3634
submitted 1 year ago* (last edited 1 year ago) by sapient_cogbag@infosec.pub to c/fediverse@lemmy.world

I strongly encourage instance admins to defederate from Facebook/Threads/Meta.

They aren't some new, bright-eyed group with no track record. They're a borderline Machiavellian megacorporation with a long and continuing history of extremely hostile actions:

  • Helping enhance genocides in countries
  • Openly and willingly taking part in political manipulation (see Cambridge Analytica)
  • Actively have campaigned against net neutrality and attempted to make "facebook" most of the internet for members of countries with weaker internet infra - directly contributing to their amplification of genocide (see the genocide link for info)
  • Using their users as non-consenting subjects to psychological experiments.
  • Absolutely ludicrous invasions of privacy - even if they aren't able to do this directly to the Fediverse, it illustrates their attitude.
  • Even now, they're on-record of attempting to get instance admins to do backdoor discussions and sign NDAs.

Yes, I know one of the Mastodon folks have said they're not worried. Frankly, I think they're being laughably naive >.<. Facebook/Meta - and Instagram's CEO - might say pretty words - but words are cheap and from a known-hostile entity like Meta/Facebook they are almost certainly just a manipulation strategy.

In my view, they should be discarded as entirely irrelevant, or viewed as deliberate lies, given their continued atrocious behaviour and open manipulation of vast swathes of the population.

Facebook have large amounts of experience on how to attack and astroturf social media communities - hell I would be very unsurprised if they are already doing it, but it's difficult to say without solid evidence ^.^

Why should we believe anything they say, ever? Why should we believe they aren't just trying to destroy a competitor before it gets going properly, or worse, turn it into yet another arm of their sprawling network of services, via Embrace, Extend, Extinguish - or perhaps Embrace, Extend, Consume would be a better term in this case?

When will we ever learn that openly-manipulative, openly-assimilationist corporations need to be shoved out before they can gain any foothold and subsume our network and relegate it to the annals of history?

I've seen plenty of arguments claiming that it's "anti-open-source" to defederate, or that it means we aren't "resilient", which is wrong ^.^:

  • Open source isn't about blindly trusting every organisation that participates in a network, especially not one which is known-hostile. Threads can start their own ActivityPub network if they really want or implement the protocol for themselves. It doesn't mean we lose the right to kick them out of most - or all - of our instances ^.^.
  • Defederation is part of how the fediverse is resilient. It is the immune system of the network against hostile actors (it can be used in other ways, too, of course). Facebook, I think, is a textbook example of a hostile actor, and has such an unimaginably bad record that anything they say should be treated as a form of manipulation.

Edit 1 - Some More Arguments

In this thread, I've seen some more arguments about Meta/FB federation:

  • Defederation doesn't stop them from receiving our public content:
    • This is true, but very incomplete. The content you post is public, but what Meta/Facebook is really after is having their users interact with content. Defederation prevents this.
  • Federation will attract more users:
    • Only if Threads makes it trivial to move/make accounts on other instances, and makes the fact it's a federation clear to the users, and doesn't end up hosting most communities by sheer mass or outright manipulation.
    • Given that Threads as a platform is not open source - you can't host your own "Threads Server" instance - and presumably their app only works with the Threads Server that they run - this is very unlikely. Unless they also make Threads a Mastodon/Calckey/KBin/etc. client.
    • Therefore, their app is probably intending to make itself their user's primary interaction method for the Fediverse, while also making sure that any attempt to migrate off is met with unfamiliar interfaces because no-one else can host a server that can interface with it.
    • Ergo, they want to strongly incentivize people to stay within their walled garden version of the Fediverse by ensuring the rest remains unfamiliar - breaking the momentum of the current movement towards it. ^.^
  • We just need to create "better" front ends:
    • This is a good long-term strategy, because of the cycle of enshittification.
    • Facebook/Meta has far more resources than us to improve the "slickness" of their clients at this time. Until the fediverse grows more, and while they aren't yet under immediate pressure to make their app profitable via enshittification and advertising, we won't manage >.<
    • This also assumes that Facebook/Meta won't engage in efforts to make this harder e.g. Embrace, Extend, Extinguish/Consume, or social manipulation attempts.
    • Therefore we should defederate and still keep working on making improvements. This strategy of "better clients" is only viable in combination with defederation.

