[we are doing it for the] “integrity of information and resources connected to the Clemson network”.

They’re not doing it to censor or discourage use. They’re doing it because they don’t want the software running on their network alongside their network resources.

You can still use tiktok, just not while connected to their network infrastructure.

Thanks for commenting on the issue, I appreciate the communication and it seems the community feels the same.

@lwadmin@lemmy.world @michelleg@lemmy.world @ruud@lemmy.world can you let us know if you or any admins of lemmy.world took a meeting with meta or representatives of meta?

@ruud@lemmy.world runs the 6th largest mastodon instance, and fosstodon instance admins (a smaller mastodon instance), were invited to an “off the record” meeting with Meta. The fosstodon admin, Kev, declined the meeting and notified their community about the correspondence going as far as to share screenshots.

In the correspondence, the meta rep said they were reaching out to mastodon admins, so if fosstodon got an invite, logic would figure they’d invite the admin(s) of a larger instance whom also happen to admin the largest lemmy instance in the world (lemmy.world)

I would love if the same level of transparency could occur here on lemmy.world

Were you folks invited, did you take it? I would really appreciate knowing if the people who run this instance have any relationships, formal or otherwise, with meta. A lot of lemmy users are here on the fediverse to escape the reach of companies like Meta when it comes to their social media.

Obviously no one is obligated to defederate from meta/threads when the time comes. But I would like to be informed.

I think it’s important to know. I personally would like to know, I would like to make informed decisions on which instance is my home on lemmy - but without all of the info, our decisions aren’t fully informed, so I have low confidence making any decision at this point.

Finally, I’ve posed similar questions before and have been accused by other users of wanting to attack lemmy admins if they did take a meeting, or for any reason at all. That could not be further from the truth. Online harassment is harassment, and is illegal in many jurisdictions. I don’t wish any harm or ill towards anyone, including those who have different values or opinions than mine. Finally, I’ve always been cordial in my submissions on lemmy, I don’t know what would make anyone think I’d start behaving differently now.

I think these questions are important, and I intend to continue asking them until we have an answer, so that I can make a decision with confidence that I had sufficient information to do so.

I hope that seems as reasonable as I feel it is, though I could be wrong, please feel free to respond with your thoughts. I appreciate the discourse.

Thanks yall.

I’d love to take credit but that was midjourney (and all the artists that feed its capabilities.)

I think my prompt was “a logo featuring a mouse holding a magnifying glass”

I’ve since realized that I should have said lemming instead of mouse, but a dummy like me can only do so much.

Great point and ideas, I hope to see things like this introduced as the lemmy project matures

Those are good practices if you have privacy concerns.

we’re just talking about custom interfaces to analyze public data

Semi-public. As it stands, only instance admins have access to per-user vote data. Possibly also API users, but I’m not sure the lemmy api has an endpoint for exposing per-user vote data, I believe it just gives you a tally of the up/down votes of posts and comments, but not who made each vote. But most people don’t have the skillset to host their own instance and process the data into something meaningful/easy to digest.

You could make the argument that semi-public is basically public, but I think there is some nuance to be explored:

Once a site like open lemmy stats launches, it becomes trivial for any user to query that data, who upvoted what, who downvoted what, when they up/downvoted it, etc.

There’s a difference between something being available to people motivated enough to get it vs it reaching critical mass and being trivial to access by anyone with a browser. How the data is ultimately used, whether it is used nefariously or not, is going to be up to the people that access openlemmystats and what they wish to use it for.

Which has me considering an analogy, without expressly intending to make this political, please consider the statement “guns don’t kill people, people kill people”. “Openlemmystats doesnt harass political dissenters! The people who use it do!”. One could argue that openlemmystats wouldn’t do anything inherently bad, it’s the people who would use it. Just like with guns, there will likely be debate on whether or not the world would be better without openlemmystats or if we should start doing things to make it impossible for openlemmystats-alike sites to exist.

That said, I mostly agree with you, and I appreciate your privacy suggestions/best practices, good stuff!

Edit: for the record, I think “guns don’t kill people, people do” is a stupid statement, but I thought it was an interesting analogy. That is to say nothing of my feelings on gun control, I’m just not a fan of distilling complex issues into dismissive one line statements.

biggest concern is getting all participating instances to agree

I see what you mean, that is true if the responsibility ultimately ends up falling on instance owners.

Which is why I’m hoping that the developments instead occur on the Lemmy project itself and other fediverse project code bases. Lemmy devs and contributors will hopefully work on privacy and security as the Lemmy project matures. If instance admins are keeping their instances mostly up to date, there is virtually no (dis)agreement to be had: the mitigation patches will be loaded on the next update.

