this post was submitted on 15 Feb 2024
309 points (95.8% liked)

Fediverse

28490 readers
602 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] nonphotoblue@sh.itjust.works 9 points 9 months ago (3 children)

The other thing, that I see even more people upset about, is that the bridge requires you to Opt-Out, rather than Opt-In for being included.

It’s totally fine if you want to be included, especially if you have friends on BlueSky. But, it’s just a shitty practice that is all too prevalent in new tech. AI companies are doing the same thing - if you’re an artist, you’re supposed to magically know all of these new, obscure AI startups and somehow find how to opt-out of being included in their training data set. It’s ridiculous.

Same concept here, I would have had no idea this was a thing, if not for people speaking up about it. Some people make a conscious choice to join Fediverse communities because they want nothing to do with big tech and want more control of their data and privacy and who has access to it. Why is such a big deal to respect that?

[–] nutomic@lemmy.ml 11 points 9 months ago (2 children)

The bridge is nothing more than another Activitypub instance. You can block it in the same ways that you can block existing Mastodon or Lemmy instances. If users want to opt in to federate with it, they should also have to opt in manually to federate with every single Lemmy instance.

[–] nonphotoblue@sh.itjust.works -3 points 9 months ago (1 children)

Saying that the bridge is nothing more than another ActivityPub instance is very disingenuous.

While it may be built upon the ActivityPub protocol, but its main purpose is to act as a bridge to non-federated platforms, which is unique to that instance. When signing up for a fediverse instance, it should be known to the user that their data will be shared within the fediverse network. But, no permission is given to share on any platforms outside the fediverse network, using non-ActivityPub protocols.

So, no, opt-in should not be necessary for all instances, but in the case of the bridge, it is, because it’s enabling a feature that users haven’t explicitly agreed too and isn’t a core part of the ActivityPub protocol. And since the bridge is being made open-source, should users also be expected to track down any other instances that pick up and use it and manually block and opt-out of those?

[–] dameoutlaw@lemmy.ml 1 points 9 months ago

This asks zero sense as there’s n disclosure on hardly any instance. Also, there’s several non ActivityPub protocols and bridges that have long since been used and peoples content shared

[–] Carighan@lemmy.world 7 points 9 months ago (1 children)

The situation is not truly comparable, tbh.

Artists very much retain legal rights to the art they create. Hence the current lawsuits against various AI companies. Meanwhile it depends on jurisdiction whether a comment/thought you write on a public-facing website can be considered your legal production for a civil lawsuit. It'd be trivial if it were a closed site with a very selective admission process with some easily evaluated barrier (say, only people who study at university XYZ are allowing on the otherwise private forum of that university), but public-facing it's more ambiguous.

You can still try to sue someone who taking that content, but it's not as clearcut that someone violates your rights as with artists and their art. Meaning that there's less basis for someone wanting this to always have to be explicitly opt-in and get explicit permission. At least right now. This might very well all change as a result of AI lawsuits.

[–] nonphotoblue@sh.itjust.works 2 points 9 months ago

Tbh, I wasn’t talking about the legalities of AI or copyright law. I was using that as an example of why opt-out is a shitty business practice that makes people frustrated and upset. Because people commenting on this post and defending the bridge don’t seem to understand that.

[–] 0x1C3B00DA@kbin.social 2 points 9 months ago (1 children)

I think there's a huge difference in scraping your content to churn out a for-profit "AI" and federating your public posts on a federated network.

[–] nonphotoblue@sh.itjust.works 1 points 9 months ago (1 children)

Ok, then please tell me, in terms of giving one’s consent, exactly how the two are different?

Because I fail to see how opting out in either case is any way a different process than the other.

The developers are putting the onus on the end user that is affected, and relying on them having knowledge that their product exists. Then it is the users’s responsibility to figure out the process to remove themselves from the user group and trusting the developer/admins to actually take any action to do so.

This is the only argument I am trying to make - opt out is bad. Please stop using it when developing technologies that affect user’s data and/or privacy.

[–] 0x1C3B00DA@kbin.social 2 points 9 months ago (1 children)

in terms of giving one’s consent, exactly how the two are different?

Because in the second case, the user is choosing to post on a network where any other server can request their posts. A bridge is just an instance that understands more than one protocol. There's no difference in it and any other server requesting your posts. That's how the network works.

[–] nonphotoblue@sh.itjust.works 1 points 9 months ago (1 children)

Thank you for confirming my point, because you are still just referring differences in the technology itself. I asked how opting out is different in either case, and the fact is they are not.

The fact that the Bridgy developer is making it a possibility is what matters, and that they consciously chose to make it opt-out. It’s apparent that they already spent time and effort into implementing a system that allows you to add a hashtag to your profile to signal that you want to opt out. Why not just make it the other way around, and make it for opting in? Surely all the people who would want to be able to bridge wouldn’t mind that? It doesn’t matter if you think this is something innocuous or insignificant, because to others, it isn’t. And if you think that’s because of a misunderstanding in the user with the technology, then the developer needs to do better in explaining that and gaining users trust. You don’t build trust in users by using practices like opt-out, which is again, the only argument I am trying to make.

[–] 0x1C3B00DA@kbin.social 2 points 9 months ago (1 children)

I said the two things are different, you said how does that make asking for consent for the two things different, and my response was that for one of them it already works that way without your consent. That is a clear difference. Yes, I'm talking about the technology to explain the difference, because it's a concrete fact. Your argument that a bridge should be opt-in requires an abstract boundary that some instances are are allowed to federate on an opt-out basis and others are not.

You don’t build trust in users by using practices like opt-out, which is again, the only argument I am trying to make.

