Email or username:

Password:

Forgot your password?
Grow Your Own Services 🌱

A little-advertised bridge just appeared between the Fediverse and Twitter founder Dorsey's new social network. It intends to bridge accounts that don't opt out.

Doing this as opt out is a pretty immoral thing to do. Also unclear how legal opt-out bridges are in some countries. The bridge is using these domains:

snarfed.org
brid.gy

Server admins may want to defederate these to prevent their members being bridged without their knowledge or permission.

(via @mastodonmigration )

#FediBlock

58 comments
Kevin Karhan :verified:

@homegrown @mastodonmigration

Thanks for letting me know.

Will add it to the public blocklist I maintain...

github.com/greyhat-academy/lis

infosec.space/@kkarhan/1119215

And yes, I'm kinda confident that this may violate #GDPR & #BDSG but I'm not a lawyer, this is #NotLegalAdvice and I'd encourage people to seek a licensed lawyer in their juristiction instead. [i.e. wbs.legal in Germany ]

Addendum: Already at it...
github.com/greyhat-academy/lis

Addendum #2: done!
You' can pull it from here:
raw.githubusercontent.com/grey

@homegrown @mastodonmigration

Thanks for letting me know.

Will add it to the public blocklist I maintain...

github.com/greyhat-academy/lis

infosec.space/@kkarhan/1119215

And yes, I'm kinda confident that this may violate #GDPR & #BDSG but I'm not a lawyer, this is #NotLegalAdvice and I'd encourage people to seek a licensed lawyer in their juristiction instead. [i.e. wbs.legal in Germany ]

Artur Neumann

@kkarhan @homegrown @mastodonmigration sorry I don't understand, how is that different to any mastodon instance? Aren't they just using the fediverse protocols to federate?
What do I miss?

Grow Your Own Services 🌱

@arturN @kkarhan @mastodonmigration

No, they're federating to Dorsey's new network which is not part of the Fediverse. As the bridge is not advertised and uses opt-out, it's unclear how much permission they have to bridge accounts like this.

Kevin Karhan :verified:

@neatnit @homegrown @arturN @mastodonmigration

IDK and honestly I don't care about terminology discussions so please leave me out of that...

Feel free to just pull a blocklist and be done with that shitty Twitter Clone...

infosec.space/@kkarhan/1119215

Grow Your Own Services 🌱

@kkarhan

Apologies for tagging you in replies. Thanks for maintaining a blocklist 🙏

Kevin Karhan :verified:

@homegrown no problem.

I just wanted to #DoBetter than #TheBadSpace and decided to do exactly that - with a transparenty provided blocklist that has actual processes for delisting that work and prioritizes due diligence over number of entries...

github.com/greyhat-academy/lis

OFC that pissed off Ro, WelshPixie and Schratze who don't accept valid criticism and instead decide to just make up shite as they go along and serial-harrass fediverse admins and mods until they resign...

They even extend their harrassment outside, but that'll be beyond the scope of this...

@homegrown no problem.

I just wanted to #DoBetter than #TheBadSpace and decided to do exactly that - with a transparenty provided blocklist that has actual processes for delisting that work and prioritizes due diligence over number of entries...

github.com/greyhat-academy/lis

OFC that pissed off Ro, WelshPixie and Schratze who don't accept valid criticism and instead decide to just make up shite as they go along and serial-harrass fediverse admins and mods until they resign...

Grow Your Own Services 🌱

@neatnit @arturN @kkarhan @mastodonmigration

You can get into semantics about what the Fediverse is, but Bluesky is definitely not part of the Fediverse that most people signed up for.

In practical terms, the simplest definition of the current Fediverse is the ActivityPub network, which Bluesky declined to use.

Fiadh (she/fae/it)

@homegrown @mastodonmigration "opt out" + "little advertised" = very obvious intent of doing it to people who don't want it

Grow Your Own Services 🌱

@fiadh @mastodonmigration

Exactly.

Here's what the author themselves said:

"Opt in results in far fewer users, and users are critical for a bridge to be useful."

