The official Mastodon app (and most other Fediverse apps) do not collect any data about you.
When you sign up on a Fediverse server, it asks for the minimum amount of information (an email address and a password) and none of this info goes to the app or app makers.
This is in stark contrast to other social networks which seem to collect lots of personal info. See the attached image for a comparison of the privacy policies of various official social network apps.
like this
reshared this
Mariusz Klimczak
in reply to Fedi.Tips • • •Edward Jazzhands
in reply to Mariusz Klimczak • • •Mastodon Migration
in reply to Edward Jazzhands • • •Well, it is certainly better than Threads, but how do you think Bluesky plans to make a buck? It's you. Your content and your personally identifying data. If you are cool with that, go for it.
Mariusz Klimczak
in reply to Mastodon Migration • • •Cheers!
Mastodon Migration
in reply to Mariusz Klimczak • • •It's all good. You do you.
Edward Jazzhands
in reply to Mastodon Migration • • •I'm on Mastodon because I love the whole idea of a voluntary decentralized network. But at the same time... I'm also not like super opposed to the concept of a company needing to use some of my data to sell targeted advertisements, so they can make some money doing it. Being a software developer myself I completely understand that people have mouths to feed and business is business. I -love- l open source software, and I contribute. But it also doesn't pay bills a lot of the time.
If its done in a responsible way, like Bluesky seems like they're trying to, it's not that big a deal. I prefer Mastodon but I'm also not terrified of companies selling me targeted ads. As long as I feel like the company doing this ad brokering is somewhat responsible, its fine.
There's a very big difference between selling targeted ads (while keeping your data inside the company's own databases), and literally selling your data.
Fedi.Tips
in reply to Edward Jazzhands • • •BlueSky are a for-profit corporation backed by VC money.
Whenever this structure has been applied to online services, it has inevitably resulted in "enshittification" where initially-reasonable policies gradually spiral out of control into full-scale surveillance. The VC investor-owners will demand ever more growth, and eventually the only way to grow will be to screw users.
VC-funding is incompatible with respecting users in long term.
reshared this
Mastodon Migration e Oblomov reshared this.
Luca
in reply to Fedi.Tips • • •@edward_jazzhands @mastodonmigration @mariuszklimczak this type of fear mongering and hand-wavy prophecies frankly undermine the whole message and merit of the mastodon model.
βWeβre better because they are worse, believe meβ.
Mastodon Migration
in reply to Luca • • •@securescientist @edward_jazzhands @mariuszklimczak
FediTips did not "fear monger" nor "handwave" they stated facts. Corporate websites need revenue to satisfy their investors. Revenue does not magically happen. They need to sell something to someone. If it is not in app ads it can only be your content and your personal data. In time it will likely be both. That's just facts.
If you are fine with this, that's cool, but that's the way it is.
Luca
in reply to Mastodon Migration • • •@mastodonmigration @edward_jazzhands @mariuszklimczak thatβs just goodβol anti capitalist sentiment. Of course money has to come from somewhere, whether that requires to βscrew usersβ by βdisrespectingβ them inevitably leading to a βfull-scale surveillanceβ setup is prophetic fear mongering.
Ideology has always been myopic.
Fedi.Tips
in reply to Luca • • •@securescientist @mastodonmigration @edward_jazzhands @mariuszklimczak
Money does have to come from somewhere, but covering costs and growing profits are two totally different things.
A lot of the essential infrastructure that for-profit activity depends on isn't itself for-profit. For example most roads are just funded to cover costs, they aren't growing profits or even making any profit at all.
Mastodon Migration
in reply to Luca • • •@securescientist @edward_jazzhands @mariuszklimczak
Luca. Not trying to be disrespectful here. But, rather than speak in generalities, please try to think about it from a business perspective. Initially money comes from investors, so they can offer free stuff. But investors only do this to attract users. Eventually the business must make money. So they must sell something. What do you think Bluesky will sell? Serious question. What are their options for making money?
Luca
in reply to Mastodon Migration • • •Mastodon Migration
in reply to Luca • • •Luca
in reply to Mastodon Migration • • •Mastodon Migration
in reply to Luca • • •It is. Guess you mean that you don't think all surveillance capitalism is bad. In that, you are certainly in the majority, because most people willfully give away all their personal information.
Some of us here on Mastodon are particularly sensitive to the issue because of all the history of abuse. Also in the US we don't have GDPR so the government is not a protection from the worst abuses.
Oblomov reshared this.
