What I’m taking issue with is essentially the same thing that is getting Reddit into hot water. Spez is acting like all the content on Reddit is exclusively his. And legally, it probably is, since it exists on his servers. Now if you extrapolate that out to Meta on ActivityHub, any instance that federates with them immediately puts all of your content directly onto Meta’s servers. Once it’s in their possession, it’s legally theirs to do with as they please. If they want to pull a Facebook or Reddit, using your data, they can with no way for you to opt-out. Sure, nothing is stopping people from doing it already, but Meta does not have your best interest in mind. Ever. They’ve shown it again and again. So I think people are preemptively wanting to cut off this spigot of user data to Meta because their abuse of it is a matter of when, not if. Any other company might deserve the benefit of the doubt, but Meta? We know who they are already.
Also, as I said elsewhere, Meta could already use a bot to scrape Lemmy instances, but you can’t sell a bot to investors. But you can sell a platform. Meta will build a slick platform to sell to investors and sit back while federation fills up their instance with data which they’ll turn around and sell the same way they do on Facebook. And the insidious part of it is that they’ll take your data even though you didn’t use their platform. Right now I can decide not to be data mined by Meta simply by not using Facebook. To do that here if instances start federating your data onto Meta servers, you’d have to not use ActivityPub at all. Either that or the fediverse fractures into Meta and not-Meta, which also sucks.
This is really a lot more than simply setting up an RSS feed.
I completely agree with the overall point you’re making, but would like to correct the legal aspects. I am not a lawyer, but I do have a pretty good understanding of US copyright law which is the most relevant in this case.
Having possession of data isn’t sufficient to legally establish the rights to do as a company pleases. In general, an individual author immediately has copyright on a creative work as soon as it’s recorded in any medium. The main exception to this is “work for hire” — a legal agreement that employers hold copyrights since they’re paying for the work. It’s usually part of the paperwork an established company has you sign when you start a job.
Because of this, and because we users aren’t employees of Reddit, they need a license to duplicate and display our copyrighted posts. The terms of service for any online service almost always stipulate a “worldwide, non-exclusive, perpetual license”. In other words: you still own the copyright to your post and can still share it elsewhere, but by sending it to Reddit, they get to put it anywhere they want and you can’t ever take that right away from them.
If Meta begins slurping up data from the Fediverse, things get tricky. They’re probably violating copyright law if they do that, just as ChatGPT, Google Bard, etc… likely have. However, legal enforcement of our rights would be near-impossible. Everyone who has ever had an account with any of Meta’s properties has most likely agreed to an binding arbitration provision. (These are utterly immoral, they force you — as a precondition of doing business! — to preemptively waive your legal rights before anything occurs that would cause you to need them.) These provisions also prohibit any sort of class action, so each individual person would have to initiate their own case against Meta. And then you’d have to somehow prove to an arbitrator from an organization selected by and paid by Meta that Meta violated your copyright. And Meta’s high-priced lawyers will have all kinds of ways of referencing prior cases to argue why what they did is fine.
So yeah. But again, I completely agree with your main point. Meta will (if they haven’t already) collect all the data they please from the Fediverse and use it to further their business interests. And those business interests are not aligned with our best interests.
Thank you for your clarification! I don’t know any of the legal specifics of this stuff and I very much appreciate you taking the time to help educate me and anyone else who needs it. I can only give a conceptual argument based on the history I’ve seen with these companies, but not any sort of specific knowledge of law.
The gist of what you’re saying, and what we’ve actually seen play out recently, is technically they shouldn’t be able to do this, but they’re going to lawyer it in such a way that they’ll get away with it unless/until someone actually sues them which is prohibitively expensive. We have recently seen class action suites against Meta, but realistically the damage has already been done, the money has already been made, and they go on with finding the next cash cow. Even a multimillion dollar settlement is a drop in the bucket, simply the cost of doing business for these people.
You bring up an interesting point, because of how the fediverse works, every server (that has an active subscription) essentially has a mirror of the original data. So if Facebook have data from people who never consented to that, then they would surely be breaking GDPR rules? GDPR rules say that they can only PROCESS the data (or mine it - if you want to use a more realistic term) if a user has explicitly agreed to that, implicit agreement doesn’t count. So this is going to interesting to see how they manage this - providing that they don’t process the data and simply present it, as is - they don’t break GDPR, but the second that they start processing it, they breach GDPR. Now - they can process data that belongs to their users, but they would have to write code that ensures they don’t ingest posts from any user that is not a meta user - for the purposes of harvesting it.
Yes, this is exactly the sticky issue we get into. And I’m wondering if lawyers would be able to make a case that using ActivityPub alone automatically gives your consent to have your data exist on an instance outside your own. Once they have data you’ve consented to give they can do with it as they please, essentially arguing you’ve become a consenting party when you consented to federation. I don’t know the GDPR well enough to have any answers, but you can bet Meta lawyers do.
I don’t think Facebook would be having high level NDA-protected talks with Mastodon people if they weren’t trying to work all this out. And by work out, I mean how to monetize/data mine. I’ve been talking about this with people all day, many of whom didn’t see a problem with this, but eventually all of them have had the lightbulb turn on when they realize the potential abuse Meta could do with/to ActivityPub.
If, by some miracle, Meta wants to be the good guy for a change, let them prove it. I would love to see defederation by default, and let Meta prove they’re trustworthy to federate to. And even then, have a really itchy defederate trigger finger if they even hint at pulling another Cambridge Analytica fiasco. But getting everyone on-board with that is probably impossible, especially if Meta starts throwing money around.
Meta can have the data, that part yes you consent to by using ActivityPub software, though there is a whole other argument to get into later about whether “normal” users really understand that. But no Meta absolutely cannot process that data, for creating shadow profiles or anything like that - unless the user explicitly opts in. GDPR is quite clear that you cannot infer that a user agree based on some other influence (in this case the user using ActivityPub) - the user MUST have been presented with a dialog explaining what Meta would do with the data and giving the user the option to say they agree or disagree with it.
