this post was submitted on 01 Sep 2023

157 points (94.9% liked)

Privacy

31790 readers

247 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

157

Threads' New Terms and Conditions Affects the Fediverse (wedistribute.org)

submitted 1 year ago* (last edited 1 year ago) by throws_lemy@lemmy.nz to c/privacy@lemmy.ml

34 comments fedilink hide all child comments

all 36 comments

sorted by: hot top controversial new old

[–] shootwhatsmyname@lemm.ee 51 points 1 year ago (2 children)

Here is the Threads Supplemental Privacy Policy referenced in the article. Some relevant excerpts are:

We collect information about the Third Party Services and Third Party Users who interact with Threads. If you interact with Threads through a Third Party Service (such as by following Threads users, interacting with Threads content, or by allowing Threads users to follow you or interact with your content), we collect information about your third-party account and profile (such as your username, profile picture, IP address, and the name of the Third Party Service on which you are registered), your content (such as when you allow Threads users to follow, like, reshare, or have mentions in your posts), and your interactions (such as when you follow, like, reshare, or have mentions in Threads posts).

And further down…

If you are a Third Party User, our ability to verify your request may be limited and we may be unable to process your request. Please note, however, that the interoperable protocol allows Third Party Services to automatically send Threads requests for deletion of individual posts when those posts are deleted on the Third Party Service. We make reasonable efforts to honor such requests when we receive them. Contact your Third Party Service to learn more.

[–] MentalEdge@sopuli.xyz 58 points 1 year ago (1 children)

First one: "we will take as much as we legally can"

Second one: "we will give as little as we legally can get away with"

[–] shootwhatsmyname@lemm.ee 34 points 1 year ago

Up next: "we will change the law to take even more and mask it as protecting you"

[–] FiskFisk33@startrek.website 39 points 1 year ago* (last edited 1 year ago) (2 children)

Thats a nothingburger and a half.

This just lists the info that is auto shared through federation, in legalese. The second one explains how federated deletes work, also in legalese. This is the info any instance would handle if you interacted with it.

[–] Serinus@lemmy.ml 30 points 1 year ago

It's worth thinking about what you're putting out there, but you're right. This isn't a Threads specific thing.

You're putting these posts on the internet. You should expect everyone to read them, including Threads and Google and Putin and Kim Jong Un. That's kind of the idea of public posting. They don't even need an API to do that.

[–] tillimarleen@feddit.de 0 points 1 year ago (2 children)

why should it be ok that Meta collects this information though?

[–] FiskFisk33@startrek.website 7 points 1 year ago (1 children)

because every other instance does the same.

this comment is content, it's now stored on the instance I share it with, and all the instances it federates to, along with my username and so forth.

the above is just a legalese explanation of how the fediverse works.

[–] tillimarleen@feddit.de -1 points 1 year ago

Maybe it‘s a legalese explanation of a problematic aspect of the fediverse though. When a commercial entity comes in that deals in people‘s data, which doesn‘t just store data on its servers, but creates a product out of the data. And it seems like it can do that here without you ever agreeing or even knowing about it.

[–] DivergentHarmonics@sopuli.xyz 3 points 1 year ago

Apart from the list of items being somewhat generic and IP address just being unobtainable as someone else pointed out, it's just saying that they get data about users by means of the normal functioning of federation. It's ok in the same way as the server that originally hosts this community we are posting to necessarily getting user data from our "home" servers we are posting from. This is how we want it to work.

[–] Mugmoor@lemmy.dbzer0.com 45 points 1 year ago (3 children)

Any Admin worth their salt is going to defederate anyways.

[–] 1984@lemmy.today 19 points 1 year ago

This will be the next shit storm when Lemmy.world doesn't defederate with Threads and people get surprised. :)

[–] Rocketpoweredgorilla@lemmy.ca 15 points 1 year ago* (last edited 1 year ago) (6 children)

How much would that help? If even one instance doesn't defederate, fb is still going to scrape all the data they can through that instance, negating all the other instances that did defederate. (Unless I'm misunderstanding something)

[–] gabe@literature.cafe 19 points 1 year ago

They setting themselves up for a major GDPR suit, as well other lawsuits for violating privacy policies of other services that never opted in.

I wonder if there’s a way to fuck with the info that is sent to Facebook in some way from instances, kind of like an obfuscation method. So instead of us defederating, we force them to due to spamming their fetched content with nonsense.

[–] adespoton@lemmy.ca 7 points 1 year ago (1 children)

Yup; you’ll have to start watching where you post and only post on servers that don’t federate with Meta.

[–] Rocketpoweredgorilla@lemmy.ca 3 points 1 year ago

They way it's worded even upvoting/downvoting something would do it... you're still interacting with it.

