• 0 Posts
  • 17 Comments
Joined 1 year ago
cake
Cake day: June 16th, 2023

help-circle
  • Sorry if I wasn’t clear about that. My essential thinking with the NAS was: Cloud is nice, but how vulnerable are you if the Cloud provider turns evil?

    With Apple and Google, you’re basically screwed and there is nothing you can do.

    With a NAS, you own the server. You don’t rent it. You own it. You can hold the thing that stores all your private data in your own two hands.

    So what if the data center I host my backups on becomes evil? Well, then they find a bunch of encrypted blobs they can’t access while I move my backups to a different host. I’m not sure even the server hosting you’re talking about is as secure as that. What if they become evil? How much access do they have to your data? All “evil” takes is a single policy change from a suit who has no idea about actual tech. It happens all the time.

    Maybe that comes off as paranoid, but with all the data breaches and enshittification happening lately I feel much more secure having my data literally in my own two hands and a built-in defense against evil policy changes/government overreach for anything that must be hosted externally. Coupled with Tailscale for remote access I believe this as secure as you can get.

    And again, Synology was my choice for ease of use, but you can build a capable NAS from an old Optiplex on ebay for 200 bucks + drives.


  • I don’t really understand your comment.

    PC breaks? House burns down? My data is encrypted in a datacenter. My account gets cancelled? My data is on my NAS.

    I don’t store much data on my PCs or devices at all. Any data that is there I treat as transient. The NAS acts as permanent storage. So if the devices die, I can quite literally restore them to the state they were in within hours of their death from the NAS. If my house is hit by a tornado and my NAS dies, my data is safely encrypted in an external location. I’ve lost nothing. If my NAS, devices, and Wasabi’s data center are all hit by tornadoes at the same time we have bigger problems to worry about. If that ridiculous scenario happened your server would not be immune either.

    I’m not seeing the advantage of your rented server vs having backups in the cloud. Is it because the server will keep running? But if you’ve lost your devices in a fire you still can’t access it whether it’s running or not. When you replace your device you can then connect to your server, but I can simply download my data again. HyperBackup Explorer is available for every platform and can do a full restore back to a NAS, or individual file downloads for anything else.


  • I felt this “prison” very strongly with iCloud. Don’t get me wrong, I think iCloud functions exceptionally well. It’s an extremely well integrated cloud and works seamlessly with all Apple products. It’s just that after a while I start to realize just how much of my life was sitting on Apple servers and what a dependency I had on Apple, hoping they are the good guy (narrator: they were not, in fact, the good guy) or at least, not as bad as the next best option (I feel Google has legitimately become evil at this point). I was constantly reading about security and getting myself worried, etc.

    Finally I just bought a NAS. Synology is my current choice, but use whatever you prefer. A NAS can replicate anything the “cloud” can do, it’s faster, it’s safer, it doesn’t rely on the good graces of any cloud provider. YOU hold the access to your data. As it should be. I still use the “cloud” for my backups with HyperBackup sending encrypted backups to Wasabi, but that is a different matter. Even if Wasabi decided to be evil, my data is encrypted before it ever leaves the NAS and Wasabi could never see my raw data like Apple/Google can.

    The only thing holding people back from this, I guess, is price. Apple charges $0.99/month for 500gigs, while just the NAS itself with no drives will cost you several hundred. But man, not being worried about the latest cloud drama, government overreach, privacy scandals, etc is worth every cent. A Synology NAS with Tailscale is just about the safest place to put my data. All the Snyology mobile apps even pass the gf test for features and ease of use. I recommend a small 2-bay NAS to everyone I can.

    Turn off the cloud, and take your data back.


  • Most people don’t understand what this is or why it’s important. And that’s not their fault. The kneejerk reaction to having data collected is justified due the amount of companies who abuse it. I mean the amount of stuff you have to turn off (and block the stuff you can’t turn off) just to use Windows in a reasonable manner is insane.

    I don’t fault people for reacting to this news, even though it’s not even really news. Developers need to know how people use their products if they want to make them better. And it’s opt-in, which is the right way to do it. 1Password certainly knows this and the fact they’re trying to be so transparent shows that they know they need to prove what they claim.

    1Password has built a lot of trust with it’s users over the years. There was some controversy over switching to a subscription model, but realistically $3.50/month to have the most important data you possess hosted securely (and they’ve been super transparent about that security too) seems like a no-brainer. To my mind, 1Password isn’t going to do anything to jeopardize their place in the market when there are free and self-hosted services out there. Probably they want to use their app, which is already the best of any password manager I’ve ever used, to be the thing that sets them apart from the competition. And to do that, they need to know how people use it to know what could be better.


  • The reason is because of 5 years of nonstop propaganda from the GOP and tax payer funded expedition into Hunter Biden (the probe began in 2018). And after all that talk, all the lies and misinformation, all of your money they spent in their retaliatory attack on Hunter Biden, they come up with two misdemeanor tax counts and a minor gun charge. Yeah, sure. He did it, he deserves whatever the consequences are for it. But what was uncovered was not worth the amount of time and money, and lets face it, propaganda, the GOP put into it. I promise they spent more money trying to uncover something, anything, Hunter did than the $100,000 he owes the IRS.

