@benpate So what they are building is actually a way to later enforce censorship of a decentralized network by state actors.
image.png
image.png

RT: https://mastodon.social/users/benpate/statuses/116403046724832335

@benpate
>Sovereign Tech Agency
>Germans

This will never ever get used for censorship and control years down the line.
image.png

@phnt @benpate don't worry just give the germans all the data on your computer for science/racism/the children/the one arbitrary thing we decided and will move onto the next because it is never about the thing but a gauge and measure of obedience. i guarantee you it won't just be hashes

@phnt @benpate well the content scanning is at least opt in, but yeah

@rick @benpate Nothing stops a government from mandating it. After it is implemented, a government at any time can decide to ban hosting/usage of fedi instances (social media in general) without some automated scanning. After there is one or more approved services supporting it, they can fully mandate it and point to the Mastodon implementation as a requirement and reference implementation.

@phnt @benpate
>automatic content detections 'shared across servers'
that is a phrase that scares me a bit too much

Well, continue to cower away from them and you get precisely what you tolerate.

Now, are those of you complaining and that have been for decades going to stop this, or not?

@JeffGrimesArt @benpate
>Now, are those of you complaining and that have been for decades going to stop this, or not?

Just watch this get praised by the majority of Fediverse (Mastodon™ network).

@rick @phnt@fluffytail.org

Sorry, I can't see the intermediate message you're replying to (xenofem.me is returning errors) so here's just a generic take on content scanning.

It's not possible to content scan MLS-encrypted messages, so that won't apply to this project. And yeah, people will use #E2EE to do bad things. It's the same calculus as with Matrix, Signal, Apple Messages, and others: the benefits to good people outweigh the negatives.

@benpate i think there is a misunderstanding probably thanks to missing the missing message before.

e2ee is very important! I think now one should be able to read private messages. But i think fedi is not private at all, more like public only. If ppl want to message securely they should switch to a chat tool which was designed for it. I think adding e2ee to fedi dm just makes the whole setup more error prone, well you see the problem already in matrix 'unable to decrypt message' memes here.

I think the more worrying part is the 'feature' of automatic content scanning. This will be a more controversial topic.. I think many ppl don't like automatic scanning or blocking of thier posts.. Thats why many ppl fled from big tech platforms.. Such systems could be very easy misused by governments for content scanning of posts which they don't like..

Well at least or luckily its only opt in for now.. But i'm very pessimistic about such approaches tbh.

@rick Yeah, thanks. I knew I was missing some part of the conversation.

In the Emissary implementation, the plan is for BOTH server admins AND users to opt-in to using encrypted messages. So, if someone doesn't want to participate, they certainly won't have to.

Right now, I don't think anyone knows how Mastodon will design this feature (even Mastodon). But given the technical requirements for generating private keys, it's not unreasonable to guess they might do something similar.

@tk @benpate Until that is turned into something illegal.

@phnt @tk @benpate they can take that from my cold dead fingers

@phnt @benpate Thank goodness for the unlicensed radio bands.

@benpate @rick it’s ironic that the majority of the network is blocked by your server and is warning you how it’s going to bite you guys in the ass the hardest given the trajectory of the political zeightgeist.

@phnt @benpate
>E2EE
>external tools scanning the content
one of these is not like the other

They can, and I'm sure they want to and will try very hard. But there are a number of major problems which will emerge and will carry the whole project directly to hell.

1. There's a lot of countries out there, anyone can join any instance that's based anywhere. Smart countries will not enforce rules because they'd prefer to collect sigint, dumb countries will push all of their instances away...

2. Once you create a mechanism for censorship, everyone starts piling on to try to get Their Special Thing censored. If it's Germany, they're gonna have Israel breathing down their neck to add "Free Palestine" to the CSAM filter. This is going to create nuclear levels of butthurt in the canceldon/fediblock extreme left zone.

tl;dr invest in popcorn

@jeff @tk @benpate
tor-logo-woozy-tilted.png

@tk @phnt @benpate Unlicensed doesn't mean that what you are allowed to transmit over the bands can't be restricted.

@phnt @benpate People are forgetting the time of EUnomia.

@cjd @rick @benpate It can easily be made into an EU-wide law. At that point usage of any fedi instance without a mandated automod can be made illegal and member states have no control over it after it inevitably passes, because Germany and France will love that.