PART 2 (post got too long!)

you are viewing a single comment's thread
view the rest of the comments
[-] intensely_human@lemm.ee 16 points 1 year ago

I'm having trouble conceptualizing the attack strategies here. I also lack much understanding of what (exactly, precisely, at the technical level) federation is so I don't understand how defederation is a defense against those attacks.

Would someone help me break this down conceptually? Are there any analogies? Is this like closing the gate of a castle? Is it like quarantining infected people? Like blocking a phone number? Not loaning someone money?

Please don't just say "yes to all those analogies". I'm casting about for understanding here.

How can I better understand OP's argument here? (I have a background in tech and understand passwords, certificates, signatures, etc if that helps). Is email a federated thing? What's federation precisely?

[-] BreakingBad@lemmy.world 20 points 1 year ago* (last edited 1 year ago)

Layman here, from what I gather it sounds like federation is like one of those cups connected by lines. Federation is the equivalent of having a line connected to the web of cups and strings. Then suddenly a big cup provider comes into the mix, which at first seems great since there are more people communicating through cups. However, due to their bigger resources they greatly outpace the rest of the web, offering fancier cups and stronger wire, resulting in people moving to their cups. Then one day they cut the connections to all other cups but theirs; while the original web is still intact, the remaining users are essentially cut off from most of the cups they were connected for.

By defederating instances are basically (but probably not as effectively as Meta would) cutting that string before they get the chance to infiltrate the web.

Idk though once again I know very little

[-] rockSlayer@lemmy.world 7 points 1 year ago

For "knowing very little", you fucking nailed that analogy. That's exactly what Instagram is trying to pull here.

[-] intensely_human@lemm.ee 6 points 1 year ago

So the attack is to migrate people across that connection into their space, then sever the connection, resulting in a loss of people here.

That doesn't worry me too much. I personally am here because I've had bad experiences with being silenced in big centrally-controlled places. And for me, if the only people who remain here are the ones who really despise those big special cups, I'm fine with that because I like the idea of a community of other outcasts.

But thank you for explaining the specific danger: loss of content creators into the fancier places.

I'm still curious about how those strings are implemented at the information security level.

[-] Resonosity@lemmy.world 2 points 1 year ago

And the fancier cups/stronger or bigger wire that Meta has the resources to build is the "Extend" part of EEE where their instance seems better than all the others, so inevitably some users (i.e. humans) will migrate if anything but out of sheer convenience. And then when it's convenient, Meta defederated, closes the data channels, and people are left in their convenient instance where they are happy with the content being fed to them. Meanwhile, Meta uses all the tactics in the book to make the rest of the fediverse seem like the dark web to scare away non-technical users.

Definitely a scary thought.

Defederation is definitely the play here at first because it doesn't give Meta a chance to Extend, but it does rely on the admins making that decision and holding that position for as long as Meta exists on the fediverse.

Can we hold? Depends on ideals, money, effort, and time.

I know that I as a user will just choose the next biggest instance to jump to as soon as the biggest instance ever federates with any corpo platform. It'll take more and more effort to vet more and more instances over time, but it's worth it.

[-] sapient_cogbag@infosec.pub 17 points 1 year ago* (last edited 1 year ago)

Someone has explained the basic Embrace, Extend, Extinguish strategy below, but I also want to comment on my own "Embrace, Extend, Consume" idea, as well as the other issues that come with Facebook.

