#ThoughtProvoker 🤔
-
@smallcircles @hipsterelectron @Johns_priv we are a privacy expert but not a lawyer. we're not going to comment on this one, other than to say that companies have a tendency to implement these laws in liability-averse ways, which have very little overlap with what's good for society or people
@ireneista @hipsterelectron @Johns_priv
Yes, though there's also the social side to it. If you think of a large and active Discourse community with a long history of deep and relevant online discussion, then it can be highly disruptive to community health when one of the most active members leaves and demands deletion of 1,000's of public domain topics and posts.
In any case I think what is most interesting is the observation on the many contextual modes of communication we use in our daily life and how we continually switch between these, depending on social context.
And that somehow when we throw out a single line of communication and connect everyone to it, we assume that we can project a healthy social communications network onto that. Only to a small extent are we aware of the enormous simplification in our online comms abstraction, and we start to build unnatural social construct to fix comms problems, like all kinds of moderation, blocking, suspending, etc.
-
@nycki @smallcircles the mastodon quote fep mentions that a server is allowed to transform rejecting a quote authorization into deleting the entire post (as in, if someone quotes you, you can tell their server to delete their entire post, including their own words, from their own server). this is explicitly described as an acceptable and conformant behavior. not sure why gargron is allowed to write FEPs since he certainly never implements them himself
@nycki @smallcircles i have more abstract qualms with the notion of consent that FEP invokes (and why gargron's notion of consent is distinct from user safety, or any of the existing discussions about consent) but i think you have identified a really important framing here that consent to deletion is a form of consent that is absolutely right to require here.
in https://circumstances.run/@hipsterelectron/116543061887456848 i mentioned "two-party consent" to record in US state law which i feel is framed in a way that obfuscates the consent mechanism you identity here
-
@hipsterelectron @smallcircles @kopper @dalias oh! we'll have to give that a look
@ireneista @hipsterelectron @kopper @dalias
Nice! Added the project to the note-taking list of C2S / ActivityPub API focused fediverse project..
https://codeberg.org/fediverse/delightful-fediverse-experience/issues/130
-
@ireneista @hipsterelectron @kopper @dalias
Nice! Added the project to the note-taking list of C2S / ActivityPub API focused fediverse project..
https://codeberg.org/fediverse/delightful-fediverse-experience/issues/130
@smallcircles (fyi: you got the wrong codeberg username. i'm @KittyShopper there because kopper was already taken) -
@nycki @smallcircles i have more abstract qualms with the notion of consent that FEP invokes (and why gargron's notion of consent is distinct from user safety, or any of the existing discussions about consent) but i think you have identified a really important framing here that consent to deletion is a form of consent that is absolutely right to require here.
in https://circumstances.run/@hipsterelectron/116543061887456848 i mentioned "two-party consent" to record in US state law which i feel is framed in a way that obfuscates the consent mechanism you identity here
@nycki @smallcircles i say "absolutely right to require" in an informal sense, to mean "i personally believe the power of remote deletion requires either (a) mutual user consent to delete or (b) moderator intervention in response to abuse + a contextual theory of harm which is alleviated by deletion".
case (b) does not propose a new power but attempts to codify the expectations of the current status quo, while enabling specific elevated permissions for admins/moderators upon satisfying certain conditions
-
@smallcircles (fyi: you got the wrong codeberg username. i'm @KittyShopper there because kopper was already taken)
@kopper thanks, fixed.
-
@smallcircles @django @ireneista
per the spec, deletion should replace the original message with a Tombstone. This allows it to exist without breaking threading (as it happens instead on Mastodon). The Tombstone could also be implemented similarly to an Edit with a private record of the original message: so external viewers would still see that a message existed, but the instance single user could still view the content when they want.
@oblomov @smallcircles @django @ireneista You referenced the client-to-server (C2S) Delete. Did you intend to reference server-to-server Delete (section 7.4)? In either case, the Tombstone is optional (MAY). Removing the S2S cached representation is recommended (SHOULD), but not required (MUST) and the spec notes this behavior cannot be enforced anyway. In other words, not deleting a cached object when an S2S Delete is received is conformant, but not recommended without a good reason.
-
In daily life, if you talk to someone, you have the right to remember what was said, right?
And if you don't possess photographic memory, you have the right to take notes, keep record, maintain a diary, yes?
And no one has the right to order you to forget your memories, or under normal circumstances to destroy your notes?
So if you have a single-person #fediverse instance, it is okay then to ignore #ActivityPub Delete requests to erase your memory of online public conversations you had with others?
