[Air-L] Migration to Mastodon

Petter Ericson pettter at cs.umu.se
Thu Nov 10 03:44:38 PST 2022 

Adding on to the "DM", it should be noted that they are not, in fact,
"Direct Messages". Instead, they are essentially regular posts that are
visible and federated only to mentioned accounts, and thus if you make a
post talking _about_ someone else, if you use their username, they will be
alerted and be able to read that message.

The natural solution to all of this is to use a different protocol than
ActivityPub for chats and direct messages - XMPP with e.g. OMEMO would be
the natural choice for end-to-end encryption - though this would then need
to be incorporated and interoperated with somehow in both UIs (apps, web
frontends) and on the protocol level. I think either Cohost or
Counter.social is doing this, but I think without activating federation
(and I'm unsure if they're running E2EE on their XMPP chats)

I think a contributing reason why ActivityPub has left privacy/security
aside to the extent it has is that it was very much a replacement for
OStatus, which didn't have any notion of privacy at all. The more nuanced
take of ActivityPub was already back then criticised for implying more
privacy than it provided (specifically contra admins on all servers a post
is federated to), but I'd say it has been working surprisingly (to me) well
at least up until now. It'll be interesting to see when/if admins that are
not only malicious to users on _other_ servers, but also _their own_ show up.

I have a lot more thoughts, having hung around on the fediverse for well
over a decade at this point, but I'll keep it "short" this time.

All the best, and hi list!

/P

On 10 November, 2022 - Robert W Gehl via Air-L wrote:

