Serious question for those that this is relevant to: if you don't understand how ActivityPub works, even a little bit, why do you feel the need to have opinions on how it should work?
Isn't this backwards as hell? Shouldn't you try to understand how something works, then ask why it is that way and if it's intentional?
Too many people here have this strange opinion that they have some sort of privacy, even if their profile/posts are set to "public".
This is just simply not true. We're on the internet. There's over 20,000 Fedi instances and there's just no way to manually parse them to make sure there's no "bad actors" using your "public" posts for whatever the hell they want.
We already see this happening with things like NewsMast which is aiming to be a "news" app where their users don't have to login or register to a Fediverse server, yet they will see posts by Fediverse users from bigger instances based on "categories".
Maybe do some research about how the protocol works and how it's VERY opt-out to the core, before you have opinions on it. Just saying....
Since most users wouldn't understand what ActivityPub / Fediverse is, it is likely there will be far less than 40% or 30% (guesstimate) of their userbase who will appear in the Fediverse network.
It will highly depend on how they will explain the benefits of enabling ActivityPub in their accounts.
The latest drama is that Automattic is about to sign a deal with OpenAI to train AI on WordPress.com and Tumblr content.
Everyone’s got very angry about it. Everyone also conveniently forgot to even mention that OpenAI probably already had crawled most if not all of WP and Tumbler.
Automattic also allows users to opt out and that fueled the Opt Out/Consent discussion that started a bit earlier. I’ll get to it later.
Just the day before (or it feels like it) Google signed a deal with Reddit to get all the data to train their AI.
Everyone’s got very angry about it. Everyone also conveniently forgot to even mention that Google of all corps probably already had crawled most if not all of Reddit. The $60M Google paid is a convenience fee to get a nice db bump instead of having to scrap and clean up all that text.
Reddit doesn't let user to Opt Out.
Last week (or it feels like it) one guy wanted to bridge public toots from Mastodon to bluesky.
Everyone’s got very angry about it. Everyone also conveniently forgot to even mention that people could read those toots just using a different client or a browser. All the bridge did was bring toots to a different audience and allowed them to engage with those toots.
The bride also allows people to opt out and that rekindled the Opt Out/Consent discussion that started a bit earlier. I’ll get to it later.
Some time last year a guy built a Fediverse search engine because discovery between instances is terrible.
Everyone’s got very angry about it. Everyone also conveniently forgot to even mention that most toots are indexed by big search engines anyway but because they rank low they just rarely surface in the results.
The search engine also allowed people to opt out and that kinda started the Opt Out/Consent discussion. I’ll get to it in a bit.
Some time later a completely unrelated thing happened. Discord decided that they won’t let people hotlink images uploaded to Discord.
Everyone’s got very angry about it. But also this time people didn’t forget to mention that you shouldn’t use discord for anything you don’t want to lose. Thing like lore, documentation and basically anything that can be useful 5 minutes after it was said better be somewhere else. The reason is Discord servers are private in the sense that you have to use a specific piece of software with an account to access it. Anything posted there is not accessible outside, including through a search engine.
While all this was going on quite a few people in seemingly unrelated fashion were expressing dissatisfaction with interactions they were having on Mastodon. Specifically they were angry about certain types of replies they were getting. The replies were not threatening or insulting but they were not welcome in a way that I’m having trouble articulating. The most common case I saw is someone would post something open-ended or state a problem they have and they would get a bunch of suggestions how to possibly solve it or people sharing their experience either affirming the problem or otherwise.
Some people got very angry about this. They also conveniently forgot to even notice that this is a non-standard arrangement and they want to Opt Out of the more common case provided by the platform.
So finally we’re at the Opt Out. There’s a lot of different takes but the main thrust is that things should be Opt In instead of the other way around. And I agree. Where I don’t agree is that you all Opt In when you post stuff publicly on the internet. Once you do you set your thing free into the world. You resign control over it. You do not expect to opt in to every single read on your blog. If you want to control who access what you write you don’t post it on the internet in public, you send it in private. Consequently you do not retroactively revoke access. You all know that internet never forgets. You can’t unpublished things on the internet. It was already copied, screenshotted, and archived. And you didn’t know what happens to it unless you’re told.
We are also working directly with select AI companies as long as their plans align with what our community cares about: attribution, opt-outs, and control.
Emphasis mine
This is not the tech industry’s most egregious lack of understanding of consent in recent years. That dishonor belongs to LegalFling: A blockchain app for sexual consent.
However, this is still pretty stupid, and the result of an insidious trend that doesn’t get questioned enough in software engineering circles. So I’m asking that my readers shout this from the fucking rooftops.
Opt-Out Is NOT Consent
Opt-out is “our lawyers told us to make this an option to cover our ass, but we don’t want you to actually do it”.
Opt-out is “if you missed the memo, we assume we have your consent”.
The default state of any decision regarding user data should be opted out. Users should instead be required to opt in for your decision to take effect, and they must not be coerced into doing so.
If consent is not explicitly given by an informed user, you haven’t received consent at all, and to pretend otherwise is unethical.
Your users don’t fucking care about opt-out. We care about opt-in.
“But Soatok, That’ll Hurt Our Revenue”
If you have to make money doing unethical things, or by following dubious practices that don’t actually respect other users’ autonomy, then you should go out of business.
End of.
What Automattic Should Do
If Automattic wants to make things right, they must do two things and could do a third thing (but I’m not holding my breath):
First, nuke the existing opt-out mechanism and replace it with an opt-in mechanism. If nobody checks it, then don’t include their data in the sale to Midjourney or OpenAI.
Second, they should make the permission for third-parties more granular. Some of us don’t care about third parties, but do NOT want “AI” companies using their data to enable plagiarism.
Third, if you want to go the extra mile, add support for a plugin that uses Nightshade on all hosted media in all WordPress.com plans, including free plans, to increase your users’ protection against LLM scrapists.
This is my open challenge to Automattic leadership to do better.
This Issue is Bigger than Automattic
The tech industry has gotten very bad at respecting users’ consent lately. Your options are no longer “Yes” and “No” anymore. Instead it’s “Yes” or “Maybe Later”, without a “Never” option.
ugh not even @signalapp is safe from the unstoppable deprecation of consent in favour of “not now” pic.twitter.com/sW4Ss2pqMb
It does keep going. I’m going to skip a few, but check it out.> the unstoppable deprecation of consent in favour of “not now”, episode 18 pic.twitter.com/CRdfujOBZt
Yes, even Linux is affected.Even worse, you can rarely uninstall the crapware that nags you with these consent dialogs.
This needs to stop. It’s a toxic mentality and it cultivates a culture that doesn’t respect humanity. (Which is kind of funny to write as a furry blogger.)
If you work in the tech industry, scream very loudly about properly implementing human-respecting consent controls into your software.
Just because it’s widespread doesn’t mean it’s inevitable. Push back against it. Your less privileged, less technical neighbors deserve better.
@thenexusofprivacy it's additional work to implement an allow-list for federation, although not much more than instituting a deny-list. What's easier is accepting content from everywhere, but I can definitely see how indiscriminately accepting content from just anywhere is a recipe for potential abuse.
I'd like NodeBB to support both, although it might not be available during alpha phase.
Petition: Der Deutsche Bundestag möge beschließen: Die elektronische Patientenakte (ePA) darf nur mit ausdrücklichem Einverständnis der betroffenen BürgerInnen angelegt werden (OPT IN). Da geht doch noch was! 👇