@mastodonmigration

I've already begun to wonder just how the "interacting with Threads content" on the three Mastodon accounts I've visited just the last day or so has reawakened Meta/Threads/Facegram/Instabook

I'm still technically on Instagram although I haven't used it in six-eight years at least, and I last peeked in at my Facebook maybe last spring

Haven't received any particularly bizarre spam

Yet...

@mastodonmigration

Interesting. I would be surprised if that's enforceable. It's like you coming to my house and then claiming ownership of everything in it if I greet you at the door.

@mastodonmigration I am not so worried about that because posts on Mastodon that are public are already in search engines and web archives. But it is inevitable that Meta will start putting ads into the feeds of their users in both directions and following them from Mastodon will not stop it because they can create fake posts on behalf of a user that is an ad. Then Mastodon users will have to choose whether to continue to follow Threads users or create an Adblock system.

@mastodonmigration As much as I hate mate and I’m in the block camp, I dont see anything out of ordinary in that screenshot. It’s what every instance is doing in order to provide service. It needs to collect your profile name and image to be able to display it on its own server. It collects IP address because it needs to know where your instance is at. Same with likes, posts etc. It needs to collect those to be able to display it to others.

@1dalm Good analogy. Shame on you. You never should have opened the door.

@mastodonmigration Question of course is what exactly it’s doing with that info beyond providing service but that’s not included in the screenshot.

People have asked that a screenshot of Threads "How do we use this information section" be included to show that it is not simply to provide the services, and includes ad targeting.

To be clear, this post should not be interpreted as a position or general statement on Threads interfacing with the Fediverse. There are many good things that could come from wide adoption of distributed social media. This post is focused narrowly and specifically on Fediverse user's data rights and any threats to those rights from anyone who would claim that simply by connecting to ActivityPub and interacting with the Fediverse that they have broad rights to Fediverse user data.

#DataPrivacy

Back in June 2023, and reboosted today, this account posted this notice:

Meta Specific Data Rights Limitation Notice >>> https://mastodon.online/@mastodonmigration/110663189973042587

Note that the purpose here is simply to state you do not consent to any use of your data beyond what you have authorized in your instances privacy policy.

If you would like to "sign" the notice feel free to simply reply, boost, or favourite.

#threads #meta #DataPrivacy

@mastodonmigration
Important Note about this: none of the information they are gathering is otherwise private.

Your username and profile are available to anyone browsing the web, and the IP of your server is what you use to connect to it when you type the URL. They don't get your IP, they don't get your email, they don't get anything other than that your account exists and is following an account on their services.

I'm sure they could do something with that, but it's not any more intrusive than what they would get if they just set a scraper to look over the entire network.

@mastodonmigration - I specifically do not authorize Meta to monetize, profile, or otherwise use my personal data in any way.

I have blocked the threads.net domain.

@mastodonmigration I hereby adopt in full and sign the Meta Specific Data Rights Notice and all restrictions therein. //s// @lawyersgunsnmoney

@mastodonmigration this is as enforcable as code of conduct of a cop kicking you on the shin for no reason

@kierkegaank

see https://mastodon.online/@mastodonmigration/110664618992001165

"...There tends to be a general misunderstanding of these things. The words are the words. There is not some sort of legal magic that makes them "valid". A notice is a notice. In this case, it is just saying we are giving you notice that we reserve our rights, and we expressly don't agree to let you use our content for things you do not have the legal right to do."

@mastodonmigration Yes and posting something like that will be (and is) read as misleading users to calm them down. And it’s not the fault of the users. There are reasons why you can get a degree in communication.

@kierkegaank @mastodonmigration we don't need to be "riled up" we need to defederate and blocc the instance.

That type of notice, posted on FB would be ineffectual nonsense. On Masto where we DID NOT sign up to be subject to Threads terms, it matters. We are not their users. They do not have a right to our data just because they say they do.

@Gargron Yes, but this does not address the issue. The concern expressed here is the use of this identity data, as well as Mastodon user content and interactions, for the purpose of Threads broader business services, including ads.

As described in the document Supplemental Privacy Policy: https://help.instagram.com/515230437301944

#threads #DataPrivacy

@Gargron
While it's true that every well-written social network pricacy policy does cover this kind of data, no it's not at all "absolutely the same thing".

Compare and contrast what Threads' privacy policy says they can do with this data to a privacy policy like @admin's and it's clear that Threads' privacy policy tries to give the company as much ability to use data without requesting additional consent (although EU DPC's may have something to say about it). Also, unlike every Mastodon server out there, Meta's business model relies on exploiting people's data -- and they have a long track record of using data without consent. It really isn't the same thing at all.

https://eupolicy.social/privacy-policy

Also you suggested elsewhere in this thread that "Personal data usually carries a slightly different meaning than a public profile and posts you choose to broadcast to the open web." In the EU, GDPR is very explicit that personal data includes publicly available data such as this.

@mastodonmigration @rexum

@Gargron @mastodonmigration but then beekeepers.ninja would probably be blocked by instance moderators.

@Gargron @mastodonmigration because they inject ads or did I get something wrong?

@mastodonmigration

"Your username, profile picture, and domain and IP of your server are public and every Mastodon server out there does absolutely the same thing"

This is about the second oldest bullshit trope on Mastodon

"Oh all your information is already public so don'tcha worry your silly little head about it!!"

While this may be technically true, this is Zuckerberg and Threads and Facegram and Instabook

Apparently Gargron's never heard of Zuck and his known history

Face it (and I'm going to be very blunt here) #Gargron's in the tank for #Zuck and #Meta and #Threads

Gotta enhance shareholder value ahead of his upcoming IPO

Millionaires

They're all the same

cc @Gargron

@Gargron @rexum

Think that the focus on ads misses the point. The primary issue is not the display of ads, but rather the collection and analysis of Fediverse user personal data and content, and the use of it for profiling the user. The concern is that such data is taken from the Fediverse and is used to fill out Meta's profile of the user and then exploited for whatever purpose, including but not at all limited to ads.

