this post was submitted on 09 Jul 2023
87 points (98.9% liked)

Mander

432 readers
3 users here now

founded 2 years ago
MODERATORS
 

Meta has launched a twitter alternative called "Threads". The application allows Instagram accounts and followers to be migrated directly. From what I can find, there are already over 90 million users using threads.[1] It is Meta's plan to allow Threads to interact via ActivityPub with other platforms in the fediverse.

Mander has a generally open federation policy. I don't want to prevent users from accessing specific content through the fediverse purely on ideological grounds, nor do I want to block our information from being accessed. There is a very strong argument to be made to remain federated with Threads in the spirit of having an open and accessible network.

But, after seeing the rushed, non-transparent, and non-EU compliant way that Threads is being deployed, it is obviously not wise to remain federated during the deployment phase. I would be willing to re-federate once it is proven that we can federate with them safely, it is demonstrated that a good amount of value to the users is added by doing so, and that at least a portion of the users is interested in doing so.

Reasons to defederate:

  • The fediverse already lives in a legal gray zone in many respects. Threads was not released into the EU due to regulatory concerns.[2] My server is based in the Netherlands. It appears like no one is sure about what the legal implications are, but I consider federating interactions with Threads to present a new liability with a larger amount of risk. The added risk is related to the fact that Meta is often being looked at by regulators, and instances could be pulled into a Meta-related investigation. A hypothetical example - and I don't know if this is accurate or not - federated comments from EU users that end up saved in Meta's servers could be construed as a GDPR violation due to the transfer of EU user data. These are risks that are already present in the fediverse, but interacting with Meta may increase the likelyhood of being pulled into a Meta-related legal problem.

  • Threads is being released in a very hurried manner to capitalize on the unpopularity of Twitter at the moment. They are deploying these tools at random times without first informing the world about how they work. As far as I can tell, they have told us nothing about how they will actually use ActivityPub. All that we know is that suddenly hundreds of millions of people will be able to take actions that in some way interact with our servers. A likely scenario is that this will be similar to mastodon, their users will be able to make comments to a Lemmy server, and this won't cause a problem. But they may choose to do something differently, or they can make a mistake in their implementation. A mistake at the scale of hundreds of millions of users would easily deal catastrophic damage to a small instance.

  • The developers of Lemmy have strongly encouraged instance admins to defederate with threads. They develop this platform and know it much better than I do. I respect them and trust their judgement, so a strong encouragement coming from them is something that I take very seriously.

  • Most users who have commented on this topic here and in other instances want to defederate. While I do prefer to take a stance in favor of a more open federation policy, I do think that the case of a giant corporate entity deploying a potentially destructive platform into the fediverse is a special case.


Generally I prefer to assume good faith and only defederate as a last resort in response to a practical problem. In this case, we are dealing with a commercial for-profit entity that has a strong record of not acting in good faith. The massive scale of this thing is such that we could lose the luxury of being able to easily respond to a sudden practical problem.

I don't love Meta, and they are most likely not joining the space because they are passionate about helping us create privacy-centric decentralized social networks in which profit and growth are not the motives. But this is an opinion. In the future, if users actually want that, I am committed to re-assessing and potentially re-federating once the dust settles. But I can't justify taking this level of risk at this time.

If no one asks for it, I wouldn't actively try to re-federate.

you are viewing a single comment's thread
view the rest of the comments
[–] elavat0r@mander.xyz 9 points 1 year ago (1 children)

I think you are making the right call. I frankly hadn't even thought of all of the potential legal difficulties that small instances might get dragged into, but you make a good point. I simply don't trust Meta not to trample thoughtlessly over everyone else in the fediverse.

Thanks once again for explaining your reasoning and keeping the discussion open.

[–] Sal@mander.xyz 8 points 1 year ago (2 children)

I frankly hadn’t even thought of all of the potential legal difficulties that small instances might get dragged into

There is a lengthy analysis that I think provides some valuable insight about this here. I can't tell you how accurate the analysis is, but it seems to me like the user knows what they are talking about. The general gist is that the way 'personal data' is defined may extend to include usernames and potentially even comments, and we are transferring this data to servers within and outside the EU without a transfer agreement in place. We lack mechanism that 100% guarantees data deletion from every federated server upon request, and we lack a mechanism to inform users the specific servers that the data is sent to through federation. There is a complex regulatory framework that was not built with something like the fediverse in mind.

[–] fossilesque@mander.xyz 7 points 1 year ago (1 children)

I'll forwarding this to my Mastodon instance owner, thanks for the tip. My partner is half Burmese, so I blocked Meta out of principle for the chaos it's doing there, but it's good to find things that apply directly to the west!!

[–] Sal@mander.xyz 7 points 1 year ago (2 children)

Sure thing!

I've been looking more into it, and the agency that has supervisory authority over GDPR compliance hosts their own Mastodon server.

They have their privacy policy here, which we can look at and take as an example.

The EU Commission is on Mastodon too. And NLNet Foundation funded a large portion of the development of Lemmy and other federated projects.

This does make things a bit better, because at least the regulators are aware of the fediverse and to an extent they are also actively involved in the ecosystem. I don't think that we can take this as proof that it is all good, though.

It is unlikely that draconian actions will be taken against instance owners because the regulators themselves are instance owners. But I do think that Meta joining can create some turbulence in this space.

[–] fossilesque@mander.xyz 4 points 1 year ago

I just got the link to where they are discussing it. Will look into this more in a bit. Cheers for the links.

[–] fossilesque@mander.xyz 3 points 1 year ago* (last edited 1 year ago)

PS: I just copy pasta'd a lot of your arguments to the mod chat and added my own comments. Thanks for articulating this, I get way too lost in the details sometimes. Bless.

[–] deathbird@mander.xyz 2 points 1 year ago

I would think that requests around 'personal data' in federated social media platforms would have to be handled in a manner similar to how e-mail is handled since the data is distributed in a similar manner (not that I'm familiar with how Right to be Forgotten and other EU privacy laws interact with email servers).