In other words, the author cares more about the usefulness of their creation than in getting informed consent from other people.

Grow Your Own Services 🌱

@thelettuceman @mastodonmigration

A bridge is where posts and accounts from one platform can be followed and interacted with on another platform, and vice versa.

Opt-out means that this bridge plans to connect accounts to the other platform without asking their permission first.

(The correct way to get permission is opt-in, where people actively have to say yes before you do something. But that's not what this bridge is doing.)

Diabetic Heihachi

@ij
Something for your radar. Not sure if you want to poll the instance for defed in addition to users trusting the opt out will do its job.

margrim

@DavBot @ij Exactly. Next it will be, "Oh, you opted out of this, but you didn't opt out of that."

martenson

@homegrown per the author's post the domain to block is bsky.brid.gy

Grow Your Own Services 🌱

@martenson

If you defederate brid.gy, that will also block all subdomains too.

If you only defederate the subdomain, author might set up on another subdomain from the same domain.

RaymondPierreL3

@homegrown @mastodonmigration opt out is a dishonest and predatory practice that should be stamped out via legislation.

Grow Your Own Services 🌱

@RaymondPierreL3 @mastodonmigration

It would be very interesting to hear from lawyers (especially in the European Union) about whether existing legislation allows opt-out bridges or not.

Allpoints

@homegrown @mastodonmigration the frustrating thing about this is there actually is an opt-in way to interact with bluesky for those that want to. Just sign up for a free account.

In short, this wasn't necessary.

Pusher Of Pixels

@allpoints @homegrown @mastodonmigration

In short, bridges *are* necessary. We want interconnection, ideally via ActivityPub, but barring that a bridge is the next best thing until a common protocol wins the hearts n minds of the internet.

The Opt-Out is definitely badjuju and rightly will engender blocks.

Allpoints

@pixelpusher220 @homegrown @mastodonmigration
I support interconnectivity. However, I thought the whole point of ActivityPub was to allow for that.

I understand bridging but blusky is already a point of contention for many here. Simply saying one can opt out feels like the early days of email when spammers said the same thing. "What's the problem? You don't like our stuff just opt out."

To your point, this may not go as well as they hope

Pusher Of Pixels

@allpoints @homegrown @mastodonmigration

Agreed, the OptOut is a bad choice and harms the perception of interconnectivity.

Frankly, at scale, it would seem to need significant revenue... Which makes it more likely the content is being scraped on transit.

The better option would be instance hosted bridges, letting ppl control the flow.

Grow Your Own Services 🌱

p.s. Defederating brid.gy will also defederate all of its subdomains including bsky.brid.gy. It means any new subdomain would also be blocked too.

The author knows people aren't likely to opt in:

"Opt in results in far fewer users, and users are critical for a bridge to be useful."

The author knows they're going to be defederated for doing this:

"Admins may determine that this kind of bridge isn’t in their users’ best interests and choose to defederate/block it. That’s their prerogative."

🤮

Chadee the Dream Witch 🌕 🌊

@homegrown "Opt in results in fewer users"

Should be their first clue that their service or product is an absolute garbage fire and they should do anything else with their time.

Where did common sense go?

Giant Purple Monster

@matoakit execs / boards / marketing departments dont believe in common sense.

Chadee the Dream Witch 🌕 🌊

@Leviamicky A surprisingly large number of people profit on madness and senseless products.

I guess that's why people choose to build the torment nexus, because somebody will make a dollar on it.

Humanity is sadly predictable.

Giant Purple Monster

@matoakit common sense is the thing that makes you pause and reconsider before doing something stupid.

Cristin Pescosolido

@homegrown

seriously.

