Hey here's something about the Fediverse that some people don't take into account:
I see on "hacker" "news" that there is currently discussion about Scuttlebutt and the very clever opinion is that oh no, distributed social is worse than FB/Twitter because nothing is stopping BigScaryCorp from scooping up all your public posts.
Ignoring the fact that you can very easily have a locked account or even one that has public AND non-public posts... 1/
This also ignores the MASSIVE vulnerability from FB/Twitter apps.
Apps mean not only are you giving those companies your posts, but also your call logs, possibly SMS data, details of all the other apps on your phone, phone number, contact details, usage data, full social graph, detailed location data, ability to read phone storage, microphone access, access to your calendar, activity recognition (are you walking, driving etc), view network connections, etc etc
2/
That's a lot of data people never consider when thinking about this stuff and it's important.
Your posts are what you choose to share, the rest of that data is not and can give a very detailed overview of your life
3/3
Another piece of hugely valuable data that EvilCorp misses when you use federated social media is who you are.
They know your username which gives an idea of who you might be, but without your cookies, email address, browsing history (through web beacons etc), credit card purchases and so on they cannot link you to the existing huge profile that may exist for you.
This is a killer. Posts on their own are almost nothing.
@paul
Having seen how well Nationbuilder (and other tools) can match identities across networks, I'm not confident this is much defense.
It's something, I agree!
@xurizaemon oh this sounds interesting. But surely if I set up a new federated profile and use a different name, avatar and friends it can't tell it's me? Or can it?
@paul avatar is definitely a good one to connect the dots!
@xurizaemon thanks for the info, I've had a quick look at nationbuilder now. So it looks like they get email addresses from campaign signups on websites.
Do the socials provide email lists to match with accounts? Then they use username/avatar matching to find other accounts belonging to the user on different services?
Also, do you know if they source email lists from elsewhere? Such as where people have provided emails for a different purpose?
@paul in some countries voter lists are available, thankfully not one I live in.
"offline" (eg electoral roll in NZ) and hidden or not generally available sources available too.
Anyway, it's nicer over here on Mastodon, but we're still in the open. Like sitting in a cafe is in the open.
Speaking of which, nice to meet you :D
