modulus

I kept giving Mozilla the benefit of the doubt and telling myself things weren't so bad.

I was wrong.

I'll continue using Firefox because it's the least bad option, but I can't advocate for it in good faith anymore, and I don't expect it to last long with this orientation.

So it goes.

Whatever opinion you may have of advertising as an economic model, it’s a powerful industry that’s not going to pack up and go away.

Fuck that. Not if we don't make it. That's precisely the point. Do not comply. Do not submit. Never. Advertising is contrary to the interests of humanity. You're never going to convince me becoming a collaborator for a hypothetically less pernicious form is the right course of action. Never. No quarter.

We’ve been collaborating with Meta on this,

That makes it even worse.

any successful mechanism will need to be actually useful to advertisers,

And therefore inimical to humanity in general and users in particular.

Digital advertising is not going away,

Not with that attitude.

but the surveillance parts could actually go away

Aggregate surveillance is still surveillance. It is still intrusive, it still leverages aggregate human behaviour in order to harm humans by convincing them to do things against their own interest and in the interest of the advertiser.

This is supposedly an experiment. You've decided to run an experiment on users without consent. And you still think this is the right thing--since you claim the default is the correct behaviour.

I cannot trust this.

There is literally no instance in which expanding the scope of copyright law is a good thing. Never.

This is bullshit. The total amount of advertising I want is zero. The total amount I want of tracking is zero. The total amount of experiments I want run on my data without consent is, guess, zero.

For me the weirdest part of the interview is where he says he doesn't want to follow anyone, that he wants the algorithm to just pick up on his interests. It's so diametrically opposed to how I want to intentionally use social networks and how the fedi tends to work that it's sometimes hard to remember there are people who take that view.

I'd like people to STOP PRETENDING that the only plausible reason why someone doesn't agree with this is that we don't understand it. Yes, I understand what this does. The browser tracks which advertisements have been visited, the advertiser indicates to the browser when a conversion action happens, and the browser sends this information to a third-party aggregator which uses differential techniques to make it infeasible to deanonymise specific users. Do I get a pass?

Yes, this is actively collaborating with advertising. It is, in the words of Mozilla, useful to advertisers. It involves going down a level from being tracked by remote sites to being tracked by my own browser, running on my own machine. Setting aside the issues of institutional design and the possibility for data leaks, it's still helping people whose business is to convince me to do things against my interest, to do so more effectively.

Worth considering that this is already the law in the EU. Specifically, the Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market has exceptions for text and data mining.

Article 3 has a very broad exception for scientific research: "Member States shall provide for an exception to the rights provided for in Article 5(a) and Article 7(1) of Directive 96/9/EC, Article 2 of Directive 2001/29/EC, and Article 15(1) of this Directive for reproductions and extractions made by research organisations and cultural heritage institutions in order to carry out, for the purposes of scientific research, text and data mining of works or other subject matter to which they have lawful access." There is no opt-out clause to this.

Article 4 has a narrower exception for text and data mining in general: "Member States shall provide for an exception or limitation to the rights provided for in Article 5(a) and Article 7(1) of Directive 96/9/EC, Article 2 of Directive 2001/29/EC, Article 4(1)(a) and (b) of Directive 2009/24/EC and Article 15(1) of this Directive for reproductions and extractions of lawfully accessible works and other subject matter for the purposes of text and data mining." This one's narrower because it also provides that, "The exception or limitation provided for in paragraph 1 shall apply on condition that the use of works and other subject matter referred to in that paragraph has not been expressly reserved by their rightholders in an appropriate manner, such as machine-readable means in the case of content made publicly available online."

So, effectively, this means scientific research can data mine freely without rights' holders being able to opt out, and other uses for data mining such as commercial applications can data mine provided there has not been an opt out through machine-readable means.

Security and performance are hard to measure but it's at least questionable that they're behind in either.

AI has many good uses, for example the local translation capability that allows for privacy-preserving translations of websites is AI and already in Firefox, and makes it possible to translate in environments that do not allow sending data out for security reasons.

The biggest issues for me are:

1. No centralisation means there's no canonical single source of truth.
2. Account migration.
3. Implementation compatibility.

No single source of truth leads to the weird effect that if you check a post on your instance, it will have different replies from those on a different instance. Only the original instance where it got posted will have a complete reply set--and only if there are no suspensions involved. Some of this is fixable in principle, but there are technical obstacles.

Account migration is possible, but migration of posts and follows is non-trivial, Also migration between different implementations is usually not possible. Would be nice if people could keep a distinction between their instance, and their identity, so that the identity could refer to their own domain, for example.

Last, the issue with implementation compatibility. Ideally it should be possible to use the same account to access different services, and to some extent it works (mastodon can post replies to lemmy or upvote, but not downvote, for example).

The usual pro-advertising take. "It's ok that we're going to experiment without your consent on how to manipulate you, because we only use aggregated data so it's not personal, it's business."