Luca
in reply to Mastodon Migration • • •Our Plan for a Sustainably Open Social Network - Bluesky
BlueskyFediThing π³οΈβπ
in reply to Luca • • •Whatever principles are set out are meaningless once the pressure is put on them to grow faster.
BlueSky is very reminiscent of Ello:
waxy.org/2024/01/the-quiet-deaβ¦
TL:DR:
"Despite their idealist manifesto and their Bill of Rights, I donβt believe they could ever truly be in partnership with their community once they were taking large amounts of venture funding. All of their ideals and big dreams were easily undone, even the legal restrictions they defined in their Public Benefit Corporation charter."
The Quiet Death of Ello's Big Dreams - Waxy.org
Andy Baio (Waxy.org)Fedi.Tips
in reply to Luca • • •@securescientist @edward_jazzhands @mastodonmigration @mariuszklimczak
It's not "hand-wavy prophecies" or "fear mongering", it's just what has happened and will happen again with orgs that use this particular structure.
If you take investment money you are giving investors power over you. Investors, especially VCs, don't just want to cover costs, they want profit growth. In the online world, that inevitably leads to surveillance and "enshittification". Can you give an example otherwise?
Fedi.Tips
in reply to Edward Jazzhands • • •They don't need to gather that through the app though if they really are a decentralised network.
(But they are much more reasonable requirements though than Threads etc, yes!)
P Stewart
in reply to Mariusz Klimczak • • •Fedi.Tips
in reply to P Stewart • • •@pstewart
Yeah... what exactly is that? π€ I tried looking at Apple's info page and it just describes it as "Sensitive Info". π¬
P Stewart
in reply to Fedi.Tips • • •Fedi.Tips
in reply to P Stewart • • •Good grief... π¬
That is just dystopian. That kind of info could get people arrested (or worse) in countries with repressive regimes. π
Fedi.Tips
Unknown parent • • •That's the point. The fediverse separates the app maker from people running lots of indie servers, so info isn't centralised in any one place. It means people can choose who to trust with their info or even set up their own server.
Plus servers collecting the absolute minimum amount of info means there isn't much info kicking around anyway (except what users choose to post).
The fact the BlueSky app collects any info is a red flag as decentralised networks are supposed to avoid this.
Spokeek
in reply to Fedi.Tips • • •Baral'heia Stormdancer ΞΞπ²
in reply to Spokeek • • •βBluesky Social
App StoreSpokeek
in reply to Baral'heia Stormdancer ΞΞπ² • • •Fedi.Tips
in reply to Spokeek • • •βInstagram
App StoreRobert Link
in reply to Fedi.Tips • • •Lunariansia
in reply to Fedi.Tips • • •Isn't that a well known thing though? Most people here on Mastodon already know that Mastodon is privacy respecting, alongside most Fediverse apps. Don't get how thats a tip.
Also, they are operated by huge greedy companies, of course they'll collect data.
It's the sad truth.
Fedi.Tips
in reply to Lunariansia • • •@lunariansia
No, not everyone knows.
For example someone replied to this post as follows:
infosec.exchange/@SpaceLifeForβ¦
SpaceLifeForm (@SpaceLifeForm@infosec.exchange)
Infosec ExchangeLunariansia
in reply to Fedi.Tips • • •ch0ccyra1n
in reply to Fedi.Tips • • •Fedi.Tips
in reply to ch0ccyra1n • • •@ch0ccyra1n
None that I'm aware of, but there are so many apps available that it's difficult to know about all of them.
Main thing is to check an app's app store privacy section before you install an app (which is where the info in this post came from).
Toni Aittoniemi
in reply to Fedi.Tips • • •emeritrix
in reply to Fedi.Tips • • •Fedi.Tips
in reply to emeritrix • • •@anarchademic
Yes, because the website will only want your login details and doesn't collect other info.
However, as @ekis says bear in mind that Mastodon (and all the other social networks listed) use a database system that the server owner may have access to. In theory a server owner could manually look directly at the database to view private messages, but this would be true on all these social networks.
she hacked you
in reply to emeritrix • • •@anarchademic The service you access via the browser is a web application. So it will depend on the server you use, and the admin
However, this data can be crawled by practically anyone (web app on server/admin dependent)
Additionally, there is no encryption on private messages (by default), so they are as private as the server (or servers if its cross server) is secure and the admin isn't a creep
You have more control because you can at least "vote" with your decision of server
Fedi.Tips
in reply to she hacked you • • •@ekis @anarchademic
"You have more control because you can at least "vote" with your decision of server"
Also, Fediverse servers only collect the bare minimum needed to run the service.
