If you’re a developer working on a fediverse app or service and want to get it right – or just don’t want to be the center of the next firestorm – here are a few suggestions.

  • ericjmorey
    link
    fedilink
    English
    arrow-up
    5
    ·
    7 months ago

    They all seem reasonable suggestions:

    • Consent matters, even for public posts
    • Get broad feedback before launching – and listen to it
    • Honor existing opt-in and opt-out mechanisms
    • Include an additional opt-in mechanism for your service if it’s not just a search engine or profile discovery (or something very close to them)
    • Make sure to communicate that you’re taking an opt-in approach and honoring existing mechanisms
    • DON’T say the things that developers who ignore consent typically say
    • Be extra careful if you’re a cis guy
    • Look at opt-in as an opportunity for a potential competitive advantage

    I’m conflicted over the fact that using ActivitiyPub necessarily implies consent for other people to collect the data you send through it. It seems that many people using ActivitiyPub connected services want something different than ActivitiyPub or different default settings on many ActivityPub services.

    • The Nexus of Privacy@lemmy.blahaj.zoneOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      Thanks, glad you think they’re reasonable. I don’t see it as using ActivitiyPub implying consent; it’s more that ActivityPub doesn’t provide any mechanisms to enforce consent. So mechanisms like domain blocking, “authorized fetch”, and local-only posts are all built on top of ActivityPub. I agree that many people want something different than ActivityPub currently provides, it’ll be interesting to see how much the protocol evolves, how far people can go with the approach of building on top of the protocol, or whether there’s shift over time to a different protocol which has more to say about safety, security, privacy, and consent.

    • GlitterInfection@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      7 months ago

      That’s similar to the “you’re being inconsistent” thing that the article says not to say, kind of.

      Consent isn’t really built into ActivityPub and it’s inherently the opposite of how I understand it to work (copying your content all over the place regardless of your desires).

      But their argument is kind of reasonable.

      Who cares?

      We can change ActivityPub, but we couldn’t change Twitter. People were tolerating worse just for the sake of having a community before they moved to the fediverse. They had no say before and they’re asking for better from it now that they can have their voices heard at all.

      • ericjmorey
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        7 months ago

        Consent isn’t really built into ActivityPub and it’s inherently the opposite of how I understand it to work (copying your content all over the place regardless of your desires).

        ActivityPub is a means of sharing information in a way that the information can easily be collected and reshared. By using it, you should expect that people will collect and reshare information you send via the ActivityPub protocol.

        • GlitterInfection@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          7 months ago

          The article addresses this directly in the section on things to not say, though:

          ActivityPub does indeed  “makes assumptions that are fundamentally opposed to the kinds of protections that people seem to be seeking.” But in a discussion about whether or not to get consent, even the ones that are true the miss the point – just because ActivityPub leaves open possibilities for you to do something without getting consent, that’s not the only option.

          • ericjmorey
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            1
            ·
            7 months ago

            That addressing is insufficient because it begs the question of consent being withheld. But the consent is implicitly given by the sending of information via the protocol, otherwise a service like Mastodon can’t exist. The question of asking for consent after it is given is the part that I’m conflicted about.

            • GlitterInfection@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              2
              ·
              edit-2
              7 months ago

              Read the article, I didn’t write it.

              “Implicit consent” is another one they call out directly.

              • ericjmorey
                link
                fedilink
                English
                arrow-up
                4
                arrow-down
                1
                ·
                7 months ago

                I did. I’m sharing my thoughts about it. Some of those thoughts are that it seems to make assumptions that don’t hold.

                • GlitterInfection@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  1
                  ·
                  edit-2
                  7 months ago

                  DON’T say the things that developers who ignore consent typically say

                  That’s likely to increase the pushback.  If that’s your goal, great, go for it!  If not, though, it’s best to avoid stuff like this.

                  • “Posting publicly gives implied consent to use the data”

                  I don’t inherently agree with the article’s ask, but you’ve literally only proven its point by stating, verbatim, one of their “please stop making us retread these tired arguments over and over” points.

                  OP links to a Mastodon thread from a user who breaks down the technical limitations of ActivityPub and proposes how the situation can be improved. Maybe read that.

                  Also, if you think that these are reasonable suggestions, then perhaps ignoring them directly isn’t the best way to engage with this article?

                  • ericjmorey
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    arrow-down
                    1
                    ·
                    7 months ago

                    I’m not here to score points. I’m expressing my thoughts and reservations about the article. I’m not even taking much of a position on what developers should do. It’s more of an exploration of the landscape.

                    Unfortunately, skipping past a legitimate point doesn’t address the point which remains unresolved. It’s a nice rhetorical trick though. I’d rather discuss the point. (Even though others have had discussions, that doesn’t help me understand and learn.) There’s no urgency for me to reach a conclusion, so a bit of rehashing of “tired” perspectives isn’t offensive to me.

                    Reasonable doesn’t always mean appropriate or best for the situation. It doesn’t always lead to good or better outcomes. Shutting down and dismissing legitimate concerns is not a good way to build a consensus and and will often lead to adverse outcomes. It is ironic that this person’s approach is making the same mistakes they are trying to warn against.

                    There’s a clear conflict that literally can’t be ignored. It must be considered by all participants, else those participants will be unexpectedly unsatisfied with the outcomes.