This shouldn’t come as a huge surprise. Meta is moving forward with their plans for Theads and the Fediverse, and their adjusted terms reflect a new impending reality for Fediverse users.

  • Ottomateeverything@lemmy.world
    link
    fedilink
    arrow-up
    130
    arrow-down
    13
    ·
    edit-2
    1 year ago

    Provided that a Third Party User is followed by or following a Threads account, Meta will ingest these pieces of data specifically:

    Username

    Profile Picture

    IP Address

    Name of Third Party Service

    Posts from profile

    Post interactions (Follow, Like, Reshare, Mentions)

    So if you follow a threads user or even if a threads user just follows you, they pull all this data?

    IMO this seems like reason to defederate across the board. Someone else can leak your info to Meta.

        • Steeve@lemmy.ca
          link
          fedilink
          arrow-up
          21
          arrow-down
          11
          ·
          1 year ago

          Ok, so we’re back to defederation not because of any existing tangible evidence in this circumstance, but “because it’s Meta”. It’s fine if that’s your opinion and all, but let’s stop spreading misinformation on the dangers of collecting the data required by anyone for federation.

          And if you’re here and pretending to care about data privacy at least try to do the bare minimum in understanding how the Fediverse works.

          • Haui@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            14
            arrow-down
            1
            ·
            1 year ago

            Hi, I agree that there needs to be discussion.

            But let’s be honest here. If meta made a lemmy/mastodon instance we would probably defederate them as well since every bit of data is for their financial gain and nothing else.

            I don’t see how the worlds master manipulator and anti trust poster child is even remotely worth discussing about. We have established time and time again that „meta bad“. Why would we now not just accept the fact?

            • imaqtpie@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              7
              arrow-down
              1
              ·
              edit-2
              1 year ago

              I think there is a bit of hysteria about Threads/Meta and some people are trying to push back. There are plenty of people in this thread that don’t fully understand federation and are knee-jerk reacting because it’s Meta.

              However, I totally agree with the sentiment being expressed, which is to keep Meta and large corporations as far away from Lemmy as possible. This is a community-run space that is a haven from the corporate internet, and indeed capitalist society in general. Protecting this space should be our highest priority.

              I feel that some of our more technical users are losing the forest for the trees in this discussion. Believe it or not, some Lemmings don’t come from a 30 year tech background and don’t fully understand how the platform, or indeed the internet as a whole, actually functions.

              This group of people, which includes me, are acting rationally by opposing any interaction with Meta on grounds of principle. We don’t know exactly what we are scared of, but we do know if there is any vulnerability or weakness that Meta is trying to exploit, they already know their plan and we won’t know until it’s too late. Meta is a terrifying behemoth just waiting for a chance to consume Lemmy. I would argue that a little bit of hysteria is justified in this case.

              Edit: just to clarify, this is more of a response to the parent comment, I think we are in agreement. I didn’t want to start another reply thread so I figured I would build off your point.

              • Haui@discuss.tchncs.de
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Thanks for pointing that out. I‘m sort of between the two. Doing IT more or less professionally for 20+ yrs but I can’t tell you the definitive workings of the fediverse either. I understand the principles and I like them.

                Have a good one. :)

            • Steeve@lemmy.ca
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              1 year ago

              Like I said, that’s a fine opinion to hold. What isn’t fine is the constant spinning of facts and narratives to suit a personal bias, regardless of how I feel about that bias.

          • Rikudou_Sage@lemmings.world
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            2
            ·
            edit-2
            1 year ago

            not because of any existing tangible evidence in this circumstance

            Oh, we’re defederating exactly because of tangible evidence that Meta steals every information it can about you. I personally stripped Meta almost entirely out of my life, I definitely don’t want them crawling back just because someone else wants to use Threads.

            And if you’re here and pretending to care about data privacy at least try to do the bare minimum in understanding how the Fediverse works.

            Oh, I do. I’m my own instance admin, I work as a senior architect and grasped the concept of Fediverse quite fast.

            • Steeve@lemmy.ca
              link
              fedilink
              arrow-up
              2
              arrow-down
              2
              ·
              1 year ago

              not because of any existing tangible evidence in this circumstance

              If you’re going to quote me I’d appreciate if you didn’t cut out relevant parts of it to fit your argument.

              Oh, I do. I’m my own instance admin, I work as a senior architect and grasped the concept of Fediverse quite fast.

              The “you” in my comment was a generalized “you”, not you specifically.

