Reconsider Social Network and Social News Aggregator recommendations

[TommyTran732]

I feel like these sections need reconsideration.

Let's start with the Social Network section, most of what is recommended are just generic federated services which do not really solve any privacy problems (with the possible exception of Mastodon which does have end to end encryption for private messages).

Friendica, PixelFed, and Movim do not actually provide any privacy protection. They are generic social media services, where everything you post is available public to see, and where all of the data you put on there is completely visible to the service provider. They are no more private than, say, your email services (if anything, they are even less private than those as well).

They may be marginally better than Facebook or Twitter which may sometimes suspend your account and ask you for identity verification. The operator of those services can suspend your account too, but you can maybe rejoin the federation using a different homeserver.

This is such a low bar and I don't see them being much better than the so-called "big tech" platform at all. If someone posts a picture of themselves and everywhere they go publicly on social media, then it doesn't matter if they use PixelFed or Instagram, there is practically no difference whatsoever. If someone messages another person on these federated platforms (again, with the exception of Mastodon), the operator of their homeservers can fully read their messages too. Imagine Matrix without end to end encryption - are they even worth recommending at all? They do not serve any real threat models, they just give the user the good feeling of "not using Facebook". There's a word for it - "privacy theatre".

Federation for social media is more providing freedom than privacy, in my opinion. There needs to be something more, like an option to encrypt private pictures, private messages, private tweets, to make a platform worth recommending. If we are just blindly recommending a bunch of federated services with the pinky promise to protect your privacy without any real technical merits, we will end up with a giant list of recommendations, to the point where it no longer means anything.

Let's move to the Social News Aggregator section. I am not familiar with Tildes, Postmill, and Freepost, so it would be great if someone explains how they are actually private to me. The way I see it, they are just random self hosted services, the operator still sees everything, and the user still needs to place trust in the service provider. We are not here to recommend random self hosted services - we are here to recommend software that actually improves privacy and security.

In the case of Lemmy, it literally is just federated Reddit. It has the same problem as what I said in the Social Network section. It is a public discussion board - by its very nature it is not private.

I propose that we actually tighten the list of recommendations somehow or just remove them outright. We should not be recommending things for the sake of recommending things or to show how much we hate Facebook. The things we recommend should serve a particular threat model or mitigate a particular privacy/security issue. They must substantially improve privacy or security in some shape or form, rather than relying on pinky promises to not profile you. Remember that the service provider can break their promises (if Zuck said he will stop profiling you tomorrow- would you trust him???), and that there are other actors who will profile you as well (Clearview.ai scraping people's pictures across the internet is an example).

[dngray]

Let's start with the Social Network section, most of what is recommended are just generic federated services which do not really solve any privacy problems (with the possible exception of Mastodon which does have end to end encryption for private messages).

I've actually always thought about this. It was one of our "legacy" pages, it was brought forward into Markdown, without too much/any discussion.

Friendica, PixelFed, and Movim do not actually provide any privacy protection. They are generic social media services, where everything you post is available public to see, and where all of the data you put on there is completely visible to the service provider. They are no more private than, say, your email services (if anything, they are even less private than those as well).

To be honest I wouldn't be surprised if commercial services don't crawl these networks anyway. So so the idea that "they have no adtech" isn't really likely true these days.

They may be marginally better than Facebook or Twitter which may sometimes suspend your account and ask you for identity verification. The operator of those services can suspend your account too, but you can maybe rejoin the federation using a different homeserver.

There is that, and quite often instances go offline for some reason or another. Just look at our own PTIO instances. "Federation" in this context doesn't necessarily imply reliability.

This is such a low bar and I don't see them being much better than the so-called "big tech" platform at all. If someone posts a picture of themselves and everywhere they go publicly on social media, then it doesn't matter if they use PixelFed or Instagram, there is practically no difference whatsoever. If someone messages another person on these federated platforms (again, with the exception of Mastodon), the operator of their homeservers can fully read their messages too. Imagine Matrix without end to end encryption - are they even worth recommending at all? They do not serve any real threat models, they just give the user the good feeling of "not using Facebook". There's a word for it - "privacy theatre".