Of course, anyone can fork lemmy or manually remove these changes from their instance, or some admins may simply refuse to update, but that would reflect badly and privacy minded users may choose move to another instance that has updated to the latest/most secure version of Lemmy and other instance owners can also choose to defederate from instances that leave themselves vulnerable to issues that have been patched out.

There are handsome penalties for violating copyright but torrent trackers are still thriving, I expect similar legal evasion tactics from sites like OpenLemmyStats

it’s an absolute nightmare

Indeed! I felt it was important to illustrate this, to Jumpstart discussion and hopefully motivate some talented/passionate devs to start thinking about this. Not that they haven’t, but there’s been a lot of handwaving on lemmy this week when someone brings up the vulnerabilities of the fediverse. I wanted to further illustrate the possibilities.

I’m encouraged by seeing folks like yourself taking the implications seriously (not to say you ever didn’t take it seriously)

Me too!

I touched on this with my comment here, with some general expectations on how this will unfold: https://lemmy.world/comment/894056

I definitely expect a drawn out game of whack a mole as lemmy devs, instance admins and key contributors start seeing stuff like this pop up, and they develop tools or tech to mitigate abuse, until another exploit is found by bad actors, rinse and repeat.

Some say it’s an inherent flaw with federation/activitypub but I expect/hope it progresses the way other vulnerable tech has.

For example, in the early days of wifi it was pretty trivial to packet sniff (a practice that lets you peer into other folks network activity). Now most sites encrypt their transmitted data and while the packets could be sniffed over an unsecured network, the data within stays safe because it’s encrypted (assuming most sites that deal with sensitive data now encrypt, which in my experience, they do)

Furthermore WIFI as a technology has gone through many iterations, each one bringing with it better and stronger security, to the point where average Joe can setup a secure home network by following the quick start guide included with their router, which these days is essentially plug in, power on, choose a password, and authenticate with your devices.

I expect activitypub and fedi tech to develop in the same way: releasing patches and updates and ammending the standard to combat/mitigate abuse of an open federated platform., it’s gonna take time though.

Edit: typos

Yeah, I almost want to make it now to drive the point home to those folks. (Edit: emphasis on almost)

who cares if they can see my public posts

Misses the whole point, Open Lemmy Stats probably wouldn’t display your posts (lemmy itself does that), it would display all of the analytical inferences to be made from those posts, votes and other activity, revealing more about you than you intended or even were aware of. Which isn’t readily public in the way some folks are making it out to be, it takes some work to get that data and you need sysadmin/database/programming skills to make it manageable and useful. OpenLemmyStats will let anyone of any skill level query your data that otherwise would require you to be, at a minimum, an instance admin to get to.

Good idea! I think as a solution I would run multiple instances and double, triple, or quadruple-verify the data from multiple instances that i run to make sure no one is feeding me fake data. If there are discrepancies I could average the data, or flag the value(s) with a confidence rating and fuzz the numbers to be safe

If an instance fakes too much data and doesn’t match what other instances are reporting I’ll quietly defederate or stay federated but program my system to ignore data from that instance as not to tip anyone off

I just want a place for everyone to smoke some meats, yknow, real people stuff

I totally get what you’re saying.

I think there is (unfortunately) value to be mined from packaging the data conveniently, or offering a subscription service to make it trivial to query for anyone without sysadmin or database skills. Or just throw porn ads on it or some shady ad network that doesn’t mind being placed on questionable sites.

Thank you, I appreciate that!

That’s interesting about mastodon, I’m not exactly surprised, I feel like it’s merely a question of when, not if, apparently that time has already passed for mastodon. I have no doubt folks are already capitalizing or attempting to capitalize on lemmy data in some way or another, or at least letting the data fill their bucket while they figure out how to monetize it.

Fair point! I was thinking that too, but i settled on the idea that it probably would not stop the folks who would actually do this though

To illustrate op’s point I’m going to spin up an instance, federate with everyone, and not tell anyone what that instance is.

Then I’m going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.

Additionally, I’ll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user’s political affiliations and display the results.

Worst of all, I’m not going to out my instance for everyone to know it as the one to defederate. In fact I’m spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.

I’ll also have a store where anyone can buy my collected fediverse data for a handsome sum.

Just kidding I’m not doing any of this. But someone absolutely will or already is.

Hey that sounds amazing, may I ask what moisture sensors you are using?

Edit: also automating sensor power draw sounds like something fun to work on. I’d love to test if having them power on just before or shortly before taking a reading and power off is feasible. Or if they need more time to get an accurate reading, finding the most optimal power cycle schedule to prolong sensor life while being able to take measurements at sensible times.