snarfed / bridgy-fed

🌉 A bridge between decentralized social network protocols
https://fed.brid.gy
Creative Commons Zero v1.0 Universal
634 stars 31 forks source link

Opt-out is a terrible default and should be reconsidered #835

Closed Mitsunee closed 6 months ago

Mitsunee commented 8 months ago

It should be pretty obvious that a decentralized network that many use specifically to not be connected to centralized networks houses mostly people who do not wish to have their posts bridged to Bluesky. While I am not a lawyer and therefore cannot give a concrete statement on this, sharing information such as profile descriptions, posts and media without express permission violates the Terms of Service of plenty of instances, as well as ethical boundaries around privacy and personal safety.

I believe that this bridge system should be opt-in, rather than opt-out - especially if your only immediate opt-out mechanism is adding something to a profile description that is by default limited to about 500 characters on Mastodon, one of the most common fedi instances, while also hoping that your system does not cache profile descriptions, thus entirely ignoring the hashtag for however long it takes to invalidate the cache.

TL;DR: Due to concerns about privacy and ethics I (and many other fedi users) would like for your system to be opt-in rather than opt-out. I also personally believe that a hashtag in a profile description is inadequate and insufficient as an opt-out mechanism.

Best Regards @mitsunee@ieji.de


Update: I've had a few discussions on this in the past 3 hours while this seemingly became the ticket for this issue. I guess my attempt of writing as neutral as possible is convincing enough for Github, but not for opensource as a whole, huh?

Anyways, here are some more bulletpoints I've collected during my discussions:

snarfed commented 8 months ago

I definitely hear you. It wasn't an easy call. I wrote up the result of conversations I had with a number of people in the fediverse moderation community, I'd love to hear any thoughts you have on that.

Also#nobridge in profile isn't the only way to opt out, I've been happily opting people out manually.

Mitsunee commented 8 months ago

having a developer manually opt-out people/instances is even more insufficient as a mechanism... since it's not even a mechanism at all.

I have posted my opinion on "profile hashtags" on fedi here: https://ieji.de/@mitsunee/111921117415410712

In short profile hashtags are a convention that only works if developers stick to standardized tags instead of adding more since profile descriptions have character limits. Profile hashtags are also not replicated in meta tags in the HTML head section of any fedi software's frontends.

wyatt8740 commented 8 months ago

I see evidence that some minority communities on mastodon, etc. instances are actively scared of this bridge.

By the way, those minorities include a couple I am in.

I think on account of the "tragedy of the commons" and related phenomena, places like bluesky are more likely to attract unwanted attention to current political football groups, like trans people, who have actively avoided bluesky up until now.

Perhaps in part because they are both weary of the venture capital backing and being exploited (again) by corporate America, and perhaps in part afraid that they'll be made more visible than they want to be. They've relied on the relative obscurity and slight clunkiness of mastodon/activitypub and the 'fediverse' to shield them somewhat from that.

A lot of people in these communities want to share things, but only within the mastodon/ infrastructure, and have not been anticipating that the things they've said or shared would become visible on a larger platform with higher awareness from the general public like bluesky, especially now that bluesky is no longer invite-only.

To be clear, I have a bluesky account as well as a couple of accounts on mastodon instances. I actually don't dislike bluesky as a whole. I personally would just much rather be able to separate the two more cleanly, so that I can continue to have frank and honest discussions with others on mastodon that I might not want the whole world to see. And to not let myself indirectly be roped from one into the other.

It's a similar reason to why I don't like IRC bridges to places like discord, which makes a public or semi-public record of stuff that would not be centrally logged on IRC. It defeats the reason I used IRC instead of discord in the first place.

I know this is new and exciting technology, and you want to be in the midst of it and share with the world. I think your goals are fine and good, in theory. But there are human beings out there with different use cases, wants, needs, or whatever that you can't predict.

I beg of you to please reconsider moving forward with this opt-out policy; I'm honestly a little afraid for a couple of people I love on account of this.

If people wanted to be more visible, they'd have asked for it and/or joined bluesky.

Even if they opt out, someone can follow a chain of replies on bluesky and end up finding them on the mastodon side of things. And these people are somewhat fragile, just trying their best to engage socially at all on the web is a little scary to them. I kind of expect they might withdraw deeper into their shells after all of both mine and others' efforts to bring them out of said shells.

Regarding legality, even if it is found to be legal, I will insist it is not moral or ethical for you to so confidently and unilaterally do something that could dramatically impact the lives of so many.

If you ever happened to read Cat's Cradle, I suggest you reflect on the point Kurt Vonnegut was trying to make with Dr. Felix Hoenikker's character. I'll spell it out: He's a scientist/engineer who just needs something to focus on/play with; he doesn't really care about the ramifications of his discoveries or how his creations are used by others.

Again, it's a neat project but you are toying with human lives and need to respect them. Make it off by default, and you'll be someone who's doing something really cool. Leave it on by default and you'll be hated.

TL;DR:

Opt-in, please. Not opt-out. A lot of vulnerable people might and probably will be hurt by this. And they did not ask for it. You are choosing for them.

