Post AixKFrMgKdk6OGFtfk by cdp1337@social.veraciousnetwork.com
(DIR) More posts by cdp1337@social.veraciousnetwork.com
(DIR) Post #AixJsiZ8se3eRM35Mm by BeAware@social.beaware.live
2024-06-15T15:25:54Z
0 likes, 0 repeats
Question:How can Fediverse be more "private" while also not ruining the experience for those who like things the way they are?There's already a way to make your posts private so that there's no way for anyone to see them without your permission.Could there be another way without destroying discoverability?I can't think of any, but I'm obviously not the sharpest tool in the shed.Obviously Mastodon needs to start by removing the RSS feed or make it an option to turn off. As it stands, most people don't even know it's a thing because it's not documented.Thoughts?#Fediverse #Fedi #ActivityPub #Mastodon
(DIR) Post #AixKBCf7ilm8zlf2nI by stefan@stefanbohacek.online
2024-06-15T15:29:15Z
0 likes, 1 repeats
@BeAware Adding a thought from the other day: https://stefanbohacek.online/@stefan/112604352640135688Yes, I'm aware of the pitfalls of looking for technological solutions to deeper social/societal problems, but maybe something like this would help?
(DIR) Post #AixKFrMgKdk6OGFtfk by cdp1337@social.veraciousnetwork.com
2024-06-15T15:30:05Z
0 likes, 1 repeats
@BeAware "How can the fediverse be more private"...Hang on, let us exchange GPG public keys before we proceed. ;)
(DIR) Post #AixKvQgduVuxoQPj3w by BeAware@social.beaware.live
2024-06-15T15:37:37Z
0 likes, 0 repeats
@stefan that'd be pretty good. Make robots.txt configurable for every user. It can already be limited by path.
(DIR) Post #AixL10S4MfqcBQFyNs by BeAware@social.beaware.live
2024-06-15T15:38:35Z
0 likes, 0 repeats
@panda but they won't want to move. Just like they don't want to set their posts to "followers only"š¬
(DIR) Post #AixLarWX2JHiv0RQTA by BeAware@social.beaware.live
2024-06-15T15:45:05Z
0 likes, 0 repeats
@panda I wish everyone else would realize this.However, that will never happen. So I can only assume we'll be seeing some changes to how things are done soon enough.I just hope it doesn't kill discovery.
(DIR) Post #AixMUdLmv3NFB40foW by BeAware@social.beaware.live
2024-06-15T15:55:09Z
0 likes, 0 repeats
@RxBrad the last sentence resonates SO hard with how I feel...There's better platforms for privacy than any kind of social media platform.I do like the idea of robots.txt being configurable for every profile. That would fix a ton of the issues people have. However, I have no clue how they would get that done. I don't think it'd be possible honestly, but it's a good idea.
(DIR) Post #AixNmYZFXZJfVhPtDs by DarrenNevares@mas.to
2024-06-15T16:09:34Z
0 likes, 1 repeats
@BeAware If I wanted more privacy I probably wouldn't be on social media or even reveal too much about myself in the first place. š¤·
(DIR) Post #AixPbTjFOGBXE4wEHw by Larvitz@burningboard.net
2024-06-15T16:22:26Z
0 likes, 1 repeats
@cdp1337 @BeAware-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512Well, that sounds like a good idea :)-----BEGIN PGP SIGNATURE-----iHUEARYKAB0WIQRyIN0gFN9zYWzDHVl/t9Q2Af9hYQUCZm2/sgAKCRB/t9Q2Af9hYUUEAP9HLcjmxZcCf+uqAfRHCTF+Pwb+VkmDyWeEG8kqdP0RWQD9Gc+Paqoy+l+DV9CS89guNju+q3iCId5TnNh7U9gbVw8==7b54-----END PGP SIGNATURE-----
(DIR) Post #AixXg0XCA2oHlKyISm by volkris@qoto.org
2024-06-15T18:00:27Z
0 likes, 0 repeats
@BeAware this is an ax I grind because people need to be aware:NO, there is no way to make your posts private so that thereās no way for anyone to see them without your permission.Anyone posting to Fediverse need to be aware that by virtue of how this thing is engineered, there is absolutely no guarantee of such privacy.A lot of people are posting things they think are private when theyāre not, and I find that hugely problematic.
(DIR) Post #AixYwwGlN5axPavHJA by BeAware@social.beaware.live
2024-06-15T18:14:46Z
0 likes, 0 repeats
@volkris Well, safe from the scrapers is what I mean. That's what people are worried about mostly.
(DIR) Post #Aixa59FB7HntvEeyga by BeAware@social.beaware.live
2024-06-15T18:27:24Z
0 likes, 0 repeats
@volkris I've edited the post to clarify that distinction .
