The kind of frightening thing is that anyone could start an instance on the Fediverse, collect all the posts and comments coming in as all instances usually do and then use it to do the same thing, and I’m not sure there’s currently anything (legally or otherwise) stopping them.
But at least we have the option to defederate such an instance. If we can find out which ones do it…
I totally understand your perspective, but I approach this from the opposite direction.
From my perspective, there’s no “at least” here. My Lemmy posts are public. I have no control over what is done with them after I post them. I am comfortable with that.
The difference between Reddit and Lemmy is not that one protects privacy and they other doesn’t. NEITHER is a platform for private discussion.
The difference is that with Lemmy, public means PUBLIC. Reddit, Twitter, and Facebook are also “public” in the sense that there can be no expectation of privacy. But they’re “private” in the corporate sense — a single corporate entity retains control of the data. They can, at will, restrict access to that data, without the consent of the users who created it.
And that’s not just theoretical; all of those companies have literally restricted access to content that users meant to be public. People can’t read the Twitter posts that I made with the intention of them being public, because Twitter now requires an account to read posts and comments. Reddit has restricted access to posts I made with the intention of them being public and readily accessible, because they killed apps and integrations, and implemented onerous access control in an attempt to hoard my data.
They altered the terms, and I, for one, got sick of praying that they would not alter them further.
Lemmy is public. You cannot control who can read it, and you cannot control what they do with it. The difference is that with a truly public platform like Lemmy, my data can benefit the whole world, instead of just some corporation.
If you are looking for a platform for private discussion, Matrix is probably it. But even then, the concept of data privacy only makes sense if you trust all the people that ever have access to the data. If I’m in a Matrix room with hundreds of strangers, I wouldn’t consider that “private” either, regardless of the protocol’s encryption.
Bad actors will always have access to the posts I make public. On Lemmy, good actors do, too, and nobody can take that away from us. THAT’S the difference.
This is the right way to think of it. Reddit feels dirty because they were a private company and we trusted them in the walled garden. That trust was naiive at least on my part, but it was 14ish years ago I had joined and they never did wrong, until recently.
Lemmy, however, is a public protocol. From the ground up everything is public. There is no illusion of privacy here, and anyone who thinks there is should forget about it. The protocol is by definition public, and will launch any comment/post across the globe to anyone listening. It’s nailing the paper to the door for everyone to see. To me this is okay though, because I know that going in. The tradeoff is less privacy, but it’s an open platform that no one can take away.
W take. I have no problem with my public comments being used as training data for AI as long as they’re public. I just don’t want some shitty private company to hoard them like they fucking own them when they don’t.
The instance would likely just act as a regular instance and allow normal users on, you couldn’t even tell they were using it to scrape data at that point.
Free and open information, like Wikipedia, used to be an ideal. I have used Reddit since 2008 or earlier because it got on search engines and shared information consistently on precise topics. Twitter used to also be this way, but now mostly only puts paid subscribers on search engines.
If you are to organize information around topics, such as a Commodore 64 community, and the protocol openly allows copies to be made via federation, I encourage people to have the attitude that information be treated like Wikipedia content. It sucks now that so much information from 10 years ago has been just entirely lost now that so many deliberately purged their Reddit comments, etc. Tragedy of the commons. And it drags down the entire planet that people squirrel away discussions on topics that are generally public. It’s like now everyone wants to monetize even their discussions on Commodore 64 or automotive repair / have behind absolute control or paywalls /etc.
I wouldn’t consider this a tragedy of the commons situation. People entrusted reddit to remain a somewhat acceptable company, and reddit betrayed that trust.
People didn’t purge their comments to remove this information from the public, but they purged it from reddit making money off limiting the access to this information.
People didn’t purge their comments to remove this information from the public, but they purged it from reddit making money off limiting the access to this information.
Reddit was always making money off their content. The tragedy is that the common knowledge is destroyed. They didn’t bother to copy it to a public place, they just nuked information and context. The loss is for newcomers on any topics. The result is the same old questions being asked over and over, which all social media sites (including Lemmy thrive on FRESH content).
Legally, in EU, you probably cannot scrape an instance of someone else because of the database copyright law. But I have no idea if that applies to being part of the network. Since the other instances send you their content willingly.
Maybe someone should make a license extension to ActivityPub, where instances can communicate what can and what can’t be done with the information they publish. Then at least there would be legal clarity. If it can be enforced is another question.
The thing is, the license probably doesn’t mean a whole lot in that case because of the way content is shared on the Fediverse.
