I definitely hear you. It wasn't an easy call. I wrote up the result of conversations I had with a number of people in the fediverse moderation community, I'd love to hear any thoughts you have on that.

Also#nobridge in profile isn't the only way to opt out, I've been happily opting people out manually.

having a developer manually opt-out people/instances is even more insufficient as a mechanism... since it's not even a mechanism at all.

I have posted my opinion on "profile hashtags" on fedi here: https://ieji.de/@mitsunee/111921117415410712

In short profile hashtags are a convention that only works if developers stick to standardized tags instead of adding more since profile descriptions have character limits. Profile hashtags are also not replicated in meta tags in the HTML head section of any fedi software's frontends.

I see evidence that some minority communities on mastodon, etc. instances are actively scared of this bridge.

By the way, those minorities include a couple I am in.

I think on account of the "tragedy of the commons" and related phenomena, places like bluesky are more likely to attract unwanted attention to current political football groups, like trans people, who have actively avoided bluesky up until now.

Perhaps in part because they are both weary of the venture capital backing and being exploited (again) by corporate America, and perhaps in part afraid that they'll be made more visible than they want to be. They've relied on the relative obscurity and slight clunkiness of mastodon/activitypub and the 'fediverse' to shield them somewhat from that.

A lot of people in these communities want to share things, but only within the mastodon/ infrastructure, and have not been anticipating that the things they've said or shared would become visible on a larger platform with higher awareness from the general public like bluesky, especially now that bluesky is no longer invite-only.

To be clear, I have a bluesky account as well as a couple of accounts on mastodon instances. I actually don't dislike bluesky as a whole. I personally would just much rather be able to separate the two more cleanly, so that I can continue to have frank and honest discussions with others on mastodon that I might not want the whole world to see. And to not let myself indirectly be roped from one into the other.

It's a similar reason to why I don't like IRC bridges to places like discord, which makes a public or semi-public record of stuff that would not be centrally logged on IRC. It defeats the reason I used IRC instead of discord in the first place.

I know this is new and exciting technology, and you want to be in the midst of it and share with the world. I think your goals are fine and good, in theory. But there are human beings out there with different use cases, wants, needs, or whatever that you can't predict.

I beg of you to please reconsider moving forward with this opt-out policy; I'm honestly a little afraid for a couple of people I love on account of this.

If people wanted to be more visible, they'd have asked for it and/or joined bluesky.

Even if they opt out, someone can follow a chain of replies on bluesky and end up finding them on the mastodon side of things. And these people are somewhat fragile, just trying their best to engage socially at all on the web is a little scary to them. I kind of expect they might withdraw deeper into their shells after all of both mine and others' efforts to bring them out of said shells.

Regarding legality, even if it is found to be legal, I will insist it is not moral or ethical for you to so confidently and unilaterally do something that could dramatically impact the lives of so many.

If you ever happened to read Cat's Cradle, I suggest you reflect on the point Kurt Vonnegut was trying to make with Dr. Felix Hoenikker's character. I'll spell it out: He's a scientist/engineer who just needs something to focus on/play with; he doesn't really care about the ramifications of his discoveries or how his creations are used by others.

Again, it's a neat project but you are toying with human lives and need to respect them. Make it off by default, and you'll be someone who's doing something really cool. Leave it on by default and you'll be hated.

TL;DR:

Opt-in, please. Not opt-out. A lot of vulnerable people might and probably will be hurt by this. And they did not ask for it. You are choosing for them.

You are putting yourself in a position of enormous responsibility, and to me it just screams of yet another "white cishet male somewhere in California" (sorry in advance if I guessed wrong) who thinks he knows what's best for everyone else, considers himself the sole arbiter of right and wrong, and is willing to exert his position of power over others for either money or his own ego. Someone who lacks the humility to admit they were acting rashly when it's pointed out to them, and to fully back down.

(edit) "somewhere on the spectrum" means "linked" or "unlinked." Those are your two choices. This is a boolean value. Not a float.

LMK if there's anything I'm totally wrong about here. And I'm sorry again if you aren't a white cishet male somewhere in california like I guessed. That's just the vibe I'm getting. LMK and I'll change this.

Let me make this simple:

• you are posting my data without my permission on a commercial website (Bluesky)
• I have no way of requesting deletion of my data with Bluesky since I have no formal agreement or relation with them
• my content does not comply with Bluesky's ToS and thus is effectively illegal for you to even post on Bluesky to begin with
• you are not moderating the content cross-posted in either direction, neither automated nor manual, which means that you are liable for any copyrighted or otherwise illegal content being cross-posted
• you have terms of service that none of us agreed to, thereby they are null and void so whatever you intend to write in there is of no legal consequence either way, which means we have no legal recourse in case there is any violation of local or international law

All of these make it effectively illegal for you to run the service as-is.
If "nobody would use the service if it was opt-in" then you have successfully written a service that nobody would use, congrats, you should've funded a start-up instead so you could at least make off with the VC.