The instance you're on uses opt-out practices. You didn't consent to your post federating to kbin.social and yet here we are. If you don't trust the bridge, fine, block it. Every tool on the fediverse that you already use to deal with its inherently opt-out nature is available for you to use with this bridge.

[–] nonphotoblue@sh.itjust.works 1 points 9 months ago (1 children)

Ok, let me explain my POV from a different perspective:

By signing up for an account, whether it be on a Lemmy or Mastodon or any other ActivityPub implementation, I have consented to functionality in which my posts are distributed to other instances within the Fediverse. It’s widely advertised and clearly explained that is how things function. I can readily find which implementations are part of the fediverse. And yes, within that system, I can use blocking/unblocking of users, communities, and instances, as a form of moderation that I can manage. But as a common user, I don’t have the option of easily block all instances that use a common ActivityPub implementation, which is why bridges require special consideration. I can’t, in a user friendly way, specify that I don’t want to ever be connected in any way to a bridge instance or any of its incarnations and limit my consent to ActivityPub implementations of my choosing, because that’s something not possible to do do with any other type of instance either. Bridge instances are not comparable to other implementations like Lemmy or KBin, et al, solely because their function is to translate data to other protocols and move that data to other decentralized networks outside and separate from the fediverse, which operate under different rules and policies. As such, they should not be treated like other instances when federating. Or maybe, they shouldn’t even be an instance at all. Making it an instance that can federate may be the easiest way to implement the bridge functionality across multiple ActivityPub implementations, but in doing so, makes it overly obscure to end users.

Without historical knowledge, or going all the way to the ActivityPub docs is there any mention of bridges or even what they do or what they bridge to/from, unless you read through their documentation as well. So, to the common user, we have no knowledge that being able to directly communicate with platforms like BlueSky or Nostr is possible, or is being actively developed, and foreknowledge of this would likely inform some user’s choice in joining the fediverse. Unless this functionality is made common knowledge to the user when they sign up for an instance, or when an instance decides to federate with a bridge, then it should be opt-in, because it’s enabling functionality that users currently are unaware of and may not want. Common users are not notified when their instance federates with other instances, so unless they actively check, they have no idea of changes to the federation of their instance. Right now, there is a very concrete boundary, in that without a bridge, it’s not possible to directly interact with non-federated, separate platforms like BlueSky or Nostr.

This is why people are having an adverse reaction to this whole ordeal, specifically people whom are actively avoiding said platforms. And as I said in my previous post, because the Bridgy developer consciously chose to enact an opt-out policy, specific to their project and outside the norms of other instances, it has been perceived that this is something different that they are trying to force on to people without their consent and behind their backs.

Just because opt-out is the norm for other use cases, doesn’t mean it should be used for all new functionality that is introduced to the fediverse. Besides, there are numerous features across ActivityPub implementations that are opt-in. And telling users that are concerned, just block it if you don’t want it, is frankly a lazy solution, that pushes blame and does nothing to alleviate user concerns or gain trust. Such attitudes drive people away from the fediverse, rather than attract.

I have done my due diligence and read a whole lot of documentation over the past couple of days to better understand ActivityPub and protocol bridges. So my comments are not meant to be taken as I am trying to come off as an expert, because I am far from it. I am just trying to get people to see the other side of the story and at least consider where people are coming from and why exactly they are arguing for opt-in, even if the other side feels like it’s an unfounded overreaction.

[–] 0x1C3B00DA@kbin.social 2 points 9 months ago

Thank you for the detailed explanation. It matches what I've heard from others while having this same debate. Now allow me to explain my side.

I have consented to functionality in which my posts are distributed to other instances within the Fediverse. It’s widely advertised and clearly explained that is how things function. I can readily find which implementations are part of the fediverse

This is the part I think is wrong and the cause of all of this. You can not find which implementations are part of the fediverse. No tracker that you can use has an up-to-date and accurate listing of implementations. New ones come online every day as some random developer builds something new. The fediverse doesn't have clear boundaries and I think the advertising that you mentioned does a disservice by implying it does. The fediverse is similar to the web; they're both based on open protocols and can be guided but not controlled, because anybody can build something on those protocols.

One response to this fuzziness has been to demand most features be opt-in. The reason I don't think this is tenable is because you have to have a hard boundary to determine what should be opt-in and what is ok to be opt-out. Your heuristic was native ActivityPub implementation. I don't think this scales (I feel like you're going to say this is a technological argument and therefore invalid, but it's also a social argument. Ppl don't want to use something that they have to constantly maintain. Constantly adding new servers/users to an allowlist is a chore that would drive ppl away. See google+ circles). It doesn't scale because like I said above new implementations pop up every day and these implementations are starting to branch away from the static archetypes we're used to (Twitter-like, Facebook-like, Reddit-like, etc). And some of them are existing projects that add AP support.

For instance, Hubzilla/Friendica has been bridging AP content for years. Do all of those instances require opt-in because they use a different protocol in addition to AP? There have also been bridges that translate RSS feeds to AP actor for years. Did the owners of those RSS feeds opt-in and should they have been required to?

What I'm trying to say is I think you're right that you can never keep up with the boundaries of the fediverse and where your posts end up. And I don't think there's an easy delineation for what should be opt-out vs opt-in. So instead we should be demanding that implementations add controls to our posts. Thinks like ACLs and OCAPs would allow you to control who can see your posts and interact with them and not care about new bridges/instances/whatever. Which is why I think the argument over opt-out vs opt-in is a distraction that will only keep the fediverse in this quasi-privacy space where you're dependent on yelling down any actor who is doing something with yours posts you don't like.