If you're a developer working on a fediverse app or service and want to get it right – or just don't want to be the center of the next firestorm – here are a few suggestions.
Get broad feedback before launching – and listen to it
Honor existing opt-in and opt-out mechanisms
Include an additional opt-in mechanism for your service if it's not just a search engine or profile discovery (or something very close to them)
Make sure to communicate that you're taking an opt-in approach and honoring existing mechanisms
DON'T say the things that developers who ignore consent typically say
Be extra careful if you're a cis guy
Look at opt-in as an opportunity for a potential competitive advantage
I'm conflicted over the fact that using ActivitiyPub necessarily implies consent for other people to collect the data you send through it. It seems that many people using ActivitiyPub connected services want something different than ActivitiyPub or different default settings on many ActivityPub services.
Thanks, glad you think they're reasonable. I don't see it as using ActivitiyPub implying consent; it's more that ActivityPub doesn't provide any mechanisms to enforce consent. So mechanisms like domain blocking, "authorized fetch", and local-only posts are all built on top of ActivityPub. I agree that many people want something different than ActivityPub currently provides, it'll be interesting to see how much the protocol evolves, how far people can go with the approach of building on top of the protocol, or whether there's shift over time to a different protocol which has more to say about safety, security, privacy, and consent.
That's similar to the "you're being inconsistent" thing that the article says not to say, kind of.
Consent isn't really built into ActivityPub and it's inherently the opposite of how I understand it to work (copying your content all over the place regardless of your desires).
But their argument is kind of reasonable.
Who cares?
We can change ActivityPub, but we couldn't change Twitter. People were tolerating worse just for the sake of having a community before they moved to the fediverse. They had no say before and they're asking for better from it now that they can have their voices heard at all.
Consent isn’t really built into ActivityPub and it’s inherently the opposite of how I understand it to work (copying your content all over the place regardless of your desires).
ActivityPub is a means of sharing information in a way that the information can easily be collected and reshared. By using it, you should expect that people will collect and reshare information you send via the ActivityPub protocol.
The article addresses this directly in the section on things to not say, though:
ActivityPub does indeed "makes assumptions that are fundamentally opposed to the kinds of protections that people seem to be seeking." But in a discussion about whether or not to get consent, even the ones that are true the miss the point – just because ActivityPub leaves open possibilities for you to do something without getting consent, that's not the only option.
That addressing is insufficient because it begs the question of consent being withheld. But the consent is implicitly given by the sending of information via the protocol, otherwise a service like Mastodon can't exist. The question of asking for consent after it is given is the part that I'm conflicted about.
DON'T say the things that developers who ignore consent typically say
That's likely to increase the pushback. If that's your goal, great, go for it! If not, though, it's best to avoid stuff like this.
"Posting publicly gives implied consent to use the data"
I don't inherently agree with the article's ask, but you've literally only proven its point by stating, verbatim, one of their "please stop making us retread these tired arguments over and over" points.
OP links to a Mastodon thread from a user who breaks down the technical limitations of ActivityPub and proposes how the situation can be improved. Maybe read that.
Also, if you think that these are reasonable suggestions, then perhaps ignoring them directly isn't the best way to engage with this article?
I'm not here to score points. I'm expressing my thoughts and reservations about the article. I'm not even taking much of a position on what developers should do. It's more of an exploration of the landscape.
Unfortunately, skipping past a legitimate point doesn't address the point which remains unresolved. It's a nice rhetorical trick though. I'd rather discuss the point. (Even though others have had discussions, that doesn't help me understand and learn.) There's no urgency for me to reach a conclusion, so a bit of rehashing of "tired" perspectives isn't offensive to me.
Reasonable doesn't always mean appropriate or best for the situation. It doesn't always lead to good or better outcomes. Shutting down and dismissing legitimate concerns is not a good way to build a consensus and and will often lead to adverse outcomes. It is ironic that this person's approach is making the same mistakes they are trying to warn against.
There's a clear conflict that literally can't be ignored. It must be considered by all participants, else those participants will be unexpectedly unsatisfied with the outcomes.
I don't think you added anything new to the argument and their linked source addressed it from a technical and ethical perspective.
Personally, I don't think that it's reasonable when someone asks you to not do something for you to do that thing directly to them.
You've done that here. Whether or not you think you're bringing up good points, it's still pretty rude.
Anyway, you're right that this isn't about points. I started off trying to give you benefit of the doubt that you were respectfully responding to the article and just missed what they had said, but then you doubled down and triple downed.
I understand the need to try to voice concerns, and so I understand why you're continuing to push.