Post Aj8OENX9DoXKUpPHyC by JaneinNJ@newsie.social
(DIR) More posts by JaneinNJ@newsie.social
(DIR) Post #AiqxzmEv5YSilDSy00 by liaizon@social.wake.st
2024-06-12T11:37:40Z
1 likes, 3 repeats
Discovered this morning that Maven https://heymaven.com (a social media startup who's CEO is ex OpenAI "Ken Stanley: leading the Open-Endedness Team at OpenAI") is mass importing public posts from the #fediverse with no links back to the original and no way to delete them. It seems there is no Opt-out or Opt-in mechanism at all. It also has posts from #Bluesky pulled in via @bsky.brid.gy that are also not linked back to the original.Here's an example: https://app.heymaven.com/profile/66927
(DIR) Post #AiqxznfXm3LxC4vk8W by liaizon@social.wake.st
2024-06-12T13:30:47Z
1 likes, 2 repeats
1.12 million fediverse posts scraped by AI startup Maven founded by ex OpenAI lead...confirmation by Maven CTO Jimmy Secretan https://app.heymaven.com/discover/1190743
(DIR) Post #Aiqxzp1YjgYdOeEq5g by liaizon@social.wake.st
2024-06-12T11:41:53Z
0 likes, 0 repeats
Thanks to @emsquared for posting about it under the #ActivityPub hashtag which is how I discovered it...
(DIR) Post #AiqxzsFqj0lrPpwnHU by liaizon@social.wake.st
2024-06-12T12:33:10Z
0 likes, 0 repeats
"We experimented for a bit with uploading some high quality resources that could help spark discussion but we decided to stop that for now. The article is 3 years old but maven the platform is only a few months old :)" -COO Blas Moros
(DIR) Post #Air11cyIokc6SSGebg by feld@bikeshed.party
2024-06-12T14:25:39.578344Z
1 likes, 0 repeats
@liaizon stop posting publicly and this won't happen
(DIR) Post #Air1mRzPSzPY0Y71s0 by liaizon@social.wake.st
2024-06-12T14:33:07Z
0 likes, 0 repeats
@feld this is a lame reply feld. you are better then that.
(DIR) Post #Air1mTCYxZWhldH30i by feld@bikeshed.party
2024-06-12T14:34:22.523538Z
2 likes, 0 repeats
@liaizon i'm just going to copy/paste my other post. There is no possible technical solution to this:--When you post publicly you're consenting to strangers, weirdos, perverts, nazis, child molesters, search engines, AI startups, and your arch enemies being able to view your posts.If you are that paranoid perhaps you should take a moment to reflect on whether or not your posts are so important that everyone and every machine on the planet should be able to read it.
(DIR) Post #AirDk2LsBLaOWeYmaO by djsundog@toot-lab.reclaim.technology
2024-06-12T15:20:48Z
0 likes, 0 repeats
@witchy @liaizon @t54r4n1 so now that Jimmy jumped in thread and I had a quick look at his masto.soc profile, it looks like they are indeed implementing activitypub - https://mastodon.social/@jsecretan/with_replies - so, defederating from maven.ly should help; looks like they're currently using staging.maven.ly (see test account https://staging.maven.ly/mastodon/actor/1 )but blocking the TLD is deffo the move imho #fediblock
(DIR) Post #AirDk3ehKqEqZKNKZE by radicalrobit@laserdisc.party
2024-06-12T16:47:49Z
0 likes, 0 repeats
@djsundog Pinging admin @derek for this
(DIR) Post #AirDk4ZludtNQL4uWm by derek@laserdisc.party
2024-06-12T16:48:39Z
0 likes, 0 repeats
@radicalrobit @djsundog on it
(DIR) Post #AirDoj9WzVcYQe1XFY by radicalrobit@laserdisc.party
2024-06-12T16:49:43Z
0 likes, 0 repeats
@derek That's why you're the best :fingerguns:
(DIR) Post #AisMnYsKoHkV0gSWnY by p
2024-06-13T06:05:06.441597Z
6 likes, 0 repeats
@liaizon :brain0: Enjoy being scraped.:brain1: Complain that the startup is scraping your posts.:brain2: Employ technical countermeasures to prevent startups from scraping.:brain3: Ensure that your instance is not remotely "advertiser-friendly".all_the_misinformation.pngmcmurder-again.jpgpedobear-vs.-sadako.jpgpizzabath.jpg
(DIR) Post #AisPSFQkD7sQU35Aw4 by aral@mastodon.ar.al
2024-06-13T06:34:18Z
0 likes, 0 repeats
@webhat @liaizon @bsky.brid.gy Yep
(DIR) Post #AiuXA9Pl1jMwYwQFVo by liaizon@social.wake.st
2024-06-12T15:32:55Z
0 likes, 0 repeats
UPDATE: Looks like its a bit more complex (isn't it always)So the CTO is here at @jsecretan and has clarified that they are in the process of implementing bidirectional #ActivityPub, but in the meantime ingested the "federated timeline" of Mastodon.social You can look at their AP response here: https://staging.maven.ly/mastodon/actor/1 though it doesn't seem to be live on their main domain.