Federation for social media is more providing freedom than privacy, in my opinion. There needs to be something more, like an option to encrypt private pictures, private messages, private tweets, to make a platform worth recommending. If we are just blindly recommending a bunch of federated services with the pinky promises to protect your privacy without any real technical merits, we will end up with a giant list of recommendations, to the point where it no longer means anything.

I've been thinking about this in privacytools/privacytools.io#1437 privacyguides/privacyguides.org#937 which is why we're doing away with the "eyes" thing. Privacy policy is important, but with federated services that may change depending on the instance, and unless there is E2EE there's no privacy whatsoever.

Let's move to the Social News Aggregator section. I am not familiar with Tildes, Postmill, and Freepost, so it would be great if someone explains how they are actually private to me. The way I see it, they are just random self hosted services, the operator still sees everything, and the user still needs to place trust in the service provider. We are not here to recommend random self hosted services - we are here to recommend software that actually improves privacy and security.

In the case of Lemmy, it literally is just federated Reddit. It has the same problem as what I said in the Social Network section. It is a public discussion board - by its very nature it is not private.

That's my understanding as well.

I propose that we actually tighten the list of recommendations somehow or just remove them outright. We should not be recommending things for the sake of recommending things or to show how much we hate Facebook.

👍 otherwise we become "random software recommendation site". For the record the only one of those you've mentioned that I've checked out has been Mastodon.

The things we recommend should serve a particular threat model or mitigate a particular privacy/security issue. They must substantially improve privacy or security in some shape or form, rather than relying on pinky promises to not profile you. Remember that the service provider can break their promises (if Zuck said he will stop profiling you tomorrow- would you trust him???), and that there are other actors who will profile you as well (Clearview.ai scraping people's pictures across the internet is an example).

There is that, and we do warn about that in regard to Invidious instances.

[TommyTran732]

Are you leaning towards tightening the requirements (as far as I know the only thing that will be left if we require e2ee messaging is Mastodon - I could be wrong so plz fact check me on this) or just outright remove these?

I am more in favor of complete removal, because there is nothing much to recommend, and the very nature of social media is that it's not private. Private messengers exist. Private social media is unheard of and likely unachievable.

[dngray]

That's my thought, if you broadcast something to all it's not a secret and it's not private.

[freddy-m]

Let's start with the Social Network section, most of what is recommended are just generic federated services which do not really solve any privacy problems (with the possible exception of Mastodon which does have end to end encryption for private messages).

They are better than their mainstream alternatives, but for the most part they aren't any more private.

Friendica, PixelFed, and Movim do not actually provide any privacy protection. They are generic social media services, where everything you post is available public to see, and where all of the data you put on there is completely visible to the service provider. They are no more private than, say, your email services (if anything, they are even less private than those as well).

There's an interesting point to be made here. Beyond the tracking and more obvious privacy invasions, the very concept of social media isn't private. By sharing all of our photos we allow the world to snoop on us.

Federation for social media is more providing freedom than privacy, in my opinion.

I'm a big fan of the Fediverse. I think its far more novel and exciting than any of the Web3 claptrap that cryptobros wang on about. And some federated products are more private. Write.as is awesome, especially compared to Blogger or whatever.

Let's move to the Social News Aggregator section. I am not familiar with Tildes, Postmill, and Freepost, so it would be great if someone explains how they are actually private to me. The way I see it, they are just random self hosted services, the operator still sees everything, and the user still needs to place trust in the service provider. We are not here to recommend random self hosted services - we are here to recommend software that actually improves privacy and security.

I like Tildes, and they seem to have a good privacy policy. Pretty sure no-one uses Freepost, though I no nothing about Postmill. They're better than reddit, but they might not be within the scope of the site. IDK.

In the case of Lemmy, it literally is just federated Reddit. It has the same problem as what I said in the Social Network section. It is a public discussion board - by its very nature it is not private.

Well, yeah.

I propose that we actually tighten the list of recommendations somehow or just remove them outright.

Certainly tighten. Perhaps the two could be merged, as they somewhat overlap. That or they are both removed.

[dngray]

This is an interesting counter point.

I guess it depends on how you define privacy and from whom. Realistically nothing is private, except for data that is E2EE, however if the intended audience is everyone then you wouldn't use that.