You are putting yourself in a position of enormous responsibility, and to me it just screams of yet another "white cishet male somewhere in California" (sorry in advance if I guessed wrong) who thinks he knows what's best for everyone else, considers himself the sole arbiter of right and wrong, and is willing to exert his position of power over others for either money or his own ego. Someone who lacks the humility to admit they were acting rashly when it's pointed out to them, and to fully back down.

(edit) "somewhere on the spectrum" means "linked" or "unlinked." Those are your two choices. This is a boolean value. Not a float.

LMK if there's anything I'm totally wrong about here. And I'm sorry again if you aren't a white cishet male somewhere in california like I guessed. That's just the vibe I'm getting. LMK and I'll change this.

benaryorg commented 8 months ago

Let me make this simple:

All of these make it effectively illegal for you to run the service as-is. If "nobody would use the service if it was opt-in" then you have successfully written a service that nobody would use, congrats, you should've funded a start-up instead so you could at least make off with the VC.

Let me be clear: you are breaching the law by circumventing and violating ToS, knowingly, both of the services you scrape and those you post to, which means you are legally liable. If I have to take you to court for you to understand what "consent" means then so be it. Take the service down or make it opt-in. This is not a request.

Edit: consider the following scenario:

  1. I post original content that I have all rights to, I post it publicly, I post it with the express notice that redistribution of the content is not permitted as per the terms (the same as being able to link to a movie on Netflix but not being allowed to download and send it to someone)
  2. you cross-post that content
  3. I have legal means to pursue DMCA claims both with you (if you store the information) and Bluesky
  4. I will send DMCA requests to Bluesky
  5. you will get banned from Bluesky because you are literally costing them money as they have to pay people to do the moderation/support and Bluesky is a for-profit venture

Anything you do about this will only ever go one of two ways; you will personally be liable under DMCA, or you will be in violation of ToS due to circumvention of a ban (which itself is a crime in most countries, USA included). You are simply not legally allowed to do any of this without explicit consent based on the principle of human rights, but since US law makes it easier to sue you over copyright, and because people growing up under capitalism understand those terms better, I can sue you over copyright infringement any day of the week if this goes public.

actualaardvark commented 8 months ago

Aside from other valid points made here and elsewhere, making the bridge opt-out also damages user faith in Bluesky. If the concept behind Bluesky is a less hostile social media platform, then to forcefully grab content from other platforms seems like quite the contradiction. Subsequently, this reads as a cynical attempt to cash in on the existing popularity of other decentralized platforms. Your tagline "regulate people not code" applies here. The default should be to regulate the Bluesky community's access to other platforms, and allow them access later in good faith.

pyrox0 commented 8 months ago

As someone who runs their own fediverse instance for themselves, and has thought about this a lot:

I do not like the concept of an "opt-out only" bridge. If I was running a server for multiple people, I would need to either:

neither of which, I assume, are outcomes that you want.

The other problem I have is specific to the service you want to bridge to, Bluesky. Despite launching as an ostensibly open source and federated protocol, they have neither enabled federation on their main server(bsky.social) and have not provided any verification that their open source code is actually running on their servers(this is very difficult to verify for any online service, but I digress.) Further, their service sends any media uploaded to them to a 3rd-party AI "Content Moderation" service, which goes against many of my personal principles, which is why I don't publish media there myself. See here for more details on that, the proof is in the source, however. Again, as a multi-user instance, that is something I would feel the need to disclose to my users that was happening, further increasing my exposure to third-parties.

Now, you might ask, "what about ActivityPub? You're already essentially bridging your content with other servers!" And while yes, this is true, the issue here is one of consent. By joining my server, a user would consent to their posts being distributed by ActivityPub, throughout the ActivityPub Network(which I will call the "fediverse"). This distribution system is the only one that they consent to federating through, not that of the @Proto Network, which is the network that Bluesky uses. Therefore, this would need to be something they would additionally allow to distribute their posts in addition to fediverse distribution, not something implied as part of fediverse distribution.

Therefore, I strongly urge you to reconsider the opt-out nature of your bridge, and make the bridging mechanism opt-in only. That could be post-specific or user-specific(or perhaps both^1), but I do not agree with an opt-out mechanism, as there is no way for the entirety of the fediverse network to opt-out of your tool.

^1: The way this could work is with a #yesbridge hashtag that can be applied to user profiles and also user posts. The following situations would happen:

Please ask me questions about any of the points I make here, I would be glad to answer them!

emceeaich commented 8 months ago

It wasn't an easy call.

It's the wrong call. Shut down your project before you harm people.

bremensaki commented 8 months ago

Putting the burden on others do have to do work to not be part of a network that they never signed up for is totally arrogant.

I have no interest in participating in Bluesky. That alone should be enough to not be involved in it.

Your project is inherently flawed and needs to be opt-in only.

muffinista commented 8 months ago

The best time to make a service like this opt-in was when you originally designed it. The second best time is right now.