As you say, you actively send your content to other websites, and licenses need at least some degree of active acceptance. Including a license field in the metadata almost certainly does not meet any kind of legal threshold. It’s significantly weaker than the EULAs they everyone knows that nobody reads.
I would think that subscribing to a community could be coupled to a license. Servers do not randomly send data, they only send it to other servers that are subscribed. And a server could technically decline a subscription.
But anyways, by default, copyright is with the creator. No idea what that looks like in legislations around the world, but if I remember correctly, in EU, just because you give a copy of a e.g. song you wrote to someone, does not actually mean they can do with it what they want. By default, you have all the rights, and the someone else needs to grant them to you. So if you give that someone also a contract where it states that he can play it in front of an audience, then they can, otherwise they cannot.
However, I am not sure how much implied consent can play a role here. By posting something on a fediverse instance, since the purpose of the fediverse is to share these posts with other servers, then by posting you may implicitly agree to this data being shared, and the next server can share it with another server again, and so on. This is the basic “boost” functionality of mastodon.
I believe though that because the purpose of the fediverse is not explicitly to train AI models or to sell the posts to someone else, it may be illegal to scrape all posts off to feed e.g. an AI model. But may also not be. We will never know until someone starts doing it and someone else sues them.
The thing is, servers don’t subscribe to anything, users do. If the end user is provided with a license, the server is not obligated to honour it, because the server didn’t agree to shit.
If an instance is defederated, the owners can just spin up a new instance.
I’ve always thought about what you’ve said about Lemmy when people start talking about how Lemmy is more privacy focused than Reddit.
As one of your replies have said many people in the hundreds/thousandths have a copy of your data on Lemmy - the instance owners. If you decide you’ve shared too much information then you end up asking every owner to delete that nugget of information. And realistically there is nothing to enforce it. This is one benefit of the walled garden of places like Reddit because they are legally obligated to delete the information especially in places like the EU.
This is one benefit of the walled garden of places like Reddit because they are legally obligated to delete the information especially in places like the EU.
In theory yes, but anyone can also scrape reddit for all its posts and comments (and someone likely is). And nobody is making them delete the data. And then there’s stuff like the Internet archive complicating stuff further.
Whilst true about anyone can scrape data off Reddit, I think it’s more of a pain since before the API updates the rate limit was 2 API calls per second. You also have to find or create a scraper. With Lemmy, you follow the instructions (copy and paste) on join-lemmy.org to create your instance and you’re done. Both methods you have to configure it to subscribe to communities, so they’re about the same.
In the EU at least there is a right to be forgotten, so yeah, Reddit and other platforms are forced to delete the data on request. I’m not sure how the same can be applied to a distributed network like Lemmy.
There were publicly available archives of Reddit. The last time I checked, you couldn’t find the latest submissions and comments. Maybe things have changed, maybe newer alternatives have appeared.
For the right to be forgotten, this only applies to personal information. E.g. information that can be associated with information, that could be used to identify you.
Since you usually have an email for signup, that would make the data fall under personal information. But reddit could just delete the email adress and your user name and show something like:
[deleted]
When does the Narwhal bacon?
And well, it is pretty difficult to find out if, when and where there is backups that still contain your information and could be given to the AI model trainers too. To find these things out, we’d need a precedence case that makes a data protection agency investigate reddit throughouly.
It’s all of the data or just the data that associates content with you, the latter if the company has a genuine reason to keep the content, which a forum generally does.
If the content cannot be associated with you then does it matter if the content is present on the website?
Creating a new instance only gets you access to content that users of your instance have subscribed to, and then mostly only content that comes in after subscription (I believe Lemmy primes the pump a bit on community subs, pulling in a handful of posts at the time of discovery, but discovery is done by users). So, there’s a limit on what you can scrape with your own private instance, and you’re taking a bit of a bet on which communities will yield what you’re looking for in the future.
It’d be easier and more reliable to just crawl the network and scrape it the old fashion way.
"If you search for a community first time, 20 posts are fetched initially. Only if a least one user on your instance subscribes to the remote community, will the community send updates to your instance. Updates include:
New posts, comments
Votes
Post, comment edits and deletions
Mod actions"
So you create a single user and subscribe to all communities of interest.
I probably downplayed the difficulty of setting up a Lemmy instance that will come if you do something out of order or don’t quite have the host set up correctly or something. Although I do think it’s easier than pigging about with web crawlers.