But one of the questions you raise is about the platform itself. Tommy touched on it with the "facebook requiring Government ID' nonsense that can cause your account to be flagged. Twitter and Google do similar things, they're all products tightly integrated with ad tech and behavioral tracking, which is still superior when it's integrated into the product and not scraping a website.

[TommyTran732]

Problem is you have no guarantee that the Federated services aren't doing that. The operators can add tracking if they want to.

The way I see it, privacy means:

• Privacy from a service provider using encryption and metadata reduction techniques.
• Privacy from app developers using app sandboxes and limiting their permissions.
• Privacy from hackers by using hardened operating systems and compartmentalizing where you store your data.
• Privacy from tracking online by websites and services by hiding your IP, randomizing your fingerprint, clearing cookies, blocking third party cookies, etc.

I am more interested in something that provides some kind of technical guarantees, something to reduce the amount of trust I need to place in others, not pinky promises. I want actual privacy and security improvements, not privacy theatre.

A supposed privacy protection without a properly defined threat is useless. We don't see people writing random exploits mitigations saying "to hopefully stop hackers!!!". Rather, they say "to stop attacks like X, Y, and Z through these A, B, and C avenues".

Why should we be any different? Why are we doing the whole "Facebook bad, Twitter bad" thing without getting into exactly why they are bad and see if we can mitigate that? People often forget that social media is bad because they encourage people to share everything publicly and the service providers can see what people are doing on their platforms. These federated services are not any different.

[realguyman]

I'd like to point out one of the main features these platforms provide. Federation is a form of decentralization to prevent censorship. Large social media companies have become dictators of what information is considered "right", "wrong", or "harmful". Many of you might not care, or you might even advocate for such things.

However, it's become a problem in the U.S. where private companies still have jurisdiction over world-wide communication where it's considered legal to prevent people from saying anything for whatever reason because these social media platforms aren't a "public square".

While federation isn't as effective at preventing censorship as P2P networks, but it provides a balance of availability (in some cases) and censorship resistance.

A cool concept of a social media platform is the SSB (Secure Scuttlebutt) protocol. Where it promotes free speech, but like real life what you say can have consequences (and it provides cryptographic proofs that a person said what). I think it could be a good thing for communities to be able to prove people said things without having to quesion whether or not they did because a game of telephone, since what they said was public. And as expected, it can only provide E2EE for private conversations.

---

I'm not sure if we should remove social media networks that require less personal information. This is especially important when you're forced to give up your phone number (which is a popular method on most large social media platforms: Discord, and Twitter to name a couple).

I do however agree with the setitment that we should provide significant privacy gains. Simply stepping away from large social media platforms that require more personal information is a small, but good step, especially when DMs aren't really DMs ...

Which brings me to the point that private conversations should be E2EE since users already expect them to be private. I'm not sure if platforms are mature enough for us to even enforce such a requirement. To my knowledge only Mastadon has E2EE DMs.

It's very likely we'd only be able to recommend Mastodon if we required E2EE private conversations. I don't have a fancy conclusion because this section is so messy and there aren't really any significant privacy gains from using social media, at all. It's intentionally designed for people to speak their minds in the open.

If anything, we should be evaluating social media platforms based on censorship resistance, in addition to some privacy gains as already pointed out by @freddy-m and @TommyTran732.

[TommyTran732]

Generally I would go "If it's questionable, don't recommend it".

[dngray]

We do actually mention SSB on this page.

I'm thinking perhaps we could re-do the page with Mastodon, and evaluate Manyverse. I do remember seeing it years ago, and kinda forgot about it.

[dngray]

I had a look at Manyverse. It's not like any conventional social media in the way that you connect to people. I used the Linux desktop app which is fairly recent https://www.manyver.se/blog/2022-01-update

I think it does suffer from a network effect, basically unless you already know people on it, you're going to be talking to yourself:

I did join a pub server and added someone, but after an hour I still had no content. I think most people will end up getting frustrated unless they really want to use it. Unlike say Mastodon which pretty much you can pick up straight away.

The content seems to come from other people, which makes sense distributed network:

It provides a basic feature-set which works, but but it does still feels like a proof of concept. I noticed they had no RPM packages, only debian binary so I needed a Debian VM just to run it.

Overall I don't feel confident recommending it yet, particularly as we really only like to mention things that have been audited.

