Adding on to the "DM", it should be noted that they are not, in fact, "Direct Messages". Instead, they are essentially regular posts that are visible and federated only to mentioned accounts, and thus if you make a post talking _about_ someone else, if you use their username, they will be alerted and be able to read that message. The natural solution to all of this is to use a different protocol than ActivityPub for chats and direct messages - XMPP with e.g. OMEMO would be the natural choice for end-to-end encryption - though this would then need to be incorporated and interoperated with somehow in both UIs (apps, web frontends) and on the protocol level. I think either Cohost or Counter.social is doing this, but I think without activating federation (and I'm unsure if they're running E2EE on their XMPP chats) I think a contributing reason why ActivityPub has left privacy/security aside to the extent it has is that it was very much a replacement for OStatus, which didn't have any notion of privacy at all. The more nuanced take of ActivityPub was already back then criticised for implying more privacy than it provided (specifically contra admins on all servers a post is federated to), but I'd say it has been working surprisingly (to me) well at least up until now. It'll be interesting to see when/if admins that are not only malicious to users on _other_ servers, but also _their own_ show up. I have a lot more thoughts, having hung around on the fediverse for well over a decade at this point, but I'll keep it "short" this time. All the best, and hi list! /P On 10 November, 2022 - Robert W Gehl via Air-L wrote:
Hi, Emma --
One of the major critiques of the development of ActivityPub (the protocol underlying Mastodon, Pixelfed, PeerTube, etc) is that the developers did not pay enough attention to security and privacy questions. Those concerns were bracketed off. For example, in terms of connections between servers, the developers assumed that other projects, like SSL, would solve any security issues. Encryption in general was bracketed off as out of scope for the ActivityPub project. (To be fair, they had a lot on their plates).
So, as a result, there are some definite privacy issues. DMs between two members are not end-to-end encrypted. An instance admin has a great deal of insight into the network, from member profiles to who is talking to whom.
There are people working on solutions to these problems. Indeed, one of the key developers, Christine Lemmer-Webber, recognized the problem of encrypting DMs back in 2017: https://github.com/w3c/activitypub/issues/225 and has proposed some solutions in the time since.
But currently, DMs are not encrypted.
The key issue, as always, is trust. Admins have to foster trust among their members by being good actors. But we also know from hard experience that admins can break trust. So, Emma, your questions are BIG ones and need to be pressed.
Note that much of what I am saying is true of the corporate model, however. Twitter doesn't encrypt DMs. Yes, FB might have end-to-end encryption -- but of course, you have to trust that they haven't been compelled by a powerful state to have a backdoor. (And this is a company that holds a patent on an automated system to turn user data over to law enforcement).
- Rob
On 11/9/22 21:13, Dr. Emma Briant via Air-L wrote:
I’ll be honest, I’m a little worried about the privacy and security issue of using these services. I did see Wolfie Christl (who I trust) share two such sites and say he trusts the people behind them ( https://mastodon.social/@wchr/109299350293033545), but he also doesn’t seem to have used them himself as his Mastodon follower count doesn’t seem high like his Twitter. May I ask the community here whether anyone has concerns? Many thanks, Emma
On Wed, 9 Nov 2022 at 16:07, Sarah Ann Oates via Air-L < air-l@listserv.aoir.org> wrote:
This app to help migrate from Twitter to Mastodon was recommended by a colleague today; I have yet to try it but looks promising:
https://pruvisto.org/debirdify/
Sarah
Sarah Oates Pronoun: she/her
Professor and Senior Scholar Philip Merrill College of Journalism Distinguished Scholar-Teacher University of Maryland College Park, MD 20742 Email: soates@umd.edu Phone: 301 455 2332 www.media-politics.com Twitter: @media_politics
*Support the UMD Student Crisis Fund <https://giving.umd.edu/giving/showPage.php?name=crisis-funding> today. *
On Tue, Nov 8, 2022 at 10:22 AM Steph Kent via Air-L < air-l@listserv.aoir.org> wrote:
Hi all,
Following the Twitter|Mastodon threads with critical interest. I appreciate the invitation from Michael Ruigrok to members of this group to bring your sophisticated knowledge and experience to the improvement of federated, communal social networks. I'm always interested in access, thinking about outlier groups such as the Deaf, for whom text is frequently not a sufficient accommodation (despite the convenience of this belief for h/Hearing people). *That said, Deaf academics on Twitter are formidable!
