The fediverse is a public forum.

Your posts are only as secure as the admins of every instance that your home server federates with, in terms of private and followers-only messages.

If you're going to talk about sensitive information, keep it to Signal or other secure 1-on-1 channels.

Assume that everything you post to the fediverse, is being scooped up by multiple gov agencies around the world.

The Milan scrape was only notable because they made their findings public.

If a university scraping feeds did it, it's safe to assume other, bigger organizations have been doing it for much longer.

@Anarkat this is a big problem with the Fediverse. People are mistakingly assuming their data is safe and secure, simply because it isn't kept by Big Tech.

I think it's important to ensure that this point is well understood.

@benjamincobb @Anarkat

YES this is a big problem...

that’s why we should look at Projects like Hubzilla a bit closer... privacy can be archive with HZ much better… have a look

@benjamincobb @Anarkat

with Hubzilla you can post with E2E encryption - do you kow this?


Thesis: a study of the content hidden beneath content warnings on Mastodon

Anti thesis: Putting your name to a letter of complaint being put together by sunbeamcity

Synthesis: using content warnings to raise the issue of the use of SciHub in Italian universities

@Anarkat Mastodon is an example of a security disaster being a direct result of a user interface. The fact that the platform doesn't support private messages isn't a security problem...

... provided that the users understand this and use the platform accordingly.

The problem is that the platform has had features added to it that imply that this capability _does_ exist and a user interface that encourages this behavior.

It's... bad.

@Anarkat This can't be said enough: PMs are not private.
If a message you send isn't managed with strong, end to end crypto... It is NOT private, but public to anyone with an interest. Anyone.
Mind you, if you do become one of us oddballs who actually use end-to-end crypto, you Will attract the attention of your friendly neighbourhood government spooks.
This will continue to happen until we all encrypt by default. At that point, it's all just *noise* for govts and corps alike.

@Anarkat in Britain, the #BBC (yes, our state broadcaster!) has carried out this task for about 20+ years at BBC Monitoring (formerly in Caversham, SE England and recently relocated to London).

Most of their findings are used for news reports but other "intelligence" is sold commercially and anything perceived by their journalists to be "illegal/problematic" (especially related to youth subcultures) is shared with the Police/NCA and other authorities.

@Anarkat and not even maliciously. building a fedi indexer isn't especially hard.

@Anarkat yes. I've come to the conclusion that you can't really have any kind of "who can view" privacy settings here because you'll end up trusting a potentially unlimited amount of people to consistently enforce these and never look into their databases.

So many responses to this are about 'privacy'. But anybody in the fediverse should be well aware of being seen by Unknowns. The key issue, I would say, is - why are 'we' not doing more creative scraping & analysis, to show 'us' the shape of ourselves? The Big data are ours, why don't we exploit this commons more, with our own user-facing analytics? Attempting to enforce private ownership of data isn't necessarily the most beneficial way to deal with this emergent capability?

@mike_hales @Anarkat imo the analytics mindset is the problem even more than the tools

'The analytics mindset' of silicon valley oligarchs, alt-right and security services surely is a problem. But complex systems with emergent form are real, and seems to me it will be good if 'we' can be tooled up to observe the emergent pattern of our own activity in the large. Their activity too! Just like statistics have been double edged for several generations (lies, damn lies etc) analytics are double edged.

@mike_hales @Anarkat Big data is overrated. Whats the point, data in aggregate can only realy show statistics and the tendency is to use it to feed content that will resonate somewhere near the average, thus creating large scale confirmation bias and further obscuring the fringes. Thats why I like mastodon, it's not using algorithms based on analysis of big data to feed me content meant to homogenize our interests. I think we are better off without that.

I don't think that 'analytics for the people' will necessarily drive *anything* in automatic. closed-loop mode. We don't basically need superfast robots to make a superfast buck, like the derivatives traders or intenet advertisers do. Basically, emergent pattern could be displayed to those whose actions are being analysed, for them to do something about, or not, as the choice might be. A looking glass not a one-way mirror. A piece of the self-government jigsaw.


governments, in addition advertisers, corporations, and that one fucking dickhead who doesn't like you.

Sign in to participate in the conversation

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.