That makes the Fediverse safer than networks that demand phone numbers or stuff like that (which Twitter, Facebook etc do quite a lot).
she hacked you
in reply to Fedi.Tips • • •Fedi.Tips
in reply to she hacked you • • •Timon π
in reply to Fedi.Tips • • •Claudius
in reply to Timon π • • •I can show you 1000 working Fediverse servers. Can you show me 10 Bluesky PDS'?
Timon π
in reply to Claudius • • •FediThing π³οΈβπ
in reply to Timon π • • •BlueSky servers aren't properly independent servers the way Fediverse servers are.
BS is structured so that servers depend on relays that are much more expensive to run. The plan seems to be that corporations will run the BS relays, and all the individual BS servers will be dependent on them.
Timon π
in reply to FediThing π³οΈβπ • • •What entity runs a relay is 100% up to the people. If you want to come together and have a relay run through donations and community support you can do that.
No different to how mastodon.social and other large instances operate.
the kangaroo
in reply to Fedi.Tips • • •Which official Fediverse agency has designated this app as βThe official Mastodon appβ? What does it mean to be βThe official Mastodon appβ and what distinguishes it from other Fediverse clients?
This Mastodon access software centricity is so outdated.
zeitverschreib [friendica]
in reply to the kangaroo • • •@the angry kangaroo
That would probably be Mastodon gGmbH.
"Our story
Mastodon gGmbH is a non-profit from Germany that develops the Mastodon software."
@Fedi.Tips
Fedi.Tips
in reply to zeitverschreib [friendica] • • •@zeitverschreib
I cannot reply to the original post, but "official" apps mean ones designated by the developers of the server software the app is designed to work with.
So, in this case, it's the developers of the main branch of Mastodon which is Mastodon gGmbH as Zeitverschreib said.
Another example would be the official Pixelfed app, which is designated by the developers of the Pixelfed server software.
You don't have to use these though. In fact the third party apps tend to be better.
Fedi.Tips
Unknown parent • • •@jerrymacgp
It is definitely not as bad, but it's a bit weird they are collecting anything as they are supposed to be decentralised.
Fedi.Tips
Unknown parent • • •Yup, totally agree.
BlueSky have set themselves up to enshittify by being a for-profit backed by VC money. They'll tempt people in and then gradually ramp up the problematic behaviour as the drive for profit increases.
That's why I'm steering clear of BlueSky, they seem to want to turn themselves into another Meta.
andybrwn
in reply to Fedi.Tips • • •Adrian Morales
in reply to Fedi.Tips • • •What's really amazing is that you don't need to use the official app. Unlike Reddit and Twitter/X that have killed off third-party support, the Fediverse can be accessed through numerous apps.
Decentralisation is the future!
Anomaly likes this.
βππ£πππͺ! β β₯β£β¦
in reply to Fedi.Tips • • •Just Bob πΊπ²βπ§πͺ
in reply to Fedi.Tips • • •Talking security, I keep hoping that XMPP will become the DM system because it uses end to end encryption and has been around for years. No need to reinvent the wheel. Plus it can be connected to the ALSO de-federated chat servers π
If only I knew JavaScript to make a bridge...
Anomaly likes this.
Andika Candra Jaya
in reply to Fedi.Tips • • •Antoine D.
in reply to Andika Candra Jaya • • •@AndikaCJ
Earlier, @james said there's no audit.
bne.social/@james/113335420937β¦
James Cridland
2024-10-19 18:08:01
Fedi.Tips
in reply to Antoine D. • • •@antdesros @AndikaCJ @james
The official Mastodon app is open source, outsiders with the necessary programming knowledge can see all of its workings at any time:
github.com/mastodon/mastodon-iβ¦
github.com/mastodon/mastodon-aβ¦
If it was spying on people, it would be very easy for outsiders to spot it.
The same goes for most third party Mastodon apps as they are mostly open source too.
GitHub - mastodon/mastodon-ios: Official iOS app for Mastodon
GitHubJulian Andres Klode π³οΈβπ
in reply to Fedi.Tips • • •@jerrymacgp Contact Info, User Identifiers, and the User Content you upload are of course also collected by Mastodon (your server and any other server who ever requested your profile).
I mean these are the 3 identifying characteristics of a social network. 'Who are you', 'Where else might I know you from' and stuff you post.