The kind of frightening thing is that anyone could start an instance on the Fediverse, collect all the posts and comments coming in as all instances usually do and then use it to do the same thing, and I’m not sure there’s currently anything (legally or otherwise) stopping them.
But at least we have the option to defederate such an instance. If we can find out which ones do it…
I totally understand your perspective, but I approach this from the opposite direction.
From my perspective, there’s no “at least” here. My Lemmy posts are public. I have no control over what is done with them after I post them. I am comfortable with that.
The difference between Reddit and Lemmy is not that one protects privacy and they other doesn’t. NEITHER is a platform for private discussion.
The difference is that with Lemmy, public means PUBLIC. Reddit, Twitter, and Facebook are also “public” in the sense that there can be no expectation of privacy. But they’re “private” in the corporate sense — a single corporate entity retains control of the data. They can, at will, restrict access to that data, without the consent of the users who created it.
And that’s not just theoretical; all of those companies have literally restricted access to content that users meant to be public. People can’t read the Twitter posts that I made with the intention of them being public, because Twitter now requires an account to read posts and comments. Reddit has restricted access to posts I made with the intention of them being public and readily accessible, because they killed apps and integrations, and implemented onerous access control in an attempt to hoard my data.
They altered the terms, and I, for one, got sick of praying that they would not alter them further.
Lemmy is public. You cannot control who can read it, and you cannot control what they do with it. The difference is that with a truly public platform like Lemmy, my data can benefit the whole world, instead of just some corporation.
If you are looking for a platform for private discussion, Matrix is probably it. But even then, the concept of data privacy only makes sense if you trust all the people that ever have access to the data. If I’m in a Matrix room with hundreds of strangers, I wouldn’t consider that “private” either, regardless of the protocol’s encryption.
Bad actors will always have access to the posts I make public. On Lemmy, good actors do, too, and nobody can take that away from us. THAT’S the difference.
This is the right way to think of it. Reddit feels dirty because they were a private company and we trusted them in the walled garden. That trust was naiive at least on my part, but it was 14ish years ago I had joined and they never did wrong, until recently.
Lemmy, however, is a public protocol. From the ground up everything is public. There is no illusion of privacy here, and anyone who thinks there is should forget about it. The protocol is by definition public, and will launch any comment/post across the globe to anyone listening. It’s nailing the paper to the door for everyone to see. To me this is okay though, because I know that going in. The tradeoff is less privacy, but it’s an open platform that no one can take away.
I really like that perspective, thank you for easing my fear.
W take. I have no problem with my public comments being used as training data for AI as long as they’re public. I just don’t want some shitty private company to hoard them like they fucking own them when they don’t.
An instance isn’t required. It’s not like the current generation of generative AI wasn’t trained from web scrapings
The instance would likely just act as a regular instance and allow normal users on, you couldn’t even tell they were using it to scrape data at that point.
There are already a few instances that ignore delete requests
Free and open information, like Wikipedia, used to be an ideal. I have used Reddit since 2008 or earlier because it got on search engines and shared information consistently on precise topics. Twitter used to also be this way, but now mostly only puts paid subscribers on search engines.
If you are to organize information around topics, such as a Commodore 64 community, and the protocol openly allows copies to be made via federation, I encourage people to have the attitude that information be treated like Wikipedia content. It sucks now that so much information from 10 years ago has been just entirely lost now that so many deliberately purged their Reddit comments, etc. Tragedy of the commons. And it drags down the entire planet that people squirrel away discussions on topics that are generally public. It’s like now everyone wants to monetize even their discussions on Commodore 64 or automotive repair / have behind absolute control or paywalls /etc.
I wouldn’t consider this a tragedy of the commons situation. People entrusted reddit to remain a somewhat acceptable company, and reddit betrayed that trust.
People didn’t purge their comments to remove this information from the public, but they purged it from reddit making money off limiting the access to this information.
Reddit was always making money off their content. The tragedy is that the common knowledge is destroyed. They didn’t bother to copy it to a public place, they just nuked information and context. The loss is for newcomers on any topics. The result is the same old questions being asked over and over, which all social media sites (including Lemmy thrive on FRESH content).
Just join the Commodore 64 discord!
/s
Legally, in EU, you probably cannot scrape an instance of someone else because of the database copyright law. But I have no idea if that applies to being part of the network. Since the other instances send you their content willingly.
Maybe someone should make a license extension to ActivityPub, where instances can communicate what can and what can’t be done with the information they publish. Then at least there would be legal clarity. If it can be enforced is another question.
The thing is, the license probably doesn’t mean a whole lot in that case because of the way content is shared on the Fediverse.
