Thanks for commenting on the issue, I appreciate the communication and it seems the community feels the same.

@lwadmin@lemmy.world @michelleg@lemmy.world @ruud@lemmy.world can you let us know if you or any admins of lemmy.world took a meeting with meta or representatives of meta?

@ruud@lemmy.world runs the 6th largest mastodon instance, and fosstodon instance admins (a smaller mastodon instance), were invited to an “off the record” meeting with Meta. The fosstodon admin, Kev, declined the meeting and notified their community about the correspondence going as far as to share screenshots.

In the correspondence, the meta rep said they were reaching out to mastodon admins, so if fosstodon got an invite, logic would figure they’d invite the admin(s) of a larger instance whom also happen to admin the largest lemmy instance in the world (lemmy.world)

I would love if the same level of transparency could occur here on lemmy.world

Were you folks invited, did you take it? I would really appreciate knowing if the people who run this instance have any relationships, formal or otherwise, with meta. A lot of lemmy users are here on the fediverse to escape the reach of companies like Meta when it comes to their social media.

Obviously no one is obligated to defederate from meta/threads when the time comes. But I would like to be informed.

I think it’s important to know. I personally would like to know, I would like to make informed decisions on which instance is my home on lemmy - but without all of the info, our decisions aren’t fully informed, so I have low confidence making any decision at this point.

Finally, I’ve posed similar questions before and have been accused by other users of wanting to attack lemmy admins if they did take a meeting, or for any reason at all. That could not be further from the truth. Online harassment is harassment, and is illegal in many jurisdictions. I don’t wish any harm or ill towards anyone, including those who have different values or opinions than mine. Finally, I’ve always been cordial in my submissions on lemmy, I don’t know what would make anyone think I’d start behaving differently now.

I think these questions are important, and I intend to continue asking them until we have an answer, so that I can make a decision with confidence that I had sufficient information to do so.

I hope that seems as reasonable as I feel it is, though I could be wrong, please feel free to respond with your thoughts. I appreciate the discourse.

Thanks yall.

Quite the assumption. I’m sorry for making you sick, though.

Yeah, it’s a valid concern (echoed by many others on this instance) that I feel should be addressed, to say the least.

Good point! I’m sure Zuckerberg knows what lemmy is, social media is his bread and butter. It would be silly if at the very least his team did not make him aware of its existence. But they are developing an app that will work with the fediverse, so even doubly weird if he wasn’t aware of lemmy and any other significant fediverse apps.

I didn’t even know about ruud running a mastodon instance, but your second point has me doubling down on my question, whereas before I had my doubts because the meta letter was mastodon focused, but you’ve kind of brought that full circle for me with the info you’ve shared. Thanks!

Fair enough, I can’t argue with being careful.

I’m still curious if they took a meeting. And for admins who have an open support thread and are responsive to support questions, I’d expect they can handle showing up to a post and answer some questions their community has.

That said, I’m just one person and there’s no obligation to answer to little old me. Thankfully this post can be upvoted or downvoted, so the community can choose to support this inquiry or bury it. And I suppose, lemmy.world admins can choose to respond or simply ignore it.

I saw other lemmy.world members wondering why they were silent, I would consider this post an open letter and I tagged him to essentially ask him directly.

Is there a reason you thought this post tagging his account wasn’t sufficient and recommend sending a message instead? I could always reconsider my approach. Thanks.

Edit: I’m aware about being able to choose other instances if I dont agree, but that’s the thing… what is there for me to make that determination? Lemmy is popping off with posts about Meta (de)federation, and the biggest lemmy instance has been silent. I’m curious on what their stance may be, and whether or not they obliged a meeting w/ meta.

Agreed, I could absolutely understand ruuds trepidation, if there is any.

The thing is, just say that. Say, “hey I’m afraid you guys are gonna eat me alive if I make the wrong call, and for that reason, I’m taking care to abstain from any call.” We would absolutely understand.

But at this point I also want to know, did you or anyone representing lemmy.world take that meeting?

Wonder if they were invited to metas p92 meeting for “off the record conversation” and obliged

I’d love to take credit but that was midjourney (and all the artists that feed its capabilities.)

I think my prompt was “a logo featuring a mouse holding a magnifying glass”

I’ve since realized that I should have said lemming instead of mouse, but a dummy like me can only do so much.

Great point and ideas, I hope to see things like this introduced as the lemmy project matures

Those are good practices if you have privacy concerns.

we’re just talking about custom interfaces to analyze public data

Semi-public. As it stands, only instance admins have access to per-user vote data. Possibly also API users, but I’m not sure the lemmy api has an endpoint for exposing per-user vote data, I believe it just gives you a tally of the up/down votes of posts and comments, but not who made each vote. But most people don’t have the skillset to host their own instance and process the data into something meaningful/easy to digest.

You could make the argument that semi-public is basically public, but I think there is some nuance to be explored:

Once a site like open lemmy stats launches, it becomes trivial for any user to query that data, who upvoted what, who downvoted what, when they up/downvoted it, etc.