@cjd @benpate @rick Technically even Pleroma's MRF system can be abused like that, but Mastodon is way bigger and the way they wanna achieve this creates more centralization than MRFs do. They are basically digging a hole without understanding the repercussions of digging it.

@phnt @tk @benpate fun fact: i made that image, ages ago.

@jeff @tk @benpate I literally made that in gimp few minutes ago (and hated every second of it) :D

@phnt @tk @benpate ah well you are not the first to make such an image.

@tk @phnt @benpate As I've said several times the idea of replacing *any* internet functionality with something with LPWAN data rates and ranges, with no internet entry anywhere in the chain especially, is self-soothing nonsense

@mer @phnt @benpate those who do not know the past are doomed to repeat it

@tk @benpate @phnt this doesn't mean it's useless but the first step to effective use of it is recognizing the limitations

@mangeurdenuage @phnt @benpate they must be new here tbh

@bell @phnt @benpate that’s known as state mandated mass surveillance

@phnt @benpate

> E2EE
> Fediverse

Complete and utter bullshit. Explain how they manage private keys. Not gonna happen. Their document skips this step and only discusses how to discover public keys. They're waiting until the last minute to solve this piece because it's the hardest part. How can you securely distribute them across every browser/session and app that people use to access Mastodon etc? If they were gonna copy Matrix's SSSS they'd have mentioned it

https://github.com/swicg/activitypub-e2ee/blob/main/architectural-variations.md

@phnt
It's my experience that canceldon people are the type to cite the law chapter and verse to anybody they don't like, but say ACAB the moment there's a law they don't want to be compliant with.

Ultimately they'll skate because they're all relatively small sites. Maybe a dozen hueg instances will get enforcement action but they aren't gonna chase down every 10 user "uwu tee hee kill people I disagree with" glitchsoc server
@rick @benpate @cjd

@phnt
For example, they love citing GDPR to American instances that have a copy of their public statuses that they posted publicly to public timelines, but I'll bet money that those same people will refuse to implement any sort of age verification mandated by the EU
@rick @benpate @cjd

@phnt @benpate if they do use something like SSSS where the key is stored on the server encrypted in your profile data, this makes supporting nomadic identities even harder

And then you have the problem of "only users here can use E2EE if their software implemented it" which makes this a less valuable network for securely communicating. Poor network effects, might as well use Signal

@phnt @benpate i'm all for seperating bavaria. That would make the police state bs go down considerably too i think.

@feld @benpate I wonder what Soatok thinks of this after trying for years to wedge E2EE into ActivityPub. But ultimately, they went the easy route and chose MLS and AP as a dumb transport protocol.

They probably won't bother with proper key management and instead make it device-to-device, or copy the way OMEMO does it. Maybe with only publishing a new public key being possible by approving it from a device with an already published key.

I don't think any of this matters anyway as the whole concept is kinda useless when you already have 10+ secure messaging apps at your disposal.

> Maybe a dozen hueg instances will get enforcement action

And some of them are gonna go to the cross on that - which is gonna create insane amounts of drama with their largely-mentally-unstable userbases... I don't think the EU has what it takes to face off that amount of heat.

@r000t @rick @benpate @cjd It does not matter that they won't go after everyone. Just the possibility of doing so is already a problem, it shouldn't be possible at all.

@phnt @benpate mfw FIRES as an “advanced” stretch goal

The maybe one blocklist idea with innovation that makes sense (revokability) and it’s not even the baseline mastodon is shooting for, fuck me

@tk @phnt @benpate it's not an alternative for anything i use the internet for, and i would wager nothing you use it for either

@tk @phnt @benpate can you hit anything outside your state with it

@tk @phnt @benpate pressing X on the idea this will be the norm for anywhere outside of affluent areas of the coasts ever

@tk @benpate @phnt the other thing about this is...is this via meshcore? AES-128-ECB as standard is about as good as HAM radio's encryption ban

@tk @phnt @benpate i am not sure how to respond to the idea that the telephone system is in any way comparable to the modern internet or in any way superior to the censored internet with self-hosting banned that is the endgame of this shit. boomers didn't have anything comparable to the internet in terms of privacy or freedom and i don't think it's a coincidence they are now generationally psyopped to hell

otherwise i really have no idea here lol, i guess maybe building a good thing by cope is better than not building it

@phnt @benpate the kill-bill siren would start ringing in my head, the moment they offer to base the decision to federate or not to federate upon content-scanning, i.e. when the "automated content detection auxiliary service providers" (what a truly fucked up name) gets turned into CAs that are asked to sign off on posts, and only signed posts get to be displayed.
we're truly losing the plot.