[loolalaapple]

summary from matrix lounge:
3 main choice.

Nuke it
tighten the requirement (realistically only mastodon will be left if we even enforce any requirement cuz its such a low bar)
leave it be

1/2

I want protection against the service provider
I want protection against app developers
I want protection against hackers
I want protection against tracking across random sites

1.yes.2.yes. 3.yes 4.very hard(its fundamentally public,or unless its fundamentally not identity bound.anon,how to block spam?)

Most social media platform fundamentally needs a conceptual redesign to be private*.

What are (we/users) expecting from the "Social media platform"

(ideally)most people that are using SM* should know that they are posting literally on public across centuries(very possibly).
Thus,people should use social media as a broadcast.

[TommyTran732]

Just to be clear, are you in favor of complete removal or just tightening the requirement?

[dngray]

When we define "privacy" who is the adversary?

Commercial platforms these tightly integrate with adtech empires, while it's possible smaller instances could do that, at present they do not. It'd be a shame to see Mastodon go, when this does actually have E2EE on private messages too. With Lemmy, from what I've used of it, it's a lot faster than Reddit, (more like old.reddit.com). As much as I use Reddit, I really do hate the "new reddit", it's clunky and horrible. I can fully foresee one day the company behind that product ruining it completely, this is not strictly related to privacy however.

We already establish anything that is publicly broadcasted is public, however when looking at the platform itself these suggestions allow you to easily create an account, rotate identities, without being asked for phone numbers, gov ids etc. The platforms themselves don't track what groups or types of posts you make, and while they could not tying that to stable credentials that don't change I do think is an privacy improvement. They also don't tie into adtech, behavioral analytic empires. Scraping is a thing sure I'm sure, but nobody is under the assumption that information they broadcast on the platform is "a secret".

I don't think E2EE is really the only factor you can use to evaluate this, that works for platforms where you want to restrict distribution, but is that really applicable to public broadcast?

[TommyTran732]

We recommend privacy and security tools, not "public broadcast tools". They are antithetical to privacy and security. Not that I am saying people shouldn't use them, and we can touch a bit on how to use them while not exposing too much data. However, I see no point in recommending anything that is not privacy/security related. I want the site to be purely technical with proper software recommendations and the rationale behind recommending them, along with proper threat modeling advice. I see no value in these "Social Networks" whatsoever.

[bkil]

I see where you are coming from. So the main motivation behind the deletion is that you don't see what social networking services are good for. Perhaps this is because you have never seen people using it properly in the past. I have a thorough enumeration of what beneficial purposes they can be used for. Feel free to use your favorite machine translation service to view it.

• https://github.com/bkil/freedom-fighters/blob/master/hu/article/social-networking.md
• https://github.com/bkil/freedom-fighters/blob/master/hu/article/hyperlocal-social-networking.md

[ghost]

I'm in agreement with Tommy here. I don't have much to add beyond what's already been said, but I feel these are the bottom of the barrel in terms of recommendations. They aren't particularly relevant to any threat model and I can't imagine them serving as very good alternatives to their mainstream counterparts. It's just recommending a worse experience without a significant enhancement in privacy, thus no point in listing them. Such listings are better fit for AlternativeTo (or dare I say ptio) than here imo.

[bkil]

I tried to find the mission statement of the PG project, but I failed to come up with a section that would implicate that social networking services would be out of scope. By the way, the main page itself calls for following PG on Reddit and Twitter, while it could just as well advertize an RSS feed or a fediverse account for those who don't want to take part in those exploit networks.

By the way, self-hosted alternatives are also more secure when considering the threat of delivering customized JavaScript payloads to targeted individuals. Chrome had dozens of 0-day JavaScript vulnerabilities just last year. This is especially important for service providers in the FVEY (although, I see that PG itself is FVEY, so your threat model seems to be different).

[TommyTran732]

We want substantial privacy and security improvements for the average users. We don't want to recommend a bucket load of "alternatives" that operate purely on the pinky promise to not profile the user.

We use Reddit and Twitter for outreach, those places are where most people are. They are public discussion boards. We never pretended any of those platforms are private (even Matrix is not private outside of e2ee messages you may have with the team members).

The problem with a lot of these "privacy recommendation sites" is that they just recommend a bunch of random things without thinking about the threat models where their recommendations would fit.

