Hi all, I'm pretty new to the fediverse and have tried learning about the way it works. I have tried finding some information in vain, so I have ended up mostly reasoning about it by drawing parallels with other non federated systems but I feel it's not accurate.
I am trying to understand three things:
- What information does the instance(s) have on their users?
- What information can users get on other users?
- What information can the infrastructure providers get on users of the fediverse?
To answer (1), I am guessing the admins of the instances have access to the typical metadata relating to the device from which a user accesses (IP address, device info, app/browser).
Regarding (2), it's not as clear. As of yet, it seems it is only possible to look at posts and comments and creation date. It doesn't seem possible to get a list of subscribed communities nor email address used for registration (when applicable).
Now I wonder if the instances do have all lists of subscribed communities? I'm guessing yes. What about private messages, are they end to end encrypted and inaccessible to the fediverse?
And finally, what access do the internet infrastructure providers have access to? All the same information as the instance admins/mods? More? Less?
Thank you for helping me weed through this new environment and learn about the fediverse.
Also, if you have some best practices on how to mindfully navigate in the fediverse with privacy in mind, please share, I would be grateful.
My knowledge is similarly limited, but fwiw I think you're more or less correct on what you've reasoned about your first question. Regarding the second, this is going to vary for each federated service and what's involved, e.g. on Mastodon your social graph (who you follow, who follows you) may be either public or private depending on your settings.
As to whether instances have lists of subscribed communities (or channels/followed users/etc.), I think you may be right as well as this is how the All/Federated/Other servers feeds are produced. However on private messages, they are absolutely not end to end encrypted on any fediverse service that I'm aware. It's much better to call these direct messages or mentioned people only (depending on context) rather than private, as many of the services that permit this form of messaging are really doing just that, simply making a public post only visible to the mentioned or directly messaged individual.
In other words, the fediverse is not really suited to private communications unless it's explicitly described as such (e.g. end to end encrypted channels/spaces on Matrix instances), so it's still better to use services like Signal or the like for private comms.
Regarding your third question, I don't know enough on this to comment.
Hope this helps, and if I'm mistaken on any of these, please correct me as I'm also interested in learning more on this subject!