              • Rikudou_Sage@lemmings.world
                link
                fedilink
                English
                arrow-up
                5
                ·
                1 year ago

                If you’re going to quote me I’d appreciate if you didn’t cut out relevant parts of it to fit your argument.

                Sure, edited the comment to include it, it doesn’t change my argument at all.

                The “you” in my comment was a generalized “you”, not you specifically.

                Hard to distinguish.

            • rbits@lemm.ee
              link
              fedilink
              arrow-up
              1
              arrow-down
              2
              ·
              1 year ago

              It’s not tangible evidence, it’s an extrapolation based on Meta’s previous actions. I mean, it’s still pretty convincing.

              Although I do wonder if Meta would be able to get away with it legally. That might not stop Meta though.

      • russjr08@outpost.zeuslink.net
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        Yes, this is why if you upvote a post or comment from Mastodon (and friends) from Lemmy/Kbin/etc it appears as a “Like” for them, as an example.

        Sans the IP address, that would be of the server your account is on, not your personal IP.

      • El Barto@lemmy.world
        link
        fedilink
        arrow-up
        52
        arrow-down
        5
        ·
        1 year ago

        It’s Meta. This is just the beginning. Stop them right from the start. Fuck these corporations.

        • xuxebiko@kbin.social
          link
          fedilink
          arrow-up
          34
          arrow-down
          5
          ·
          1 year ago

          Story of the punk bar bartender and nazis

          based on @iamragesparkle;s tweets

          I was at a shitty crustpunk bar once getting an after-work beer. One of those shitholes where the bartenders clearly hate you. So the bartender and I were ignoring one another when someone sits next to me and he immediately says, “no. get out.”

          And the dude next to me says, “hey i’m not doing anything, i’m a paying customer.” and the bartender reaches under the counter for a bat or something and says, “out. now.” and the dude leaves, kind of yelling. And he was dressed in a punk uniform, I noticed

          Anyway, I asked what that was about and the bartender was like, “you didn’t see his vest but it was all nazi shit. Iron crosses and stuff. You get to recognize them.”

          And i was like, ohok and he continues.

          "you have to nip it in the bud immediately. These guys come in and it’s always a nice, polite one. And you serve them because you don’t want to cause a scene. And then they become a regular and after awhile they bring a friend. And that dude is cool too.

          And then THEY bring friends and the friends bring friends and they stop being cool and then you realize, oh shit, this is a Nazi bar now. And it’s too late because they’re entrenched and if you try to kick them out, they cause a PROBLEM. So you have to shut them down.

          And i was like, ‘oh damn.’ and he said “yeah, you have to ignore their reasonable arguments because their end goal is to be terrible, awful people.”

          And then he went back to ignoring me. But I haven’t forgotten that at all.

        • Klear@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          How does defederating them stop them from getting this public information if they want it?

          • El Barto@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Good point. I guess they could just fire up a shell instance and get all the good stuff. I wouldn’t be too surprised, actually.

            • MrScottyTay@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              They don’t even need an instance to get they can just scrape it, like anyone can with public info. They wouldn’t even need to make an account for the scraper.

      • Ottomateeverything@lemmy.world
        link
        fedilink
        arrow-up
        17
        arrow-down
        4
        ·
        1 year ago

        Public? Idk, maybe. I wouldn’t generally consider my IP to username to be public. Comment and post stuff, sort of. But even if it’s public, I still wouldn’t want Meta consuming it.

        • Durotar@lemmy.ml
          link
          fedilink
          arrow-up
          15
          ·
          1 year ago

          I wouldn’t generally consider my IP to username to be public.

          Are they talking about your IP address or the service’s? Does ActivityPub even share the user’s IP address with other nodes in the network? That’d be crazy, so I assume that it doesn’t. Then Meta can’t find out your IP address.

          • Oliver Lowe@lemmy.sdf.org
            link
            fedilink
            arrow-up
            17
            ·
            edit-2
            1 year ago

            Does ActivityPub even share the user’s IP address with other nodes in the network?

            No this is not in the specification.

            A malicious instance could in theory distribute this information but it would be non-standard. Of the 2 systems I’ve studied - Mastodon and Lemmy - neither do this.

            Are they talking about your IP address or the service’s?

            In this scenario they would be talking about the IP address(es) of the services.

            • lolgcat@lemmy.ml
              link
              fedilink
              arrow-up
              4
              ·
              edit-2
              1 year ago

              Thanks for the clarification. That claim seemed really off.