MarkEEaton commented 8 months ago

Opt-in is the only way to make this acceptable to much of the fediverse. Make it opt-in.

Mitsunee commented 8 months ago

Instead of the opt-out system, why not utilize the existing system in Mastodon for determining if a profile wants to be publicly searchable?

misuse of yet another feature does not fix misuse of the federation protocol. The searchability permission is specifically for the purpose of search within the network and does not constitute permission for scraping or otherwise extracting data from the profile for external use.

jpwarren commented 8 months ago

I definitely hear you. It wasn't an easy call.

And yet it's still the wrong one.

I wrote up the result of conversations I had with a number of people in the fediverse moderation community, I'd love to hear any thoughts you have on that.

It comes across as trying to justify what you want to do, rather than arriving at a conclusion after carefully balancing competing interests.

For example, you say:

for services like bridges that live and die by network effects, opt-out seems like the only way to be broadly useful

Useful for whom?

If your bridge is such a great idea, people will choose to use it, no? Opt-out means you believe that you know best what is good for a whole Fediverse full of other people with diverse wants and needs. That's… a bold move from someone who, by their own admission, has a vested interest in the option you've picked, and "plenty of privilege to check, and not much lived experience of being harassed or mistreated online."

I'd want to be pretty confident the evidence was on my side for such an extraordinary claim.

First off, I’d dearly love a thorough, comprehensive threat model of human interaction online. Threat modeling is an important technique from the security community that I’d love to see applied to human behavior more often.

The trouble with this idea is that it's not even wrong. Different people have different threat models. You'll end up with something so simple it's useless, or so complicated it's useless. You can't technology harder your way out of social challenges.

Engineers need to stop trying to turn humans into math.

Please reconsider your plan.

cortices commented 8 months ago

Let me offer an additional perspective.

You are only the most recent in a long line of privileged, insulated techbros to make a fedi scraper/cross-poster.

Nearly every single prior one over the last five plus years has been shut down (usually after being suspend-stonewalled from most of the network) due to consistent, escalating outcry over assuming users’ consent to participate (either opt-out, or no option at all).

The ones that remain, are opt-in only.

Feel free to see my very non-exhaustive list: https://cathode.church/fedi-scraper-counter.html

cafechatnoir commented 8 months ago

Make it opt-in. If it's great, folks will opt-in.

Making it opt-out is unethical, gonna piss people off as they find out they've been opted-in without their knowledge or consent, and likely result in your server being blocked far and wide.

Just make it opt-in. Better for everyone.

FediVideos commented 8 months ago

Genuine question: did you consult a lawyer before making this opt-out? If not, how sure are you that this is legal in all the countries where people are bridged?

rocketdyke commented 8 months ago

It wasn't an easy call.

It's the wrong call. Shut down your project before you harm people.

very very true. people will be harmed by this.

snarfed commented 8 months ago

Thank you all for the feedback, both good and bad. I knew I’d hear some pushback that this should be opt in instead of opt out, and I obviously did. I’ve also had some useful conversations and ideas on how to bridge (ahem 😄) that gap and make opt in more realistically usable, along with a few interesting compromise points between opt in and opt out. I’m grateful to everyone today who engaged and talked constructively and offered those new techniques. It's very possible that this will land somewhere along that spectrum other than fully opt out.

I had plenty of work to do already before launch, and now I have a number of other important ideas to explore too. That’s great! I really do appreciate it. I'll definitely check back in well before this launches.

alahmnat commented 8 months ago

I definitely hear you. It wasn't an easy call. I wrote up the result of conversations I had with a number of people in the fediverse moderation community, I'd love to hear any thoughts you have on that.

Given that the second paragraph of your self-justification rant says this:

Should we open the fediverse to everyone, let them exercise freedom of association, embrace the inevitable Eternal September, and get good at managing the problems? Or should we learn from Twitter that a “global town square” has big downsides, try to prevent those harms from the beginning, and only expand online communities once we have their consent?

I'm going to go out on a limb here and suggest that you seem to be determined not to learn from Twitter's harms at all. Which is particularly galling given that you go on to explain that you're the sort of person least likely to be negatively impacted by this decision, and you're just thinking out loud about what the problems with opt-out might be (where, exactly, is the "conversation" in this many thousands of self-indulgent greybearded words? It sure doesn't appear anywhere on that page...)

Just as an example of how your plan can quickly break down and cause harm: I can have a public profile on Mastodon, with posts that are set up to appear on the local timeline. You would think, perhaps, that this reasonably means I'm already making things public so why should I care? Except maybe I also have "approve all follow requests" enabled, and judiciously manage them such that I know what the potential reach of my posts actually is. Maybe I even only accept follow requests from accounts on the same instance, so my thoughts almost never even leave the server I'm posting on. But here comes your bridge, blundering in and deciding that "public means public" with absolutely no consideration for scope or scale, and it takes my posts and firehoses them to a gigantic lake of people I don't know and didn't consent to broadcasting to, who now have another avenue to find me and potentially harass me despite my best efforts to explicitly not inform them of my presence by staying off of Bluesky in the first place.

