Gregory's ServerI'm pretty sure Mastodon is the first social network I've been on that didn't immediately ask me to betray all of the people in my address book.
 205 comments
 @Loukas @briankrebs  It is one of maybe 5 websites for which I did not have to adjust my uMatrix flags. Because it's all first-party.  @briankrebs I can help you with that, please send your address book for validation. @briankrebs @briankrebs True. But, Mastodon is the first social network I've joined where none of my friends IRL have accounts. @jaytaylor @briankrebs me too... It's the first social network that is free from my friends stupid politics. I'm just here for the CS papers and cat pictures.  @jaytaylor @briankrebs I hadn’t even noticed, but you’re right. On the other hand, if we’re feeling nostalgic we can always copy paste it in to some request headers or something. I mean, think about this for just a sec: LinkedIn, Twitter, SnapChat, Instagram, the list goes on and on. The VERY first thing these platforms will do after you've installed the app and logged in is to ask you to share all of the information in your address book. Ever wonder how these social networks got so big so fast? It's remarkable how much of their growth is based on convincing everyone it's totally fine and normal to give away all of the contact information given to them by friends, family and acquaintances. @briankrebs The one & only reason I refuse to use or even install those apps on devices containing address information. I only have an Instagram app on a tablet with zero contacts.  Even if you have never been registered on Facebook etc.: Facebook knows your mobile number and mail address because other people have already uploaded them. You can delete your phone number/mail address from meta's database via the following website: @fomm @jurjen_heeck @briankrebs is there one for LinkedIn? I purposely deleted my original LinkedIn account to get a fresh restart with no connections. When I created a new LinkedIn account and instructed it not to be found via email or phone, I was still located by people who had my contact info. @shecantech @fomm @briankrebs Same issue. Linkedin occasionally pushes me to invite people to join LinkedIn based on such network knowledge. @jurjen_heeck @briankrebs @fomm Thanks for the link that’s really useful. I wonder if the other big tech companies have something similar  @fomm @jurjen_heeck @briankrebs it seems to work for mobiles and landlines, but refuses to allow me to select email (FF on Android) @fomm @jurjen_heeck @briankrebs Fun fact: the mail server(s) Meta uses to send the confirmation email are in Spamhaus's Block List...  @jurjen_heeck With modern phones, you can just deny them the permission to access the data. @briankrebs This is exactly what turned my stomach immediately, and then strengthened my resolve. I’ve also made myself impopular by raising an eyebrow here and there when actual friends just started giving away my personal info without even as much as a single thought.  There was a brief time that printed White Pages went digital and even national. That was mind blowing. I could see contact information for everyone in the US. It only lasted a few months I think. Then gradually all White Pages went away. So the process can reverse. @briankrebs and how many people say “yes” to sharing that information without a thought.  @fsinn @briankrebs It's done under the guise of finding out who in your contacts also use the app or site. So I'd hazard to say pretty much everyone. Of course it is used for that, but oh so much more, too. @ksaj @briankrebs Oh I understand what they say it’s for, I’ve just never said yes, so as to protect both my info and that of my contacts. @fsinn @briankrebs Same here. Besides, I really don't want my family following me online. 🤣 @quotesofnote @briankrebs I guess so. I recognize that I’m an outlier, but I’ve never said yes. @fsinn @briankrebs OK, I think "everyone" is too strong. I would dial that back to "far, far too many". I am appalled by how much of their own personal information so many people will give away without a second thought, and really disturbed that someone else gives away my contact information (with or without a thought). I have never said "yes" to providing contacts, but then again, I haven't even signed up for things like facebook, linkedin, etc. @fsinn @briankrebs And I am aware that despite my attempt to avoid it, most of my "data" is harvested/shared with various actors on-line (when it isn't outright hacked or stolen). @quotesofnote @fsinn @briankrebs as you all mention that i probably allowed too many apps that specific permission already and i don't know if they even still have that. Should probably go around looking which have it and remove it.