Toran Shaw - M7TOR
in reply to Fedi.Tips • • •Anselm SchΓΌler
in reply to Fedi.Tips • • •Fedi.Tips
in reply to Anselm SchΓΌler • • •@anselmschueler
It is worrying that BlueSky is already collecting data they don't need.
"(which Mastodon would then "collect", too)"
No, they wouldn't. The makers of Mastodon's software and the owners of Mastodon servers are totally separate things.
Most people are on third party Mastodon servers which have no connection to the makers of Mastodon's software or the official apps.
This is one of the points of decentralisation, to avoid having any kind of central control point.
Anselm SchΓΌler
in reply to Fedi.Tips • • •Anselm SchΓΌler
in reply to Anselm SchΓΌler • • •Fedi.Tips
in reply to Anselm SchΓΌler • • •The reason to believe otherwise is to compare the entry for Mastodon and BlueSky.
According to their app store entries, Mastodon collects nothing, BlueSky collects something.
This is the point of my original post with its comparisons of screenshots from app stores.
Anselm SchΓΌler
in reply to Fedi.Tips • • •Fedi.Tips
in reply to Anselm SchΓΌler • • •@anselmschueler
Ahh okay... that's an interesting point. It would be good to have more info on that.
Mastodon Migration
Unknown parent • • •@nitrobear @edward_jazzhands @mariuszklimczak
Companies need to make money someday. You can't just keep using invested money. That's not a business. They need to generate revenue to offset their costs. That's the way it works. And, selling domains is not going to pay the rent.
Fedi.Tips
Unknown parent • • •@kayo77
I think it's because they're not seeing this happening directly.
If someone came up to them in the street and started following them around 24/7, filming them, recording their location, demanding their financial and medical details, stealing their browsing history, asking if they are pregnant etc they would feel differently.
Because this surveillance happens within their phone, at some level people can pretend it isn't happening.
Fedi.Tips
Unknown parent • • •@halva
BlueSky's app shouldn't be collecting data though, if they really are decentralised. Mastodon's app doesn't collect anything at all.
(Also, as BlueSky is a for-profit corporation backed by VC money, guessing we will see ever more bullet points pop up on BS's surveillance list in the future.)
nikol reshared this.
Fedi.Tips
Unknown parent • • •You don't need public goods to be profitable. Roads aren't profitable, parks aren't profitable, firefighters aren't profitable, but they serve society and we all depend on them (even for-profits depend on the existence of non-profit services).
Mastodon has been going since 2016 without ads or investors, and parts of the Fediverse are even older. It is possible to do social networks without ads or for-profit structures.
projectmoon
in reply to Fedi.Tips • • •I don't really see how social media can be profitable without ads, at least if you want people to use your service. For better or worse, social media services are free* (heavy asterisk). So convincing people to pay for a subscription to sustain the service is pretty much a non-starter.
Untargeted ads could possibly work. But then that won't grow as much, which of course is incompatible with investors that demand as big of a return as possible. But it might be long term sustainable without hoovering up user data?
Fedi.Tips
in reply to Fedi.Tips • • •p.s. If you want another online example, the World Wide Web wasn't exploited for profit, it was turned into an open standard.
If we have interoperable online standards that anyone can take part in without involving corporations, then people are free to choose the kind of online world they want.
Fedi.Tips
Unknown parent • • •The email goes to your server, not to the app. The signing in process on the official and third party Mastodon apps happens through your server's website (that's why it looks like a browser when you do that part of the signing in, it is using your phone's web browser for that part).
"you give it images and videos etc (user content). "
That isn't going to the app, that's going to your server. The data from those isn't passed on to the app.
Emma (IPG)
in reply to Fedi.Tips • • •Fedi.Tips
Unknown parent • • •The point I'm making is this data doesn't need to be collected by the app, yet BlueSky is doing this according to their app store privacy list.
BlueSky is behaving like a centralised service while advertising itself as decentralised.
Emma (IPG)
in reply to Fedi.Tips • • •Fedi.Tips
Unknown parent • • •@ipg
BlueSky's own app store entry says it IS collected by the app.
Emma (IPG)
in reply to Fedi.Tips • • •Fedi.Tips
Unknown parent • • •@ipg
I did a post comparing the priacy sections of app store entries, and it's that post which Halva linked to in the original post of the thread we are in. (social.growyourown.services/@Fβ¦)
They even tagged me to make sure I saw this quote-post.
