Has anybody considered the idea that boosts from non-Meta properties to Threads could legally be used to build ad profiles? We already know they do that sort of account association with non-fedi accounts.
EDIT: Looks like that’s absolutely the plan. From the privacy policy
"Information From Third Party Services and Users: We collect information about the Third Party Services and Third Party Users who interact with Threads. If you interact with Threads through a Third Party Service (such as by following Threads users, interacting with Threads content, or by allowing Threads users to follow you or interact with your content), we collect information about your third-party account and profile (such as your username, profile picture, IP address, and the name of the Third Party Service on which you are registered), your content (such as when you allow Threads users to follow, like, reshare, or have mentions in your posts), and your interactions (such as when you follow, like, reshare, or have mentions in Threads posts).
We use the information we collect for Threads for the purposes described in the Meta Privacy Policy, including to provide, personalize, and improve Threads and other Meta Products (including seamless personalization of your experience across Threads and Instagram), to provide measurement, analytics and other business services (including ads), to promote safety, integrity and security, to communicate with you, and to research and innovate for social good."
https://help.instagram.com/515230437301944?helpref=faq_content
EDIT 2: After doing a little more thinking, I’ve come to the conclusion that the general narrative about Threads plan to steal users from similar federated services ignore the fact that it’s certainly cheaper to let the volunteers of the fediverse take on the moderation costs while they monetize the data. Though the two certainly are not mutually exclusive.
Yes. That’s part of all of it.
What we should be doing is de-federating them en-mass.
Nothing good will come from having Facebook/Meta involved here.
I fear that many people are not aware just how public everything in the fediverse is. Everything you post, every comment, every upvote, boost, favorite, like or other interaction is broadcasted to every instance where there is at least on subscriber/follower. Nothing in the fediverse is private. There is no real way to protect from this. You don’t even need a real instance for that. You could write a software that subscribes to everything and just takes the data. The fediverse is as public as it can be. It’s like standing on a market place and screaming out your thoughts. There is nothing stopping anyone from writing it down. And that is by design.
And I don’t mean that in a negative way. It is not really different from all the commercial platforms. They just take the data without you knowing it. Here you are very aware that you don’t control anything that you do in public.
The solution is to act accordingly. Use cryptic usernames and don’t post anything that can be traced back to you. Be aware that you are in a public space.
Just because it’s public does not mean they have the rights to sell it. Some over on Mastodon seem to think they likely would lose if it ever went to court (definite illegal in the EU but Threads is delaying launch there) but until then they plan to monetize your interactions.
If the fate of your posts is the concern, threads and whether or not it is federated with your server doesn’t matter. It never mattered
Anyone, anywhere on earth (including meta) can gather your public statements and do with them as they please. Legal or not, it’s a big world and the law doesn’t cross borders as easily as information does.
They don’t need threads to harvest and sell something you have posted online freely.
They don’t need threads to gather enough data to start associating your user name with a real name. Especially if you have an account on one of their services.
Just because data can be accessed that doesn’t mean it is legal to collect and process it.
Maybe it is useful to differentiate between what is legal and what is possible. And even if it not legal it is easy to harvest data from the fediverse. It doesn’t have to be meta. It could be a state government. It is public and everyone should act as if the data is already harvested.
Sure. I just think we shouldn’t turn this observation on its head to give the impression it’s somehow OK to break data protection laws just because there is no technical prevention.
That’s actually how some people think. Wasn’t sure if you were one of them.
If someone has a case it is a good idea to apply the laws. But you first have to find you that laws have been broken and by whom.
While I doubt this is as much of an issue for us, as it is for mastadon (the interaction is possible, but not really common I think) the following part:
We use the information we collect for Threads for the purposes described in the Meta Privacy Policy, including to provide, personalize, and improve Threads and other Meta Products (including seamless personalization of your experience across Threads and Instagram), to provide measurement, analytics and other business services (including ads), to promote safety, integrity and security, to communicate with you, and to research and innovate for social good.”
Is the best argument for defederating from them right from the start IMO. They’re forcing their privacy policy on people that might not even have read it just because they interacted on a submission that happened to originate in threads.