@smallcircles
hmmm. I feel like this is a nuanced topic. I think keeping chat logs for a conversation you enjoyed is a nice thing to do. But if I were to pull a pen and paper put to record an IRL conversation as it happens, I dont think that would sit well with the other participant.I think its happened at least once to me that Ive said something to someone and much later, Ive said something different, and they've gone 'but yo look here, last time you said something else!!! 👀 haha gotcha'
-
@smallcircles
hmmm. I feel like this is a nuanced topic. I think keeping chat logs for a conversation you enjoyed is a nice thing to do. But if I were to pull a pen and paper put to record an IRL conversation as it happens, I dont think that would sit well with the other participant.I think its happened at least once to me that Ive said something to someone and much later, Ive said something different, and they've gone 'but yo look here, last time you said something else!!! 👀 haha gotcha'
@smallcircles
this behaviour irks me. maybe I grew as a person. maybe I was stressed back then, I dunno. The situation I'm thinking of was with someone who wasn't really a great person, so maybe I just needed better friends?I dislike that social media encourages turn and response combat. But I suppose the people who want to do that are just going to screenshot things relentlessly anyway.
... So I guess, it is a bit rude to have someone else delete your messages, yeah
-
@nycki @smallcircles i say "absolutely right to require" in an informal sense, to mean "i personally believe the power of remote deletion requires either (a) mutual user consent to delete or (b) moderator intervention in response to abuse + a contextual theory of harm which is alleviated by deletion".
case (b) does not propose a new power but attempts to codify the expectations of the current status quo, while enabling specific elevated permissions for admins/moderators upon satisfying certain conditions
@nycki @smallcircles i am really interested in codifying guarantees like this with cryptographic identity to produce documents attesting to the exercise of elevated permissions & justification for same, because that produces a verifiable log of actions that can be cross-referenced against others (which you'll note is exactly the purpose of making an independent recording of e.g. a phone call). this is something i'm currently working to formalize for package repositories, since git actively obscures decision-making by generating diffs on demand and enables backdating commits while failing to keep track of when an object was first made visible by a remote
-
Yes, it is a quite nuanced subject. Thank you for your thoughtful reply.
-
@ireneista @smallcircles @kopper this is actually an example where "daily life" (as per OP) is a great framing, because it exposes how the imposition of the admin into matters of deletion is actually kind of strange! (unless the content harms others or is otherwise a subject of moderation, in which there is a valid legal basis for the admin authority, which is an authority granted conditionally to the admin by the users for purposes of moderation)
@hipsterelectron @smallcircles
is a valid legal basis for the admin authority, which is an authority granted conditionally to the admin by the users
I’m not sure I fully agree with this approach.
In some countries, administrators can have legal responsibilities regarding hosted content. Germany is one example where certain kinds of material are explicitly illegal, so instance admins may be required to intervene regardless of user consent.
If my instance were a public one rather than a personal server, I would legally have to remove content such as Nazi propaganda, racist material, Holocaust denial, incitement to violence, or illegal sexualized content involving minors, real or fictional.
That obligation exists independently of whether users agree with moderation decisions or not. At that point it’s not really a matter of personal preference, but of complying with local law.
-
In daily life, if you talk to someone, you have the right to remember what was said, right?
And if you don't possess photographic memory, you have the right to take notes, keep record, maintain a diary, yes?
And no one has the right to order you to forget your memories, or under normal circumstances to destroy your notes?
So if you have a single-person #fediverse instance, it is okay then to ignore #ActivityPub Delete requests to erase your memory of online public conversations you had with others?
@smallcircles I think the single-user instance should at least mark the post as private and don't share it outside the instance. As a courtesy.
-
@nycki @smallcircles i am really interested in codifying guarantees like this with cryptographic identity to produce documents attesting to the exercise of elevated permissions & justification for same, because that produces a verifiable log of actions that can be cross-referenced against others (which you'll note is exactly the purpose of making an independent recording of e.g. a phone call). this is something i'm currently working to formalize for package repositories, since git actively obscures decision-making by generating diffs on demand and enables backdating commits while failing to keep track of when an object was first made visible by a remote
@nycki @smallcircles i think @SRAZKVT has some cool thoughts on source control here. vcs like git is analogous to fedi in that user identity is distinct from the set of objects each remote makes visible to others, and each remote (github, codeberg, local clone) completely controls which objects are propagated across servers, which makes them an implicit proxy for each user. while the concern on fedi is that a server might claim you made a post without you, git/hg instead might heuristically generate source file diffs that you didn't validate yourself (leading to e.g. a merge conflict)
cryptographic signatures solve some problems for vcs, but i think the solution there also involves losing some convenience (more awkward diff generation, requiring a signature for merges and not just commits). as with fedi, there may be multiple valid threat models here, so a "git that doesn't generate diffs i didn't sign off on" might allow for skipping signature requirements in certain cases.