(DIR) Post #AixaNcxPNiWTHz9y5o by volkris@qoto.org
2024-06-15T18:30:42Z
0 likes, 0 repeats
@BeAware but itās not though!Scrapers are very much able to scrape your content, and everybody needs to be aware of that as they post on here.People are posting content here left and right and saying they love to do it because itās safe from the big corporations or whatever, and I would be absolutely amazed if those exact businesses arenāt having a field day vacuuming it all up.This is why itās so important to me to spread the word about how insecure this platform is, for better or worse. There are trade-offs, and Iām comfortable with them, but thereās a lot of people who donāt know the risks theyāre taking here.
(DIR) Post #AixaYg36E75e405gZ6 by BeAware@social.beaware.live
2024-06-15T18:32:46Z
0 likes, 0 repeats
@volkris but there's a *way* to do that if you just make your posts Followers only. That's what I was getting at. Your preaching to THE choir. I don't know anyone else who talks about this stuff more than me, as I'm sure you've seen in the past. I sure know how it all works.š¤·āāļø
(DIR) Post #AixamvlGba5CqgXvV2 by volkris@qoto.org
2024-06-15T18:35:14Z
0 likes, 1 repeats
@BeAware again, thatās not how this platform works.Behind the scenes, it doesnāt matter if you make your posts followers only or not, the way this platform is engineered behind the scenes, the content goes to people who arenāt followers.Maybe it will only be shown to followers. Or maybe not. You have no way to know. Thatās just how this platform is programmed.Again to be clear what Iām saying is, you need to be aware that if you make your posts followers only, they will still be subject to going to people who arenāt followers.This is a design choice that the programmers made, that I disagree with, but you need to know that it is happening.
(DIR) Post #Aixazl8pOwIxfygT68 by BeAware@social.beaware.live
2024-06-15T18:37:41Z
0 likes, 0 repeats
@volkris I've never seen it happening, but if it is, it definitely needs to be known. Can I see verifiable proof of this happening?If so, I'll definitely call it out.
(DIR) Post #AixcKgzk74K8qpyopE by volkris@qoto.org
2024-06-15T18:52:39Z
0 likes, 1 repeats
@BeAwareItās all in the ActivityPub protocol that Iāll link below. If you read it, itās strikingly clear that there is no actual guarantee that your permissions will be honored. In fact, the standard uses the term āSHOULDā quite a lot when leaving servers free to ignore your privacy notation.Are you familiar with the FRS radios? They had a feature called privacy codes, where a group of people would set the same code to communicate. BUT, really all of the comms were all on the same channel, but the codes simply filtered out what one wanted to hear.So they provided no actual privacy, just the illusion of it.Same thing here, unfortunately. The ActivityPub protocol is largely a broadcast protocol, sending content into the cloud with only suggestions as to who should see it.You can believe that every link in the chain will behave and respect your wishes, but a scraper is free to ignore them and do what they want even if your post is marked private.https://www.w3.org/TR/activitypub/#outboxhttps://en.wikipedia.org/wiki/Family_Radio_Service
(DIR) Post #Aixdhjd2aQHxdOue12 by BeAware@social.beaware.live
2024-06-15T19:08:01Z
0 likes, 0 repeats
@volkris Sure, but has it actually happened?What *could* happen if things go awry vs what actually happens are different.