I wouldn't really count Mastodon/Bluesky bridging as federation. They're incompatible protocols that were never intended to work together (arguably Bluesky was explicitly designed to avoid using AP).

Not saying this won't have any negative effects on people, however I think it's a little premature to guess at what it will be like. About 3/4 of the article is commenting what it will do to men when we find out only at the end women are the majority of users.

I don't blame Mozilla for not single-handedly ending advertising online. That's too much to expect from anyone. But they could at least avoid active collaboration with the enterprise. And if they're going to engage in it, they should at the very least warn their users.

It's hard when I don't get told about it and find by chance.

I'm concerned that people are already eager to bury the fediverse and unwilling to consider what would be lost. The solutions I keep hearing in this space all seem to hinge on making the place less equal, more of a broadcast medium, and less accessible to unconnected individuals and small groups.

How does an instance get into one of these archipelagos if they use allowlists?

Same thing with reply policies. I can see the reason why people want them, but a major advantage on the fedi is the sense that there is little difference between posters. I think a lot of this would just recreate structures of power and influence, just without doing so formally--after all the nature of scale-free networks is large inequality.

Completely disagree. Using the Firefox master password feature passwords are safe even in the context of sharing a device or an extension. In addition, multi-FA isn't necessarily a safer option.

And what's the provided alternative? A password manager. So storing passwords somewhere else that may leak, and in fact has leaked, and is by its nature a high value target.

Each person has to consider their particular situation and threat model, but a well-secured browser that stores passwords locally can be a perfectly adequate and in fact safer alternative than a password manager.

what do I think the history is? A record of the sites I visited.

What do I think the history isn't? A correlated record of which advertisements I've been exposed to, and which conversions I've made, that gets sent to people who are not me.

Pretty relevant distinction. One thing is me tracking myself, another thing is this tracking being sent to others, no matter how purportedly trustworthy.

Yes, for example I donate to thunderbird since I find it useful. And I wouldn't mind donating to Firefox either provided they wouldn't do this sort of fuckery.

though in the long run we need to overturn capitalism of course, and that an economic model is viable doesn't mean we should sustain it or justify it.

I don't have a complete solution, but I have a vector, and this is in the opposite direction, being, according to its own claims useful to advertisers.

The solution passes through many things, but probably has to start by changing the perception of advertising as a necessary nuisance and into a needless, avoidable, and unacceptable evil. Collaboration does not help in this regard. Individual actions such as blocking advertising, refusing to accept any tracking from sites, deploying masking tools, using archives and mirrors to get content, consciously boycott any product that manages to escape the filtering, are good but insufficient.

It's possible FF wouldn't get away with something like integrating ad blocking by default, but in no reasonable universe were they required to do the PPA stuff and turn it on by default. Nor is it clear that it will lead to websites caring about FF compatibility--unfortunately many already don't.

Clearly this particular suit by this particular person is iffy. However, I don't think this framing is very good: the fact Wikimedia is headquartered elsewhere shouldn't make it immune from being sued where an affected party lives.

Also, this part of the article seems a bit contradictory:

Just because someone doesn’t like what’s written about them doesn’t give them the right to unmask contributors. And if the plaintiff still believes he’s been wronged by these contributors, he can definitely sue them personally for libel (or whatever). What he has no right to demand is that a third party unmask users simply because it’s the easiest target to hit.

Ok, but how does he sue them personally without knowing who they are? It's fine to say this shouldn't be regarded as libel (I agree, it's a factual point, should be covered by exceptio veritatis or whatever) but I think it's a bit dishonest to say you can't hit Wikimedia, go after the individual users; but also, Wikimedia shouldn't be forced to reveal them.

Much better if the court would consider this information as being accurate and in the public interest.

Of course the GDPR cuts two ways here, because political information is an especially protected category, with certain exceptions (notorious information). So I'm not sure how the information on this person's affiliation to the far right was obtained and so on.

It depends, but mostly no. And if that means some sites are not economically possible, so be it.

I do not think it is a very good analogy. I do not see how this would turn into a broadcast medium. Though I do agree it can feel less accessible and there is a risk of building echo chambers.

Not so concerned on that--people being able to establish their tolerances for whom they want to talk to is fine with me. But if the system goes towards allowlists, it becomes more cliquish and finding a way in is more difficult. It would tend towards centralisation just because of the popularity of certain posters/instances and how scale-free networks behave when they're not handled another way.

It’s most likely a death sentence for one-persone instances. Which is not ideal. On the other hand, I’ve seen people managing their own instance give up on the idea when they realized how little control they have over what gets replicated on their instance and how much work is required to moderate replies and such. In short, the tooling is not quite there.

I run my instance and that's definitely not my experience. Which is of course not to say it can't be someone else's. But something, in my opinion not unimportant, is lost when it becomes harder to find a way in.

On my instance, the following control measures apply:

• Only public posts are visible through the web interface.
• Only public posts appear on RSS.
• Following requires approval.
• Authorised fetch is required.

So I think I have reason to feel fairly strongly that follower only posts are not public, and even unlisted posts are reasonably restricted.

