this post was submitted on 07 Jul 2023
495 points (98.4% liked)

Technology

34912 readers
174 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] maegul@lemmy.ml 155 points 1 year ago (5 children)

Ok ... so I think false preconceptions are polluting this topic. Apart from the passwords, nothing serious has happened here for your data. As for the DMs ... yea there aren't DMs with any real privacy on the fediverse, they don't exist ... you should presume DMs are public.

Because the fediverse is not in any way private. See for a good treatment of this: https://blog.bloonface.com/2023/07/04/the-fediverse-is-a-privacy-nightmare/

The basic story is that the fediverse is all about duplicating what we post all over the place ... essentially to anyone who decides to run a server on the fediverse. The FBI could (and probably do?) have a server scooping up all sorts of stuff onto their server and you wouldn't know about and probably couldn't do much about it. Google is scraping mastodon (and probably lemmy?) ... try a google search for mastoodn content.

This is all public internet stuff, you're basically running a public blog that happens to be well connected to lots of other public blogs.

As nice as the fediverse is as a nice anti-capitalist-big-corp monopolisation of our social online lives ... it is very much born out of the web2.0 era and doesn't have any of the privacy concerns many of us would now hope for from technologies.

I've argued this elsewhere ... I like the fediverse and am here out of principle ... but in many ways it highlights some of the failings of our world at this time ... because it's about 10 years too late and the future is coming in hot and fast ... in retrospect I wouldn't be surprised if it will make a lot of sense to look back on the fediverse and think that it was effectively redundant at just about the time it gained popularity. An AI dominated internet with massive privacy concerns is here very soon, and the fediverse isn't ready IMO, it's still trying to catch up to web2.0 big social circa 2010.

[–] sub_ubi@lemmy.ml 22 points 1 year ago (1 children)

What about 2013 seemed more favorable to the fediverse than now? Twitter, reddit and Facebook were pretty useful at that time - I don't think I'd have left.

[–] maegul@lemmy.ml 40 points 1 year ago

Principles. That the whole internet and all of the freedom and diversity it can harbour was being monopolised by big giant corporations that had no interest in embracing an open web. Instead, they were convincing the world, especially those growing up in that/this era that the internet had to be constrained to the few walled gardens of big platforms.

These principles were as obvious and relevant then as they are now. Unfortunately convenience is a helluva drug. And, in the "Google" era of the internet (~2005-2020 ?), there was a certain naive optimism about big-tech and the internet, which no doubt lulled us in by its being "free".

In reality, we all really thought that good and useful world-changing stuff was just going to be made for us for free. That the internet was going to inexorably make the world a better place. It was dumb and naive IMO and marks very well the failings of the Millennial generation (to which I belong FWIW). Unfortunately, it's a lesson we had to learn the hardway. There were probably only a handful of people in the world that understood what the new industry was actually doing and was actually about and that had the philosophical will and ability to think it through and communicate to the masses what the choices we were actually making.

[–] joelthelion@lemmy.world 15 points 1 year ago (2 children)

Wouldn't it be possible to add end to end encryption for DMs?

[–] Dioxy@programming.dev 25 points 1 year ago (2 children)

We could turn to good ol’ PGP

[–] Mikina@programming.dev 13 points 1 year ago

That's the only way. I don't think there's any other solution that would allow for you being able to be sure that the instance you are on doesn't have a way to acess your data - any other e2e encryption integrated into Lemmy UI would not and cannot be reliable, because an admin can just rewrite the code as he sees fit.

Only solution to this is to just encrypt the message manually before it touches anything Lemmy UI.

[–] RyeBread@feddit.de 1 points 1 year ago

This is the way

[–] maegul@lemmy.ml 18 points 1 year ago (2 children)

Possible doesn't mean easily doable, unfortunately. Technically speaking, I don't know how hard it would be for the fediverse. I get the sense that overall it's been a mismanaged aspect of the ecosystem for a long time.

It touches on a broader issue of to what extent the software ecosystem enables users to exist on the fediverse at large as a single user or through a single interface. At the moment, it's basically not really a thing. Arguably, if the fediverse wants to make any claim to being an actual "federated universe" rather than just separate FOSS decentralised platforms (there is a big difference IMO) ... then it should definitely be a thing.

In relation to DMs, then, in a "true fediverse" the answer would be simply something like integrating matrix into your interface such that you and I could easily start a space on matrix and start chatting there if we wanted to.

I've come to the conclusion that for this to happen it needs to happen at the UI/client/app level. In fact, I wouldn't be surprised if that happens in not too long a time. An app that understand and works well with all of the major platforms and gives you a single and well designed interface for working with all of them from a single space. This way the platform developers can focus on their specific funcionality and backend while the app/client developers can focus on the UI and the challenge of bringing things together. I see it as similar to the way we all have email apps that easily bring together multiple email clients.

[–] fruitywelsh@lemmy.ml 6 points 1 year ago

Matrix integration really is the move to make imhol

[–] jimmy90@lemmy.world 5 points 1 year ago (1 children)

oddly enough i presumed this was how mastodon did DMs, i hope they can get E2E in the apps ASAP

[–] maegul@lemmy.ml 6 points 1 year ago

And that's part of the problem, they're easily mistaken for something better. Either they shouldn't be there or done at least semi-properly.

[–] dingdongitsabear@lemmy.ml 8 points 1 year ago (1 children)

thanks for the link, explains it very well. how bout my activity, like IP address, up/down votes, clicks on links, favorites and whatnot, is that federated around or how does that work, i.e. who has access to it?

[–] alex@agora.nop.chat 6 points 1 year ago* (last edited 1 year ago)

Up and down votes are federated with your username, along with posts and comments (obviously).

Clicking on links, favourites, email address (if you put one in when signing up), password and IP address are all only on your local instance.

Basically, unless another server needs to know about it for federation to work, it's going to be local to the instance you're using.

[–] NotBadAndYou@lemmy.fmhy.ml 6 points 1 year ago* (last edited 1 year ago) (2 children)

If the fediverse represents the soon-to-be-replaced web 2.0 of the past, what do you see replacing it and why do you think that will be incompatible with the fediverse apps?

I could see some block chain security/authentication features added to federated apps, and hopefully end-to-end encrypted DMs will be enabled by that same technology too. I'm just having a hard time imagining something "new" that will replace this completely.

There will probably be several TikTok-like entertainment platforms, likely filled with ad-friendly AI generated content that is 100% under corporate control and costs almost nothing to produce, but that type of platform attracts a different audience than what we have here.

[–] maegul@lemmy.ml 7 points 1 year ago

I don't think the fediverse necessarily needs to be replaced. We still have, afterall, Twitter going hard and strong after nearly 20 years! THe fediverse may very well go strong for many years to come, and that'd be a good thing ... it's nice!!

In an ideal world ... what would replace this? IMO, technology that basically gives every person a secure home on the internet in the same way that (most of us) can have a secure home in real life. Control, ownership and privacy over what you consume and publish and how. That technology would need to involve a number of things on a number of levels, but I'd bet it's quite viable today, it just needs buy-in and people to have the time and resources to build it.

[–] drwho@beehaw.org 6 points 1 year ago (1 children)

As far as I know (which isn't too far, because I'm not a Beltway bandit anymore), the Fediverse isn't on the FBI's radar in any meaningful way. It /might/ be on the radar of the information contractors they hire for bulk data gathering and analysis (Palantir, ZeroFox, Dataminr, probably others these days) but none of me have heard anything specific.

[–] mochi@lemdit.com 18 points 1 year ago

"...but none of me..."

How many of you are there?