As you say, you actively send your content to other websites, and licenses need at least some degree of active acceptance. Including a license field in the metadata almost certainly does not meet any kind of legal threshold. It’s significantly weaker than the EULAs they everyone knows that nobody reads.
I would think that subscribing to a community could be coupled to a license. Servers do not randomly send data, they only send it to other servers that are subscribed. And a server could technically decline a subscription.
But anyways, by default, copyright is with the creator. No idea what that looks like in legislations around the world, but if I remember correctly, in EU, just because you give a copy of a e.g. song you wrote to someone, does not actually mean they can do with it what they want. By default, you have all the rights, and the someone else needs to grant them to you. So if you give that someone also a contract where it states that he can play it in front of an audience, then they can, otherwise they cannot.
However, I am not sure how much implied consent can play a role here. By posting something on a fediverse instance, since the purpose of the fediverse is to share these posts with other servers, then by posting you may implicitly agree to this data being shared, and the next server can share it with another server again, and so on. This is the basic “boost” functionality of mastodon.
I believe though that because the purpose of the fediverse is not explicitly to train AI models or to sell the posts to someone else, it may be illegal to scrape all posts off to feed e.g. an AI model. But may also not be. We will never know until someone starts doing it and someone else sues them.
The thing is, servers don’t subscribe to anything, users do. If the end user is provided with a license, the server is not obligated to honour it, because the server didn’t agree to shit.
The content posted here has no obvious license. I wonder if an administrator could just put any license of his choice on your posts.
people joined basically with no terms of service on a lot of Lemmy instances.
People can already do that without an instance, the same way google indexes the site.
If an instance is defederated, the owners can just spin up a new instance.
I’ve always thought about what you’ve said about Lemmy when people start talking about how Lemmy is more privacy focused than Reddit.
As one of your replies have said many people in the hundreds/thousandths have a copy of your data on Lemmy - the instance owners. If you decide you’ve shared too much information then you end up asking every owner to delete that nugget of information. And realistically there is nothing to enforce it. This is one benefit of the walled garden of places like Reddit because they are legally obligated to delete the information especially in places like the EU.
In theory yes, but anyone can also scrape reddit for all its posts and comments (and someone likely is). And nobody is making them delete the data. And then there’s stuff like the Internet archive complicating stuff further.
Whilst true about anyone can scrape data off Reddit, I think it’s more of a pain since before the API updates the rate limit was 2 API calls per second. You also have to find or create a scraper. With Lemmy, you follow the instructions (copy and paste) on join-lemmy.org to create your instance and you’re done. Both methods you have to configure it to subscribe to communities, so they’re about the same.
In the EU at least there is a right to be forgotten, so yeah, Reddit and other platforms are forced to delete the data on request. I’m not sure how the same can be applied to a distributed network like Lemmy.
There were publicly available archives of Reddit. The last time I checked, you couldn’t find the latest submissions and comments. Maybe things have changed, maybe newer alternatives have appeared.
For the right to be forgotten, this only applies to personal information. E.g. information that can be associated with information, that could be used to identify you.
Since you usually have an email for signup, that would make the data fall under personal information. But reddit could just delete the email adress and your user name and show something like:
[deleted]
When does the Narwhal bacon?
And well, it is pretty difficult to find out if, when and where there is backups that still contain your information and could be given to the AI model trainers too. To find these things out, we’d need a precedence case that makes a data protection agency investigate reddit throughouly.
It’s all of the data or just the data that associates content with you, the latter if the company has a genuine reason to keep the content, which a forum generally does.
If the content cannot be associated with you then does it matter if the content is present on the website?
Creating a new instance only gets you access to content that users of your instance have subscribed to, and then mostly only content that comes in after subscription (I believe Lemmy primes the pump a bit on community subs, pulling in a handful of posts at the time of discovery, but discovery is done by users). So, there’s a limit on what you can scrape with your own private instance, and you’re taking a bit of a bet on which communities will yield what you’re looking for in the future.
It’d be easier and more reliable to just crawl the network and scrape it the old fashion way.
"If you search for a community first time, 20 posts are fetched initially. Only if a least one user on your instance subscribes to the remote community, will the community send updates to your instance. Updates include:
So you create a single user and subscribe to all communities of interest.
I probably downplayed the difficulty of setting up a Lemmy instance that will come if you do something out of order or don’t quite have the host set up correctly or something. Although I do think it’s easier than pigging about with web crawlers.
deleted by creator