There’s a difference between something being available to people motivated enough to get it vs it reaching critical mass and being trivial to access by anyone with a browser. How the data is ultimately used, whether it is used nefariously or not, is going to be up to the people that access openlemmystats and what they wish to use it for.

Which has me considering an analogy, without expressly intending to make this political, please consider the statement “guns don’t kill people, people kill people”. “Openlemmystats doesnt harass political dissenters! The people who use it do!”. One could argue that openlemmystats wouldn’t do anything inherently bad, it’s the people who would use it. Just like with guns, there will likely be debate on whether or not the world would be better without openlemmystats or if we should start doing things to make it impossible for openlemmystats-alike sites to exist.

That said, I mostly agree with you, and I appreciate your privacy suggestions/best practices, good stuff!

Edit: for the record, I think “guns don’t kill people, people do” is a stupid statement, but I thought it was an interesting analogy. That is to say nothing of my feelings on gun control, I’m just not a fan of distilling complex issues into dismissive one line statements.

biggest concern is getting all participating instances to agree

I see what you mean, that is true if the responsibility ultimately ends up falling on instance owners.

Which is why I’m hoping that the developments instead occur on the Lemmy project itself and other fediverse project code bases. Lemmy devs and contributors will hopefully work on privacy and security as the Lemmy project matures. If instance admins are keeping their instances mostly up to date, there is virtually no (dis)agreement to be had: the mitigation patches will be loaded on the next update.

Of course, anyone can fork lemmy or manually remove these changes from their instance, or some admins may simply refuse to update, but that would reflect badly and privacy minded users may choose move to another instance that has updated to the latest/most secure version of Lemmy and other instance owners can also choose to defederate from instances that leave themselves vulnerable to issues that have been patched out.

There are handsome penalties for violating copyright but torrent trackers are still thriving, I expect similar legal evasion tactics from sites like OpenLemmyStats

it’s an absolute nightmare

Indeed! I felt it was important to illustrate this, to Jumpstart discussion and hopefully motivate some talented/passionate devs to start thinking about this. Not that they haven’t, but there’s been a lot of handwaving on lemmy this week when someone brings up the vulnerabilities of the fediverse. I wanted to further illustrate the possibilities.

I’m encouraged by seeing folks like yourself taking the implications seriously (not to say you ever didn’t take it seriously)

Me too!

I touched on this with my comment here, with some general expectations on how this will unfold: https://lemmy.world/comment/894056

I definitely expect a drawn out game of whack a mole as lemmy devs, instance admins and key contributors start seeing stuff like this pop up, and they develop tools or tech to mitigate abuse, until another exploit is found by bad actors, rinse and repeat.

Some say it’s an inherent flaw with federation/activitypub but I expect/hope it progresses the way other vulnerable tech has.

For example, in the early days of wifi it was pretty trivial to packet sniff (a practice that lets you peer into other folks network activity). Now most sites encrypt their transmitted data and while the packets could be sniffed over an unsecured network, the data within stays safe because it’s encrypted (assuming most sites that deal with sensitive data now encrypt, which in my experience, they do)

Furthermore WIFI as a technology has gone through many iterations, each one bringing with it better and stronger security, to the point where average Joe can setup a secure home network by following the quick start guide included with their router, which these days is essentially plug in, power on, choose a password, and authenticate with your devices.

I expect activitypub and fedi tech to develop in the same way: releasing patches and updates and ammending the standard to combat/mitigate abuse of an open federated platform., it’s gonna take time though.

Edit: typos

Yeah, I almost want to make it now to drive the point home to those folks. (Edit: emphasis on almost)

who cares if they can see my public posts

Misses the whole point, Open Lemmy Stats probably wouldn’t display your posts (lemmy itself does that), it would display all of the analytical inferences to be made from those posts, votes and other activity, revealing more about you than you intended or even were aware of. Which isn’t readily public in the way some folks are making it out to be, it takes some work to get that data and you need sysadmin/database/programming skills to make it manageable and useful. OpenLemmyStats will let anyone of any skill level query your data that otherwise would require you to be, at a minimum, an instance admin to get to.

Good idea! I think as a solution I would run multiple instances and double, triple, or quadruple-verify the data from multiple instances that i run to make sure no one is feeding me fake data. If there are discrepancies I could average the data, or flag the value(s) with a confidence rating and fuzz the numbers to be safe

If an instance fakes too much data and doesn’t match what other instances are reporting I’ll quietly defederate or stay federated but program my system to ignore data from that instance as not to tip anyone off

I just want a place for everyone to smoke some meats, yknow, real people stuff

I totally get what you’re saying.

I think there is (unfortunately) value to be mined from packaging the data conveniently, or offering a subscription service to make it trivial to query for anyone without sysadmin or database skills. Or just throw porn ads on it or some shady ad network that doesn’t mind being placed on questionable sites.