Let me be clear: you are breaching the law by circumventing and violating ToS, knowingly, both of the services you scrape and those you post to, which means you are legally liable. If I have to take you to court for you to understand what "consent" means then so be it. Take the service down or make it opt-in. This is not a request.

Edit: consider the following scenario:

1. I post original content that I have all rights to, I post it publicly, I post it with the express notice that redistribution of the content is not permitted as per the terms (the same as being able to link to a movie on Netflix but not being allowed to download and send it to someone)
2. you cross-post that content
3. I have legal means to pursue DMCA claims both with you (if you store the information) and Bluesky
4. I will send DMCA requests to Bluesky
5. you will get banned from Bluesky because you are literally costing them money as they have to pay people to do the moderation/support and Bluesky is a for-profit venture

Anything you do about this will only ever go one of two ways; you will personally be liable under DMCA, or you will be in violation of ToS due to circumvention of a ban (which itself is a crime in most countries, USA included).
You are simply not legally allowed to do any of this without explicit consent based on the principle of human rights, but since US law makes it easier to sue you over copyright, and because people growing up under capitalism understand those terms better, I can sue you over copyright infringement any day of the week if this goes public.

Aside from other valid points made here and elsewhere, making the bridge opt-out also damages user faith in Bluesky. If the concept behind Bluesky is a less hostile social media platform, then to forcefully grab content from other platforms seems like quite the contradiction. Subsequently, this reads as a cynical attempt to cash in on the existing popularity of other decentralized platforms. Your tagline "regulate people not code" applies here. The default should be to regulate the Bluesky community's access to other platforms, and allow them access later in good faith.

As someone who runs their own fediverse instance for themselves, and has thought about this a lot:

I do not like the concept of an "opt-out only" bridge. If I was running a server for multiple people, I would need to either:

• Block your server entirely
• Allow your server, but then tell people to "add #nobridge or get bridged to a centralized service"

neither of which, I assume, are outcomes that you want.

The other problem I have is specific to the service you want to bridge to, Bluesky. Despite launching as an ostensibly open source and federated protocol, they have neither enabled federation on their main server(bsky.social) and have not provided any verification that their open source code is actually running on their servers(this is very difficult to verify for any online service, but I digress.) Further, their service sends any media uploaded to them to a 3rd-party AI "Content Moderation" service, which goes against many of my personal principles, which is why I don't publish media there myself. See here for more details on that, the proof is in the source, however.
Again, as a multi-user instance, that is something I would feel the need to disclose to my users that was happening, further increasing my exposure to third-parties.

Now, you might ask, "what about ActivityPub? You're already essentially bridging your content with other servers!" And while yes, this is true, the issue here is one of consent. By joining my server, a user would consent to their posts being distributed by ActivityPub, throughout the ActivityPub Network(which I will call the "fediverse"). This distribution system is the only one that they consent to federating through, not that of the @Proto Network, which is the network that Bluesky uses. Therefore, this would need to be something they would additionally allow to distribute their posts in addition to fediverse distribution, not something implied as part of fediverse distribution.

Therefore, I strongly urge you to reconsider the opt-out nature of your bridge, and make the bridging mechanism opt-in only. That could be post-specific or user-specific(or perhaps both^1), but I do not agree with an opt-out mechanism, as there is no way for the entirety of the fediverse network to opt-out of your tool.

^1: The way this could work is with a #yesbridge hashtag that can be applied to user profiles and also user posts. The following situations would happen:

• A post from a user with #yesbridge in their bio and no hashtag(or additionally having #yesbridge) in the post would federate to bluesky.
• A post from a user with #yesbridge in their bio and #nobridge in the post would not federate to bluesky.
• A post from a user with #nobridge(or no hashtag) in their bio and #yesbridge in the post would federate to bluesky.
• A post from a user with #nobridge(or no hashtag) in their bio and #nobridge(or no hashtag) in the post would not federate to bluesky.
  This provides explicit opt-in by default, with the ability to not federate specific posts if the user does not want it on bridged services. If the user wants all their posts to federate, add #yesbridge to profile and move on. If they don't want that, either leave no hashtag or add #nobridge, either is a workable option. If they only want specific posts to federate, add #yesbridge to that specific post, and only that one will federate. I believe this would allow the most user flexibility, but again, this should be opt-in by default.

Please ask me questions about any of the points I make here, I would be glad to answer them!

It wasn't an easy call.

It's the wrong call. Shut down your project before you harm people.

Putting the burden on others do have to do work to not be part of a network that they never signed up for is totally arrogant.

I have no interest in participating in Bluesky. That alone should be enough to not be involved in it.

Your project is inherently flawed and needs to be opt-in only.