    So for me it’s not so much that Hunter doesn’t deserve to be charged, it’s the means by which the charges we filed and the extreme amount of wasted time and money and poisoning the well the GOP has done to arrive as such minor charges.


  • Thank you for the clarification there. I hope you don’t mind having this conversation with me, I’m learning a lot by interacting with people on this topic. I don’t want you to feel like I’m arguing with you though. So the GDPR seems fairly bullet proof, but it only applies within the EU. So how about a scenario like this:

    Your instance is hosted in the EU and has the full protection of the GDPR. My instance is hosted in the US where the GDRP does not apply. Your instance federates with mine. I federate with Meta. Meta now has your data but they didn’t get it from a GDPR protected source. You consented to give it to me, and I consented to give it to them. They have no obligation to uphold the GDPR because they’ve had no interaction with your instance whatsoever, they’ve simply accepted what I gave them and that transaction occurred within the jurisdiction of the US.

    Maybe the GDPR still works here, I don’t know. But I guess my point is that if I can come up with endless scenarios like this, lawyers can too, and they know infinitely more about the law than I do. Hell, they can even come up with their own interpretations of law and act on them for years, only changing their practices when they’re forced to by someone actually suing them. Which by then they’ve already collected and sold millions worth of data.


  • Thank you for your clarification! I don’t know any of the legal specifics of this stuff and I very much appreciate you taking the time to help educate me and anyone else who needs it. I can only give a conceptual argument based on the history I’ve seen with these companies, but not any sort of specific knowledge of law.

    The gist of what you’re saying, and what we’ve actually seen play out recently, is technically they shouldn’t be able to do this, but they’re going to lawyer it in such a way that they’ll get away with it unless/until someone actually sues them which is prohibitively expensive. We have recently seen class action suites against Meta, but realistically the damage has already been done, the money has already been made, and they go on with finding the next cash cow. Even a multimillion dollar settlement is a drop in the bucket, simply the cost of doing business for these people.


  • Yes, this is exactly the sticky issue we get into. And I’m wondering if lawyers would be able to make a case that using ActivityPub alone automatically gives your consent to have your data exist on an instance outside your own. Once they have data you’ve consented to give they can do with it as they please, essentially arguing you’ve become a consenting party when you consented to federation. I don’t know the GDPR well enough to have any answers, but you can bet Meta lawyers do.

    I don’t think Facebook would be having high level NDA-protected talks with Mastodon people if they weren’t trying to work all this out. And by work out, I mean how to monetize/data mine. I’ve been talking about this with people all day, many of whom didn’t see a problem with this, but eventually all of them have had the lightbulb turn on when they realize the potential abuse Meta could do with/to ActivityPub.

    If, by some miracle, Meta wants to be the good guy for a change, let them prove it. I would love to see defederation by default, and let Meta prove they’re trustworthy to federate to. And even then, have a really itchy defederate trigger finger if they even hint at pulling another Cambridge Analytica fiasco. But getting everyone on-board with that is probably impossible, especially if Meta starts throwing money around.


  • What I’m taking issue with is essentially the same thing that is getting Reddit into hot water. Spez is acting like all the content on Reddit is exclusively his. And legally, it probably is, since it exists on his servers. Now if you extrapolate that out to Meta on ActivityHub, any instance that federates with them immediately puts all of your content directly onto Meta’s servers. Once it’s in their possession, it’s legally theirs to do with as they please. If they want to pull a Facebook or Reddit, using your data, they can with no way for you to opt-out. Sure, nothing is stopping people from doing it already, but Meta does not have your best interest in mind. Ever. They’ve shown it again and again. So I think people are preemptively wanting to cut off this spigot of user data to Meta because their abuse of it is a matter of when, not if. Any other company might deserve the benefit of the doubt, but Meta? We know who they are already.

    Also, as I said elsewhere, Meta could already use a bot to scrape Lemmy instances, but you can’t sell a bot to investors. But you can sell a platform. Meta will build a slick platform to sell to investors and sit back while federation fills up their instance with data which they’ll turn around and sell the same way they do on Facebook. And the insidious part of it is that they’ll take your data even though you didn’t use their platform. Right now I can decide not to be data mined by Meta simply by not using Facebook. To do that here if instances start federating your data onto Meta servers, you’d have to not use ActivityPub at all. Either that or the fediverse fractures into Meta and not-Meta, which also sucks.

    This is really a lot more than simply setting up an RSS feed.


  • it’s either about ruining the ethos, stealing the data and/or changing the protocol.

    Honestly, it’s probably all 3 and more we haven’t even though of yet. I don’t think anyone could have predicted all the scandals Facebook has been involved in regarding misuse of user data, and that was just on their own platform. ActivityPub literally hands them the keys to the castle. Add in all the toxic political stuff and… it just makes my head hurt.