 @briankrebs One thing about this ever persistent social graph building... I'm just more (or less) shocked by the number of long-ago exes who apparently still have my number in their contact lists. I generally avoid apps unless they provide me a utility that isn’t available through a browser. And then the utility needs to be significant. Social media data mining of devices is a big driver of that. Mikko is here in spirit: @mikko the reality is that the Finnish elite and most of the European elite too aren't as bothered by Elon. In here, Elon news isn't as well covered. That said, they would jump ship like rats when the US Democratic party jump ships. If US Democratic party elite for some reason finds their way to Mastodon rest of the world elite follows, they aren't that fond of Republican-only Twitter at that point. @briankrebs And that's the reason I don't use Signal. Doesn't matter how great the crypto is. The app part of it is shit. @briankrebs @viss Cool, since we're all the last bastion of good examples, none of us use that tech at all, amirite?  @briankrebs I shared my contact details with LinkedIn once because I didn't realize they had scrapped that from me somehow and those people weren't already on the service. I felt pretty used when I realized it sent them invites on my behalf. I never allowed a service to do that again. I care about the privacy of my contacts as much as my own. (I mean, I guess it's still my privacy too.) @briankrebs You mean like Zoominfo (which at one point had billboards in California airports) building it's business model on people sharing their outlook contact forever via a plugin for access to searching everyone else's aggregated outlook contact info? @briankrebs it's also the feature that I believe was responsible for Facebook's ability to take the lead from MySpace in late 2009. @briankrebs You can add Viber to that list! I blocked it from accessing my Android contacts, and yet within seconds of providing my number (and no other details yet, not even name or photo, hadn't finished signup), I started getting Viber messages from old friends who have my number. Viber insists they don't upload numbers and that what I describe couldn't have happened. Never figured who to report that privacy breach to... but it wouldn't get anywhere anyway, right?  @briankrebs Remember MCI's Friends and Family campaign and how many hated the spam? Tobe social media was taking notes to improve on MCI's mistakes. @briankrebs Indeed. I'd never want to do that without explicit permission from every single person and I'm not likely to ever want to ask that. Feels like some apps are not helpful but tripwires to do something bad by accident. They shouldn't be and my operating system should help protect from such leaks by disabling the capability. I do want my contacts manager to let me try to contact someone via a service. @briankrebs I don’t think I’ve ever shared my contacts with any platform. It’s one thing for me to consent to give some of my personal information to these patrons, but completely another if I sell out family and friends without router consent. 🤷🏻♂️  @briankrebs the big weird is that everyone acts like it’s *their* data to share when it really is *mine* @briankrebs in the middle ages the inquisition used to have to torture people for their contact list... Torquemada wishes he had been alive in these times!  @briankrebs Your post prompted me to delete my Instagram account, which I haven't used in several months. Then I was reminded Facebook makes it almost impossible to delete accounts. I deleted my LinkedIn a couple years ago. @briankrebs Smells like a story that media outlets should be digging into. Society needs to understand the depravity. @briankrebs Everything feels way more low key here, in a good way. When I go into my Instagram account, I can barely stay there for very long with all the ads and sponsored posts. Had completely forgotten about the whole giving away contacts thing.  @briankrebs@infosec.exchange  @briankrebs The concept of devices having a global contacts list, rather than each app having its own, is just so stupid and ripe for abuse. There are exactly zero times I've wanted to use someone's legacy POTS phone number in a context other than the stock phone/SMS apps (which could & should have been a single unified thing so as not to have to share data).  @dalias @briankrebs this. It's terrible how you share all contact details, i.e. contact's photo, email address, postal address, etc when you'd just need the phone mumber for contact discovery @jomo @briankrebs Ok but I don't even want contact discovery except manually. Just because I've once contacted a person on one channel doesn't mean I want to see and be seen by them on every random platform we happen to use. For the vast majority of contacts, a single preferred platform/channel to reach them thru is (more than) sufficient.  @dalias @briankrebs The problem is that there's an app privilege to access full contact list, instead of an API to have the user choose a specific contact to share with the app on as-needed basis.  @briankrebs @briankrebs Wow, excellent point. I'm so accustomed to ignoring that prompt when the other guys do it that I didn't even realize Mastodon didn't. @briankrebs Go back 10 years. AppDotNet was the Twitter/Facebook refuge where users' data was their own.   @briankrebs Well at least the ones of the last couple decades. In my head there’s a continuity from the old BBS’s through UseNet to the current iterations so I remember the time when I could sign up to stuff and not get that stuff. @briankrebs  @briankrebs Even Pokemon Go wants me to give up all my contacts in my address book. Et tu, Pikachu?  @briankrebs Mastodon is here to build slowly, naturally, with real human interaction and interest in openly shared ideas. You build a network with your own choices and whatever connections you make (and allow). It’s like a nice party, not like a fever dream of manipulation and desperation- which is how most social media works, imho.   @briankrebs @selea Even telegram. Telegram used to be cool, but it's generally just terrible now.  @briankrebs Ugh, it doesn't matter how many times I say NO and delete any data they got off me, the apps still try and trick me into giving them permission by springing dialogues on me at inconvenient times so I press yes without thinking. Or they suggest “contacts” to me regardless, perhaps because I'm in *their* contacts. They have no concept of how consent is meant to work. @briankrebs .... ..... ......... You need asked to do that? This is why Nixon called me a 'fine young gentleman.' @briankrebs You said it! We ‘had to’ buy a burner phone for Twitter because they began to require that!, & we weren’t about to give the real pn. They owe us for the stupid phone & all the minutes we had to purchase over the yrs. Then 2019: @briankrebs this sounds like withdrawal symptoms... To ease your symptoms... Just copy all you contacts into notepad, a csv file or screengrabs... and attach to your posts here... I'm sure it'll be fine 😂 seriously though... It's very refreshing isn't it. @briankrebs …or force you to scroll down through 10 ads to find content by anyone you’re interested in   @briankrebs That's because Facebook, LinkedIn, Twitter, SnapChat, Instagram etc are not "social media" but marketing companies who pretend to provide social media but who actually market and sell all your personal data - including relationships. They're like recruiting companies that advertise fake jobs and collect resumes then demand references then try to sell their services to your referees. @briankrebs I figure someone will point out the existence of tools like twitodon or movetodon, either as a counter-example, or a way to address the tradeoff of making the connection process more convenient, as a service to the user. And so, I want to point out, having a way to find them is fundamentally different from exposing them, and if you wanted a good and trustworthy tool to expose selected rows and columns of your addressbook, it's easier to just bcc them, and/or post to whatever group.    @briankrebs This reminded me of the time I went on Tiktok and I did *not* share my address book. But then it showed me a video by an acquaintance from a few years back with the explanatory text: "You're in their address book." I genuinely physically recoiled.   @briankrebs  @briankrebs This is one of many indicators of why you 'might' like to stay here. @briankrebs let’s see if Mastodon is going to make it or if all the Twitter refugees go to the next “big” thing. Bluesky or whatever.  @briankrebs disappointing that I didn't poison another directory with false email and phone numbers and first name only entries  @briankrebs I never let any app link to my contacts. I learned the lesson long ago when someone linked me in another email into FB, then their account was hacked & I got so much crappy spam email, I had to delete the account. I really don’t want to follow most people in life anyways b/c I really don’t care that much about most people’s lives. If I want to follow certain people, I find the people I want to follow myself. If the app stops working b/c I say no, I delete it. @briankrebs No, it usually takes a couple weeks for the "crap, I have to move before their instance defederates with us" rolls around.    @briankrebs I’d be happy to have just one friend who thought like this before betraying me @briankrebs that's a point I had forgotten about the others. I've never let either of them in but with almost 4000 in the address book would make for some interesting reading. @briankrebs at a time when I hate everyone in my address book. Not hate hate, but like petty hate.  Back in 2001, when LinkedIn was in beta and i was working at a college, i got an email from one of my friends asking me to sign up to LinkedIn. I said sure, and used the college email. After they extracted the contents of the address book that was attached to the college's email, everyone in the college received an email from the Dean, who had been targeted specifically. All the staff at that college signed up. "If the boss asks for it then..." @briankrebs I will never hand over my contacts voluntarily but there are positive and negative sides. Donating your contacts helps strengthen traction which is what a commercial social network is after. At #Mastodon growth is by word of mouth, as it were, and will be slower.  @briankrebs first in a long time yes. Nor did it ask for my phone number under the guise of security…  @briankrebs I think it says more about you, and the networks you choose to join. @briankrebs @theropologist Me (stabbing my old college roommate) “Wow, did I pick the wrong server!” @briankrebs it ain't the bird app 4 sure, takes awhile to adjust when you have Twitter PTSD. @briankrebs Nilay Patel on the Vergecast said that he doesn’t consider Mastodon as a social network like Twitter. He says it’s more like Wordpress for micro blogging but interface is built like Twitter but the system and larger setup is not. @briankrebs And I could not make the IT security people at a company I used to work for believe that there was a security problem that LinkedIn was asking for permission to harvest contact information from my Corporate account -- information that clearly other people in the company were giving them ...  @briankrebs Take note, LinkedIn! Jeez, those people were TIRELESS in trying to get into my address book. Lousy grifters. A worthless piece of software. @briankrebs Mastodon’s first message: “We’ve been trying to reach you about your car’s extended warranty…”  @briankrebs @chad It’s funny you should say that. I just installed Artifact (from the original creators of Instagram) which curates news articles that it thinks you will enjoy reading. So far so good… up until yesterday when out of the blue it asked me for my address book *sigh*. |
@briankrebs now I'm imagining how signing up with all the others is like being a member of the French resistance captured by the Gestapo.
WE WANT NAMES