You might not have any meta accounts but that’s not the norm.
Giving meta access to cross pollenate their data is a terrible idea, that’s the entire problem with meta and Google, they have too much information on us to the point they can identify us without the accounts. Their ad tracking in the background of other sites gives them information that you gave a third party.
The threat model is the same as Cambridge analytica, selling “manipulation” and everyone thinks they’re above it, they aren’t. You aren’t.
So yes, the threat models apply to any bad actor, you’re right, but it’s the larger and more coordinated ones that pose the bigger threats here.
A bad actor with access to only Lemmy has more limited data and options for threats.
That that ignores the fact that Facebook/meta is going to use Microsoft’s “EEE” model to push traffic to their own version. Google is doing it today with chrome.
What’s disheartening to me in this kind of conversation is that when you boil it down to specifics it becomes super vague. “Cross pollenating data”, well i’m a data engineer and i have no idea what that means. “Selling manipulation” is a threat model ? “Embrace Extend Extinguish” ? I’m sorry but that’s word salad to me. If we take those arguments far enough they just become “yeah well bad people can do bad things to you on the internet” and while true, this is entirely irrelevant to the fediverse conversation.
The OP blog article does not support the positions you see every day in Lemmy comments such as yours. All he’s saying of tangible value is that if Meta federates then your account & instance names will be potentially visible by people on Threads. That is not a credible threat to your privacy in the fediverse - that is just the system of federated social networks working as intended.
Whatever attack vector there is against you already existed before the fediverse or Threads. And Lemmy was never designed or marketed as adequate protection for people who need full-stack privacy.
Let’s get specific, since you claim to work in analytics.
If I can link your lemmy account to a Facebook account, then I can uniquely identify you.
Any posted links from the meta federation that open in a browser can use standard fingerprinting to identify you. That still exists today, but given I served your ip the lemmy-article and you then clicked the link in it, I can now join the two by ip alone. Now there could be multiple people browsing at your house, so this will have to be a time series and probability, but the correlation will eventually be strong enough to say with reasonable certainty. This works especially well if I put something like “google amp” or a url shortened in the middle of the links, because then I don’t need to have my advertising/tracking code on the website. Without the federation I can’t link it to an account and I can’t see your browsing history on pages that my “analytics code” isn’t on.
There’s your netsec threat vector.
From the social perspective, the threat vector is exactly the same as Cambridge analytica. I notice that you as a unique user fit pattern x and I start tailoring the links you see and don’t see based on what I want to change about you. Now it’s not AS effective because the real effectiveness there was removing articles that disprove some of my bullshit. Because I’m just a node in the federation, I can’t prevent other nodes from showing you conflicting info.
Selling manipulation is a social threat vector, but if you want netsec, you now have both.
EEE becomes important because it increases effectiveness and value of the manipulation that I sell.
Then suddenly you wake up, everyone has voted for brexit or some orange scammer against their own self interest. If you work with big data, then you know that you can change a lot of individual points in small nearly imperceptible ways (to that specific data) that can make huge changes to the dataset as a whole.
You might not have any meta accounts but that’s not the norm.
Giving meta access to cross pollenate their data is a terrible idea, that’s the entire problem with meta and Google, they have too much information on us to the point they can identify us without the accounts. Their ad tracking in the background of other sites gives them information that you gave a third party.
The threat model is the same as Cambridge analytica, selling “manipulation” and everyone thinks they’re above it, they aren’t. You aren’t.
So yes, the threat models apply to any bad actor, you’re right, but it’s the larger and more coordinated ones that pose the bigger threats here.
A bad actor with access to only Lemmy has more limited data and options for threats.
That that ignores the fact that Facebook/meta is going to use Microsoft’s “EEE” model to push traffic to their own version. Google is doing it today with chrome.
What’s disheartening to me in this kind of conversation is that when you boil it down to specifics it becomes super vague. “Cross pollenating data”, well i’m a data engineer and i have no idea what that means. “Selling manipulation” is a threat model ? “Embrace Extend Extinguish” ? I’m sorry but that’s word salad to me. If we take those arguments far enough they just become “yeah well bad people can do bad things to you on the internet” and while true, this is entirely irrelevant to the fediverse conversation.
The OP blog article does not support the positions you see every day in Lemmy comments such as yours. All he’s saying of tangible value is that if Meta federates then your account & instance names will be potentially visible by people on Threads. That is not a credible threat to your privacy in the fediverse - that is just the system of federated social networks working as intended.
Whatever attack vector there is against you already existed before the fediverse or Threads. And Lemmy was never designed or marketed as adequate protection for people who need full-stack privacy.
There’s absolutely new threat vectors.
Let’s get specific, since you claim to work in analytics.
If I can link your lemmy account to a Facebook account, then I can uniquely identify you.
Any posted links from the meta federation that open in a browser can use standard fingerprinting to identify you. That still exists today, but given I served your ip the lemmy-article and you then clicked the link in it, I can now join the two by ip alone. Now there could be multiple people browsing at your house, so this will have to be a time series and probability, but the correlation will eventually be strong enough to say with reasonable certainty. This works especially well if I put something like “google amp” or a url shortened in the middle of the links, because then I don’t need to have my advertising/tracking code on the website. Without the federation I can’t link it to an account and I can’t see your browsing history on pages that my “analytics code” isn’t on.
There’s your netsec threat vector.
From the social perspective, the threat vector is exactly the same as Cambridge analytica. I notice that you as a unique user fit pattern x and I start tailoring the links you see and don’t see based on what I want to change about you. Now it’s not AS effective because the real effectiveness there was removing articles that disprove some of my bullshit. Because I’m just a node in the federation, I can’t prevent other nodes from showing you conflicting info.
Selling manipulation is a social threat vector, but if you want netsec, you now have both.
EEE becomes important because it increases effectiveness and value of the manipulation that I sell.
Then suddenly you wake up, everyone has voted for brexit or some orange scammer against their own self interest. If you work with big data, then you know that you can change a lot of individual points in small nearly imperceptible ways (to that specific data) that can make huge changes to the dataset as a whole.