 A little-advertised bridge just appeared between the Fediverse and Twitter founder Dorsey's new social network. It intends to bridge accounts that don't opt out. Doing this as opt out is a pretty immoral thing to do. Also unclear how legal opt-out bridges are in some countries. The bridge is using these domains: snarfed.org Server admins may want to defederate these to prevent their members being bridged without their knowledge or permission. (via @mastodonmigration ) 58 comments
@kkarhan @homegrown @mastodonmigration sorry I don't understand, how is that different to any mastodon instance? Aren't they just using the fediverse protocols to federate? @arturN @kkarhan @mastodonmigration No, they're federating to Dorsey's new network which is not part of the Fediverse. As the bridge is not advertised and uses opt-out, it's unclear how much permission they have to bridge accounts like this. @homegrown @arturN @kkarhan @mastodonmigration Doesn't this bridge **make it** part of the fediverse?  @neatnit @homegrown @arturN @mastodonmigration IDK and honestly I don't care about terminology discussions so please leave me out of that... Feel free to just pull a blocklist and be done with that shitty Twitter Clone... Apologies for tagging you in replies. Thanks for maintaining a blocklist ๐ @neatnit @arturN @kkarhan @mastodonmigration You can get into semantics about what the Fediverse is, but Bluesky is definitely not part of the Fediverse that most people signed up for. In practical terms, the simplest definition of the current Fediverse is the ActivityPub network, which Bluesky declined to use. @homegrown @mastodonmigration "opt out" + "little advertised" = very obvious intent of doing it to people who don't want it Exactly. Here's what the author themselves said: "Opt in results in far fewer users, and users are critical for a bridge to be useful." In other words, the author cares more about the usefulness of their creation than in getting informed consent from other people. @thelettuceman @mastodonmigration A bridge is where posts and accounts from one platform can be followed and interacted with on another platform, and vice versa. Opt-out means that this bridge plans to connect accounts to the other platform without asking their permission first. (The correct way to get permission is opt-in, where people actively have to say yes before you do something. But that's not what this bridge is doing.)  @ij If you defederate brid.gy, that will also block all subdomains too. If you only defederate the subdomain, author might set up on another subdomain from the same domain. @homegrown @mastodonmigration opt out is a dishonest and predatory practice that should be stamped out via legislation. @RaymondPierreL3 @mastodonmigration It would be very interesting to hear from lawyers (especially in the European Union) about whether existing legislation allows opt-out bridges or not. @ACNelson  @homegrown @mastodonmigration the frustrating thing about this is there actually is an opt-in way to interact with bluesky for those that want to. Just sign up for a free account. In short, this wasn't necessary.  @allpoints @homegrown @mastodonmigration In short, bridges *are* necessary. We want interconnection, ideally via ActivityPub, but barring that a bridge is the next best thing until a common protocol wins the hearts n minds of the internet. The Opt-Out is definitely badjuju and rightly will engender blocks. @pixelpusher220 @homegrown @mastodonmigration I understand bridging but blusky is already a point of contention for many here. Simply saying one can opt out feels like the early days of email when spammers said the same thing. "What's the problem? You don't like our stuff just opt out." To your point, this may not go as well as they hope @allpoints @homegrown @mastodonmigration Agreed, the OptOut is a bad choice and harms the perception of interconnectivity. Frankly, at scale, it would seem to need significant revenue... Which makes it more likely the content is being scraped on transit. The better option would be instance hosted bridges, letting ppl control the flow. p.s. Defederating brid.gy will also defederate all of its subdomains including bsky.brid.gy. It means any new subdomain would also be blocked too. The author knows people aren't likely to opt in: "Opt in results in far fewer users, and users are critical for a bridge to be useful." The author knows they're going to be defederated for doing this: "Admins may determine that this kind of bridge isnโt in their usersโ best interests and choose to defederate/block it. Thatโs their prerogative." ๐คฎ  @homegrown "Opt in results in fewer users" Should be their first clue that their service or product is an absolute garbage fire and they should do anything else with their time. Where did common sense go? @Leviamicky A surprisingly large number of people profit on madness and senseless products. I guess that's why people choose to build the torment nexus, because somebody will make a dollar on it. Humanity is sadly predictable. @matoakit common sense is the thing that makes you pause and reconsider before doing something stupid. seriously. I found a very amusing link from the github issues for this bridgy techbro.    @homegrown @mastodonmigration I am confused. What is wrong with brid.gy? I thought they were a good thing because of POSSE. https://indieweb.org/POSSE Brid.gy is made by the author of this bridge, they are using brid.gy to do this bridge. If you go to brid.gy/about it will show a link to the author's own site, which is snarfed.org @homegrown @mastodonmigration @maya_b Jack notably hates Bsky and was immediately bullied off the site Dorsey is on the board of directors, it's centralised (despite the hype) and it's funded by VC money. The official Bluesky website (bsky.social/about/faq) says that Dorsey is on the board: "What is the corporate structure of Bluesky? Bluesky, the company, is a Public Benefit Corporation. It is owned by Jay Graber and the Bluesky team. Jack Dorsey and Jeremie Miller serve on the board, along with Jay." @homegrown @mastodonmigration That's cool. I vote to push a major version change to Dorsey's nose if the worm doesn't opt out right here in the next five minutes.  @homegrown @lisamelton @mastodonmigration From a legal standpoint, how does a bridge differ from any other Fediverse server, which are all already opt-out by default? @ramsey @lisamelton @mastodonmigration Fediverse servers are assumed to be federating and this is made clear when people join. Being able to follow people on other Fediverse servers is explicitly stated to be the reason you might sign up. For example have a look at this official video made by Mastodon: https://fedi.video/w/cbQE3NRw76FayQCSdb14TU Bluesky isn't part of the Fediverse, no one on here has been told they may end up being connected to Bluesky. @ramsey @lisamelton @mastodonmigration p.s. The author knows they are on dodgy ground, as they admit they may be defederated because of the bridge: "I know some admins may determine that this kind of bridge isnโt in their usersโ best interests and choose to defederate/block it. Thatโs their prerogative." @homegrown @lisamelton @mastodonmigration No one here knows who theyโre going to be connected with at all, when they sign up, though. @ramsey @lisamelton @mastodonmigration They know it won't be on bluesky, which is what this bridge is trying to change. @homegrown @lisamelton @mastodonmigration But there are thousands and thousands of domains federating with ActivityPub right now. Your contention is that, when users sign up on any given ActivityPub instance, theyโre doing so because they know they wonโt be federating with Bluesky ever? @ramsey @lisamelton @mastodonmigration Bluesky isn't using ActivityPub. If it was, there wouldn't be any need for a bridge. If they start using it, I'll be posting advising the blocking of its domain (or at least ones connected to Dorsey if they ever actually decentralise), the same way I've been calling for threads.net to be blocked. @homegrown @lisamelton @mastodonmigration Thatโs fine. I donโt agree with running a Bluesky bridge, either, because Bluesky consciously chose not to use ActivityPub and to remain separate from the Fediverse, but I donโt understand why running the bridge would pose legal challenges, since the whole point of these protocols is to federate. @ramsey @lisamelton @mastodonmigration Because it's not the network they signed up for an account on? I am not a lawyer so I cannot comment on legal challenges, I'm just very curious to know if bridging to a network you didn't sign up on with an opt-out system is legal. @homegrown @lisamelton @mastodonmigration Iโm not a lawyer, either, but I would be willing to bet it would be very difficult to argue that in court, since the openness of the protocol means anyone can build an application on it. The โnetworkโ is opaque to users. I have no qualifications on this so I can't really comment on what would happen.  @ramsey @homegrown @lisamelton @mastodonmigration However, Bluesky lead developers were cool with the idea of bridging from the start, Ben, I specifically pressed them on that. So they were always ok with it but didnโt have bandwidth to do themselves. @tchambers @homegrown @lisamelton @mastodonmigration So, why didnโt they use ActivityPub themselves? |
Gregory's Server
@homegrown @mastodonmigration
Thanks for letting me know.
Will add it to the public blocklist I maintain...
https://github.com/greyhat-academy/lists.d/blob/main/activitypub.domains.block.list.tsv
https://infosec.space/@kkarhan/111921521755789389
And yes, I'm kinda confident that this may violate #GDPR & #BDSG but I'm not a lawyer, this is #NotLegalAdvice and I'd encourage people to seek a licensed lawyer in their juristiction instead. [i.e. https://wbs.legal in Germany ]
Addendum: Already at it...
https://github.com/greyhat-academy/lists.d/issues/51
Addendum #2: done!
You' can pull it from here:
https://raw.githubusercontent.com/greyhat-academy/lists.d/main/activitypub.domains.block.list.tsv
@homegrown @mastodonmigration
Thanks for letting me know.
Will add it to the public blocklist I maintain...
https://github.com/greyhat-academy/lists.d/blob/main/activitypub.domains.block.list.tsv
https://infosec.space/@kkarhan/111921521755789389
And yes, I'm kinda confident that this may violate #GDPR & #BDSG but I'm not a lawyer, this is #NotLegalAdvice and I'd encourage people to seek a licensed lawyer in their juristiction instead. [i.e. https://wbs.legal in Germany ]