Now, I know everything we do here is open. But I don’t think it’s OK in a moral sense to suck up data from users other than your own to be sold to advertisers. I doubt we have much legal power but we do have the power to stop delivering the data to their door.
What’s worse, they’ll do it if somebody from Threads interacts with YOU
That’s true, but given the numbers it is far more likely to happen the other way I’d expect.
In the long run it probably isn’t their plan. They likely want to start gobbling up mostly mastadon (I’m guessing that is their target audience, I never had a twitter account or used mastadon) users to their service. Federation is just a recruitment tool I suspect.
I honestly don’t think they want to steal users long term. Much easier to let things remain federated and let the volunteers eat the moderation costs while they monetize the data.
That’s not how I understand it’ll work though. Each instance is moderating their local users. So they will need to have moderators enough for their own users. The home instance can moderate their users and those actions propagate. Remote admins can moderate remote users but, they will only effect their own instance. I could be wrong, I’ve not used mastadon. But for kbin/lemmy I’ve seen edit/delete messages coming through from the owning instance.
If other instances choose not to honour deletes and edits from moderation, then yeah they need to moderate themselves. But I think that’s going to be a rare case.
Important to note that right now they have zero in house moderation.
Eeeeeeeeh, how can you launch something you know is going to blow up like this and not be prepared to moderate?
The vibe I get is things were rushed out the door primarily as a shot across the bow to twitter.
I doubt most current mastodon users would want to use a Facebook product lol
I think the people that are on fediverse applications because they want to get away from these corporate operated megaliths aren’t likely to go anywhere. But that’s not all the current users, it’s probably not even most of the current users. Those people are likely to move if all their friends are there and they cannot see each-other any more via mastadon.
I posted a version of this in another thread:
I really think Lemmy, Kbin, and Mastodon need to figure out a way to have a default terms of service that ships with their product which forbids using the API to collect data for anything outside of user-facing social network interfaces, including account association heuristics and similar processes.
A way for users to set licenses on individual posts would be huge as well, with a default license instance admins can set.
That way for-profit instances could be forced to filter out posts with licenses that do not allow for-profit use. Honestly, even just a simple check mark “[ ] allow for-profit republication”, and have two licenses that can be attached: one that allows for-profit use and one that does not.
The fediverse should start baking in data control into it’s legal framework. Want to federate with Mastodon? You need to follow the ToS for what you can do with its posts. If we wanted to get really extreme we could even say the license should be copy-left. Any instance that wants to federate with a non-profit instances needs to also be non-profit.
That could block for-profit companies from becoming part of the network in the first place, even by use of stealth relay instances.
Thoughts on this friends? @ernest@kbin.social @dessalines@lemmy.ml @nutomic@lemmy.ml @Gargron@mastodon.social
It’ll be natural that a lot of instances will block these ad-ridden for-profit ones. A legal solution isn’t necessary IMO, nor is trying to add a bunch of complication and process around “accepting terms” of instances you don’t want to federate with. Allowlists and blocklists already work fine for that.
After reading a bit more I realize that’s probably the best that can be done, thank you for replying and for Lemmy! ❤️
This is a great take. I think folks definitely need to start thinking about establishing legal bedrock for this sort of thing.
I don’t fully understand—would Meta be able to serve you targeted ads based on your non-Threads fediverse activities? Where would these ads appear? How do they know it’s you just from your fediverse accounts?
No they would associate your boosts and likes from your fedi accounts to existing known (some Facebook or Instagram based) ad profiles. Here’s an article about that as a practice: here. That info would then be used in pretty much every location that you already see targeted ads, folding you into the existing Meta ad machine without you ever agreeing to a TOS or making an account.
That only works if your profile can be matched to an ad profile.
Which is not that hard, it’s called fingerprinting. If your browser’s fingerprint is unique they can identify you wherever you go.
But they can’t fingerprint you on your home instance. If you don’t use threads they will have a hard time.
From what I understand, those shadow profiles are based on information that Meta gets about you from other users, or through things like cookies and tracking pixels.
Suppose that Meta builds a shadow profile for each fedi user, then how would they link it back to you? They cannot get your IP address from just being federated with your home server, and they cannot inject a tracking pixel to your server’s website. Is there another way that they could use your fedi activity to serve you targeted ads?