I found a very amusing link from the github issues for this bridgy techbro.

cathode.church/fedi-scraper-co

Yee Chie

@homegrown @mastodonmigration I am confused. What is wrong with brid.gy? I thought they were a good thing because of POSSE. indieweb.org/POSSE

Grow Your Own Services 🌱

@yeechie @mastodonmigration

Brid.gy is made by the author of this bridge, they are using brid.gy to do this bridge. If you go to brid.gy/about it will show a link to the author's own site, which is snarfed.org

ellen teapot

@homegrown @mastodonmigration @maya_b Jack notably hates Bsky and was immediately bullied off the site

Grow Your Own Services 🌱

@asmallteapot

Dorsey is on the board of directors, it's centralised (despite the hype) and it's funded by VC money.

ellen teapot

@homegrown OK if you want to just make things up that’s your prerogative

Grow Your Own Services 🌱

@asmallteapot

The official Bluesky website (bsky.social/about/faq) says that Dorsey is on the board:

"What is the corporate structure of Bluesky?

Bluesky, the company, is a Public Benefit Corporation. It is owned by Jay Graber and the Bluesky team. Jack Dorsey and Jeremie Miller serve on the board, along with Jay."

margrim

@homegrown @mastodonmigration That's cool. I vote to push a major version change to Dorsey's nose if the worm doesn't opt out right here in the next five minutes.

Ben Ramsey

@homegrown @lisamelton @mastodonmigration From a legal standpoint, how does a bridge differ from any other Fediverse server, which are all already opt-out by default?

Grow Your Own Services 🌱

@ramsey @lisamelton @mastodonmigration

Fediverse servers are assumed to be federating and this is made clear when people join. Being able to follow people on other Fediverse servers is explicitly stated to be the reason you might sign up. For example have a look at this official video made by Mastodon:

fedi.video/w/cbQE3NRw76FayQCSd

Bluesky isn't part of the Fediverse, no one on here has been told they may end up being connected to Bluesky.

Grow Your Own Services 🌱

@ramsey @lisamelton @mastodonmigration

p.s. The author knows they are on dodgy ground, as they admit they may be defederated because of the bridge:

"I know some admins may determine that this kind of bridge isn’t in their users’ best interests and choose to defederate/block it. That’s their prerogative."

Ben Ramsey

@homegrown @lisamelton @mastodonmigration No one here knows who they’re going to be connected with at all, when they sign up, though.

Grow Your Own Services 🌱

@ramsey @lisamelton @mastodonmigration

They know it won't be on bluesky, which is what this bridge is trying to change.

Ben Ramsey

@homegrown @lisamelton @mastodonmigration But there are thousands and thousands of domains federating with ActivityPub right now. Your contention is that, when users sign up on any given ActivityPub instance, they’re doing so because they know they won’t be federating with Bluesky ever?

Grow Your Own Services 🌱

@ramsey @lisamelton @mastodonmigration

Bluesky isn't using ActivityPub. If it was, there wouldn't be any need for a bridge.

If they start using it, I'll be posting advising the blocking of its domain (or at least ones connected to Dorsey if they ever actually decentralise), the same way I've been calling for threads.net to be blocked.

Ben Ramsey

@homegrown @lisamelton @mastodonmigration That’s fine. I don’t agree with running a Bluesky bridge, either, because Bluesky consciously chose not to use ActivityPub and to remain separate from the Fediverse, but I don’t understand why running the bridge would pose legal challenges, since the whole point of these protocols is to federate.

Grow Your Own Services 🌱

@ramsey @lisamelton @mastodonmigration

Because it's not the network they signed up for an account on?

I am not a lawyer so I cannot comment on legal challenges, I'm just very curious to know if bridging to a network you didn't sign up on with an opt-out system is legal.

Ben Ramsey

@homegrown @lisamelton @mastodonmigration I’m not a lawyer, either, but I would be willing to bet it would be very difficult to argue that in court, since the openness of the protocol means anyone can build an application on it. The “network” is opaque to users.

Grow Your Own Services 🌱

@ramsey

I have no qualifications on this so I can't really comment on what would happen.

Tim Chambers

@ramsey @homegrown @lisamelton @mastodonmigration However, Bluesky lead developers were cool with the idea of bridging from the start, Ben, I specifically pressed them on that. So they were always ok with it but didn’t have bandwidth to do themselves.

Go Up