    Anyway, I appreciate having the conversation with you. Discussing it has helped solidify my feelings about it.


  • You’re right of course. People will flock to Meta, it will probably become the poster boy of the Fediverse over a few years, and then little by little the evil will creep in until it’s so established we just accept it, same as we’ve done with Facebook. The terrible thing is that it will not be something we can just op-out of. I can chose not to use Facebook. With this situation, I would have to chose not to use the entire ActivityPup protocol, not just Meta’s platform.

    It’s a disaster waiting to happen. Like you said, I don’t think we can do much, and even if we try, it’ll fracture the whole fediverse concept. But when you ask “Why are people concerned about Meta using ActivityPub?” this is why.


  • Sure, but you can’t get investors interested in a bot. You can sell them a platform though. Meta will make the flashiest UI the fediverse has ever seen and sell that to investors, while harvesting and selling everything on the fediverse whether you use their platform or not. The only possible way to keep your data out of Meta’s hands is to defederate anyone and everything associated with them. I know it sounds tinfoil hat, but honestly evaluate how Facebook does business and then imagine how ripe ActivityPub is for that sort of exploitation. If I used Facebook I have agreed to allow myself to be data mined, but if I use kbin I have not agreed, and yet, Meta can still do it if even one mutual server has agreed (been paid) to federate to both platforms.


  • I feel a little lame quoting myself, but I was just having this discussion elsewhere so I’m just going to copy/paste my thoughts rather then thinking of a different way to say it this time.

    Say you have 10 servers. 7 are Lemmy, 3 are kbin. Great, each admin has control over those servers. Then you have Meta. They’ll run 1 huge server. When the 10 other servers enable Federation, Meta now has 10 servers of content that isn’t even on their own platform that they can sell. Your data will literally exist on the Meta server because your data is not contained within your instance/platform once it’s Federated. Meta can then harvest the entire Fediverse for data like this. It’s like an absolute wet dream for them. They don’t even have to coax people to use their own platform!

    If your instance has defederated from Meta, but is federated with an instance that does federate with Meta, then Meta still has access to all your data through that mutual server. So not only would people have to defederate from Meta, they’d have to defederate with anyone who does federate with Meta. If everyone isn’t on board with this, it’ll cause a huge fracture to form.

    Make no mistake: Meta wants to sell your data. They know all it takes is one server to federate with them and they’ve unlocked the entire fediverse to be harvested. I would not be shocked to see large amounts of cash flowing in exchange for federation rights.

    Meta must be defederated the second they so much as dip a toe into the Fediverse or everything you’ve ever done, or do, on any ActivityHub platform will be scooped up and sold.

    I’ll just add that Meta will state that anything on their server is their property, and Federation will put your data directly on their server, even if you’re not a member of their platform.


  • The problem is that the blocking will have to be layers deep. If your instance has defederated from Meta, but is federated with an instance that does federate with Meta, then Meta still has access to all your data through that mutual server. So not only would people have to defederate from Meta, they’d have to defederate with anyone who does federate with Meta. If everyone isn’t on board with this, it’ll cause a huge fracture to form.

    Make no mistake: Meta wants to sell your data. They know all it takes is one server to federate with them and they’ve unlocked the entire fediverse to be harvested. I would not be shocked to see large amounts of cash flowing in exchange for federation rights.


  • Well, the big issue here is that we sort of don’t have the power you think we do.

    What I mean is, say you have 10 servers. 7 are Lemmy, 3 are kbin. Great, each admin has control over those servers. Then you have Meta. They’ll run 1 huge server. When the 10 other servers enable Federation, Meta now has 10 servers of content that isn’t even on their own platform that they can sell. Your data will literally exist on the Meta server because your data is not contained within your instance/platform once it’s Federated. Meta can then harvest the entire Fediverse for data like this. It’s like an absolute wet dream for them. They don’t even have to coax people to use their own platform!

    Meta must be defederated the second they so much as dip a toe into the Fediverse or everything you’ve ever done, or do, on any ActivityHub platform will be scooped up and sold.

    Edit: And it’s even worse because all it takes is 1 server to Federate with Meta. If server A is Federated with your sever B, Meta can sill pull your data from server A they Federated with, even if your local server B has Defederated with Meta. This is a huge problem.



  • Not sure what I make of that. He quoted a guy, rather than giving his own opinion. We can make a lot of assumptions about why he quoted the guy, but without stating an opinion it can only ever be speculation. In a massive list of essays, which I admittedly haven’t read all of, one quote seems to be the big uproar about fascists running Lemmy?

    And then being like “Hey maybe don’t delete posts just because they’re about China? That doesn’t break any rules,” suddenly makes them in love with the CCP? I don’t have any context to judge the quote and posts regarding China literally do not break any rule. “Orientalism” is a ridiculous reason to delete a post.

    This all seems completely blown out of proportion like typical Twitter drama.