Yes, silos suck, and it would be great if we could just universalize this many-to-many communication revolution (despite all of the evidence built up over the past 20 years that maybe this sort of communication isn't the best thing for humans to be piped into). But "too bad, information is meant to be free" is not the slam dunk winning argument you seem to think it is. If bridges are plumbing, I still have the right to not be forcibly connected to a sewage outflow even if I don't directly contact you to ask you not to do that and trust you to actually listen to me. (Which, if you want to talk about "people stick with defaults", how would they even know this was a thing to have to ask you to stop doing without explicitly being told that it was a thing you've decided to just... do, in a way that is completely opaque to the users whose content you're now rebroadcasting?)

rocketdyke commented 8 months ago

along with a few interesting compromise points between opt in and opt out.

There is no compromise between opt-in and opt-out, bro.

If you continue with opt-out, I'm sure your instance will be defederated in to oblivion and this will become just another one of those "hey, a privileged tech bro thought something would be a good idea, but it wasn't, and the idea went away." entry in the diary of tech.

bremensaki commented 8 months ago

There's no spectrum here. If this isn't opt-in, it's a massive problem.

FediVideos commented 8 months ago

Thank you all for the feedback, both good and bad. I knew I’d hear some pushback that this should be opt in instead of opt out, and I obviously did. I’ve also had some useful conversations and ideas on how to bridge (ahem 😄) that gap and make opt in more realistically usable, along with a few interesting compromise points between opt in and opt out. I’m grateful to everyone today who engaged and talked constructively and offered those new techniques. It's very possible that this will land somewhere along that spectrum other than fully opt out.

I had plenty of work to do already before launch, and now I have a number of other important ideas to explore too. That’s great! I really do appreciate it. I'll definitely check back in well before this launches.

It's not pushback, it's anger. Please don't sanitise this. We're not posting suggestions for you to appreciate. Making puns while people are telling you they are in danger is misreading the room pretty badly.

ethanbarry commented 8 months ago

If I wanted to join Bluesky, I'd join Bluesky.

So,

Get Off My Lawn

EDIT: Just to be clear, I don't know whether an opt-out bridge will really hurt people in the ways discussed above. I do know that if I have to take an action to prevent you from sucking up data on me, what you're doing is just plain wrong.

ACleverDisguise commented 8 months ago
  1. If I wanted to join a techbrodude's silicon paradise I'd join it myself. I wouldn't need your sanctified software to do it.

  2. You are not the smartest person in the Fediverse. You do not get to benevolently decide what we lesser beings will or will not have inflicted upon us.

  3. It is unethicalimmoral to force other people to jump through your hoops to have your undesired product turned off. The ethicalmoral way is to let people join.

  4. Welcome to my instance block. No user on your site will ever grace my feed and vice versa.

benaryorg commented 8 months ago

This is a social issue. As @jpwarren put it:

You can't technology harder your way out of social challenges.

No matter what you do, if this is not a complete opt-in model then you are:

Written three times for emphasis. You are exposing vulnerable people to a hostile environment. Vulnerable people who have never even heard of you and your project. People who will hear of your project for the first time after they investigate where the death threats come from. Which is already optimistically speaking, you may have the energy to do anything about death threats, others don't. You may be able to look at death threats in your inbox, others may not receive threats at all but be met with straight out assault in response to their posts being federated to a hostile environment, away from the bubble they have carefully arranged by blocking and defederating from any potential threat. And then come along you and put those messages right where nobody ever consented to them being.

Putting the burden to defederate on the people who have never and potentially will never hear about your project before they are affected by it is by all accounts what an abuser would do. So think about this, for however long you like, and decide for yourself whether or not you want to be an abuser.

Knowingly putting other people at risk like this, and this issue tracker alone is enough to demonstrate that you knew of the risks and effects, may be enough to convict you of a felony in many US states, many other countries, and violates the most basic human rights.


Now that we've clarified that this is a social issue, let's talk about the technical ones, because apparently that's the only language that some people speak. If you federate any posts at all in either direction without prior confirmation that you have the permission you are diving head first into a copyright violation. Fediverse servers have rules, an about page, and each user has a profile. Those are three locations which may contain in freeform text a declaration of what you may or may not be allowed to do with such posts. Not to mention that those posts themselves may contain the same. So unless you intend to invent a fancy system that is able to understand natural language (something that even OpenAI is unable to accomplish as of now), and a system which can detect copyrighted information within the text itself (something that Google has invested more than 100 million dollars in) you will ultimately be unable to classify posts in terms of copyright. This means that anyone that you are pulling data from will be able to put you in a position where you violated copyright. And since you have no agreement with them since you are operating on an opt-out basis you have no legal leverage to have them stop doing this; you are the one doing the bad thing, they are just minding their own business screwing you over passively. Copyright infringement is a very easy to state case, and one with pretty high fines. The copyright industry (music, movies, etc.) has done a very thorough job of making it as easy as possible to drag someone through court for this.

Unless you want to paint a target on your back for other people you should absolutely not use untrusted sources for your cross-posting efforts. This is directly at odds with your proposed opt-out model. You need to make sure you have an agreement with every single person whose posts you federate either direction so you can make sure you can defer any lawsuit to them instead.


I trust the copyright part is easier and more straightforward to understand for you than something abstract and confusing as "human rights" or "consent". Of course the latter are more important and are principles that you can build a society on, while copyright does nothing but stifle progress, but hey, if it helps you understand that what you're doing is problematic and cannot be solved with anything but a complete 100% opt-in approach then the example has served its purpose.

Edit: Either way I would recommend the following read:

A HuffPost article by Kayla Chadwick with the headline "I Don't Know How To Explain To You That You Should Care About Other People"

ACleverDisguise commented 8 months ago

Putting the burden on others do have to do work to not be part of a network that they never signed up for is totally arrogant.

Arrogance? In the techbrodude community?! SAY IT AIN'T SO!!

ACleverDisguise commented 8 months ago

I will provide a simultaneous translation of Clumsy-PR-Speak to English as a public service.

Thank you all for the feedback, both good and bad.

"Holy shit, I was expecting some whining but not wholesale censure and hate! I'll pretend to be thankful for it in the hopes the mobs don't warm up the guillotine just for me!"

I knew I’d hear some pushback that this should be opt in instead of opt out, and I obviously did. I’ve also had some useful conversations and ideas on how to bridge (ahem 😄) that gap and make opt in more realistically usable, along with a few interesting compromise points between opt in and opt out.

"I thought that, because Google does this kind of shit routinely (not to mention all the other techbrodude products that are literally dismantling civilization before our very eyes), I could get away with being just like them! It's actually a bit shocking that people aren't sitting down and just taking it up the anal tract with a spiked dildo like they are forced to by Big Techbrodude™®!"

I’m grateful to everyone today who engaged and talked constructively and offered those new techniques. It's very possible that this will land somewhere along that spectrum other than fully opt out.

"Please don't hurt me! I'm a nice guy if you meet me socially. (At least my mother says so. Well, when in person. I overheard her telling the neighbour lady some pretty unpleasant things, though, but it's probably a different Ryan they were talking about.)"

I had plenty of work to do already before launch, and now I have a number of other important ideas to explore too. That’s great! I really do appreciate it. I'll definitely check back in well before this launches.

"Maybe if I tell you that I'll work on your concerns before launch you'll go away and forget about me so I can launch it on the sly. You know, like all of Big Techbrodude™® does, which I'm totally intent on emulating because I want to be just like them: sociopathic!"

wyatt8740 commented 8 months ago

I wanted to post this as a comment on your blog, but it is saying I am commenting too quickly even though I haven't commented on your blog even once today. Since I can't put it there, I'll do it here instead. A little bit of it is stuff I've said before, so keep in mind this was intended for posting on this page.


You sound like an apathetic engineer who is experienced with public relations enough to know how to make it sound like you are listening, even though you really are saying you're refusing to turn it off like everyone is begging for you to do. And looking at your resumé on your site, I'm not especially surprised.

There is no "spectrum." It's on, or it's off.

You wield enormous responsibility handling something like this, and it seems that social ramifications are an afterthought for you. You're quite content to unleash it on the world and cause a great deal of harm to the most vulnerable parts of society, because they don't matter to you.

That's the impression I get. If that's wrong, please speak frankly and honestly with us instead of giving us this whitewashed corporate-style Public Relations bilge. Be direct, frank, and state fully exactly what your thoughts are. If you think I'm a horrible person, say so. If you think I'm misguided or otherwise wrong, then say so. Stop tapdancing around this and recognize with words that a lot of people are very angry with you. Acknowledge that, and maybe we can start to have a genuine discussion.

Did you ever read "Cat's Cradle?" If not, do me a favor; look up Dr. Felix Hoenikker in the wikipedia article about Cat's Cradle. And think hard about the point Kurt Vonnegut was trying to make with the character.


@ACleverDisguise According to his resumé on his website, this guy worked for Google for 10 years. He absolutely knows he can do this and he's using his privileged position to do so unapologetically.

(At least, that's what that response makes it sound like.)

golfinq commented 8 months ago

@snarfed How are you handling the truly gross servers, the ones with illegal stuff in them? Like not only are you actually going to harm actual people because bluesky's moderation policy of nazis and TERFs is essentially a shrug. But going the other way you are going to be responsible for distributing stuff that is literally illegal to distribute in any capacity from very very blacklisted servers. You do not understand what you are doing - nor understand the severity of what you are doing.

That is not even mentioning doing this purposefully - what if someone starts a mastodon server then fills it with copyrighted stuff for you to bridge. You will be on the hook for that. On the fediverse we already have the tools and policies and stuff to deal with this - you don't as someone who is making a bridge because keeping connected to both bluesky and fedi would stop you from implementing such things.