They could only create a correlation if you let them. If your username is cryptic a ough and you don’t link to all your other social media it will be hard to profile you. And the ads would be on platforms where they can serve ads.
I absolutely do not think you can avoid the big social ad complex with a cryptic username.
I don’t know how they would profile you? They don’t have your IP and Lemmy doesn’t have trackers. Still it’s best to not post stuff that you don’t want everyone to know. And don’t misunderstand me: I hate that everyone tries to monetize me but that is the world we live in. I don’t know how to change that so I stop moaning.
They do explicitly track your IP. Check the privacy statement listed in the OP.
Edit: Lol the way to change that is literally solidarity. They don’t have a god given right to monetize our existence.
Meta can’t track your IP if you post from your home instance. They don’t have access to that.
A lot more people need to learn to stop moaning LOL.
Further context from the Threads privacy policy.
It states: "Information From Third Party Services and Users: We collect information about the Third Party Services and Third Party Users who interact with Threads. If you interact with Threads through a Third Party Service (such as by following Threads users, interacting with Threads content, or by allowing Threads users to follow you or interact with your content), we collect information about your third-party account and profile (such as your username, profile picture, IP address, and the name of the Third Party Service on which you are registered), your content (such as when you allow Threads users to follow, like, reshare, or have mentions in your posts), and your interactions (such as when you follow, like, reshare, or have mentions in Threads posts).
We use the information we collect for Threads for the purposes described in the Meta Privacy Policy, including to provide, personalize, and improve Threads and other Meta Products (including seamless personalization of your experience across Threads and Instagram), to provide measurement, analytics and other business services (including ads), to promote safety, integrity and security, to communicate with you, and to research and innovate for social good."
https://help.instagram.com/515230437301944?helpref=faq_content
With what part of the blog does that not match?
I think I had misunderstood the wording of the “Will Meta get my data or be able to track me?” section. I will amend my post.
Wow i hope threads will not join fediverse
There are comparisons to be made between Meta adopting ActivityPub for its new social media platform and Meta adopting XMPP for its Messenger service a decade ago. There was a time when users of Facebook and users of Google Talk were able to chat with each other and with people from self-hosted XMPP servers, before each platform was locked down into the silos we know today. What would stop that from repeating? Well, even if Threads abandoned ActivityPub down the line, where we would end up is exactly where we are now. XMPP did not exist on its own outside of nerd circles, while ActivityPub enjoys the support and brand recognition of Mastodon.
This is not really a convincing answer, so EEE is still a risk.
Doesn’t all social media have this, unfortunately?
There’s absolutely no reason it has to or should.
Technically, no, but then they need another source of revenue, because servers at that scale aren’t cheap.
The issue is that they can legally monetize users that never signed up to Threads. That’s what makes this set of circumstances unique.
Isn’t Google or every other company doing the same thing by training their AI on publicly posted information.
Training AI and selling information directly are very different in the eyes of the law.
But doesn’t Meta build shadow profile on non users alredy?
They do but primarily through SSO services and platform partnerships. This is their bridge into monetizing the broader fediverse.
Wow! It’s so much worse than I can imagine. I just know they are motivated by the bottom line but I don’t have the insight on what they gain with federating.
Killing a potential future competitor
Basically, what they’re planning to do is to try and deanonimize user handles. I use the handle
ZILtoid1991
on most networks, and is the same for most other people. In general, there’s nothing wrong with it. It makes people to be easier to be found. However, it can be easily exploited by data harvesters, like Meta, and I have to rely on their services still (especially Facebook) due to how prevalent its use is in my home country, Hungary.I also think they might use the Fediverse as a free moderation team, if they plan to moderate it at all. Facebook report system is completely broken, as instantly flags hate speech as safe, and will likely delete anything critical of it. However, large corporations like Meta (and X) can win more by playing some lip-service to the far-right: work-moralist attitude, tax breaks for the wealthy, protection from the working class, and so on. I have some theory that some tech corporations secretly boosted the far-right until they got too big there, then tried to write it off as an “oopsie”. Twitter seems to be way more open about it.