Meta's decentralized social plans confirmed. Is Embrace-Extend-Extinguish of the Fediverse next?

Helix@beehaw.org to Technology@beehaw.org – 227 points –
reb00ted.org
229

You are viewing a single comment

I worry that through federation Meta will be able to track users of non-meta instances. Then you won’t even know you’re being traced

How would they do that? Is there a vulnerability in federation?

Shouldn't be yet - for facebook (I'm not fucking calling them meta) to track you across the internet on websites you don't use, they use a tracking pixel - a 1 pixel image that is included on the webpage which is loaded from facebook.com. To load this image your web browser sends facebook.com the cookies it always sends to facebook.com - i.e. your login information, and that's how facebook knows that it's you on that random-ass website that has nothing to do with facebook.

But note - you have to have cookies on facebook.com for this to work. So long as you never visit lemmy.facebook.com or whatever tf their federated instance is, they won't be able to track you since they can't associate you with your login via the tracking pixel - If I go to another lemmy instance, that lemmy instance has no idea that I'm actually @theblueredditrefugee@lemmy.dbzer0.com.

Well, this is based on my knowledge of how facebook tracking works. Maybe it's changed since I worked there.

Edit: Should note that, obviously, everything you post on lemmy is public, keeping a log of everything a user posts should be pretty easy, like what they did with revddit and such before the apipockalypse.

It'd be a "vulnerability" of anything public. There's nothing stopping me from building a bot that pulls posts/threads from any instance and storing all the comments, their owners, the posts and their owners, yadda yadda.

I suspect the up/downvotes are "private" but on any instance, the owners will have access to that. I can't imagine all the data is encrypted at rest by default. But, don't take my word on that as I haven't read any of the specs. But, I'm pretty sure we're just looking at the protocol, not the implementation with regards to how a federated instance works.

So, same precautions as anywhere else really. Your data that's public WILL be tracked by someone and Meta is a damn likely culprit who absolutely would do that. I'm a total privacy nerd myself, but you'd be amazed at the things I want to track at work related to what/how/why people use the tools I work on. Granted, it's 100% exclusively used to improve user experience, weed out bugs, and see what is used most frequently to focus on that stuff. But if it can be tracked, somebody is tracking it.

I like it when various programs at least ask before invasively scraping my data. If asked, I'll often say yes because I want to help the developers, but when it's silent and in the background I have no control and I don't like that

1000% agree. This is how it should be done. And not hidden away somewhere deep. There are legit reasons for in depth tracking, but when used for advertising or something other than improving the user's experience, count me out.