              I’ve assumed that what you see publicly is basically what’s synced. Obv. your instance can have a few more meta details on you, like IP, device info, possibly all the exif they’ve stripped from uploaded photos, but these things aren’t in the ActivityPub outbox

          • Ottomateeverything@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            If a Threads user posts an image, and Meta hosts it, and I scroll through my feed and see it, my client will hit their server for said image. And Meta can collect my IP.

            Meta basically invented this shit.

        • MrScottyTay@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          2
          ·
          1 year ago

          I’m wide awake, isn’t this just the information transferred when federating? But they just have to put it into a TOS because they’re an actual company with liability? I really don’t see the issue with them having this information.

          • Joël de Bruijn@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            They correlate the content of your posts with all the other data they have about you, taken from every app (besides WhatsApp, FB etc) that has FB trackers built in. Then that aggregated profile will be used with AdTech to serve ads and make money. I personally object to Meta making money with my personal data without me using their products.

            • MrScottyTay@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              That’s just how adtech works in general. Every ad company has a profile on who they think you are, well more technically a cohort of potential similar profiles. Also not all profiles can equated to a single person and a single person may have multiple. That’s how wishy washy the whole tech is. It’s good enough though. Way better than seeing those flashy “download these smiley trail mouse cursors” ads the old internet used to have. Still. I don’t see the problem here, it’s just about making ads more relevant to you. If you’re not the kind to let ads sway you anyway than what’s the big deal? And if you are the kind to be swayed at least they’ll be actually relevant to what you’re into.

              • Joël de Bruijn@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                1 year ago

                The big deal is I help others make money of me without my consent or getting something back in return. At least not usefull to me. On top of that they track the hell out of me with surveillance.

      • xuxebiko@kbin.social
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        Won’t matter much in a democracy, but in a dictatorship or atcracy it means life & death.

        In India, people have been imprisoned for posts & tweets for calling out Hindu supremacist Modi govt’s anti-democratic policies & communal acts, Some of them have been violently assaulted in their homes by Hindu supremacist thugs for their posts and tweets because the dictatorial govt has stooges in both Meta & Twitter who access the ip address which is tracked down by the state.

    • jhulten@infosec.pub
      link
      fedilink
      arrow-up
      19
      arrow-down
      2
      ·
      1 year ago

      Most of this is just part of Federation. When I saw this comment my client/server didn’t have to fetch it from your server. It was pushed when you posted it so I had it locally.

      • Ottomateeverything@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Yes, but if you host an image, and my client prefetches it, it’s going to exposed my IP to your image server. And if you have clauses saying you’re collecting IPs…

        Meta basically invented this shit. They’ll do it again. It’s what they do.

    • Kichae@kbin.social
      link
      fedilink
      arrow-up
      14
      ·
      1 year ago

      If a Threads user is following you, they need most of this information. It’s literally how the Fediverse works. The only thing that isn’t is your IP address, and that’s something that I’m not sure they’d even get. That might be your host’s IP address.

      Remember, the Fediverse isn’t a bunch of iframes looking at 3rd party websites. It works by mirroring remote content. A follow is literally a request to ingest posts from a user.

      • Ottomateeverything@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Yes, but many clients are going to go look up images manually. If it’s a Threads post, it’s likely hosted by Meta servers, and they can easily see your IP when doing that. And they’re saying they might collect IPs from you even if you’re not using their service directly.

    • Steeve@lemmy.ca
      link
      fedilink
      arrow-up
      15
      arrow-down
      2
      ·
      1 year ago

      Yeah, no shit, they literally can’t federate without this data, that’s how ActivityPub works lol.

      Why do you think you can see lemmy.ca votes on lemmy.world?

    • csm10495@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      1 year ago

      … why? All of this is more / less public information about you? Even if you defederate, they could crawl and get all of this info (except maybe ip).

      • OscarRobin@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        3
        ·
        1 year ago

        Exactly. That fact makes the mountains of defed stuff ridiculous because it makes no difference.

    • pjhenry1216@kbin.social
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      No, if you’re on the fediverse and someone from a threads instance interacts with your instance.

      The IP address is only of the instance server, not yours.

    • rastilin@kbin.social
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      I don’t get it, third party users can’t consent to your stupid license agreement anyway. You’re still stealing their data.

    • Uranium3006@kbin.social
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      if any of the big corperate socmed sites were just standard fedi instances I’d defed from them in an instant for a litany of things. just goes to show how abused we are on them.