Embrace, Extend, Consume is like Embrace, Extend, Extinguish except the end goal isn't complete annihilation of the target. Instead of defederating at the endpoint, Meta/FB just dominates the entire standard, and anyone who steps out of line is forced into a miniscule network of others. They can then use this dominant position to buy out or consume large instances, or for example, force data collection features into the standard and aggressively defederate anyone else who doesn't comply >.<

In this way, they consume the network entirely, which doesn't necessarily destroy the communities but essentially borgifies them and renders people unable to leave.

The other component specific to facebook is their long and continued history of engaging in what essentially amounts to large-scale psychological manipulation and information warfare towards it's various goals (money, total domination of human communication, subsuming the internet in countries where the infrastructure is still too small to resist a single corporation restricting it's content, political manipulation, collection of ever more data, etc.).

They have well over a decade of experience in this, hundreds of times more users, and untold amounts of labour, research and other resources have been poured specifically into figuring out the most effective ways to manipulate social groups via techniques like astroturfing, algorithmic prioritization, and more sophisticated strategies I am not aware of. All backed by data from literally billions of human beings >.<

This means that exposing the Fediverse to Facebook/Meta is essentially exposing us all to one of the most organised and sophisticated information warfare machines that has ever been created. Cutting off the strings (as in the other analogy by @BreakingBad@lemmy.world) not only protects from direct EEE/EEC, but also makes it harder for Meta/Facebook to influence, dominate, and consume the conversation here, either by sheer user-mass, or by malicious information warfare (or even unintentional consequences of their algorithms), or by a combination of both.

For hypothetical examples on how this might work - in reality it might be different in specific, these are just illustrative:

  • Meta/FB could start a campaign (maybe astroturfed) for "user safety", where they encourage people to distrust users from smaller instances or any user with their instance address marker not on @threads.<whatever their url>
  • Meta/FB could add "secure messaging" (lol, it's facebook), but only between threads users. Then they could push the idea that ActivityPub is bad for privacy (the DMs are so just use Matrix ;p, but if you post stuff publicly, it makes sense that it's public).
  • Meta/FB could by simple user mass result in most communities being on Threads. People tend to drift towards more populous communities about the same topic, in general, and Threads unbalances the user ratios so much that everyone would just go to those >.< (as opposed to right now, where we have similar sized communities on several large instances, where most people subscribe to most of them)
  • Meta/FB could use social engineering to push for changes to the ActivityPub protocol that are harder for other ActivityPub servers to implement ^.^, or even ones that are hard for non-proprietary clients to implement.
[-] intensely_human@lemm.ee 8 points 1 year ago

So it's like opening a wormhole to the borg homeworld. Not worth the effects of contact.

[-] Xanvial@lemmy.one 5 points 1 year ago

I think I miss something, the ActivityPub protocol is not owned or maintained by Mastodon devs. Isn't this just standard communication like an extension of HTTP? something like GraphQL (that created by Facebook itself). Quick google mentioned that ActivityPub is maintained by W3C.

So Meta can (and I think currently uses) ActivityPub, and all of your points already been possible without needing to federates with any other instances. For example, they already can say that ActivityPub doesn't work on some cases, and push W3C to do some changes on the standard

[-] minnow@lemmy.world 6 points 1 year ago

I think the critical difference is "Meta pushes for changes" vs "Meta pushes for changes with the support of thousands/millions of users".

If Meta convinces Thread users that a certain change is good for them, it's going to be that much harder for the people developing ActivityPub to push back on those changes. And even if the developers succeed, Meta can just use that to say "fine, we'll fork off and make our own ActivityPub with data collection and advertisements" and if enough instances in the Fediverse are reliant one Threads for engagement they may just switch to the Meta version of ActivityPub, taking a chunk of our community with them.

And maybe that's alright for some folks, but a lot of us don't want any of that to happen, even potentially. I think it's pretty unethical to deliver people into the maw of the beast like that, so to speak.

this post was submitted on 06 Jul 2023
3634 points (96.1% liked)

Fediverse

28620 readers
261 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS