Just wow.

@jfml @Anarkat

during the Cold War, there was also a shadowy "archives/compliance department" at Caversham and a unit to surveil British and Northern European broadcasters (especially those considered "potentially pro-Soviet") under the guise of helping the EBU with tech issues for Eurovsion.

I only learned about this unit after their engineers discovered a small pirate radio transmitter me and my friends were experimenting with and they told us about what they did..

@jfml @Anarkat

PS: I lived in Caversham for much of my teenage years, with our transmitter we'd upset their sensitive monitoring arrangments (and also accidentally created a blackspot on the comms to the buses and railways); they actually found it quite amusing and just said "pick a better frequency if you are going to do /that/, so you don't get in too much trouble" 😆 (the engineers were to be fair quite decent, like the Ed Snowdens of that era)

@Anarkat and not even maliciously. building a fedi indexer isn't especially hard.
@Anarkat I think that are safer options than signal

@Anarkat yes. I've come to the conclusion that you can't really have any kind of "who can view" privacy settings here because you'll end up trusting a potentially unlimited amount of people to consistently enforce these and never look into their databases.

So many responses to this are about 'privacy'. But anybody in the fediverse should be well aware of being seen by Unknowns. The key issue, I would say, is - why are 'we' not doing more creative scraping & analysis, to show 'us' the shape of ourselves? The Big data are ours, why don't we exploit this commons more, with our own user-facing analytics? Attempting to enforce private ownership of data isn't necessarily the most beneficial way to deal with this emergent capability?

'The analytics mindset' of silicon valley oligarchs, alt-right and security services surely is a problem. But complex systems with emergent form are real, and seems to me it will be good if 'we' can be tooled up to observe the emergent pattern of our own activity in the large. Their activity too! Just like statistics have been double edged for several generations (lies, damn lies etc) analytics are double edged.

@mike_hales @Anarkat Big data is overrated. Whats the point, data in aggregate can only realy show statistics and the tendency is to use it to feed content that will resonate somewhere near the average, thus creating large scale confirmation bias and further obscuring the fringes. Thats why I like mastodon, it's not using algorithms based on analysis of big data to feed me content meant to homogenize our interests. I think we are better off without that.

I don't think that 'analytics for the people' will necessarily drive *anything* in automatic. closed-loop mode. We don't basically need superfast robots to make a superfast buck, like the derivatives traders or intenet advertisers do. Basically, emergent pattern could be displayed to those whose actions are being analysed, for them to do something about, or not, as the choice might be. A looking glass not a one-way mirror. A piece of the self-government jigsaw.


governments, in addition advertisers, corporations, and that one fucking dickhead who doesn't like you.


I should note it's very easy to scrape data out of any social media platform, provided you have the right Chrome extension.

How do I know? Because I spent six months this year doing precisely that.

@Anarkat so you're telling me my dad that left our family when i was young to work as a spy for the CIA could be reading this right now?

If you're reading this, dad we love you and wish you a Merry Christmas.

@Anarkat yep the fedivers is a open media project if you wont privacy you need a cosed project like p2p but ern then you should not trust the device you are useing to run the p2p so better wispering in the forist - am not joking about this subject :)

@Anarkat aren't private and followers-only messages only federated to the instances of their intended audience, rather than all instances my server federates with?

Sign in to participate in the conversation

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.