The best time to make a service like this opt-in was when you originally designed it. The second best time is right now.

Opt-in is the only way to make this acceptable to much of the fediverse. Make it opt-in.

Instead of the opt-out system, why not utilize the existing system in Mastodon for determining if a profile wants to be publicly searchable?

misuse of yet another feature does not fix misuse of the federation protocol. The searchability permission is specifically for the purpose of search within the network and does not constitute permission for scraping or otherwise extracting data from the profile for external use.

I definitely hear you. It wasn't an easy call.

And yet it's still the wrong one.

I wrote up the result of conversations I had with a number of people in the fediverse moderation community, I'd love to hear any thoughts you have on that.

It comes across as trying to justify what you want to do, rather than arriving at a conclusion after carefully balancing competing interests.

For example, you say:

for services like bridges that live and die by network effects, opt-out seems like the only way to be broadly useful

Useful for whom?

If your bridge is such a great idea, people will choose to use it, no? Opt-out means you believe that you know best what is good for a whole Fediverse full of other people with diverse wants and needs. That's… a bold move from someone who, by their own admission, has a vested interest in the option you've picked, and "plenty of privilege to check, and not much lived experience of being harassed or mistreated online."

I'd want to be pretty confident the evidence was on my side for such an extraordinary claim.

First off, I’d dearly love a thorough, comprehensive threat model of human interaction online. Threat modeling is an important technique from the security community that I’d love to see applied to human behavior more often.

The trouble with this idea is that it's not even wrong. Different people have different threat models. You'll end up with something so simple it's useless, or so complicated it's useless. You can't technology harder your way out of social challenges.

Engineers need to stop trying to turn humans into math.

Please reconsider your plan.

Let me offer an additional perspective.

You are only the most recent in a long line of privileged, insulated techbros to make a fedi scraper/cross-poster.

Nearly every single prior one over the last five plus years has been shut down (usually after being suspend-stonewalled from most of the network) due to consistent, escalating outcry over assuming users’ consent to participate (either opt-out, or no option at all).

The ones that remain, are opt-in only.

Feel free to see my very non-exhaustive list: https://cathode.church/fedi-scraper-counter.html

Ok, so your posts aren't allowed on an akkoma instance? What about lemmy?

This is clearly referring to data collection and analytics and it's disingenuous to try to interpret it as anything else

ok, maybe it was too long a post, so I'll copy/paste the last part here: « but really, don't analyze that one further, the privacy policy on mastodon.social seems to be an incoherent unenforceable joke »

Mastodon lacks terms of service, which usually contain a clause about users granting the service a non-transferrable license to reproduce their posts, and sometimes explicitly the license terms, e.g. CC-0.

Wow, what a long and deep conversation! I appreciate how civil it's been.

I disagree with @Mitsunee 's premise that the fediverse is a place to hide from others. The point of the fediverse is to connect with others, with full control and safety. It's for making connections between networks of different sizes and implementations.

We have ample tools to control who can connect with us on the fediverse -- the visibility of our posts, deciding who can and can't follow us, personal blocks, domain blocks, and filters. Extra opt-out features like a profile hashtag, searchability flags, or indexibility flags give even more control.

With any other network on the fediverse, we allow connections to get started first, and then use these control mechanisms to shape our experience as individuals and as instance communities. I think it's perfectly reasonable to do that with this bridge, too.

People should calm down. At least on a Mastodon instance you have 4 choices for every post you create. I think that bridge will respect these visibility settings as they appear to be part of the protocol.

And if you are not happy with these settings and deem them to not be enough, then you are most definitely in the wrong place for your communication needs. I would assume you want to communicate only with trusted people whom you know personally and so my suggestion is to set up a private and secure BBS as your safe space.

Wow, what a long and deep conversation! I appreciate how civil it's been.

I disagree with @Mitsunee 's premise that the fediverse is a place to hide from others.

it's not Mitsunee's premise

With any other network on the fediverse, we allow connections to get started first,

wrong: for example, plenty of instances decided to proactively defederate Meta's Threads

and then use these control mechanisms to shape our experience as individuals and as instance communities. I think it's perfectly reasonable to do that with this bridge, too.

it would almost be possible if that bridge was one instance: defederate it and be done with it. But it's not an instance, it's a software, it's possible to create dozens of instances, each of which would need to be actively managed.

The default behaviour needs to be the safe respecting one.

as an instance owner, and given that my server is located in the EU, with all data handled locally i'm fairly sure this violates GDPR, and a load of other stuff as well, although i am not a lawyer.

Which GDPR article do you think it violates?

the most obvious one is this.

https://gdpr-info.eu/recitals/no-18/

hope this helps!