-
@nycki @smallcircles i think @SRAZKVT has some cool thoughts on source control here. vcs like git is analogous to fedi in that user identity is distinct from the set of objects each remote makes visible to others, and each remote (github, codeberg, local clone) completely controls which objects are propagated across servers, which makes them an implicit proxy for each user. while the concern on fedi is that a server might claim you made a post without you, git/hg instead might heuristically generate source file diffs that you didn't validate yourself (leading to e.g. a merge conflict)
cryptographic signatures solve some problems for vcs, but i think the solution there also involves losing some convenience (more awkward diff generation, requiring a signature for merges and not just commits). as with fedi, there may be multiple valid threat models here, so a "git that doesn't generate diffs i didn't sign off on" might allow for skipping signature requirements in certain cases.
@smallcircles from my understanding of w3c activitypub there is no concept of signatures between users at all (the spec emphasizes that actors are not necessarily users and other such negated claims) as opposed to e.g. TLS cryptography used between servers, and this is especially problematic because activitypub is expressly intended as a human communication medium.
-
@smallcircles from my understanding of w3c activitypub there is no concept of signatures between users at all (the spec emphasizes that actors are not necessarily users and other such negated claims) as opposed to e.g. TLS cryptography used between servers, and this is especially problematic because activitypub is expressly intended as a human communication medium.
@smallcircles if a user can get sued for making a post (i know they can, i don't need precedent to claim this), it's because the activitypub protocol is understood to be representative of its users' speech, which is an incredibly powerful responsibility to assume
-
@nycki @smallcircles i am really interested in codifying guarantees like this with cryptographic identity to produce documents attesting to the exercise of elevated permissions & justification for same, because that produces a verifiable log of actions that can be cross-referenced against others (which you'll note is exactly the purpose of making an independent recording of e.g. a phone call). this is something i'm currently working to formalize for package repositories, since git actively obscures decision-making by generating diffs on demand and enables backdating commits while failing to keep track of when an object was first made visible by a remote
@hipsterelectron @nycki @smallcircles this got me thinking, what if cryptographic signature had canonic human-readable representation? Like not simply a 128bit opaque string but also a 80 columns block of text telling what was signed, when, in what context and maybe some user supplied flourish like ascii art corner decoration and logo.
80 columns is mainly here so it can be printed on receipt machine -
In daily life, if you talk to someone, you have the right to remember what was said, right?
And if you don't possess photographic memory, you have the right to take notes, keep record, maintain a diary, yes?
And no one has the right to order you to forget your memories, or under normal circumstances to destroy your notes?
So if you have a single-person #fediverse instance, it is okay then to ignore #ActivityPub Delete requests to erase your memory of online public conversations you had with others?
@smallcircles
What does “delete” mean in this context-Delete the record so no one on the internet can access it after a certain point in time?
I comprehend “delete” request to remove access from public Internet, not whatever a person’s replicated in private notes/server.
Surely it does not mean delete any dated references in:
Screenshots, quotations in notes, books, etc.I’d like to have a single person server as a publish once, share syndicate everywhere(POSSE) & would keep the dialogue
-
In daily life, if you talk to someone, you have the right to remember what was said, right?
And if you don't possess photographic memory, you have the right to take notes, keep record, maintain a diary, yes?
And no one has the right to order you to forget your memories, or under normal circumstances to destroy your notes?
So if you have a single-person #fediverse instance, it is okay then to ignore #ActivityPub Delete requests to erase your memory of online public conversations you had with others?
@smallcircles nope, wrong. You’ve conflated your personal memory and secondary documention about others with the primary record. You can have the former — it’s yours — but not the latter. Moral rights are the author’s in each case. You author and own a memory and representations of it, not the original source.
-
In daily life, if you talk to someone, you have the right to remember what was said, right?
And if you don't possess photographic memory, you have the right to take notes, keep record, maintain a diary, yes?
And no one has the right to order you to forget your memories, or under normal circumstances to destroy your notes?
So if you have a single-person #fediverse instance, it is okay then to ignore #ActivityPub Delete requests to erase your memory of online public conversations you had with others?
@smallcircles GDPR etc. “right to be forgotten” is really not that; it’s the right to have your digital records purged, at least within jurisdictions where the law applies/can be enforced. Ofc, much law everywhere actually is not enforceable and relies on more or less voluntary compliance with user requests. Should/Shall/Will Delete vs. Must Delete
Ciao! Sembra che tu sia interessato a questa conversazione, ma non hai ancora un account.
Stanco di dover scorrere gli stessi post a ogni visita? Quando registri un account, tornerai sempre esattamente dove eri rimasto e potrai scegliere di essere avvisato delle nuove risposte (tramite email o notifica push). Potrai anche salvare segnalibri e votare i post per mostrare il tuo apprezzamento agli altri membri della comunità.
Con il tuo contributo, questo post potrebbe essere ancora migliore 💗
Registrati Accedi