As for malicious Javascript payloads, it's not so simple. Not everyone can self host, and even the people who do self host will still visit other websites with Javascript and what not. For such threat model, the correct approach would be to disable things like JIT or WebAssembly in your browser configuration or just disable JavaScript altogether. There is no point in trying to enumerate badness and avoid only certain sites with JavaScript if that is what you are worried about.

[dngray]

So based on the replies here and the bit of investigation above https://github.com/privacyguides/privacyguides.org/discussions/949#discussioncomment-2550184

We might move Mastodon to the real-time-instant-messenger page, and scrap the rest I think. Least DMs are E2EE with that.

[IkelAtomig]

Seems like a Good Idea. But moving to IM page doesn't seem good.

[dngray]

But moving to IM page doesn't seem good

Yeah it's not really something I want to do, hmm. I wanted to avoid a social media page with nothing on it but one item though.

The other thing also being, is mastodon's e2ee isn't audited either, so maybe we will just lose it.

[IkelAtomig]

Better remove Social Media page altogether as @TommyTran732 said.

Either way people using Social Media is giving out Public Information already and to Follow social media such as Twitter, etc. Tell them to use RSS to follow Public accounts to get updates. That's it.

To have secure communication, They should use messengers listed in PG not a Federated Social Media.

[elitejake]

Better remove Social Media page altogether as @TommyTran732 said.

Already done (#953).

[bkil]

RetroShare and SSB can also be used as social network services while they are considered privacy friendly by many. (By the way, you can follow RSS feeds from Friendica just as another account if you want to)

Instant messengers can never replace social networking services, because they have separate and incompatible methods and modalities of operations. As it has quite a few irreplaceable and valuable uses, I don't think it is going away anytime soon. Thus, I wouldn't give up on providing recommendations for improving privacy in this area this easily.

[foss-]

Friendica, PixelFed, and Movim do not actually provide any privacy protection. They are generic social media services, where everything you post is available public to see, and where all of the data you put on there is completely visible to the service provider.

Late to the party, but this is just not true. For starters Fediverse solutions can be self-hostet. Many single-user-friendica-instances of people who selfhost exist.

Next everything you post is available public to see is also not true for at least friendica which has fine-grained controls of who can see a post. For starters posts can be restricted to followers where even some followers can be excluded.

I was surprised to see the PR removing social networks and social news aggregators. Naming alternatives to the big tech social media offerings is imo very important.

Also I find it amazing that some fediverse solutions are described as recommending a worse experience without a significant enhancement in privacy. There is a major difference between people joining facebook or joining the fediverse. The fact alone that there is no monetary incentive behind friendica results in a social network which is free of dark patters and algorithms manipulating the users. Both aspects are not to be disregarded and a big win for users.

[TommyTran732]

I think you are missing the point of the discussion.

1. Everything involves a bit of trust, sure, but our goal is to reduce the trust you place in others and reduce the number of parties you have to trust. Most of these alternatives do not reduce the trust you need to put in the operators, and if anything, increases the number of parties to trust. If you look at things like Signal, trust is removed from the server and is only limited to the client which security researchers and study/reverse engineer and see what is going on. It is not like trusting a server which is completely opaque and unverifiable.

2. You are right about Mastodon being web e2ee (not removing trust from the server) and we are no longer recommending Mastodon. In fact, this is one of the next things we are looking to do on the site - writing an article on why web based e2ee is bad and either removing web based e2ee options or add massive disclaimers on all of them.

3. What you said about VPNs does not make sense at all. You should use a VPN. VPNs are made for blending in with other people. They are made to prevent IP based tracking by random websites you visit. Of course, the no log claims are unverifiable and are not to be trusted. In fact, you should always assume you are logged. No log claims are not why you should a VPN - if your threat model calls for hiding which websites you visit from your network provider, then the only viable solution is to use Tor. Self-hosting a VPN only makes sense for security purposes - accessing a private network, accessing services where you have set up an ipwhitelist, etc. You still stick out and are susceptible for IP based tracking. It doesn't stop the internet service provider where you have your VPN running from knowing which sites you browse either.