The reason I'm discussing app store entries is because that's what this whole conversation is about. If you aren't interested in this topic, you don't have to be joining in with this thread.
Fedi.Tips
2024-10-19 16:32:35
Emma (IPG)
in reply to Fedi.Tips • • •Fedi.Tips
Unknown parent • • •That's the whole point though: separating the app and the server is a really good thing.
When the app and the servers are run by different people using open standards, it gives end users the ability to combine a non-surveillance app with a server run by people they trust, or even set up their own server.
Services which spy on you through the app anyway and/or force the user to use a particular server, are taking away this power from the user.
Emma (IPG)
in reply to Fedi.Tips • • •You're also trying to extrapolate that those app store privacy listings mean anything negative about the privacy implications of Bluesky versus Mastodon, you are doing more than "discussing just the app store listings" by presenting them in that light
Reality is: Mastodon app collects your email address in the same manner the Bluesky app. Why is the Bluesky app being marked down in your presentation of it for this and not Mastodon?
Would you say that Threads is privacy-safe if Facebook just turned off all those self-reported privacy tags?
Fedi.Tips
in reply to Emma (IPG) • • •"Mastodon app collects your email address in the same manner the Bluesky app."
...but it doesn't. Your server collects it, which in your case is wetdry.world. Your server then sends a token to your app saying that your email and password were correct, but it doesn't tell the app what they are.
It's an open source app, outsiders can check to see what happens.
Fedi.Tips
in reply to Fedi.Tips • • •@james @antdesros @AndikaCJ @Cal
p.s. As for IP addresses, it's impossible to use anything online without giving some form of IP address. That's how the internet knows where to send stuff. It would be like trying to order something to be delivered without giving any kind of delivery address.
That doesn't mean you have to give your own IP address, the Tor network and VPNs let people hide it.
Fedi.Tips
Unknown parent • • •@ipg
"most users of the Mastodon app are on mastodon.social, this is a fact"
Again, just not true.
Mastodon.social is the largest server, but most people are on other servers. You can check at fedidb.org/software/mastodon for example.
If you start conflating server and app, you are taking power away from the user by making it harder to tell what is invading their privacy or not.
FediDB, Fediverse Network Statistics
fedidb.orgEmma (IPG)
in reply to Fedi.Tips • • •and this is the same case with Bluesky - in my case is bsky.social (i haven't had the time to set up my own) but could easily be any other instance of ATproto... it's not different in the slightest
the only difference is Bluesky is actually reporting the truth to Apple's privacy listing that yes, data *is* being collected by *a* server that is likely theirs (same with the Mastodon app - most users of the Mastodon app are on mastodon.social, this is a fact)
Fedi.Tips
Unknown parent • • •@ipg
I agree that's a horrible horrible thing the app makers are doing now, they shouldn't be promoting mastodon.social.
I've posted critcising them about this many times, and have an entire section on my website telling people not to use mastodon.social (fedi.tips/its-a-really-bad-ideβ¦).
But it doesn't change what data is collected by the app itself.
Mastodon.social is not a good way to join Mastodon. If youβre already on it, you might want to move your account to a different Mastodon server. | Fedi.Tips β An Unofficial Guide to Mastodon and the Fediverse
fedi.tipsEmma (IPG)
in reply to Fedi.Tips • • •Fedi.Tips
Unknown parent • • •An app for an online service doesn't have to collect any data at all.
It just needs a token from your server confirming you have signed in successfully and that you want to use the app with your account.
That's how most Fedi apps do it.
Emma (IPG)
in reply to Fedi.Tips • • •FediThing π³οΈβπ
Unknown parent • • •@shapr
(Replying through my other account to avoid filling peple's timelines)
Totally agree, firefighters are worth every penny and probably do pay for themselves in terms of reduced "externalities", same with most public services.
They're just not run to make a profit, but to provide something useful to society.
Shae Erisson
in reply to Fedi.Tips • • •For example, if you give homes and support to those who don't have them, that's cheaper than the cost of emergency services.
I can find the citation, I learned this at a USA housing and urban development conference.
Claire Barnes
in reply to Fedi.Tips • • •Dragon-sided D
in reply to Fedi.Tips • • •Bill, organizer of stuff
in reply to Fedi.Tips • • •Fedi.Tips
in reply to Bill, organizer of stuff • • •The image is just screenshots of the Apple app store, I don't have any copyright over them so you don't need my permission. All I did was put them together and label each screenshot.
(But thank you for asking first! π )