I said the two things are different, you said how does that make asking for consent for the two things different, and my response was that for one of them it already works that way without your consent. That is a clear difference. Yes, I'm talking about the technology to explain the difference, because it's a concrete fact. Your argument that a bridge should be opt-in requires an abstract boundary that some instances are are allowed to federate on an opt-out basis and others are not.
You don’t build trust in users by using practices like opt-out, which is again, the only argument I am trying to make.
The instance you're on uses opt-out practices. You didn't consent to your post federating to kbin.social and yet here we are. If you don't trust the bridge, fine, block it. Every tool on the fediverse that you already use to deal with its inherently opt-out nature is available for you to use with this bridge.
Thank you for the detailed explanation. It matches what I've heard from others while having this same debate. Now allow me to explain my side.
This is the part I think is wrong and the cause of all of this. You can not find which implementations are part of the fediverse. No tracker that you can use has an up-to-date and accurate listing of implementations. New ones come online every day as some random developer builds something new. The fediverse doesn't have clear boundaries and I think the advertising that you mentioned does a disservice by implying it does. The fediverse is similar to the web; they're both based on open protocols and can be guided but not controlled, because anybody can build something on those protocols.
One response to this fuzziness has been to demand most features be opt-in. The reason I don't think this is tenable is because you have to have a hard boundary to determine what should be opt-in and what is ok to be opt-out. Your heuristic was native ActivityPub implementation. I don't think this scales (I feel like you're going to say this is a technological argument and therefore invalid, but it's also a social argument. Ppl don't want to use something that they have to constantly maintain. Constantly adding new servers/users to an allowlist is a chore that would drive ppl away. See google+ circles). It doesn't scale because like I said above new implementations pop up every day and these implementations are starting to branch away from the static archetypes we're used to (Twitter-like, Facebook-like, Reddit-like, etc). And some of them are existing projects that add AP support.
For instance, Hubzilla/Friendica has been bridging AP content for years. Do all of those instances require opt-in because they use a different protocol in addition to AP? There have also been bridges that translate RSS feeds to AP actor for years. Did the owners of those RSS feeds opt-in and should they have been required to?
What I'm trying to say is I think you're right that you can never keep up with the boundaries of the fediverse and where your posts end up. And I don't think there's an easy delineation for what should be opt-out vs opt-in. So instead we should be demanding that implementations add controls to our posts. Thinks like ACLs and OCAPs would allow you to control who can see your posts and interact with them and not care about new bridges/instances/whatever. Which is why I think the argument over opt-out vs opt-in is a distraction that will only keep the fediverse in this quasi-privacy space where you're dependent on yelling down any actor who is doing something with yours posts you don't like.