Email or username:

Password:

Forgot your password?
Top-level
vruz

@mastodonmigration @snarfed.org @snarfed

That may not be completely legal if they vacuum in data from people who explicitly do not consent to it.

Imposing that entitled requirement doesn't make the legal problem go away.

29 comments
Mastodon Migration

@vruz @snarfed.org @snarfed

In addition to broad content rights issues, there may also be GDPR issues. GDPR has very explicit rules about opt-in vs. opt-out when consent is required.

Sam :verified:

@mastodonmigration @vruz @snarfed.org @snarfed The developer of this is US-based and is not making money off of it, so it doesn't apply lol.

This is doing absolutely nothing different than what federation already does. Federation vacuums up your data and sends it to another server. That is how Mastodon has always worked. This is no different.

vruz

@sam @mastodonmigration @snarfed.org @snarfed

I'm not sure what "lol" means in this context, but it seems that you are saying somebody believes that living in and operating from the US is reason enough for that person not to give a fuck about other people's rights.

Arcaik

@vruz @sam @mastodonmigration @snarfed.org @snarfed I guess they believe GDPR is written like “consent is important yo, unless the guy is based in the US and doesn't directly makes money out of it, in that case he can do whatever”.

Sam :verified:

@Arcaik @vruz @mastodonmigration @snarfed.org @snarfed GDPR isn't applicable to anything on the Fediverse because if Mastodon was actually taken to court for GDPR the entire Fediverse would be shut down.

The Fediverse is built upon taking your data and sending it off to as many servers as possible without your consent or knowledge. That is how it works. And it is a HUGE untested legal gray area.

Sam :verified:

@Arcaik @vruz @mastodonmigration @snarfed.org @snarfed If you wanna push super fucking hard on GDPR, then go ahead and fucking do it, but it'll impact ALL of us in very real and very negative ways if you do.

Until then, 'consent' is meaningless because there is absolutely fucking nothing fundamentally different between what this dev is doing and what Mastodon is doing.

vruz

@sam @Arcaik @mastodonmigration @snarfed.org @snarfed

Many things seem to be meaningless in the US, including what I ssid before.

Sam :verified:

@vruz @Arcaik @mastodonmigration @snarfed.org @snarfed What I am saying is that if you applied 'consent' consistently, Mastodon would turn into an unusable mess. Other Fediverse servers use your data in tons of ways that, legally, are done without any of your consent.

The Mad Hatter replied to vruz

@vruz @sam @Arcaik @mastodonmigration @snarfed.org @snarfed you consent to the data being shared by posting it [with public visibility] (otherwise why would you post it).
Saying this is illegal is like saying your mail provider is doing something illegal when you are sending a mail because it 'shares your data' with different mail servers along the way.
But this is what you ask them to do.

Your instance admin should obviously be able to defederate the bridge. (And you to block )

@vruz @sam @Arcaik @mastodonmigration @snarfed.org @snarfed you consent to the data being shared by posting it [with public visibility] (otherwise why would you post it).
Saying this is illegal is like saying your mail provider is doing something illegal when you are sending a mail because it 'shares your data' with different mail servers along the way.
But this is what you ask them to do.

LillyLyle/Count Melancholia

@sam @vruz @Arcaik @mastodonmigration @snarfed.org @snarfed Surely by joining and using the service you are implicitly giving your consent, since that's obviously the very basis of how it works?

If you walk down a footpath in a town you are implicitly consenting to other people being able to see you and be there too.

I have always thought of social media as a place.

DELETED

@sam @Arcaik @vruz @mastodonmigration @snarfed not how the law works. If people haven't consented to this specific handling of their info, it's a breach of GDPR. You consent to other servers having your info when signing up, not random outsiders.

Arcaik

@sam @vruz That's not what you said in the first place. You implied that “based in the US” or “not making money” were valid ways of avoiding GDPR. They are not.

Every European citizen, wherever they are, are entitled to the rights provided by the GDPR.