(DIR) Post #AixsTZWcqw1nYccIKm by cdp1337@social.veraciousnetwork.com
2024-06-15T21:52:28Z
0 likes, 0 repeats
@Larvitz @BeAware -----BEGIN PGP MESSAGE-----hQIMAz/xeSfb2GPLARAAvok7PE5LzLgQKS4bFdRyVbrpYikRuygzb4X8qPUvJfOxpKvHf1ltGbrzmhHznosIwVyZdU9TGJlB8q83H/SofS8EcABeSTfTObhbYCGjIVle73iPcoa46xq+IYLP5Gh6lkAjyBUUUSCJz9+p+O7rE/bcthuyUYgKm9pEXXj9+jWgyaIk4HHcoLkmbdJPea5wtRV0GJHxKxerCwmOYbLn8qJAwWRPX2uHEfI/L5ufm8aUDBQFKsBcPCrr0l/5mCSA7CoRc40gyjvg+X69lVMHmF6NalAsTaEBN8yLl6qCidGHTgT/YxeQhAfnq5a06ve6ssqa9hBnR3tBhOcEOFr/XceKmlBJT/Yo0yRzeYzO+6FW/hxFeWD8KCL6A2l9Ww15ovGVLYEzyKO+li2ESghlrt84i3BFPo3xFDkgovjzlFi61PT5m09LBcxpTC9bpnEwvoTAK/77IsdK5XbiAMGs5kvFqpNWiAGjHtnEp0hGBRdKEVw6zBxb3VY1JlDowGLwgYVmmOsg91D9kN4KH9ZyDQ1VYF4Xu6BVfXlAkdfhDmOKeRpp5hnUcjQL3M9jHLfL559ZvaYIYMFYu0OWn+eWta5AEIbf8l9Tw/Hj99fCu3wDWyNpsCa2UuQH6ezMpmKJnPu3o7gB5Lhz6Ak1N4DWy9wUO6MxvbLq17BdHCQYLhPSfQGq5H/vjkDc0mdUnSu8N5fmjAAjxYlcIu6A/vyDP1vrlVMtMVqZeDrhfcFKm+tkAz8BBWHXuZR7Van5xi1gu4ILB1hmLb8jmvKAtqAlKsSn072mT20uRgKo/spwQrLjGjhFuG0T66XlvdNkNKXQhhSUkI81vq7KTu8cDVI/=/NT0-----END PGP MESSAGE-----
(DIR) Post #AixsTbgGq2voF791e4 by BeAware@social.beaware.live
2024-06-15T21:53:33Z
0 likes, 0 repeats
@cdp1337 @Larvitz tbh, I'm dumb as hell and don't know how PGP signing works....š³š
(DIR) Post #AixtJo2q79l7eCak5o by cdp1337@social.veraciousnetwork.com
2024-06-15T22:02:56Z
0 likes, 0 repeats
@BeAware @Larvitz In short, each key is in 2 parts; the public and the private.I (as a third party), can take your public key and use it to encrypt a message that only the matching private key can reveal.You can also use multiple public keys to encrypt a message, so you can chat with multiple recipients at once.Signing works on a similar premise, where you can sign a plain text message with your private key, and me (again as a third party), can use your public key to verify the plain text message was not altered.The main unfortunate part is access to the private key; email clients like Thunderbird support it natively and transparently, (sending/receiving encrypted messages "just works"), but Mastodon being a web application, doesn't have access to your private key, so a desktop app would be required (or a browser plugin would be needed).
(DIR) Post #AixtvWAT1r3jCu8qZs by BeAware@social.beaware.live
2024-06-15T22:09:46Z
0 likes, 0 repeats
@cdp1337 @Larvitz ahh. I see.Unfortunately, with my ADHD, I feel like I might get confused on which key goes where and who's key is whose. If that makes sense. I'd have to use it with an app that allows me to just see names or usernames and the like...
(DIR) Post #AixvUeUCC50V5xgdOK by cdp1337@social.veraciousnetwork.com
2024-06-15T22:27:18Z
0 likes, 1 repeats
@BeAware @Larvitz Oh yeah, when I encrypted that message to Larvitz, I just entered their email as the recipient.Unfortunately I'm not aware of any desktop clients for Mastodon which have native support for this, but that would be an amazing feature for one!
(DIR) Post #AiynrIkYZMLxroaXaa by Larvitz@burningboard.net
2024-06-16T08:36:18Z
0 likes, 0 repeats
@BeAware @cdp1337 I couldnāt even export my private key accidentally, even if I wanted. It was generated and lives on an OpenPGP Smartcard and cannot be exported from there (by design!). To decrypt the message @cdp1337 wrote me, I had to insert the card and enter its pin in order to let the smartcard decrypt the message. Of course, GPG keys can also be stored on the computer within files and nowadays there are USB based solutions like the Yubikey and the Nitrokey, which implemented the same protocol but I still use my old GPG cards. (My primary use-case is that I use them for SSH Public Key authentication to my servers and to sign rpm packages for software, I built)
(DIR) Post #AizJpp7YRPHmDYgVSC by volkris@qoto.org
2024-06-16T14:34:47Z
0 likes, 1 repeats
@BeAware how about putting it this way: we here ARE broadcasting content that companies are free to use, and so many of us donāt know weāre doing that.Do companies use it? Well I imagine so, and it might be largely undetectable. As Fediverse grows it seems like a goldmine for training AIs, collecting marketing stats, etc, all without encumbrances of TOS agreements.But sure, youāre asking what has actually happened, and whatās actually happened is that all of these users are making content available to companies. That partās true.And my personal focus is that itās being done without the consent or knowledge of so many users here.
(DIR) Post #AizKDXoyPdStVuIwDY by BeAware@social.beaware.live
2024-06-16T14:39:04Z
0 likes, 0 repeats
@volkris that's exactly what I said in my OP. š