@slowfallinward @tk @phnt @benpate imo, worst comes to worst, we disconnect from The Mastodon Network™ with their foundations and their teams and their product strategy advisors and their apparent inability to conceive of anything not done at "scale," and reverse proxy our shit thru front ends in countries who aren't a party to controlling how people choose to associate on their own self-hosted platforms.

if it gets real bad we will probably need to move beyond DNS.

@deutrino @tk @phnt @benpate yeah this is more what i envision i guess

i'm not meaning to put down the idea of running *any* mesh though i would 100x more support reticulum vs meshcore/meshtastic. its use is just not going to be "dial-up internet" because it's geographically limited and adoption is relatively low

@deutrino @benpate @phnt @tk it's just laughably far away from a proper first-line response to internet censorship and coping about the latter with it is useless

@phnt @benpate good question. I think the reality will be more like

- flawed implementation, terrible rollout

- Mastodon and maybe Pixelfed support it (seems like something dansup would jump on)

- all the logic has to be in the client (or frontend)

alright. Now we've got an app store with a ton of shady looking fedi clients (we're that popular guys).

How long before any of those are modified to exfiltrate your keys? How long before the first incel server admin that wants to spy on some female account so they backdoor the FE to steal their keys next time they login?

As soon as one of those events happens, now trust is gone. So Mastodon has to restrict access to this feature to the official Mastodon app and the official Mastodon servers.

UHOH SPAGHETTI-O

@phnt @benpate These censorship/moderation tools are likely a part of their mainstreaming strategy. They want big orgs, including governments, to host Mastodon instances. The same playbook is used by Matrix.

So I don't think it's a threat, just another brick in the wall separating Mastoverse and the rest of the network.

@silverpill @benpate I don't see this as a network threat, really. They could split the network tomorrow and I would barely notice or care.

The way I see this is similar to what the recent age verification legislations have the possibility to do to this network and hosting in general. More of a control and potential for future abuse threat. Because it will be used that way, eventually.

@feld @phnt @benpate everything seems like something dansup would jump on but he doesn’t usually get stuff done

@mkljczk @feld @benpate "yo lain, what do you think of <insert thing you've never heard about>" coming to a #pleroma-dev@irc.libera.chat channel near you.

@mkljczk @phnt @benpate You're absolutely right.

@feld @phnt @benpate It doesn't seem to be an issue in the Matrix ecosystem where people often self host web clients.

@silverpill @phnt @benpate harder to target users on your own homeserver when you don't have a public timeline where you can spy on your users to pick a victim based on their public posts/profiles.

most of the activity on Matrix is private or at least in group chats. The fediverse is public by default.

@silverpill @feld @benpate Because the way Matrix does it is kinda flawed and makes inserting malicious devices easy-ish. OMEMO is the second extreme they can go to.

This ActivityPub becoming a kitchen sink protocol is getting really weird. First it was trying to make C2S usable and now E2EE barely anybody asked for. When are we going to get emoji reactions standardized?

@phnt @benpate reducing the median # of users per instance has never been more important to the health of the fediverse. fortunately people keep developing more platform softwares at a rapid pace which is really encouraging in this regard.

@k4t3 @benpate Thankfully the network is now diverse enough that you can just say no and disconnect from them. Arguably nothing of value would be lost. That said, the issue of it being legally mandated is still present. When and if that comes, overlay networks like Tor and I2P are the only option I guess. Besides slow packet radio.

@jeff @phnt @benpate
if this our state, then fediverse users will be (at least near) the worst bureaucrats you could think of and trust to do on behalf of this. thinking it could be more self-policing/abuse, like you do not need explicit laws to let it fester, which would hurt so much more.

@bell @phnt @benpate imagine this: government subsidized fediblock

@jeff @phnt @benpate
i think fediblocks happen enough that governments will not need that. more on the social engineering side you could just provoke that also

@bell @phnt @benpate the more realistic outcome is botfarms on fedi instigating viral psychosis in users to overthrow sandland governments and such or else because the government said to allow them.

