• zos_kia@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    2
    ·
    1 year ago

    No no let’s be clear about the threat model we are discussing here : the possibility for Meta to de-anonymize me in a way that might hurt me, although i don’t have accounts on Meta properties. That is a pipe dream. Even the example on the top of the article has nothing to do with federation it’s just about a Meta property communicating your data to another Meta property which, no shit, Sherlock.

    There is no technical proof that our identities on the fediverse are in danger because of Threads. Litterally zero. There is barely any functioning threat model, and the authors of this one admit readily, in the abstract of the paper, that these models would apply to any bad actor. They just take Threads as a notorious example.

    Now, is Lemmy particularly subject to paranoid thinking, or are some trolls shilling on Lemmy to decredibilize the solution, i don’t know. But this is all wild speculation.

    • ArbiterXero@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      You might not have any meta accounts but that’s not the norm.

      Giving meta access to cross pollenate their data is a terrible idea, that’s the entire problem with meta and Google, they have too much information on us to the point they can identify us without the accounts. Their ad tracking in the background of other sites gives them information that you gave a third party.

      The threat model is the same as Cambridge analytica, selling “manipulation” and everyone thinks they’re above it, they aren’t. You aren’t.

      So yes, the threat models apply to any bad actor, you’re right, but it’s the larger and more coordinated ones that pose the bigger threats here.

      A bad actor with access to only Lemmy has more limited data and options for threats.

      That that ignores the fact that Facebook/meta is going to use Microsoft’s “EEE” model to push traffic to their own version. Google is doing it today with chrome.

      • zos_kia@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        What’s disheartening to me in this kind of conversation is that when you boil it down to specifics it becomes super vague. “Cross pollenating data”, well i’m a data engineer and i have no idea what that means. “Selling manipulation” is a threat model ? “Embrace Extend Extinguish” ? I’m sorry but that’s word salad to me. If we take those arguments far enough they just become “yeah well bad people can do bad things to you on the internet” and while true, this is entirely irrelevant to the fediverse conversation.

        The OP blog article does not support the positions you see every day in Lemmy comments such as yours. All he’s saying of tangible value is that if Meta federates then your account & instance names will be potentially visible by people on Threads. That is not a credible threat to your privacy in the fediverse - that is just the system of federated social networks working as intended.

        Whatever attack vector there is against you already existed before the fediverse or Threads. And Lemmy was never designed or marketed as adequate protection for people who need full-stack privacy.

        • ArbiterXero@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          There’s absolutely new threat vectors.

          Let’s get specific, since you claim to work in analytics.

          If I can link your lemmy account to a Facebook account, then I can uniquely identify you.

          Any posted links from the meta federation that open in a browser can use standard fingerprinting to identify you. That still exists today, but given I served your ip the lemmy-article and you then clicked the link in it, I can now join the two by ip alone. Now there could be multiple people browsing at your house, so this will have to be a time series and probability, but the correlation will eventually be strong enough to say with reasonable certainty. This works especially well if I put something like “google amp” or a url shortened in the middle of the links, because then I don’t need to have my advertising/tracking code on the website. Without the federation I can’t link it to an account and I can’t see your browsing history on pages that my “analytics code” isn’t on.

          There’s your netsec threat vector.

          From the social perspective, the threat vector is exactly the same as Cambridge analytica. I notice that you as a unique user fit pattern x and I start tailoring the links you see and don’t see based on what I want to change about you. Now it’s not AS effective because the real effectiveness there was removing articles that disprove some of my bullshit. Because I’m just a node in the federation, I can’t prevent other nodes from showing you conflicting info.

          Selling manipulation is a social threat vector, but if you want netsec, you now have both.

          EEE becomes important because it increases effectiveness and value of the manipulation that I sell.

          Then suddenly you wake up, everyone has voted for brexit or some orange scammer against their own self interest. If you work with big data, then you know that you can change a lot of individual points in small nearly imperceptible ways (to that specific data) that can make huge changes to the dataset as a whole.