Finally to reiterate, if we wanted our stuff on bluesky we would join bluesky, stop trying to force us to join it - we do not want to. You are not the smartest person in the room, most people on fedi are there because they do not want to be anywhere else - not because they feel like they have to be there.

snarfed commented 8 months ago

It's not pushback, it's anger. Please don't sanitise this.

Touché, point taken. It was the wrong tone, you're right. Sorry. I'm reading every comment here, I get the vitriol and outrage and disapproval. I shouldn't have downplayed it.

This is a social issue.

Absolutely true. I'm not a techno-solutionist, I don't believe tech is "just a tool" or inherently neutral, and I don't believe in solving social problems with technology. Social networking services and tools are technology, of course, as are opt out and opt in implementations and anything in between. And the technological choices we make there, like whether bridges are opt out or in, have real impact on real people. Those impacts are often harmful; sometimes they're very harmful. I do get it, and I get the responsibility I have.

I appreciate hearing from people here who read my blog post. I didn't write it as a "he said, she said," but it was indeed the result of many conversations with a wide range of people in this space, including people who agreed with you. I also get how it comes across as a retroactive justification for opt out. It wasn't, but I get how it sounds that way. It's a fair criticism.

The bridge is at least a month away from launching, and I'm taking the criticism and anger here seriously, along with the clear demand to make this opt in. I get it.

wyatt8740 commented 8 months ago

The bridge is at least a month away from launching, and I'm taking the criticism and anger here seriously, along with the clear demand to make this opt in. I get it.

Thank you. I notice you aren't guaranteeing us that you are going to make it opt-in, but I hope that's simply because you haven't read everything yet and that you fully intend to. The tone of your reply, at least, was better and sounded a little closer to sympathetic.

A lot of people are afraid of losing their one social media presence where they feel safe to be themselves. And that's a cause for anger.

None of us can make you, but please do the right thing, even if it means this bridge doesn't reach as far as you hoped. This has the potential to upset a lot of communities.

ACleverDisguise commented 8 months ago

According to his resumé on his website, this guy worked for Google for 10 years. He absolutely knows he can do this and he's using his privileged position to do so unapologetically.

That. Explains. Everything.

The only place worse than Google for rampant techbrodude sociopathy is Facebook.

ACleverDisguise commented 8 months ago

The bridge is at least a month away from launching, and I'm taking the criticism and anger here seriously, along with the clear demand to make this opt in. I get it.

No you don't. If you were taking it seriously and if you "get it", you'd be saying "we are in the process of changing to a purely opt-in solution, sorry for even considering an opt-out approach".

You're still doing PR. CLUMSY PR, worse. You're so transparently not giving a shit you should change your user ID to "glassfish".

belatedly commented 8 months ago

Those impacts are often harmful; sometimes they're very harmful. I do get it, and I get the responsibility I have.

If you do, then you need to make this opt in, full stop.

Since November 2022, I have had to set my instance to allow list federation, lock down the API so our profiles can’t be viewed at the source URLs, and have moved to posting 100% followers only because things like this keep getting created. I’ve been stalked, harassed, and doxxed on centralized services and y’all developers just keep beating me down by looking at your work solely through your own personal and privileged experience. You’re constantly exposing us to the very things we’ve worked so hard to get away from. Do better.

wyatt8740 commented 8 months ago

@ACleverDisguise Please settle down just a little. It's likely not helpful to make the person who could possibly harm you (edit: harm you by following through and rolling this out as opt-out) angry at you. It's okay to be scared or angry (or both), but even ex-Googlers are (probably) human beings.

I agree that it still sounds a little like damage control and that he didn't promise to stop what he's doing. And that that's worth drawing attention to (not letting it slide). But please give the benefit of the doubt, at least for a few hours so he has a chance to read everything and let it soak in. If he's not changed his tune after reading this, then don't let me stop you.


I will repeat, since I'm posting again. Please listen to us. We are real people and we may all be feeling different levels of fear, anxiety, anger, etc. - but please don't discount us for getting upset and/or emotional.

A lot of us might be from very different backgrounds from you, and empathy needs to go both ways: You are human, as are we. I think we all need to remember that.

I can't promise that everyone here agrees with me. But I think you deserve a chance before we continue to judge you so harshly. Read and listen and try to really understand us.

Please do not make this opt-out. Please make it 100% opt-in. And don't let the negativity make you think we mean badly. We're upset because we care, and because some of us have been hurt before. Some of us might be terrified.

ACleverDisguise commented 8 months ago

It's likely not helpful to make the person who could possibly harm you angry at you.

I would love to see him try, truth be told. What's he going to do? Sic the police on me? "听不懂。你说什么?"

…even ex-Googlers are (probably) human beings.

[citation needed] :stuck_out_tongue:

austinhuang0131 commented 8 months ago

You said:

Certainly, of the remaining 96%, some knew about the option, carefully evaluated it, and deliberately decided against it. But realistically, most of them probably hadn’t heard about it, or didn’t know how to opt in, or forgot, or didn’t feel strongly enough to bother.

Given the amount of outrage generated, some instances have suspended the bridge already, so that choice has already been taken away from many users, and you simply won't realize your vision even if you make it opt-in right now. Henceforth, your best course of action is to shelve the project (even though I personally would opt into a Bluesky bridge).

