@mastodonmigration @snarfed.org @snarfed
That may not be completely legal if they vacuum in data from people who explicitly do not consent to it.
Imposing that entitled requirement doesn't make the legal problem go away.
Top-level
@mastodonmigration @snarfed.org @snarfed That may not be completely legal if they vacuum in data from people who explicitly do not consent to it. Imposing that entitled requirement doesn't make the legal problem go away. 29 comments
@mastodonmigration @vruz @snarfed.org @snarfed The developer of this is US-based and is not making money off of it, so it doesn't apply lol. This is doing absolutely nothing different than what federation already does. Federation vacuums up your data and sends it to another server. That is how Mastodon has always worked. This is no different. @sam @mastodonmigration @snarfed.org @snarfed I'm not sure what "lol" means in this context, but it seems that you are saying somebody believes that living in and operating from the US is reason enough for that person not to give a fuck about other people's rights. @vruz @sam @mastodonmigration @snarfed.org @snarfed I guess they believe GDPR is written like “consent is important yo, unless the guy is based in the US and doesn't directly makes money out of it, in that case he can do whatever”. @Arcaik @vruz @mastodonmigration @snarfed.org @snarfed GDPR isn't applicable to anything on the Fediverse because if Mastodon was actually taken to court for GDPR the entire Fediverse would be shut down. The Fediverse is built upon taking your data and sending it off to as many servers as possible without your consent or knowledge. That is how it works. And it is a HUGE untested legal gray area. @Arcaik @vruz @mastodonmigration @snarfed.org @snarfed If you wanna push super fucking hard on GDPR, then go ahead and fucking do it, but it'll impact ALL of us in very real and very negative ways if you do. Until then, 'consent' is meaningless because there is absolutely fucking nothing fundamentally different between what this dev is doing and what Mastodon is doing. @sam @Arcaik @mastodonmigration @snarfed.org @snarfed Many things seem to be meaningless in the US, including what I ssid before. @vruz @Arcaik @mastodonmigration @snarfed.org @snarfed What I am saying is that if you applied 'consent' consistently, Mastodon would turn into an unusable mess. Other Fediverse servers use your data in tons of ways that, legally, are done without any of your consent. @sam @Arcaik @mastodonmigration @snarfed.org @snarfed I'm not sure you understand how trust works. @sam @vruz @Arcaik @mastodonmigration @snarfed.org @snarfed Surely by joining and using the service you are implicitly giving your consent, since that's obviously the very basis of how it works? If you walk down a footpath in a town you are implicitly consenting to other people being able to see you and be there too. I have always thought of social media as a place. The GDPR is applicable. One could sue every single operator all over the world. @sam @mastodonmigration @vruz @snarfed.org @snarfed being based in the US doesn't mean you don't need to consider gdpr if data you use is in the UK. https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/international-data-transfers/ The GDPR applies to everything not only addressing the private area (family, etc) and to everybody addressing the European market - means all people living in Europe. And it applies to everybody no matter where on the world it is based. @vruz @mastodonmigration @snarfed.org @snarfed How is this different to people on other instances following you and v.v.? They don't agree to your T&Cs and v.v. My worry is if you can't just mute/block in the normal way. @stuart @vruz @snarfed.org @snarfed When you agree to your instance's Privacy Policy (https://mastodon.social/privacy-policy) you generally grant them that right: "Your public content may be downloaded by other servers in the network. Your public and followers-only posts are delivered to the servers where your followers reside, and direct messages are delivered to the servers of the recipients, in so far as those followers or recipients reside on a different server than this." @mastodonmigration @stuart @vruz @snarfed.org @snarfed I'm confused ... how does that make the bridge different? Wouldn't the bridge simply count as "other servers in the network"? If so, and I'm not missing something, the issue here isn't bsky but that it's such a well known entity that it raises alarms about what are intrinsic privacy/safety issues built into ActivityPub ... ? AFAICT, the bridge operates exclusively through follows not indexing etc. @maegul @mastodonmigration @stuart @vruz @snarfed.org @snarfed It's not different. It's one of the servers in the network. It's just connecting two protocols. @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed Yea ... with pretty similar social mechanisms too (ie, both are twitter clones) @sam @maegul @mastodonmigration @stuart @vruz @snarfed.org @snarfed > "It's one of the servers in the network." No, it is not. Bluesky is not part of the ActivityPub network, any more than are Twitter or Facebook. https://cathode.church/fedi-scraper-counter.html I could actually kinda-sorta-maybe get behind a bridge like this, IF IT WAS OPT IN. This is not opt in. It does not even respect flags that say hoovering up a Mastodon person's or instance's data is OK with that person or that instance. @winterknell @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed I don’t know. If it can connect or be bridged then is it not “the network”? Not sure that there’s anything special about ActivityPub. To the point that it seems dangerous to emphasise a formal/nominative distinction rather than a functional one. Ie, the issue should be more about what the protocol does rather than its name. If mechanics are effectively the same then bsky is really just a big instance no? @maegul @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed Ask MySpace about Facebook's bridge. My objection is not addressed to the protocols, but to the ethics. Public posts on Mastodon and on Bluesky are easily scraped. That does not mean that any arsehole can just go ahead and bot-scrape it and pass it on. As a Masto instance, indieweb.social is welcome to receive whatever is not blocked from them, but not to pass it on wholesale beyond the edge of the Fediverse. @winterknell @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed I don't know about that bridge. But my point is that "scraping" and then "passing on beyond the fediverse" aren't necessarily clear or helpful criteria. If fediverse="uses ActivityPub" then that allows for a lot of stuff including what is effectively "scraping" (eg, kbin is effectively a search engine for masto content AFAIU). Staying "within fediverse" can be pretty arbitrary then. @maegul @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed That Bluesky doesn't use ActivityPub is a pretty clear indication that it's "beyond the Fediverse". The fact that I can't block Bluesky but can, and now have blocked, both indieweb and snarfed, is a pretty clear indication of the boundary. That the guy thinks forcing "opt out" on people is acceptable is the clearest indication of all. I'm not opposed to reach, but I'm opposed to this guy's approach. @maegul @winterknell @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed That bridge is important. Those who ignore history are doomed to repeat it. Back in the early aughts, when Facebook expanded to the public, 'everyone' was on MySpace. It is improbable to organically acquire the users of an established social network (particularly one so liked) if you're walled off. So they created a bridge (bot) connecting users to friends still on MySpace while siphoning users. |
@vruz @snarfed.org @snarfed
In addition to broad content rights issues, there may also be GDPR issues. GDPR has very explicit rules about opt-in vs. opt-out when consent is required.