@Gargron @rexum Would welcome the opportunity to clarify the matter then. What Threads policy says is that they can use this Third Party Information, whatever you want to call it, for their business purposes. One of the concerns that Fediverse users have is the Terms of Use that platforms like Threads employ, and which Mastodon does not. It would be great for Threads to clarify that they will not exploit Fediverse user data and content in the same way they do users who sign up for their service.

@Gargron The bigger concern would be that a Fediverse user might start getting ads on other platforms about honey, just because they follow someone on Threads and also follow beekeepers.ninja or simply post on Mastodon about bees.

But this is not just about ads. It is about data privacy and what Meta claims authority to do with data and content pulled from the Fediverse.

@mastodonmigration @Gargron how do you think they going to serve these ads to you?

@Gargron @mastodonmigration Why not, and beekeper@threads.net will probably not even know that he boosted that add. 🤷

@Gargron @mastodonmigration I think the question is whether Threads would use the APub integration to scrape the beekeepers.ninja user’s social graph, posts, etc there and then do God knows what with it. That’s the fear.

The reality, I believe, is that they can already do that (and if Meta is being Meta, they already are) using existing Mastodon web services and APIs…so refusing ActivityPub-based direct federation with them wouldn’t prevent much.

@Gargron @mastodonmigration yes, but they could inject ads as user posts but I don't think they would do that.

@Gargron @rexum @mastodonmigration Have you considered the possibility for Mastodon content to be incorporated into the existing platform-agnostic ad profiles that Meta already curates?

Also, just wanted to take a moment and say thank you for your work. If Mastodon hadn't come around, I would probably still be incredibly pessimistic about the future of the social web.

@mastodonmigration @Gargron @rexum Bingo.

@mastodonmigration @Gargron @rexum The issue is if they wanted to do that, they would already be doing it, without anyone needing to know about it, at a significantly less cost to building Threads and without any risk of a PR backlash...

It costs very little to setup a Mastodon Server and join it to as many relays as you can get... Then scrape that data trivially. It wouldn't make any financial sense to setup Threads just for this reason (or even it be a major aspect)

@mastodonmigration @Gargron @rexum agree! Also, it costs 10€/mo for Facebook to opt you out of ads including data collection for targeted/personalised ads. I interpret that as the price you are forced to give your personal data for Meta to make profit in multiples of 10€/mo per user. I deleted all my data and left my account dormant.

@Gargron @mastodonmigration @rexum I don’t think it’s misleading at all. The foundational activity of surveillance capitalism is to collect whatever informational or behavioral data it can from whatever sensors it can; conflate via data matches and appends; build predictive models; and activate via algorithmic systems, or sell outright. The clause in Threads’ privacy supplement is a clear signal that the Fediverse will be an additional network of sensors feeding Meta’s data ecosystem.

@Gargron @rexum

If there is something wrong with this interpretation that can be explained, or if Threads could clarify the matter, it would go a long way to providing Fediverse users some comfort with this development.

@johnefrancis @Gargron @mastodonmigration yup. “every mastodon server” isnt some giant corporate ad revenue machine, is it.

@wild1145 @Gargron @rexum Of course, they could do it, but they could not do it and say they got it through some sort of legal process.

@FuckElon @Gargron @rexum The distinction is between what they can do and what they claim legal authority to do.

@mastodonmigration @Gargron @rexum Those seem to be provisions about operational data. They need to say this to be able to ingest posts from third party services. That's what they mean by "business purposes". My web presence is a single landing page somewhere collecting nothing and I have similar language in there because GDPR is not messing around.

I get that cross-site tracking by Meta is very sophisticated, but it's not magic. They can't make the Masto app do things it doesn't already do.

@Gargron @mastodonmigration Yeah and Zuckerberg's intentions are good natured, as always, but of course Eugen.

@jorgecandeias @mastodonmigration @Gargron agreed. I don't understand what attack vector OP is worried about

@mastodonmigration @Gargron @rexum One thing I'm learning from the panic is that many Masto users don't really understand how, why and what data is shared to make AP work and/or how data tracking in traditional online services and social media does what it does to create user data profiles.

Maybe it's time we give up on all the email metaphors and focus on that a bit moving forward, because the terms of this debate are getting *weird*.

@mastodonmigration @wild1145 @Gargron @rexum What would be actually illegal about doing that?

@michaelgemar @mastodonmigration @Gargron @rexum Nothing, it's how federation at it's core works... I store data (posts and cached profile bits) about every user my server knows about, there is nothing stopping me processing that data in a way I see fit. The only thing that is unique here is Meta have written their own software and not used Mastodon. There's a whole lot of misinformation and fud, and this topic is a big part of that. Again, if meta wanted to steal data, they would already do so.

@MudMan @Gargron @rexum This may be true, but would argue that it then becomes incumbent of the operators to educate the users as to what is and is not necessary to collect so as not to give rise to such "panic". Mastodon did a great job of distinguishing it's privacy policy from the more exploitive terms of use of the corporate platforms. Now would be the time to explain in detail how users will be protected from such exploitation going forward.

@mastodonmigration @Gargron @rexum Side note: good on Masto or wherever this privacy policy originates for writing it like a human being. I like it. Still says basically the same thing than the Threads one does, though.

@jorgecandeias @mastodonmigration @Gargron exactly. This thread is a distraction from actual real threats to the fediverse