The fediverse operates on unwritten social contracts. (To other commenters: I never believed that we're "in control of our data" either, and when I say "social contracts" I mean in place of law... In fact, I think most of the fediverse operates on dubious legal bases that only works because of our implicit or explicit choice to not enforce legal rights.) I do not expect everyone to know it right away. While I, like @wyatt8740 , want this to be a lesson for you to be considerate, the experiences of many on the fediverse - as evident above - simply do not permit them to forgive. See also various fediverse search engines that existed before Mastodon implemented opt-in search.

kyefox commented 8 months ago

When I wrote my little article suggesting bridges between different fediverses, I thought it was implicit that it be opt-in. Any bridge between technologies also bridges social norms and legal regimes. Any technology that fails to recognize this is doomed to fail.

futzle commented 8 months ago

The bridge is at least a month away from launching, and I'm taking the criticism and anger here seriously, along with the clear demand to make this opt in. I get it.

If you sit in this quantum superposition of “might leave the bridge opt-out”, “might make it opt-in” for the next month, you will have been fediblocked by so many servers that you’ll find yourself on the published consensus blocklists that new instances are recommended to install on first light.

This tipping point may have already happened. I’ve certainly blocked the bridge from my instance.

There may be no saving the reputation of this project now, irrespective of its merit. Perhaps this will be a lesson to the next developer who tries this, but I doubt it.

ACleverDisguise commented 8 months ago

If you do, then you need to make this opt in, full stop.

Honestly I think it's too late for that. The best time to make it opt-in was when the product was conceived. The second-best time was when a significant fraction of the people he supposedly "talked to" pushed back.

Now? Not only has he poisoned the well for his own product, he's poisoned the well for all bridge makers for quite some time to come. Because he has broken a social contract and attached this very concept to said social contract's breach. He already knows that opt-in is low-count:

All else equal, people tend to stick with defaults. Opt-in rates are famously low, regardless of what they’re for.

[…]

If bridges were opt-in, and I could only follow 4% of people on other networks, they would be drastically less useful. I know I’d be much less likely to keep building and running them. My personal interests don’t justify anything, of course, but the utility of these bridges might.

Despite the subsequent language of doing this "for the people" (not an actual quotation), it's pretty clear that he's stated the real reason for making this opt-out in the quoted portion: ego. He can't justify doing all that work for only 4%. He thinks, therefore, that cramming it down the throats of people without their consent is the way things get done. (Because it's important and for their own good, see!)

And he's not unique in this. This is the techbrodude problem in a nutshell: they don't believe in consent. Whether it's the current hotness of AI firms slurping up data (ignoring all copyright laws in the process) or social media companies slurping up personal data for sale to manipulators, it's all the same problem: laws and social conventions interfere with their work that is "for the good of humanity" so it can all be ignored in favour of just riding out the outrage until the next techbrodude does something sociopathic (a guaranteed thing) and they can hopefully slide under the wire.

stephanecharette commented 8 months ago

Something important to note that no-one has brought up yet: don't just count the comments. Count all the upvotes for those comments. Then also consider the downvotes for your comments, @snarfed. Once you add these all up, it becomes even more obvious what people are saying.

berniethewordsmith commented 8 months ago

Being able to follow people in Bluesky from my Mastodon account could be 'cool'. Cool does not have priority over the consent of others.

"Consent of the networked" is necessary, and I don't see a lot of that here I'm afraid.

Second, and forgive me here since I'm not an expert, isn't this kind of opt-out considered a dark pattern? We have seen it at work. We have seen the results. This is open source. Shouldn't this be different?

Shouldn't we act differently?

Third, GDPR. It will run over an opt-out situation like a train. This is not a moral argument, of course. I think the previous ones should suffice. But boy it can hurt once it is in motion.

Opt-in seems the ethical choice here imho.

austinhuang0131 commented 8 months ago

I have to say it.

Continuing to insult them will not give you the desired outcome.

There was one time where someone made a Mastodon search engine (it is still online! Edit: the frontend is, the backend is broken) with no opt-in, nor opt-out, nor any real means to block it. Effort to stop them (including banning their personal accounts) only empowered them to ridicule fediverse users in their FAQ page.

Don't make them the sociopath you claim they are.

The fediverse seems to have a tendency where "all bets are off" against people one does not agree. Yes, as I've said, the experiences of many do not permit them to forgive. But we must face it, the hostility in many of the interactions I've seen (in general, not specifically about this) is overboard. (Also this. I feel like they referred to the author in their consultation.)

I shall reiterate what I meant by "I do not expect everyone to know it right away." Given the fediverse's fragmented model, due to both technical and social aspects, where it is extremely hard to find information, I genuinely do not expect everyone to be able to learn the protocols, or even know that there is a protocol. I knew this the hard way. It matters little whether I am willing to forgive.

