Threat modeling Meta, the fediverse, and privacy
There's very little privacy on the fediverse today. Mastodon and other fediverse software wasn't designed and implemented with privacy in mind. Even the underlying #ActivityPub protocol that powers the fediverse has major limitations. But it doesn't have to be that way!
Meta's new #Threads product means that it's critical for the fediverse to start focusing more on privacy. Of course, #Meta's a threat in many other ways as well; that said, the privacy aspects are important too.
For one thing, if Meta does indeed follow through on its plans to work with #Mastodon instance admins and others "partners" who to monetize their users (and their data), people in the region of the fediverse that's not Meta-friendly will need stronger privacy protections to protect their data. And Meta's far from the only threat to privacy out there; changes that reduce the amount of data Meta can gather without consent will also help with other bad actors.
More positively, there's also a huge opportunity here. Privacy's even worse on Facebook and Instagram than it is in the fediverse. So If the fediverse can provide a more private alternative, that will be hugely appealing to a lot of people.
Any way you look at it, now's a good time for the fediverse to take privacy more seriously.
The bulk of the article focuses on threat modeling, a useful technique for identifying opportunities for improvement. It's a long article, though, so if you don't want to wallow in the details, feel free to skip ahead to the section at the end on the path forward and the specific recommendations.
And if you're already bought in to the idea that the #fediverse
should focus more on privacy, and just want to know how you can help make it happen, it also suggests specific actions you can take -- and there's a section with some thoughts for #MastoAdmin
Here's the table of contents:
* There's very little privacy on the fediverse today. But it doesn't have to be that way!
* Today's fediverse is prototyping at scale
* Threat modeling 101
* They can't scrape it if they can't fetch it
* Different kinds of mitigations
* Attack surface reduction and privacy by default
* Scraping's far from the only attack to consider
* Win/win "monetization" partnerships, threat or menace?
* A quick note to instance admins
* Charting a path forward
This is still a draft, so as always feedback is welcome. And thanks to everybody for the feedback on previous drafts!
DRAFT! Work in progress! Feedback welcomeThe Nexus Of Privacy