this post was submitted on 19 Dec 2023
850 points (82.9% liked)
Fediverse
28494 readers
313 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What public info could they gather? My IP?
Not even that.
IP address isn't part of your public profile, so it's not something they could ever access unless you make an account on there directly.
Why is your account marked as a bot?
Oh, no.. I was trying to block bot posts, and may have accidentally checked the box.
Bad bot
You're not fooling anyone.
Well, they could gather that, then skim through your posts, and then look at all the other ways they've gathered your data, like any of the Facebook trackers on various other websites, then create a shadow profile of you with all of the collective sum information they have.
And that's assuming you don't already use Facebook or messenger, in which case they basically have everything anyway.
It also assumes that they haven't purchased any data from data brokers to create these shadow profiles. Having an IP is actually pretty bad, all things considered, when you have a trove of information
It doesn't make sense for Lemmy (or Mastodon) to send your IP to other instances. Without that IP, all they have is your username. They can't really track you based on just the username.
Fuck, I shouldn't have used my reddit handle.
They could already get all of your profile and post info… I could get that right now through the free api for every account on this and every other thread with a couple dozen lines of code.
Edit: I’m also unclear on how they would ever get your IP- if you never use their frontends the only IP they’d have access to is that of the server your account is hosted on… Which would only be your own IP for the extreme minority who host their own instance from their personal internet connection, and Meta wouldn’t be able to tell that that’s the case anyway.
I'm copying pasta from my previous reply on other post
Once they can interact with your account, they can pull your data into their server and analyzing it to deliver ads campaign.
Just look at this
They can connect the point of interest based on their users interactions with other users on other instances. It doesn't matter even if you don't use their apps, they just need to connect the points.
Whenever an account from Threads upvote/ downvote or reply to your comments/posts or vice versa, Meta will analyze that and they can sell ads based on your political leanings, gender, geo-location, hobbies, marital status etc.
That's the options from what I saw on fb ads dashboard years ago. If you're from US, that options are broader and more detailed.
I think you’re fundamentally misunderstanding how data is handled in federated systems. When an account from Threads interacts with your post or you interact with a Threads post, information is exchanged exclusively through Actions sent between the servers- never to or from your or their client and another server. It looks like this:
Client <=API=> Instance <=Action=> Instance <=API=> Client
They don’t get any information that isn’t already available publicly to any random user on your instance- no IP address or anything otherwise. Threads’ mobile app data collection has no bearing on their ability to collect information on you.
Edit: To be clear- there is theoretically a set of protocols in the ActivityPub spec that allows for direct client to server communication (unimaginatively called ActivityPub Client-to-Server), but it hasn’t been adopted by any current Fediverse software implementation that I’m aware of.
What a wild conspiracy theory.
Legally, they can't collect and process any of the data unless you accepted a contract with them. Just by sending an upvote or a comment to their instance, you don't agree to any of this.
And if they choose to ignore the law and just do it anyway, they still can't, because all they have is the data that your instance sends them. They don't have your geo-location, device Id, etc.
I am not getting it. If i am not using their threads client and signed in to a de federating instance, they would not get my IP address right?
They wouldn’t be able to get it even from a federated instance as long as you don’t use their frontend.