4. We don't encourage users to stay on Facebook/Instagram/TikTok. What we will do is to recommend them to not give out their personal data and to have 0 expectation for privacy for what they put on those platforms. If possibe, the can just not use social media at all. What we do not want to do is to give them a false sense of privacy by recommending privacy theatre alternatives.

[bkil]

RE 3: By self-hosting a VPN, I meant hosting it for your trust circles (friends, family, close/personal interest groups), for up to 100-1000 users. This will dilute your fingerprint and will also protect you somewhat from the feds knocking on your door if some random person visited a bad site through your VPN (i.e., due to only allowing people who you trust to use it). If you are not in the knows, assume you have somebody in your trust circles who is capable of setting this up - i.e., 0.1% of the population.

[bkil]

R: 1&4: This is more complicated than the math on the blackboard. Do you read the privacy policy and terms of service of all services that you use (including Facebook, Twitter, TikTok, Reddit, any infrastructure they use like a CDN, S3, etc.)? I do, although it takes a few days a pop if you do it recursively (some of the links are not clickable, but refer to certain regulations by name, but those will also apply to you).

I am dissatisfied with those terms and hence decline, and I am thus not allowed to read posts coming from there. Now what? How can I follow people or organizations I care about? The answer is: you can't! This is not a problem with RSS or ActivityPub.

[TommyTran732]

RE 3: By self-hosting a VPN, I meant hosting it for your trust circles (friends, family, close/personal interest groups), for up to 100-1000 users. This will dilute your fingerprint and will also protect you somewhat from the feds knocking on your door if some random person visited a bad site through your VPN (i.e., due to only allowing people who you trust to use it). If you are not in the knows, assume you have somebody in your trust circles who is capable of setting this up - i.e., 0.1% of the population.

Why would anyone trust you and get into a smaller pool of people to blend in with? In fact, if I was your friend, I probably would trust you even less, because you would know me personally and can do more serious damage if you do indeed snoop on me.

Setting up a custom VPN service is a trivial task, it takes 10 minutes to do. The thing you need here is to blend in with other people. How do you even get enough people to use your services to blend in?

[TommyTran732]

R: 1&4: This is more complicated than the math on the blackboard. Do you read the privacy policy and terms of service of all services that you use (including Facebook, Twitter, TikTok, Reddit, any infrastructure they use like a CDN, S3, etc.)? I do, although it takes a few days a pop if you do it recursively (some of the links are not clickable, but refer to certain regulations by name, but those will also apply to you).

I am dissatisfied with those terms and hence decline, and I am thus not allowed to read posts coming from there. Now what? How can I follow people or organizations I care about? The answer is: you can't! This is not a problem with RSS or ActivityPub.

Who cares what their terms say? You are looking for pinky promises again. Just use a browser that protects you and do not login. I don't care if Facebook tries to track me using cookies or not, I don't even care if they if they honor their privacy policy or not. I just clear by browser cookies and site data - they can try all they want, they are getting nothing.

If you are not posting anything, you can just use an alternative client like Fritter and Infinity and just follow people on those platforms without an account. Again, they can't track you even if they wanted to. Do you think that all of the people you want to follow on reddit and twitter will show up on those alternative platforms? Will you really trust an instance operator to not profile you based on a pinky promise?

Self hosting isn't a magical solution either. If you are the only one operating on a server, other servers can figure out any and all requests from that one server is just you. If you run a public homeserver for yourself and I don't know, 100 or 1000 people or whatever, why should they trust you to not snoop on them then?

Pinky promises don't work. At least, they don't work for me. I want some sort of guarantee.

[clort81]

A social network need not be 'public' in the sense of user-posts being visible to any and all passerby. That's just how current ones work.

Creating a privacy-respecting social network would be possible using a web of trust built on public and private keys. A user post could be sent to select individuals, or groups of users having the keys to decrypt that message.

The service provider need not have access to those keys.

If such a network exists or will be created, it would qualify for recommendation on your list.

[bkil]

Yes, as mentioned above (and also in our published notes) it would be theoretically possible, but nobody succeeded as of now. If someone started to tackle this problem just now, it would be considered alpha or beta quality for quite some time. Would you recommend such low quality alternatives on the site to newbies?

It took Matrix.org ~$60M of funding since 2014 to get where they are today - still so-so.