[–] MentalEdge@sopuli.xyz 6 points 1 year ago

If you look at your profile from another instance, your user history there will only contain stuff that that instance is federated with. Users looking at your profile wont see comments and posts you've made onto communities that aren't federated onto the instance they are looking at your profile from.

One comment onto an instance that federates with threads would leak that one comment, not your entire user account's worth of data.

It's still bullshit.

[–] db0@lemmy.dbzer0.com 4 points 1 year ago

They would would have to scrape through a custom means like a web crawler. If you're defederated from them, content your instances won't be sent to them via other instances.

[–] ag_roberston_author@beehaw.org 3 points 1 year ago (1 children)

They already can and do scrape literally every website. If you're putting data on the internet thousands of different companies and governments are collecting it.

[–] Rocketpoweredgorilla@lemmy.ca 2 points 1 year ago

Oh I'm sure they do but depending on what they're collecting it's a legally grey area, while this is pretty much giving them permission to do it. And I for one have no intentions of making it any easier for them to make money off me.

[–] Facebones@reddthat.com 2 points 1 year ago

As far as I understand federation, you should be OK as long as you don't interact with instances that are federated with meta garbage. Blocking an instance is one click but it'll hide comments from their users and make you click a button to read them. Its not that big a deal though

I don't know if interacting with users of those federated instances would be safe or not, but your exposure I assume would be limited to whatever you reply to them.

[–] yukichigai@lemmy.sdf.org 6 points 1 year ago

I imagine Threads is gonna defederate from a lot of instances on their own. Any instance based around NSFW content or which even allows discussion of piracy will be blocked pre-emptively.

[–] Rocketpoweredgorilla@lemmy.ca 31 points 1 year ago* (last edited 1 year ago) (1 children)

A few months back when there was all the talk of facebook joining the fediverse I figured nothing good was going to come of it, and this doesn't prove me wrong. Fb doesn't do anything unless they see money in it somewhere.

[–] gabe@literature.cafe 9 points 1 year ago

They are deeply threatened by it and are desperate to capitalize off xitters failing. Mark is probably enraged that he can’t just buy up the company and snuff it out.

I think it’s inevitable that if they aren’t going to use a blocklist (which they are probably too stupid to consider doing) they will end up in either legal hot water for having the site become a war zone of alt-fedi instances harassing celebrities and random people off their threads. I do not see how them federating will go well, at all.

[–] wrath-sedan@kbin.social 19 points 1 year ago (1 children)

Genuine question here, it looks like most of the info they’re collecting here could also be collected via scraping that info from any publicly available instance (profile pic, username, etc.)

What added info would they get from federation that isn’t already something we are giving away ourselves by participating in a public protocol like ActivityPub?

[–] Dangdoggo@kbin.social 5 points 1 year ago (1 children)

Federation basically just means your instance will scrape Meta in turn and serve their content to you, whereas being defederated it will not. That means federated or no, without additional precautions by admins of particular instances, Meta will be getting the same info federated or no. Being defederated makes interacting with Meta's service much less likely though, which makes them scraping your data less likely. This update to the ToS honestly just sort of describes how the fediverse works anyway this isn't some special feature of Threads, all instances behave this way.

[–] wrath-sedan@kbin.social 3 points 1 year ago

Thanks, this was the impression I got as well. It doesn’t make anything public that wasn’t already public, it just makes it easier and more likely for Meta to ingest the data more directly.

[–] ButtholeSpiders@startrek.website 8 points 1 year ago (1 children)

Can’t instances defederate preemptively?

[–] Thorny_Thicket@sopuli.xyz 5 points 1 year ago (1 children)

Defederating doesn't prevent them from seeing what you post. It only prevents you from seeing them

[–] ButtholeSpiders@startrek.website 3 points 1 year ago

Hmm, I see. What a complex web, can nothing be done to stop thier blatant thievery?

[–] danie10@lemmy.ml 6 points 1 year ago

Surely we need some context with this, as what we post is basically publicly visible. Even if we defederate the posts are anyway visible. Our IP addresses are probably visible to the home instance we connect to (or our VPN IP address etc) but how does our IP address then travel off with the federated post to someone following us on Threads? It's only what travels out through the ActivityPub federation.

What would help with this post was, instead of just a link, maybe extracting the two or three issues that look problematic, and say why. That gives us something definite to actually debate.

For those who have friends stuck on Threads still, this maybe a good way for them to stay in contact. The Threads user gets their login times, IP address, location, etc tracked by Meta, and the Lemmy user with their Lemmy app, only identifies with their Lemmy instance. Threads should only be seeing the post and time that a Lemmy user posts something that is followed by a Threads user.

[–] BonesOfTheMoon@lemmy.world 5 points 1 year ago

Threads is the Google Plus of 2023.

[–] possiblylinux127@lemmy.zip 0 points 1 year ago

Threads is dying. Give it time