Email or username:

Password:

Forgot your password?
wakest ⁂

Discovered this morning that Maven heymaven.com (a social media startup who's CEO is ex OpenAI "Ken Stanley: leading the Open-Endedness Team at OpenAI") is mass importing public posts from the #fediverse with no links back to the original and no way to delete them. It seems there is no Opt-out or Opt-in mechanism at all. It also has posts from #Bluesky pulled in via @bsky.brid.gy that are also not linked back to the original.

Here's an example: app.heymaven.com/profile/66927

Screenshot of a social network Maven with my account from the fediverse copied into it.
Screenshot of a social network Maven with my account from Bluesky copied into it.
61 comments
wakest ⁂

Thanks to @emsquared for posting about it under the #ActivityPub hashtag which is how I discovered it...

wakest ⁂

@cyplo they way they are doing this I sorta doubt blocking their domain will do anything...

Jingle Ariels

@liaizon oh interesting. So the actual selling point is that they've divorced the posts from the person. Lovely.

wakest ⁂

"We experimented for a bit with uploading some high quality resources that could help spark discussion but we decided to stop that for now. The article is 3 years old but maven the platform is only a few months old :)" -COO Blas Moros

Anꞇóin Ó B.

@liaizon

This is despicable.

I suppose it is also an opportunity for you write whatever you want about Ken Stanley and have it published on his own site, then screenshot it.

"Excited to see Ken Stanley announce heymaven.com will be livestreaming the third annual Sex Tourism and Tax Avoidance Conference for American Christians. It is sponsored by Lobbyists for Lowering The Age of Consent and Lockheed Martin, expect more details to follow soon!"

What are they going to do, ban you?

DELETED

@liaizon @bsky.brid.gy
How often is the scraping done? Once a day?

DELETED

@liaizon @bsky.brid.gy Whoa, it is actively retagging and relating posts. @bfdi

The Spoopy VHS Necromancer⚰️🧟

@liaizon @bsky.brid.gy

The stupidest part of this is... I got curious and was messing around with the "tags" and noticed that instead of using the hashtag's name, it gives everything a number.

For instance, Peertube Instance is app.heymaven.com/tag/154847

So I was like... hrrm, I wonder what the very first tags are.

We have the following:

1 - AI
2 - ChatGPT
3 - Startups
4 - fundraising
5 - tech

@liaizon @bsky.brid.gy

The stupidest part of this is... I got curious and was messing around with the "tags" and noticed that instead of using the hashtag's name, it gives everything a number.

For instance, Peertube Instance is app.heymaven.com/tag/154847

So I was like... hrrm, I wonder what the very first tags are.

The Spoopy VHS Necromancer⚰️🧟

@liaizon @bsky.brid.gy

And that, in turn, led me to find this post there - app.heymaven.com/discover/4968

where someone is pointing out that the numbering system can also be used to mine account info.

And then down here in the comments, he also mentions that if you know who someone is, you can find their unpublished draft posts too

app.heymaven.com/discover/5537

They say further down they've fixed this, but man that is not good.

DELETED

@DrakkenZero @liaizon @bsky.brid.gy the drafts thing sounds like an issue on the fedi software side though, no? mastodon & co have to be flawed for that info to be available

The Spoopy VHS Necromancer⚰️🧟

@emllnd @liaizon @bsky.brid.gy

It's drafts from within Maven, because it's also it's own platform and not just something parasiting off the Fediverse with a one-way no-back-link import.

So, if you were a Maven user that was drafting for-Maven posts, until they fixed it other people could see whatever you had written whether you'd chosen to publish it or not, just by digging around in the number system.

James B.

@liaizon @bsky.brid.gy searched my name and I found a toot from you as well on this weird app @treefrogie84

wakest ⁂

1.12 million fediverse posts scraped by AI startup Maven founded by ex OpenAI lead...

confirmation by Maven CTO Jimmy Secretan app.heymaven.com/discover/1190

DJ Sundog - from the toot-lab

@liaizon

hate it.

for the record, I emailed jimmy@heymaven.com when I saw your post and checked out their T&Cs. I informed him that he was violating my content licensing by scraping the toot-lab and gave him a reference link to my shadow profile on their service, and that if they persisted in misusing my posts I'd have to look at legal remedies, and he just replied and said he has "removed the data and will work this week to prevent future ingestion. Thanks and sorry for the inconvenience."

so, super annoying and mega-manual opt-out process, but the profile page pretending to be me is indeed now removed.

@liaizon

hate it.

for the record, I emailed jimmy@heymaven.com when I saw your post and checked out their T&Cs. I informed him that he was violating my content licensing by scraping the toot-lab and gave him a reference link to my shadow profile on their service, and that if they persisted in misusing my posts I'd have to look at legal remedies, and he just replied and said he has "removed the data and will work this week to prevent future ingestion. Thanks and sorry for the inconvenience."

DJ Sundog - from the toot-lab

@t54r4n1 I searched for "toot-lab" on their web client and it came up

pine "two cats" trees

@djsundog what the FUCK they scraped from inside the fedi with a login? we don't expose posts anywhere but they got ours

pine "two cats" trees

@djsundog ohohoho time to have a go at enforcing my bio

DJ Sundog - from the toot-lab

@t54r4n1 I'd laugh so hard as you took your fedi followers out to the nicest dinner the twin cities have to offer after the settlement check came through hahaha

DELETED

@t54r4n1 Do it! You specified the licensing terms and they accepted. Send them the bill.