> Hi, Emma --
> 
> One of the major critiques of the development of ActivityPub (the protocol
> underlying Mastodon, Pixelfed, PeerTube, etc) is that the developers did not
> pay enough attention to security and privacy questions. Those concerns were
> bracketed off. For example, in terms of connections between servers, the
> developers assumed that other projects, like SSL, would solve any security
> issues. Encryption in general was bracketed off as out of scope for the
> ActivityPub project. (To be fair, they had a lot on their plates).
> 
> So, as a result, there are some definite privacy issues. DMs between two
> members are not end-to-end encrypted. An instance admin has a great deal of
> insight into the network, from member profiles to who is talking to whom.
> 
> There are people working on solutions to these problems. Indeed, one of the
> key developers, Christine Lemmer-Webber, recognized the problem of
> encrypting DMs back in 2017: https://github.com/w3c/activitypub/issues/225
> and has proposed some solutions in the time since.
> 
> But currently, DMs are not encrypted.
> 
> The key issue, as always, is trust. Admins have to foster trust among their
> members by being good actors. But we also know from hard experience that
> admins can break trust. So, Emma, your questions are BIG ones and need to be
> pressed.
> 
> Note that much of what I am saying is true of the corporate model, however.
> Twitter doesn't encrypt DMs. Yes, FB might have end-to-end encryption -- but
> of course, you have to trust that they haven't been compelled by a powerful
> state to have a backdoor. (And this is a company that holds a patent on an
> automated system to turn user data over to law enforcement).
> 
> - Rob
> 
> 
> On 11/9/22 21:13, Dr. Emma Briant via Air-L wrote:
> > I’ll be honest, I’m a little worried about the privacy and security issue
> > of using these services. I did see Wolfie Christl (who I trust) share two
> > such sites and say he trusts the people behind them (
> > https://mastodon.social/@wchr/109299350293033545), but he also doesn’t seem
> > to have used them himself as his Mastodon follower count doesn’t seem high
> > like his Twitter. May I ask the community here whether anyone has concerns?
> > Many thanks,
> > Emma
> > 
> > On Wed, 9 Nov 2022 at 16:07, Sarah Ann Oates via Air-L <
> > air-l at listserv.aoir.org> wrote:
> > 
> > > This app to help migrate from Twitter to Mastodon was recommended by a
> > > colleague today; I have yet to try it but looks promising:
> > > 
> > > https://pruvisto.org/debirdify/
> > > 
> > > Sarah
> > > 
> > > 
> > > Sarah Oates
> > > Pronoun: she/her
> > > 
> > > Professor and Senior Scholar
> > > Philip Merrill College of Journalism
> > > Distinguished Scholar-Teacher
> > > University of Maryland
> > > College Park, MD 20742
> > > Email: soates at umd.edu
> > > Phone: 301 455 2332
> > > www.media-politics.com
> > > Twitter: @media_politics
> > > 
> > > *Support the UMD Student Crisis Fund
> > > <https://giving.umd.edu/giving/showPage.php?name=crisis-funding> today. *
> > > 
> > > 
> > > 
> > > 
> > > On Tue, Nov 8, 2022 at 10:22 AM Steph Kent via Air-L <
> > > air-l at listserv.aoir.org> wrote:
> > > 
> > > > Hi all,
> > > > 
> > > > Following the Twitter|Mastodon threads with critical interest. I
> > > appreciate
> > > > the invitation from Michael Ruigrok to  members of this group to bring
> > > your
> > > > sophisticated knowledge and experience to the improvement of federated,
> > > > communal social networks. I'm always interested in access, thinking about
> > > > outlier groups such as the Deaf, for whom text is frequently not a
> > > > sufficient accommodation (despite the convenience of this belief for
> > > > h/Hearing people). *That said, Deaf academics on Twitter are formidable!
> > > > 
> > > > I'm glad of the resources from Meryl, Joly and Fred Fuchs too, as I'm at
> > > > the edge of my learning curve learning how to navigate Mastodon.
> > > > 
> > > > Wanted to share this political, antiracist perspective from Tim Wise, who
> > > > argues that it's mainly white liberals who are concerned with 'fleeing'
> > > the
> > > > new Twitter
> > > > <
> > > > 
> > > https://timjwise.medium.com/fleeing-twitter-the-twexodus-is-about-white-liberal-fragility-3631cb2ac317
> > > > > ,
> > > > suggesting this is evidence of the pervasiveness of white fragility --
> > > even
> > > > among progressives.
> > > > 
> > > > best regards,
> > > > steph
> > > > 
> > > > 
> > > > 
> > > > On Tue, Nov 8, 2022 at 1:30 AM Fred Fuchs via Air-L <
> > > > air-l at listserv.aoir.org>
> > > > wrote:
> > > > 
> > > > > Here's a TechRadar article on Mastodon.
> > > > > 
> > > > > 
> > > > > 
> > > https://www.techradar.com/news/mastodon-is-a-great-twitter-alternative-but-it-needs-to-be-easier-to-sign-up
> > > > > Fred
> > > > > 
> > > > > --
> > > > > 
> > > > > Fred Fuchs - Founder, CEO, & Producer
> > > > > FireSabre Consulting LLC
> > > > > 
> > > > > ---
> > > > > 
> > > > > On 11/7/2022 8:26 AM, Fred Fuchs wrote:
> > > > > > On 11/7/2022 6:51 AM, Richard Forno via Air-L wrote:
> > > > > > > I have a hard time *relying* on a communications platform
> > > > > > > run by a company now fully engaged in the proverbial
> > > > > > > "move fast, break things" mentality based on whatever
> > > > > > > singular whims or rage cycle its owner is in at the time
> > > > > > > a decision is made.   To wit:  They are now asking people
> > > > > > > just fired to come back, b/c nobody knew they were
> > > > > > > integral to the features Musk wanted to develop.  (Were
> > > > > > > it me, I'd say sure, but double my salary.)
> > > > > > Sadly this is not uncommon during "regime changes" at
> > > > > > Internet tech companies. The new leadership fires far more
> > > > > > people than they should've, and then often has to hire
> > > > > > some or even many back at a significant salary increase.
> > > > > > 
> > > > > > On top of that, some of those with good employment
> > > > > > prospects may decide to seek better opportunities. So
> > > > > > their possibly irreplaceable tech and business practices
> > > > > > knowledge is lost forever.
> > > > > > 
> > > > > > Fred
> > > > > > 
> > > > > > ---
> > > > > > 
> > > > > > On 11/7/2022 6:51 AM, Richard Forno via Air-L wrote:
> > > > > > > It's not Musk's views per se that's driven me from
> > > > > > > Twitter, but that's a major reason, sure.
> > > > > > > 
> > > > > > > I have a hard time *relying* on a communications platform
> > > > > > > run by a company now fully engaged in the proverbial
> > > > > > > "move fast, break things" mentality based on whatever
> > > > > > > singular whims or rage cycle its owner is in at the time
> > > > > > > a decision is made.   To wit:  They are now asking people
> > > > > > > just fired to come back, b/c nobody knew they were
> > > > > > > integral to the features Musk wanted to develop. (Were it
> > > > > > > me, I'd say sure, but double my salary.)   He's also
> > > > > > > reversed other polices and views that he preached -- he
> > > > > > > was against permabans until Kathy Gifford parodied him
> > > > > > > over the weekend, so she's banned.  He's also said other
> > > > > > > people not 'clearly identifying' as parody accounts would
> > > > > > > be perma-banned. That's a far cry from his views about
> > > > > > > how the company handled other perma-bans in recent
> > > > > > > years.  The entire company -- and platform -- now feels
> > > > > > > rather unstable in many ways, and I feel sorry for the
> > > > > > > many serfs still there who will endure such chaos ....
> > > > > > > and it's only been a week!
> > > > > > > 
> > > > > > > Heck, if I wanted to interact on a platform conducting a
> > > > > > > perpetual beta test[1], I'd use something from Google.
> > > > > > > 
> > > > > > > -- rick
> > > > > > > 
> > > > > > > [1] either technical or managerial
> > > > > > > 
> > > > > > > 
> > > > > _______________________________________________
> > > > > The Air-L at listserv.aoir.org mailing list
> > > > > is provided by the Association of Internet Researchers http://aoir.org
> > > > > Subscribe, change options or unsubscribe at:
> > > > > http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
> > > > > 
> > > > > Join the Association of Internet Researchers:
> > > > > http://www.aoir.org/
> > > > > 
> > > > _______________________________________________
> > > > The Air-L at listserv.aoir.org mailing list
> > > > is provided by the Association of Internet Researchers http://aoir.org
> > > > Subscribe, change options or unsubscribe at:
> > > > http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
> > > > 
> > > > Join the Association of Internet Researchers:
> > > > http://www.aoir.org/
> > > > 
> > > _______________________________________________
> > > The Air-L at listserv.aoir.org mailing list
> > > is provided by the Association of Internet Researchers http://aoir.org
> > > Subscribe, change options or unsubscribe at:
> > > http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
> > > 
> > > Join the Association of Internet Researchers:
> > > http://www.aoir.org/
> > > 
> _______________________________________________
> The Air-L at listserv.aoir.org mailing list
> is provided by the Association of Internet Researchers http://aoir.org
> Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
> 
> Join the Association of Internet Researchers:
> http://www.aoir.org/

-- 
Petter Ericson, pettter at cs.umu.se
Postdoc in the Responsible AI group, Departement of Computing Science, 
University of Umeå

More information about the Air-L mailing list