(DIR) Post #AiuXAAE60ZdR53yRyS by liaizon@social.wake.st
2024-06-12T19:16:58Z
0 likes, 1 repeats
UPDATE 2: so it looks like @jsecretan is deleting the entire 1.12 million scraped posts off of Maven after this thread blew up. So cool I guess? But also sorta totally comes off as "whoopsies" we had no idea what would happen if you scrape millions of posts with no link back to the original. I hope to see an official post mortum on this incident from Maven
(DIR) Post #AiuXAFMmtgYh1T4xiS by liaizon@social.wake.st
2024-06-12T21:04:39Z
0 likes, 0 repeats
UPDATE 3: CTO Jimmy (@jsecretan) says "We have paused everything related to our Fediverse ingestion for now and we are removing everything ingested. To be honest, the extreme negative reaction was a surprise to me, as I thought interaction between disparate systems was the entire point, but clearly we didn't navigate the culture correctly." - https://app.heymaven.com/discover/1190898And @deadsuperhero wrote an article mostly from this thread for @wedistribute.org now live at https://wedistribute.org/2024/06/maven-mastodon-posts/
(DIR) Post #Aj8NR8hXZzoKIxmyo4 by liaizon@social.wake.st
2024-06-12T16:34:29Z
0 likes, 0 repeats
@nev @james @djsundog @witchy @t54r4n1 yeah we definitely need many issues opened in there..
(DIR) Post #Aj8NR9idnOHjSfJNA0 by frogzone@wizard.casa
2024-06-20T23:26:58.266823Z
0 likes, 0 repeats
@liaizon @james @djsundog @nev @t54r4n1 @witchy its hosted on scamazon, cloudflare and mircosoftgithub, not a surprise giventhe first hashtags in their list (-_-)posting tickets in msgithub would require sacrificing anonymity.... how about just blocking the brands of fascism....?? #firewall
(DIR) Post #Aj8OENX9DoXKUpPHyC by JaneinNJ@newsie.social
2024-06-12T17:52:22Z
0 likes, 0 repeats
@liaizon @bsky.brid.gy This sounds bad but as a non-technical person, I don’t understand much of it. Questions:1. Is it likely that everyone here has had data scraped? 2. Can we protect ourselves?3. If so, how?I am sure there are more questions but these come to mind immediately.Thanks.
(DIR) Post #Aj8OEOsSE5AqfCNooq by liaizon@social.wake.st
2024-06-12T18:03:33Z
0 likes, 0 repeats
@JaneinNJ @bsky.brid.gy they have been pulling everything from the public feed on mastodon.social. as an individual there isn't really anything you can do except complain to them
(DIR) Post #Aj8OEPnsmZ6xXJFgKe by JaneinNJ@newsie.social
2024-06-12T18:26:54Z
0 likes, 0 repeats
@liaizon @bsky.brid.gy Thanks. How to complain?
(DIR) Post #Aj8OEQbVo2oI1ETJgm by liaizon@social.wake.st
2024-06-12T18:32:41Z
0 likes, 0 repeats
@JaneinNJ probably here is the best place to make a noise https://github.com/jsecretan/maven-public/issues/
(DIR) Post #Aj8OERKt5L6eHxhYPo by JaneinNJ@newsie.social
2024-06-12T18:50:01Z
0 likes, 0 repeats
@liaizon Do I have to be a Github member? Not interested in giving even more people my info…
(DIR) Post #Aj8OES14YUqmOnRFAW by frogzone@wizard.casa
2024-06-20T23:36:29.759065Z
0 likes, 0 repeats
@JaneinNJ i hate to brek it to u but newsie is a cloudflare server so unless you move, you a basically under a constant mitm attack while using fedi....your data is going into their machine learning system, to "protect the internet" or whatever garbage they claim while they hoover up the internet.
(DIR) Post #Aj8SbuPRYYR6w4HLkG by frogzone@wizard.casa
2024-06-21T00:25:35.806864Z
0 likes, 0 repeats
@p the importance of using fediverse in an anonymous way, possibly separating different aspects of ur life into different accounts, and assuming your public posts will be public are all pretty good ideas....i'd say also this is a timely reminder that scamazon, ms, cloudflare etc are plain evil and should be firewalled as a matter of basic respect for the human condition.
(DIR) Post #Aj8cnPp46NxV5aO9yq by p
2024-06-21T02:19:44.535077Z
7 likes, 2 repeats
@frogzone > the importance of using fediverse in an anonymous wayIt kind of relies on non-anonymous admins right now. Even the ones that are kind of anonymous, like the Epik leaks got a lot of people on fedi.> possibly separating different aspects of ur life into different accounts,I don't think that's a good idea, like I don't think it's healthy, but some people like to do it that way.> assuming your public posts will be publicAssume they all are subject to being made public. Three men can keep a secret if two of them are dead; machines are terrible at keeping secrets.