🍒🌳 Hartmut Goebel

The GDPR is applicable. One could sue every single operator all over the world.
Only whether it can be enforced is questionable.
@sam @Arcaik @vruz @mastodonmigration @snarfed

🍒🌳 Hartmut Goebel

The GDPR applies to everything not only addressing the private area (family, etc) and to everybody addressing the European market - means all people living in Europe. And it applies to everybody no matter where on the world it is based.
Thus the GDPR for sure applies to this "servicex, too.
@sam @mastodonmigration @vruz @snarfed

stuart

@vruz @mastodonmigration @snarfed.org @snarfed

How is this different to people on other instances following you and v.v.?

They don't agree to your T&Cs and v.v. My worry is if you can't just mute/block in the normal way.

Mastodon Migration

@stuart @vruz @snarfed.org @snarfed

When you agree to your instance's Privacy Policy (mastodon.social/privacy-policy) you generally grant them that right:

"Your public content may be downloaded by other servers in the network. Your public and followers-only posts are delivered to the servers where your followers reside, and direct messages are delivered to the servers of the recipients, in so far as those followers or recipients reside on a different server than this."

maegul

@mastodonmigration @stuart @vruz @snarfed.org @snarfed

I'm confused ... how does that make the bridge different?

Wouldn't the bridge simply count as "other servers in the network"?

If so, and I'm not missing something, the issue here isn't bsky but that it's such a well known entity that it raises alarms about what are intrinsic privacy/safety issues built into ActivityPub ... ?

AFAICT, the bridge operates exclusively through follows not indexing etc.

Sam :verified:

@maegul @mastodonmigration @stuart @vruz @snarfed.org @snarfed It's not different. It's one of the servers in the network. It's just connecting two protocols.

maegul

@sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed

Yea ... with pretty similar social mechanisms too (ie, both are twitter clones)

Greg Hills

@sam @maegul @mastodonmigration @stuart @vruz @snarfed.org @snarfed

> "It's one of the servers in the network."

No, it is not.

Bluesky is not part of the ActivityPub network, any more than are Twitter or Facebook.

cathode.church/fedi-scraper-co

I could actually kinda-sorta-maybe get behind a bridge like this, IF IT WAS OPT IN. This is not opt in. It does not even respect flags that say hoovering up a Mastodon person's or instance's data is OK with that person or that instance.

maegul

@winterknell @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed

I don’t know.

If it can connect or be bridged then is it not “the network”?

Not sure that there’s anything special about ActivityPub. To the point that it seems dangerous to emphasise a formal/nominative distinction rather than a functional one. Ie, the issue should be more about what the protocol does rather than its name.

If mechanics are effectively the same then bsky is really just a big instance no?

Greg Hills

@maegul @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed

Ask MySpace about Facebook's bridge.

My objection is not addressed to the protocols, but to the ethics. Public posts on Mastodon and on Bluesky are easily scraped. That does not mean that any arsehole can just go ahead and bot-scrape it and pass it on.

As a Masto instance, indieweb.social is welcome to receive whatever is not blocked from them, but not to pass it on wholesale beyond the edge of the Fediverse.

maegul

@winterknell @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed

I don't know about that bridge.

But my point is that "scraping" and then "passing on beyond the fediverse" aren't necessarily clear or helpful criteria.

If fediverse="uses ActivityPub" then that allows for a lot of stuff including what is effectively "scraping" (eg, kbin is effectively a search engine for masto content AFAIU). Staying "within fediverse" can be pretty arbitrary then.

Greg Hills

@maegul @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed

That Bluesky doesn't use ActivityPub is a pretty clear indication that it's "beyond the Fediverse". The fact that I can't block Bluesky but can, and now have blocked, both indieweb and snarfed, is a pretty clear indication of the boundary.

That the guy thinks forcing "opt out" on people is acceptable is the clearest indication of all. I'm not opposed to reach, but I'm opposed to this guy's approach.

My profile's Privacy-and-Reach page, with all the boxes checked allowing my profile and posts to roam.
margrim

@maegul @winterknell @sam @mastodonmigration @stuart @vruz @snarfed.org @snarfed

That bridge is important. Those who ignore history are doomed to repeat it.

Back in the early aughts, when Facebook expanded to the public, 'everyone' was on MySpace. It is improbable to organically acquire the users of an established social network (particularly one so liked) if you're walled off. So they created a bridge (bot) connecting users to friends still on MySpace while siphoning users.

Go Up