@feld @phnt @benpate Fair point. I usually imagine a network of small instances where spying admins are not a problem, but Mastodon is a different world.

@jeff @phnt @benpate
it is too irrelevant to have that much of an impact/sparse there (if i get what you mean) i think, so if that used it only to disable/waste people's lives who could independently stand up here

@bell @phnt @benpate i dont think fedi is immune to this problem, it could also fill up with chinese nationals who instigate and foment armed insurrection in the USA and Europe. :^D

@phnt @feld @benpate Would you accept a FEP? https://codeberg.org/fediverse/fep/src/branch/main/fep/c0e0/fep-c0e0.md

@silverpill @feld @benpate I do, but it unfortunately does not standardize much of anything. It documents what already exists.

I more meant an errata to AP that sets it in stone and only in one way, but considering what swicg is doing, it might be better this way.

@phnt @benpate this is a bullshit conspiracy theory because governments don't care if something is technically enforcable when they push law that hurts small internet communities

@mkljczk @benpate EU is invested in Mastodon and has been for years. I don't see any reasons why they wouldn't use that as a vehicle to push their way of control over social media, which they likely already want considering the arrests over making fun of politicians in Germany.

Before you could realistically push back against it and argue that it is unfeasible to do on the Fediverse. Now you won't be able to, because they paid for it to be implemented.

Of course this isn't limited to only EU, it's just an example. US or any other state/government could abuse this.

@mkljczk @benpate It's the same way I see IFTAS being heavily pushed, which is just a trojan horse for centralizing moderation. Before IFTAS you could argue that centralizing moderation on this network wasn't doable properly, now with IFTAS being an aggregator and FASPs in the works for blocklist syncing, this cannot be argued against like that.

@benpate @mkljczk I guess your point is that they don't care when they push laws like I'm talking about and what are their consequences on places like Fediverse. My point is different and about that they are already making the building blocks to push those laws in a way that is hard to argue against outside of the obvious freedom of speech/censorship being bad/... Before you could argue that you cannot comply with such laws, now you can't argue that as they can point at Mastodon on how to do it.

Yea and for someone like me, updating my instance is literally harder than shutting it down and switching to nostr ¯\_(ツ)_/¯

@cjd @rick @phnt @benpate >switching to nostr
Its dead jim...

@mkljczk @benpate Well, you gotta first implement FASP support in Pleroma and wedge it somewhere. If it was something like fetch API -> done, that would be too easy :D
image.png

@r000t @phnt @rick @benpate @cjd "they aren't gonna chase down every 10 user "uwu tee hee kill people I disagree with" glitchsoc server"

No they'll send the email to the wrong instance after your dumb post about Charlie Kirk or ICE agents federates to them. Bluesky users have recently been getting clapped or subponead after the extreme amount of fedposting that goes on there and that site is notoriously moderation lax.
https://archive.fo/q5NWk

https://www.reddit.com/r/BlueskySocial/comments/1s7qsr2/what_is_this_and_am_i_in_trouble_got_an_email/

@phnt @benpate >deliverables
Holy mother of red flags.

@sendpaws
AAAAAAAAAAAAAAAAHAHAHAHHA RIPBOZO #PACKWATCH
@phnt @rick @benpate @cjd

The same western "leftists" who reacted with glee every time a britterf got a visit from The Bobbies circa 2018-2023 for their Problematic Posts have been having their leopards eating faces moment with what is happening regarding Palestine Action.

Except, of course, nobody is holding them accountable for what they have done. Not even Palestine Action itself, because real power isn't merely being able to stab people in the back but preventing the backstabbed from even talking about it.

As the co-inventor of Israel, Britain should share it's fate.

HARDEN YOUR HEART PUTIN

@feld @phnt @benpate the private keys are stored in the balls

@benpate @rick Your instance is blocking other posts, which is what is going to happen when this shit rolls out. You'll only be able to talk to people that the global censors approve of. You will like it, what are you, not age gating? Are you one of those groomers you heard about?

@phnt @feld @benpate call it OWOMemo

could nawt decwipt messag uwu

@sendpaws @rick

You make an excellent case for blocklists and reply controls, Pawlicker.. muting you now.

@benpate @rick "My first app on this platform is a music sharing server for indie bands, called #Bandwagon. And now I'm also working on #Atlas, a social mapping server for adding Federated annotations to places in the real world."
this you?