Aarontheissueguy commented 8 months ago

In addition to the concerns already mentioned here, I would like to point out that an opt-out bridge also has significant security implications. You are essentially taking a decentralized network and run it through a centralized bridge. Let's say your bridge gets compromised somehow. All of a sudden, an attacker might be able to control the presence of thousands of Mastodon users on Bluesky.

MrDaleSmith commented 8 months ago

Pretty much all the points I'd make have been covered, but I wanted to add my voice - as someone who is basically waiting for the ability to federate with BlueSky - to the idea that it would be better for users and the project if it was opt-in, not opt-out.

player-03 commented 8 months ago

All else equal, people tend to stick with defaults. Opt-in rates are famously low, regardless of what they’re for.

As are opt-out rates, and that can be an equally big problem.

There's a huge gap between these two options, and I totally get why you want to find some kind of compromise. It's the natural next step.

Off the top of my head, I can think of three ways to improve the opt-out model. User closed follow requests? Opt them out. They have #nobot in profile? Opt out. Opted out of search engines/discovery algorithms? Opt out. Many vulnerable users use at least one of these options, making it a solid start.

But is it enough? Maybe that brings you down from 96% coverage to ~70% (ballpark guess), but you're still getting a sizeable majority of users, which doesn't feel like a fair compromise. As the adage goes, a good compromise leaves everyone equally unhappy.

What if you could use the opt-in model but do it better than Mastodon text search?

Text search may have a 4% opt-in rate among Mastodon users, but it's buried pretty deep in the settings. I think it's clear the devs aren't actively trying to get people to use it: they could have made it a lot more visible if they cared to. They could pop up the checkbox when you click the search bar, or if that's too intrusive, they could at least show a message when you search for your own post. "You're seeing this post because you are the author; other users cannot search your posts. Click here to manage this setting." That's a much stronger nudge.

I think that if you really worked on UX, you could make opt-in work. Build good bots, make it easy to join simply by following any bridge account, write good descriptions/instructions, choose a self-explanatory hashtag (so not #yesbridge, but maybe #federatebsky?), and if at all possible make a nicer website than some of the ones I've seen for projects like this.

If you think about it, every single Mastodon user has opted in to some level of federation, since all of us signed up in the first place. Don't think of 4% as the upper limit, think of it as a reminder of the importance of UX.

hannaxd commented 8 months ago

Most of my concerns have been mentioned already but I'd like to just add how badly this has been handled.

A serious, genuine concern over the security and especially safety issues that an opt-out solution would cause have been met with absolute ignorance, purely due to ego and because it might lead to bigger numbers.

I'm personally glad the instance I'm on has chosen to block this project already, as I'm not sure whether or not I can trust you to even honor an opt-out under these circumstances.

kemitix commented 8 months ago

Opt-in is morally the correct choice, for all the reasons that have been given above. Trying to go with Opt-out is purely for the this project's developer's ego and convenience. They would have the ability to say something like: "our project is bridging over 90% of the fediverse with bluesky. 🥳" The developer's motivation is clearly egocentric, despite the meaningless placating noises they've made on this issue above.

They question they should be asking themselves is: how can I help people make an informed choice without raising the risk of harm to others, especially those who don't even know this project exists?

imdatceleste commented 8 months ago

After reading the comments and replies, I'll make it very clear: if you copy any data from any of my services, which are located in Germany WITHOUT EXPLICIT WRITTEN PERMISSION BY MY USERS I will send all the lawyers after you I can find and sue you for every single penny!

fabiscafe commented 8 months ago

I think, yet again, to address this issue here is the wrong point. This needs to be in the activitypub spec. I as a user should be asked to share my data. Even in between mastodon servers/fediverse services.

As this is not the case, I think @snarfed is fine with grabbing public data and anyone on the fediverse should know that a federated network will federate your data to other services. This is nothing special and should be part of your services ToS that you agree on while join. If it's not part you should talk to your server admins.

See for example mastodon.socials privacy policy

wyatt8740 commented 8 months ago

I think, yet again, to address this issue here is the wrong point. This needs to be in the activitypub spec. I as a user should be asked to share my data. Even in between mastodon servers/fediverse services.

As this is not the case, I think @snarfed is fine with grabbing public data and anyone on the fediverse should know that a federated network will federate your data to other services. This is nothing special and should be part of your services ToS that you agree on while join. If it's not part you should talk to your server admins.

See for example mastodon.socials privacy policy

You are right in a sense, but this also sounds like victim blaming. Although I know your intent is to highlight an issue. People signed up for activitypub services with the knowledge that they would likely connect to other activitypub instances. If facebook made some sort of activitypub integration module (shudder), I think everyone would know that wasn't in the spirit of the design and that they're abusing the goodwill of others.

It's like joining an IRC channel and being unwillingly linked via a bridge into a Discord "server" which is saving information about you. Normally, you know full well that other IRC /users/ might be logging chat, but that's different than having it publicly available for people who weren't there when the chat took place. It might be possible and there's no law against it, but it's obviously the wrong way to go about things.

Anyway, yeah, maybe it's worth adding changes to ToS'es of instances. But that can take time.