I'm glad of the resources from Meryl, Joly and Fred Fuchs too, as I'm at the edge of my learning curve learning how to navigate Mastodon.
Wanted to share this political, antiracist perspective from Tim Wise, who argues that it's mainly white liberals who are concerned with 'fleeing' the new Twitter <
https://timjwise.medium.com/fleeing-twitter-the-twexodus-is-about-white-libe...
, suggesting this is evidence of the pervasiveness of white fragility -- even among progressives.
best regards, steph
On Tue, Nov 8, 2022 at 1:30 AM Fred Fuchs via Air-L < air-l@listserv.aoir.org> wrote:
Here's a TechRadar article on Mastodon.
https://www.techradar.com/news/mastodon-is-a-great-twitter-alternative-but-i...
Fred
--
Fred Fuchs - Founder, CEO, & Producer FireSabre Consulting LLC
---
On 11/7/2022 8:26 AM, Fred Fuchs wrote:
On 11/7/2022 6:51 AM, Richard Forno via Air-L wrote: > I have a hard time *relying* on a communications platform > run by a company now fully engaged in the proverbial > "move fast, break things" mentality based on whatever > singular whims or rage cycle its owner is in at the time > a decision is made. To wit: They are now asking people > just fired to come back, b/c nobody knew they were > integral to the features Musk wanted to develop. (Were > it me, I'd say sure, but double my salary.) Sadly this is not uncommon during "regime changes" at Internet tech companies. The new leadership fires far more people than they should've, and then often has to hire some or even many back at a significant salary increase.
On top of that, some of those with good employment prospects may decide to seek better opportunities. So their possibly irreplaceable tech and business practices knowledge is lost forever.
Fred
---
On 11/7/2022 6:51 AM, Richard Forno via Air-L wrote: > It's not Musk's views per se that's driven me from > Twitter, but that's a major reason, sure. > > I have a hard time *relying* on a communications platform > run by a company now fully engaged in the proverbial > "move fast, break things" mentality based on whatever > singular whims or rage cycle its owner is in at the time > a decision is made. To wit: They are now asking people > just fired to come back, b/c nobody knew they were > integral to the features Musk wanted to develop. (Were it > me, I'd say sure, but double my salary.) He's also > reversed other polices and views that he preached -- he > was against permabans until Kathy Gifford parodied him > over the weekend, so she's banned. He's also said other > people not 'clearly identifying' as parody accounts would > be perma-banned. That's a far cry from his views about > how the company handled other perma-bans in recent > years. The entire company -- and platform -- now feels > rather unstable in many ways, and I feel sorry for the > many serfs still there who will endure such chaos .... > and it's only been a week! > > Heck, if I wanted to interact on a platform conducting a > perpetual beta test[1], I'd use something from Google. > > -- rick > > [1] either technical or managerial > >
The Air-L@listserv.aoir.org mailing list is provided by the Association of Internet Researchers http://aoir.org Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
Join the Association of Internet Researchers: http://www.aoir.org/
_______________________________________________ The Air-L@listserv.aoir.org mailing list is provided by the Association of Internet Researchers http://aoir.org Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
Join the Association of Internet Researchers: http://www.aoir.org/
_______________________________________________ The Air-L@listserv.aoir.org mailing list is provided by the Association of Internet Researchers http://aoir.org Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
Join the Association of Internet Researchers: http://www.aoir.org/
The Air-L@listserv.aoir.org mailing list is provided by the Association of Internet Researchers http://aoir.org Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
Join the Association of Internet Researchers: http://www.aoir.org/
-- Petter Ericson, pettter@cs.umu.se Postdoc in the Responsible AI group, Departement of Computing Science, University of Umeå