[RoseTheFlower]

This is nonsense. Let's put aside the fact that Facebook, Twitter and the like earn by selling your data or even that they gladly cooperate with the authorities. Do you know the first thing they ask for when you sign up? Your phone number. None of the alternative platforms do that.

[ghost]

In practice, I don't think you can sign up for any of those via a VPN that is not so low-key that its server is not known as a VPN server, and so they will force you to enter and confirm a phone number or lose access to the account, unless they already know that your email address had been associated with a phone number.

While I can't speak on other platforms, I know phone number requirements are optional on Twitter. I signed up for my account through Tor with an aliased email and, after reaching out to support, my account was given full functionality.

We're not suggesting people use Facebook, what we are saying is that no public broadcast service is "private".

Is this platform about perfection now, as opposed to recommending more private alternatives?

This just goes back to Tommy's original argument. There's no guarantee of more privacy with these services. Social media is inherently not private. There are some minor things like choosing which posts are shared with who, but is that really enough to warrant a recommendation?

My personal note — were these platforms even good at being social media networks? Many of the few benefits to social media come from the fact that seemingly everyone is there, and that's just not something that exists with these platforms. But that's my own personal take and isn't really relevant to privacy.

Besides, as already mentioned, one of the first things on the site is the invitation to join Reddit to discuss the platform. Is Reddit suddenly private?

I don't like Reddit myself, but it is an important platform. It's a large part of the Privacy Guides community, so it only makes sense that it would be advertised on the site.

Given the recommendations of Safari, is using an Apple device acceptable for privacy?

Apple devices and operating systems are absolutely acceptable for some threat models. As thoroughly discussed, Safari happens to be the best browser choice for the limited iOS.

No matter how you look at it, the current approach is extremely inconsistent.

I view the removal consistent with other decisions. It's a quite rational decision imo.

If the premise is that the viewer is reasonable enough to understand that anything they post on Reddit is shared with the public and susceptible to data collection, how come they wouldn't be reasonable enough to understand that when selecting to share with the Public on Diaspora?

That's exactly the point. If it's just as susceptible then why recommend it?

[RoseTheFlower]

It's a straw man upon a straw man.

We know Facebook and the like most definitely sell your data and share it with the authorities. The possibility of the other platforms doing it does not make them equally problematic.

The same is true for trying to equalize Reddit and a platform like Diaspora. On Reddit, everything you share is public, whereas on a platform like Diaspora, the default option is to share just with your Aspects, essentially meaning your circle of friends.

Regarding the phone number requirement, even if we accept your premise that is contrary to my experience, do you recognize that it's quite likely and possible that those platforms commonly lock VPN users out of their accounts unless they provide and verify their phone numbers? There is no precedent of this affecting any of the alternative platforms like Mastodon or Diaspora.

[bkil]

By the way, we have been discussing this for a while now on open platforms where I also linked this issue. Unfortunately, privacy minded people who participate there can't respond here because they refuse to register on any of GitHub, Reddit or Twitter. This makes the conversation a bit one-sided.

[jonaharagon]

@bkil do you happen to have a link to those discussions?

[bkil]

Sorry, I can't recall after so many weeks where that was exactly. Some of the channels are very high traffic, meaning one would need to read through thousands of messages as well. We sometimes talked about it in public Fediverse posts (somewhere behind in the timeline) and in one or more of the matrix rooms for Friendica, The Fediverse, Secure Messaging Apps charting, RetroShare, Freedom Fighters, and maybe others as well.

I have to accept that sometimes opinions differ and I have let this issue go. There exist a bunch of other similar comparison sites with clearly stated goals who do include these, so people with different values are free to refer to those instead.

[KevinAlcantara]

I'm sorry but this is so wrong.

All the Fediverse services can be used without any problem with Tor. In addition, information can be compartmentalized by creating multiple accounts.
This is simply impossible in mainstream social networks, where the tendency is to identify all users with personal data (AFAIK only Twitter allows you to create an account from Tor).
And don't forget they can be self-hosted in order to have full control over the contents you share.

If Privacy Guides recommends Tor Browser for its ability to offer anonymity, these social networks automatically become a valuable option for most threat models, which face indiscriminate data collection from such harmful services as Facebook, Instagram or Tik Tok.