People should calm down. At least on a Mastodon instance you have 4 choices for every post you create. I think that bridge will respect these visibility settings as they appear to be part of the protocol.

wrong problem

And if you are not happy with these settings and deem them to not be enough, then you are most definitely in the wrong place for your communication needs. I would assume you want to communicate only with trusted people whom you know personally and so my suggestion is to set up a private and secure BBS as your safe space.

wrong problem and definitely wrong suggestion

People should calm down. At least on a Mastodon instance you have 4 choices for every post you create. I think that bridge will respect these visibility settings as they appear to be part of the protocol.

And if you are not happy with these settings and deem them to not be enough, then you are most definitely in the wrong place for your communication needs. I would assume you want to communicate only with trusted people whom you know personally and so my suggestion is to set up a private and secure BBS as your safe space.

if people want to post on bluesky they will create a account there. using mastodon and not bluesky almost always happen for some reason or another.

Wow, what a long and deep conversation! I appreciate how civil it's been.

I disagree with @Mitsunee 's premise that the fediverse is a place to hide from others. The point of the fediverse is to connect with others, with full control and safety. It's for making connections between networks of different sizes and implementations.

We have ample tools to control who can connect with us on the fediverse -- the visibility of our posts, deciding who can and can't follow us, personal blocks, domain blocks, and filters. Extra opt-out features like a profile hashtag, searchability flags, or indexibility flags give even more control.

With any other network on the fediverse, we allow connections to get started first, and then use these control mechanisms to shape our experience as individuals and as instance communities. I think it's perfectly reasonable to do that with this bridge, too.

1. Glad to see you around. Really glad.

2. If I may say, I don't think "hiding from others" is the point that Mitsunee was making. Was that the case, Mastodon still has many holes.

But I'm sure you fully realize the scope of the adversarial users they are concerned about. Harassers will exploit every single tool to reach out to them.

There are also tech absolutist people working hard to fork things in a way they can subvert the measures that people put in place. And they are not directing this adversarial interop against oppressors, monopolists or the powerful and the rich. They are turning it against minorities. People has the right to ask for opt-in and have a say if they see something concerning is being built.

The expression you used, "full control and safety", I could not agree more with it. But control and safety are also related to trust. And I think it's fair to say there is an abundance of concern and lack of trust by some users on platforms like Blue sky.

I know ActivityPub was born with the innate desire to connect. It does what it's supposed to do. But technology is also shaped by culture and use. I understand that "consent" may not be a technology, but it is the philosophy that is informing many people and many technology behind Mastodon. Although I suppose you know a gazillion things more than me, so I would like to know more if you are willing to share.

There

Wow, what a long and deep conversation! I appreciate how civil it's been.
I disagree with @Mitsunee 's premise that the fediverse is a place to hide from others.

it's not Mitsunee's premise

With any other network on the fediverse, we allow connections to get started first,

wrong: for example, plenty of instances decided to proactively defederate Meta's Threads

and then use these control mechanisms to shape our experience as individuals and as instance communities. I think it's perfectly reasonable to do that with this bridge, too.

it would almost be possible if that bridge was one instance: defederate it and be done with it. But it's not an instance, it's a software, it's possible to create dozens of instances, each of which would need to be actively managed.

The default behaviour needs to be the safe respecting one.

I love how you are trying to tell one of the founders how the Fediverse works. It is that persons premise, the fediverse does operate on a reactive deny list, pre-emptively blocking Threads.net doesn't change this. Connections are allowed and then people make blocks afterwards, he knows what he and others built.

It is that persons premise, the fediverse does operate on a reactive deny list, pre-emptively blocking Threads.net doesn't change this. Connections are allowed and then people make blocks afterwards, he knows what he and others built.

I may be wrong, but I don't think that he was referring to the technical side of thing, the protocol and all that. I think that he was referring to the way people organize and use it (at least that's what I was referring to). And I pointed out one case (others exist, gab for example), where plenty of instances preemptively chose to block another actor for a number of reasons (security, privacy,...).

Those blocks were easy since each one related to one single instance.

This bridge, if opt-out, would make that kind of preemptive block much more difficult since there could be dozens of instances of the bridge connecting to the same BS.

Many users are on the fediverse because of the relative security compared to other social networks (thanks to the moderation tooling). That bridge, if opt-out by default, would make it much more difficult to keep the safety.

Sorry all, but I'm locking this issue. Insults and ad hominems aren't helping, and a critical mass of the useful points has probably now been made. Much of this conversation can and is also happening on the fediverse itself; hopefully it can continue there.

I'll leave this issue and the existing comments up, so that the discussion is preserved. I plan to work on a new discoverable opt in idea, #835 (comment), see how it goes, and hopefully use it instead of pure opt out. Assuming it works, it obviously would have been better to figure out beforehand. That's on me, and the backlash I've received is probably warranted to some degree. Sorry. Lots more to do before this can launch, in any form.

Merging into #880.