In spite of which, there's a pretty good chance that the government will change in the upcoming elections in July. There's been lots of good economic policy, but it isn't satisfying people.

So, not super sure what this is or how this works. Is the idea that you run the cgi, it sets up static files, and it responds to AP requests like follows, mentions, boosts and such? I realise lots of people don't like long docs but I didn't really understand the use case very well.

I find it impossible not to see it as a symmetric situation. The notion the US is restricting access to chips for natsec reasons may be true, if that includes restricting Chinese economic and technical development to maintain its hegemony. That China responds in kind is not only to be expected, but also fair from any possible neutral stance. The special pleading is especially apparent here. "No, it's different when they do it to us because we're the good guys." Really?

So it would still help optimising persuasion at scale (also known as lying to people to best et them to act against their interest). Why is this a good thing again?

I generally agree, though I could be convinced of recurring payment in the case of high speed APIs that need a lot of updates to keep working. Chasing an API can be a lot of work.

Of course, a solution to that is having an up-front payment and letting people update as they wish--if there's new value in the new releases presumably they will.

IMO the hardest part is the legal side, and in fact I'm not very clear how MS skirted that issue other than through US lax enforcement on corporations. In order to have a db like this one must store stuff that is, ordinarily, illegal to store. Because of the use of imperfect, so-called perceptual hashes, and in case of algorithm updates, I don't think one can get away with simply storing the hash of the file. Some kind of computer vision/AI-ish solution might work out, but I wouldn't want to be the person compiling that training set...

Perhaps the manual reporting tool is enough? Then that content can be forwarded to the central ms service. I wonder if that API can report back to say whether it is positive.

The problem with a lot of this tooling is you need some sort of accreditation to use it, because it somewhat relies on security through obscurity. As far as I know you can't just hit MS's servers and ask "is this CSAM?" If something like that were possible it might work.

Can you elaborate on the hash problem?

Sure. When you have an image, you can do lots of things to it that change it in some way: change the compression, the format, crop it, apply a filter... This all changes the file and so it changes the hash. The perceptual hash system works on the basis of some computer vision stuff and the idea is that it will try to generate the same hash for pictures that are substantially the same. But this tech is imperfect and probably will have changes. So if there's a change in the way the hash gets calculated, it wouldn't be enough with keeping hashes, you'd have to keep the original file to recalculate, which is storing CSAM, which is ordinarily not allowed and for good reason.

For a hint on how bad these hashes can get, they are reversible, vulnerable to pre-image attacks, and so on.

Some of this is probably inevitable in this type of systems. You don't want to make it easy for someone to hit the servers with a large number of hashes, and then use IPFS or BitTorrent DHT to retrieve positives (you'd be helping people getting CSAM). The problem is hard.

Personally I was thinking of generating a federated set based on user reporting. Perhaps enhanced by checking with the central service as mentioned above. This db can then be synced with trusted instances.

Something like that could work, maybe obscuring some of the hash content (random parts of it) so that it doesn't become a way to actually find the stuff.

Whatever decisions are made have to be well thought through so as not to make the problem worse.

Welcome back!

There were points at which Firefox was difficult to stick with, especially after the extension apocalypse, but I think it's evolving pretty well at this point.

As far as I can tell, this is incorrect. If there's a post on instance A, a reply from instance B, and someone on instance C follows the OP on A but not the RP on B, they will only see the OP without the reply.

Source: I very often notice this because I run a single-user instance, and when I open a thread it's incomplete, lacking posts from instances that I have not suspended.

Well, in a way that's what we're doing now, and by and large it works but obviously there's some leakage, which is impossible to bring down to zero but which makes sense working on improving.

The other side of the coin is that the price of this moderation model is subjecting a lot more people to a lot more horrible shit, and I unfortunately don't know any way around that.

Definitely, AP is not magic. But if even within one protocol round-tripping and full-fidelity is impossible or very difficult, that makes it only harder and less likely through a bridge.

I run a GoToSocial instance and have it on, not so much because I don't want to allow people to follow me (so far I think I've approved all requests) but because having it off means that a bot can easily get to my followers-only posts and archive or distribute them, and some iffy instances have been doing that in order to build search engines and the like.

IMO bridging or translation isn't federation per se. Also it seems unlikely that protocols would converge to that extent. In fact AP implementations are already different enough that even within the same protocol it's hard to represent all the different activities instances can present.

It's not maybe joining, it's definitely joining.

A bit soon to tell, but it's quite unclear what will happen. I don't find believable the article blaming cultural issues for the changes though, or UP's "messianic" ministers.

I think the issues are economic. Inflation has made many people angry and uncertain, and the same for increased interest rates. It's not as bad as in much of EU, but arguably there was less disposable income too. Whether the left can regain the initiative remains to be seen.

Blind user. So far my experience with Lemmy is good, slightly better than Reddit. The major accessibility hurdle is some way to easily navigate through comments. Possible ideas would be using HTML landmarks, headers, or invisible (to sighted users) separators.