@djsundog

DJ Sundog - from the toot-lab

@t54r4n1 I have a feeling they set up a fedi server specifically to get around authorized fetch issues

wakest ⁂

@djsundog @t54r4n1 wait so you had AUTHORIZED FETCH turned on that they still got all your shit?

wakest ⁂

@t54r4n1 @djsundog that means they were doing something explicitly fishy right? like that means you can't just hit the API like a normal client and ask for some posts

DELETED

@liaizon fwiw, authorized fetch is only going to stop another signed activitypub request if you have the domain suspended or operate on an allow list. Any legitimate AP request that is signed will go through otherwise.

I feel like they are pulling from mastodon.social's API streaming endpoint. So posts that end up on m.s' federated timeline are going to end up on there

@djsundog @t54r4n1

DJ Sundog - from the toot-lab

@witchy @liaizon @t54r4n1

so now that Jimmy jumped in thread and I had a quick look at his masto.soc profile, it looks like they are indeed implementing activitypub - mastodon.social/@jsecretan/wit - so, defederating from maven.ly should help; looks like they're currently using staging.maven.ly (see test account staging.maven.ly/mastodon/acto )but blocking the TLD is deffo the move imho

#fediblock

james

@djsundog @witchy @liaizon @t54r4n1

jesus fuck, thanks for this.

app.heymaven.com/profile/55909 found myself and other strangeobject users. will chat with Esther in a bit and move to suspend the entire domain, and tell our users how to opt out individually.

fucks sake

DJ Sundog - from the toot-lab replied to james

@james @witchy @liaizon @t54r4n1

always happy to spend a few minutes trying to keep the commons clean of the trash that invariably blows in haha ❤️

Jérôme

@liaizon @djsundog @t54r4n1 authorized fetch isn't meant to block a fedi server from federating. It's only when you blocked a server that authorized fetch comes into action.

Some details here: hub.sunny.garden/2023/06/28/wh

Esther Payne :bisexual_flag:

@djsundog @t54r4n1 I just searched for my name. It's there.

😒

@nexusofprivacy had you heard of maven?

Brian Hawthorne

@djsundog @t54r4n1 I don’t see a “search” feature on their UI. Nearly everything I click asks me to login.

[ Update: I found the search box finally. Looks like there are only posts from one infosec.exchange account. ]

DJ Sundog - from the toot-lab

@bhawthorne you have to click the "try web app" button next to the play store app buttons to get sent to app.heymaven.com/discover which then has a search box at the top

Brian Hawthorne

@djsundog @t54r4n1 Thanks. Apparently I AM there. Search didn’t find bhawthorne, but did find Brian Hawthorne.

feld
@liaizon stop posting publicly and this won't happen
shadowwwind

@liaizon this post says that replies federate back. They seem to be an activityPub server. Probably limited like threads.net. but a legit actor, not scraping
app.heymaven.com/discover/9787

wakest ⁂

@shadowwwind they currently seem to be one way. and they don't link back to the original post, so I would still consider it scraping even if they are using AP to do it...

shadowwwind

@liaizon according to him comments do federate back. And the linking thing might just be, that they didn't set that up yet. In the search all mastodon accounts that I saw at least had the whole Webfinger in their name.

RavenCode

@liaizon bruh, boosted to let more people know btw

wakest ⁂

UPDATE: Looks like its a bit more complex (isn't it always)
So the CTO is here at @jsecretan and has clarified that they are in the process of implementing bidirectional #ActivityPub, but in the meantime ingested the "federated timeline" of Mastodon.social
You can look at their AP response here: staging.maven.ly/mastodon/acto though it doesn't seem to be live on their main domain.

screenshot of the CTO talking to himself between Maven and Mastodon.social (as viewed on my instance through Phanpy)
neocolonial malcontent chic

@liaizon @bsky.brid.gy wait, I may be wrong, but I remember seeing Rochko including someone on the Mastodon board or something (I don't remember the details) who was or is a proponent of LLMs. Is this, um, sanctioned? Can someone confirm, please?

wakest ⁂

@toridas_ No one has the power to "sanction" this...

neocolonial malcontent chic

@liaizon oh, my bad. So now what do we do, lock our accounts, will that be any help?

wakest ⁂

@toridas_ I would saw theres nothing we can do other then make a fuss until there is pressure to stop... as long as a person can see your posts on the internet an AI can scrap them and do whatever

cryptix

@liaizon The complaint process is even easier if they don't have a German or EU subsidiary

cryptix

@liaizon I just filed one with my local gdpr office, too.

Skele8tron

@liaizon
Could we generate junk random words from dictionary posts so fast that the fuckers run out of space or that would be just too nice to be possible?

@bsky.brid.gy

argv minus one

@liaizon

A guy who used to work for a company that commits blatant content theft is once again committing blatant content theft.

And, bafflingly, getting away scot-free. I guess because Fedi users don't have million-dollar legal departments.

BonnettsBooks

@liaizon

Thank you for sharing.

I found my shadow profile on maven, too, spanning 5/17/24 - 6/8/24, but not every one.

They've stripped hashtags from the bottom of my posts. Image AltText seems to be missing or inaccessible there. And, they add their own imprecise tags.

I wonder if hashtags in the body of a post would stop them, get stripped – bastardizing the content, or simply be ignored? What about Emojis? I'll throw a hashtag into today's post and see if it turns up there in a few days.

murph :amigacheck: :fedora:

@liaizon @djsundog

Looks like I'm in there, and somehow they scooped up a "Mentioned people only" post?????

Go Up