In short: yes, these networks definitely have a lot of privacy value and should be recommended.

[jonaharagon]

I'm inclined to agree, after finishing #1276 (which will clarify the types of threats we are solving for), I want to look at bringing back social media recommendations for all the privacy-related reasons that have been brought up in this discussion.

[TommyTran732]

I disagree. You can literally use Facebook and Twitter if you choose to do so. These Fediverse alternatives do not provide any real value such as end to end encryption and does not serve any sensible threat model. Among the threats we listed in #1276, there is not one single threat that it solves. Even if you don't use big social media platform, when you post something publicly, there is nothing stopping bots from scraping your data. This is something done in practice by the likes of clearview.ai. If you are afraid of having your data collected, then don't post it. Blindly switching from one social media network to another is privacy theatre.

Censorship wise, these Federated systems may be more resistant and tolerant than the mainstream options. However, censorship mechanisms do still exist on these systems and is also enforced in practice. An example with this is the matrix.org blacklist and the Matrix homeserver admin rooms. While the protocol itself is decentralized, homeserver admins in practice can work together to block and entire homeserver and effectively remove them from the federation.

This is something mentioned in the misconception section and the underlying problem is not solved whatsoever.

[neontealtree]

Sorry if I'm breaking some unspoken rule of etiquette with my comment (noob to GitHub and I can't figure out which thread to reply to), but, here is a very relevant discussion about the privacy weaknesses of Mastodon on Twitter: https://twitter.com/atomicthumbs/status/1518669806777421824

A lot of relevant commentary in the thread and in the replies.

And here is an essay by a privacy researcher, commentator, and developer on the weaknesses vs. strengths of federation: https://pseudorandom.resistant.tech/federation-is-the-worst-of-all-worlds.html

Please tell me if I should put this somewhere else!

[jonaharagon]

Trust in your instance admin is of course required with all federated platforms, but this is something we'd be sure to note (that social network DMs are not a replacement for our recommended instant messaging platforms).

[foss-]

Couldn't agree more. This should be added as disclaimer stating use DMs only to exchange credentials to continue 1:1 conversation on a secure platform or something like that.

[jakariyaa]

You may put up an warning tip on the Social Network page but out right removing them defeats the whole purpose of having a site like privacyguides. Yes I agree they have many loop holes and many privacy related issues that aren't properly fixed yet. But to be fair they are nowhere near Facebook, Twitter or Reddit in comparison regarding data collection or privacy. So misleading people into big tech again will serve no positive purpose. I'm in favor of bringing back the Social Network page again!

[WisTex]

Interesting discussion. I think that we also have to consider that some social media platforms, such as Hubzilla and Streams, actually do provide you with privacy options. You can choose who sees your posts, images, and other content; Your content does not have to be public. You can create private discussion groups. Communications between servers are encrypted. And you can self-host for the ultimate level of privacy. You become the administrator. It is one of the things that makes them different than most of the other federated platforms out there.

That being said, if you are posting things to the public, on purpose, then privacy goes out the window. But it should be noted that privacy is different than tracking. And bigger players are more likely to track you and use that data for ads or to sell it, simply because they need a big data farm to collect and analyze it in bulk. But small players can still put code on their websites that tracks you, but most of the data actually goes to the big players. So you still have to look at every website to see if they are tracking you.

It might be useful to distinguish between privacy (people can't see what you are saying) vs. tracking (they use your data to profile you).

And I do think it would be useful to explain to people what privacy levels are really available. For example, in 99% of the platforms and websites out there, the administrator is basically god, with a small g. They can see everything if they want to. Most people don't realize that, but it is true. And to prevent abuse, that needs to be true, to a certain extent. For example, if someone is making threats or sending spam, the administrator has to be able to see it to deal with it, otherwise how would they know it is happening.

It should also be noted that web hosting companies can see anything the administrator can see (and in most cases, more), so you also have that level of access. But, most of the time, a web host is not going to act unless they get complaints or a DMCA takedown notice.

Unless you have your own data center, you will have to trust someone.

But I think people need to understand the difference between privacy and tracking, and understand that certain people will always be able to see some of their stuff, unless they self-host or go with a fully encrypted system where even the administrators can't see the posts and content. And they should understand that once you post something publicly, you have lost your privacy for that item.