"The ActivityPub protocol, standardised by W3C and governing exchanges within the Fediverse, requires us to clearly identify you when you interact with another platform, which is normal in order to prevent falsification of exchanges.
Opening such a breach would go against our commitments and philosophy on data protection and anonymity.
If we don’t expose your likes and follows it’s not to make them public on platforms that can be hosted anywhere and by anyone thanks to decentralised applications such as Mastodon.
This would also be a problem regarding our commitments in terms of moderation and the protection of minors, since profiles moderated by other platforms, with their own rules, could interact with Veklar users.
The Fediverse is open and anyone can decide to join in the future. This is particularly the case for Meta, which has already prepared Threads for its foray into the Fediverse, and is also thinking about integrating Instagram. Google could also join the Fediverse with YouTube. In all its principles, Veklar is committed to protecting you from GAFAM and ensuring the sovereignty of your personal data and your public image."
They use Threads as an example of what could happen to the Fediverse, but who knows how many companies are out there with fake Mastodon/Lemmy servers, subscribing to as many feeds as they can, letting the Fediverse handle delivering structured, scrapable data for them so they can work on their AIs or thread intel or marketing profiles.
They also have a point with their attempts to keep likes/follows private: that’s something a lot of users want, and something a lot of users are surprised to learn doesn’t exist on the Fediverse. The Fediverse is more metadata than data and that’s not something everyone likes sharing. With monoliths like Veklar, you only need to trust one server not to datamine your every move rather than thousands of servers.
Speaking of privacy, most of the Fediverse isn’t compatible with any privacy laws I’ve seen. For a bunch of hobbyists that’s probably fine because privacy enforcement agencies have better things to do, but for a company that intends to make money and wants to actually become an alternative, that’s a problem. A GDPR-compliant Fediverse server would need to record which other servers which bits of PII have been shared, how that information is protected (does lemmy.world even encrypt their database?), and with what other servers that information was shared in turn. That’s practically impossible. The Fediverse exists in Europe because it’s unimportant and unprofessional enough not to attract lawsuits.
They also have a good point about moderation. I could trivially spam every Lemmy server full of CSAM with maybe $100 in cloud credit to the point the FBI becomes interested. The Fediverse, and in particular Lemmy, is a bit like the Old Internet, assuming everyone has good intentions and that the minority with bad intentions can be handled by human interaction. New servers don’t get vetted, new moderation environments don’t get verified, and server administrators are left to their own devices to get rid of botnets and other malicious entities if they don’t want their server to become a spam relay.
I think the upsides of the Fediverse are worth the risks. Veklar clearly thinks otherwise. They’re not necessarily wrong, they just have different priorities.
Their reasoning isn’t necessarily bad:
They do explain their reasoning:
Expand for alt text
"The ActivityPub protocol, standardised by W3C and governing exchanges within the Fediverse, requires us to clearly identify you when you interact with another platform, which is normal in order to prevent falsification of exchanges.
Opening such a breach would go against our commitments and philosophy on data protection and anonymity.
If we don’t expose your likes and follows it’s not to make them public on platforms that can be hosted anywhere and by anyone thanks to decentralised applications such as Mastodon.
This would also be a problem regarding our commitments in terms of moderation and the protection of minors, since profiles moderated by other platforms, with their own rules, could interact with Veklar users.
The Fediverse is open and anyone can decide to join in the future. This is particularly the case for Meta, which has already prepared Threads for its foray into the Fediverse, and is also thinking about integrating Instagram. Google could also join the Fediverse with YouTube. In all its principles, Veklar is committed to protecting you from GAFAM and ensuring the sovereignty of your personal data and your public image."
They use Threads as an example of what could happen to the Fediverse, but who knows how many companies are out there with fake Mastodon/Lemmy servers, subscribing to as many feeds as they can, letting the Fediverse handle delivering structured, scrapable data for them so they can work on their AIs or thread intel or marketing profiles.
They also have a point with their attempts to keep likes/follows private: that’s something a lot of users want, and something a lot of users are surprised to learn doesn’t exist on the Fediverse. The Fediverse is more metadata than data and that’s not something everyone likes sharing. With monoliths like Veklar, you only need to trust one server not to datamine your every move rather than thousands of servers.
Speaking of privacy, most of the Fediverse isn’t compatible with any privacy laws I’ve seen. For a bunch of hobbyists that’s probably fine because privacy enforcement agencies have better things to do, but for a company that intends to make money and wants to actually become an alternative, that’s a problem. A GDPR-compliant Fediverse server would need to record which other servers which bits of PII have been shared, how that information is protected (does lemmy.world even encrypt their database?), and with what other servers that information was shared in turn. That’s practically impossible. The Fediverse exists in Europe because it’s unimportant and unprofessional enough not to attract lawsuits.
They also have a good point about moderation. I could trivially spam every Lemmy server full of CSAM with maybe $100 in cloud credit to the point the FBI becomes interested. The Fediverse, and in particular Lemmy, is a bit like the Old Internet, assuming everyone has good intentions and that the minority with bad intentions can be handled by human interaction. New servers don’t get vetted, new moderation environments don’t get verified, and server administrators are left to their own devices to get rid of botnets and other malicious entities if they don’t want their server to become a spam relay.
I think the upsides of the Fediverse are worth the risks. Veklar clearly thinks otherwise. They’re not necessarily wrong, they just have different priorities.
Mastodon and Lemmy don’t actually share any data actually protected by GDPR, unless the users actively make it public (like using their real name).