(DIR) Post #Aj8n5DaTKYddtbgsJk by SilverDeth
2024-06-21T04:15:00.591036Z
3 likes, 0 repeats
@p @frogzone My general policy is, "Don't say/write anything you would not be comfortable having read to you in court."But I have a very high tolerance for what I can tolerate being read by a prosecutor, and a life situation that renders me immune to "career-life-ruin."So for the love of God don't emulate me. Some of you actually have some things you can lose.
(DIR) Post #Aj8uWqEQSW6JFOUu2q by p
2024-06-21T05:38:26.235760Z
4 likes, 1 repeats
@SilverDeth @frogzone > "Don't say/write anything you would not be comfortable having read to you in court."Yep, I've heard that one.I mean, ultimately, you lose control of data once the data leaves your computer. Privacy's a matter of politeness.
(DIR) Post #AjADy8VUpPwi1505Vw by StarProphet
2024-06-21T20:50:58.609487Z
2 likes, 0 repeats
@p @frogzone I wonder if an admin can keep a server in a physical location under his direct physical control (ie. in one of his real estate properties), or rent a spot on an off shore data center by paying the operating costs in XMR crypto?
(DIR) Post #AjAEPHGdUtUZaZ4jfE by p
2024-06-21T20:55:52.921870Z
1 likes, 1 repeats
@StarProphet @frogzone That's possible, but then you still need a domain name.
(DIR) Post #AjAG38DoeCUz4XK9Vg by phnt@fluffytail.org
2024-06-21T21:14:14.112361Z
2 likes, 1 repeats
@p @StarProphet @frogzone An anonymous LLC can do that. It won't protect the owner from the state and law enforcement, because that's almost impossible, but it will keep the admin almost anonymous to attempted doxxing from WHOIS info, which currently has to be accurate (thanks ICANN[1]). Under an anonymous LLC a law enforcement agent would have to be social-engineered twice. Once to get the WHOIS info and second time to reveal the owner of the LLC since the information isn't public at all. This makes it less a likely target and the attacker would probably try to do something different with a higher chance of success.Other option is njalla, which suspends domains based on political views regularly.[1] WHOIS is supposed to be replaced with a more privacy respecting replacement. The sunset date for gTLDs is 2025-01-28.
(DIR) Post #AjAH6c0kRqQWHiR2oK by p
2024-06-21T21:26:07.424203Z
3 likes, 1 repeats
@phnt @StarProphet @frogzone > An anonymous LLCThis is why most startups are registered in Delaware. You can't actually raise a Series A unless you do that.> attempted doxxing from WHOIS info,Most registrars offer the proxy option, but you have to pay for the domain to begin with.> WHOIS is supposed to be replaced with a more privacy respecting replacement.I don't like. I think whois is fine.
(DIR) Post #AjGPuzgEgaVWkp8RKC by frogzone@wizard.casa
2024-06-24T20:33:07.504015Z
1 likes, 0 repeats
@p @phnt @StarProphet the whole legacy internet is dumb because it not only depends on name registries but certificate authorities, mix networks like i2p will eventually be the norm.on a related note has anyone noticed the shadowwiki is down but only on legacy web.... its onion and i2p sites are still kicking, wonder why? can't have ppl getting educated now can we?
(DIR) Post #AjHIrya9o5b5xVrjqC by p
2024-06-25T06:48:52.072244Z
3 likes, 0 repeats
@frogzone @phnt @StarProphet > the whole legacy internet is dumb because it not only depends on name registries but certificate authorities,Well, the *web*. If by "legacy" you just mean "old-ish", those things aren't built into the fabric. You don't need a central certificate authority for sshd, but this is because sshd is designed with the expectation that people using it know what they are doing, and the people involved in creating browsers expect that the users are stupid.> mix networks like i2p will eventually be the norm.I'm not so certain. You need conventional routing to have an overlay network, so conventional routing isn't going to be displaced by that sort of system. Do you need i2p or Tor, though?I mean, they exist to remove some of the centralization around where the data comes from. But what does it matter where you get the data? Sometimes you care about a machine in a place, but it's an exception. Look at bittorrent: a block comes in. Is it the right block? How do you even know? Or look at email: anyone can say they're anyone from anywhere, and you probably care about that, so you solve that with cryptographic signatures and if you care that it might be read along the way, you solve that with encryption. Look at Bitcoin, you've got both: it doesn't matter where the transaction data came from, any of the peers are fine, and it's got a signature so it's valid, and the DAG ensures consistency of the historical record.> anyone noticed the shadowwiki is downHad not noticed.