Post AR6YtpB3bTUOUPfBLs by seeteegee@social.afront.org
(DIR) More posts by seeteegee@social.afront.org
(DIR) Post #AR5EGLaxSmZTCsiV16 by blacklight@social.platypush.tech
2022-12-29T00:30:40Z
0 likes, 1 repeats
Any other #fediadmin has received an email from someone from #AdSpy recently?They are apparently interested in "purchasing anonymized clickstreams from social networking websites", and they are specifically interested in monitoring specific AJAX requests.They assure that "all data will be pre-processed on my side to exclude personal information". I'm curious to know if the stuff they are supposed to "run on my side" is actually open-source or auditable to clients. They have a website that seems to mostly target advertisers, but no references to any open-source repos for their spyware (let's call things with their names).Those who know me know that I'm strongly against any kind of 3rd-party purchase of user data - no matter how much they claim to anonymize it, especially when their own code is not open-source.And I feel very disturbed to see this kind of activities target the #Fediverse as well, since this whole world was born to escape the creepy business dynamics of the surveillance-based web.
(DIR) Post #AR5rZ0mqwq1ENzAgFM by geobeck@home.social
2022-12-29T01:22:51Z
0 likes, 0 repeats
@blacklight A while ago John Oliver gave a pretty good rundown of how anonymizing protocols used by data brokers aren't all that anonymous. Basically, if enough information about User12345 is contained in several anonymized ad IDs, you can combine using common values them to determine User12345's identity.In addition to content moderation, I think it would be a good practice for well-moderated servers to block instances that implement commercial data collection services.
(DIR) Post #AR5rZ1FZE4zHp2bc0G by blacklight@social.platypush.tech
2022-12-29T08:33:54Z
1 likes, 1 repeats
@geobeck there's an interesting paper from 2019 on the topic (https://www.nature.com/articles/s41467-019-10933-3/), which basically shows that the likelihood of identifying a given user given a set of (even incomplete) anonymized data is very high.This is however assuming the best intentions on the data harvesters' side. If they are supposed to run stuff on my own server whose source code hasn't even been disclosed, I think we can stop even before we get to the probability of user identification through anonymous data part...
(DIR) Post #AR6YtpB3bTUOUPfBLs by seeteegee@social.afront.org
2022-12-29T13:02:15Z
0 likes, 0 repeats
@blacklight I wonder what other business/funding models are being pursued here to avoid this kind of thing, and provide the needed cash for building/maintaining/legal aspects of this system.
(DIR) Post #AR6Ytpaa4ZuDlZbZ8S by blacklight@social.platypush.tech
2022-12-29T13:06:57Z
0 likes, 0 repeats
@seeteegee many instances have Patreon links or other forms of voluntary funding.In my experience it also works quite well: many among the Fedi folks are sensitive to surveillance capitalism topics, and they know that the alternative to donations is exactly the business models that spawn the birth (and success) of companies like AdSpy.Whether it's sustainable to solely rely on voluntary donations to support the costs of running Fediverse instances (especially as the number of users and posts increases), of course, it's all another business.
(DIR) Post #AR6YtqCVnYFNfDLrG4 by blacklight@social.platypush.tech
2022-12-29T13:10:39Z
0 likes, 0 repeats
@seeteegee what concerns me the most, however, is that other admins out there may be tempted by this kind of offers.An easy source of revenue that only requires sharing telemetry data (or, who knows, maybe more) with 3rd-parties may be more appealing than relying on sporadic donations.What's worse, it's very likely that such admins may not share with their users that some of their data is shared with 3rd-parties - and, depending on the implementation, it may not even be easy to spot from the client-side which instances actually do the tracking. This could really contribute to create a false sense of privacy and security.
(DIR) Post #AR6YtqkBmLBZLf6kka by seeteegee@social.afront.org
2022-12-29T13:17:16Z
0 likes, 0 repeats
@blacklight the fact that this temptation exists suggests to me that this is a fundamental problem with the utopian vision of the fediverse, and certainly the marketing of it. I’ve already seen some admins burn themselves out as others scoff at how foolish they were. Is this a “greater fool” race? I hope not. Have we learned nothing from fidonet?
(DIR) Post #AR6YtrBq7XIsjQ2pqi by blacklight@social.platypush.tech
2022-12-29T16:33:15Z
1 likes, 1 repeats
@seeteegee I think that scalability issues can be avoided by keeping the instances small.There are two extremes of the spectrum - the one-user-one-instance case (1U1I) and the all-on-one-instance case (Ao1I).Ao1I is undesired for the obvious reasons (centralization, with all the problems that come with it).1U1I is probably an undesired outcome too because, in an ideal world where everyone runs their own instance, the problem of user moderation becomes a problem of instance moderation - so, paradoxically, something not very different from Ao1I.There must be a sweet spot between these two extremes. An average size large enough (so instances are aggregations of users coarse enough to make the inter-instance moderation problem exponentially simpler), and small enough to make the intra-instance moderation problem simple too.Instances with ~100/250 users are probably a good trade-off. They aren't too large, so an admin can afford a relatively modest Linode bill (or even run everything on a single server on prem), intra-instance moderation is not too hard (because the size of the instance is comparable to the average size of someone's real-life social circle) and it's unlikely to take too much time from admins/mods. Moreover, on smaller instances users and admins/mods may have stronger ties, and users may be more likely to contribute to keep the lights on. At the same time, it's also large enough to make the inter-instance moderation problem easier - if a whole instance goes Nazi rogue, it's easier to block an instance with 100/250 users rather than 100/250 individual instances, like in the 1U1I extreme case, so the inter-instance moderation problem is already reduced by 2-3 orders of magnitude.I think that the Fediverse should encourage the creation of small/medium instances and discourage instances with >1K users, if we want to keep things scalable and sustainable.