The official Mastodon app (and most other Fediverse apps) do not collect any data about you.
When you sign up on a Fediverse server, it asks for the minimum amount of information (an email address and a password) and none of this info goes to the app or app makers.
This is in stark contrast to other social networks which seem to collect lots of personal info. See the attached image for a comparison of the privacy policies of various official social network apps.
#Privacy #FediTips #Fediverse
@[email protected] Question: how and who does the audit as to what kind of data being collected?
Earlier, @james said there’s no audit.
https://bne.social/@james/113335420937205906The official Mastodon app is open source, outsiders with the necessary programming knowledge can see all of its workings at any time:
https://github.com/mastodon/mastodon-ios
https://github.com/mastodon/mastodon-android
If it was spying on people, it would be very easy for outsiders to spot it.
The same goes for most third party Mastodon apps as they are mostly open source too.
@[email protected] @[email protected] @[email protected] As @[email protected] pointed out though, the app is different to the server (for the fediverse), which is very different to X, BlueSky, Threads etc, where the app is also run by the same company as the server.
Tracking is undoubtedly possible by instance operators, who can see my 15 most recent connected IP addresses, for example, and find out who else uses the same IP addresses. That’s built-in to the moderation system of anyone using Mastodon. That’s - undoubtedly - tracking a user; especially since my mobile app is pinging the instance every so often for new messages.
I am all for the fediverse, but I’m all for being honest and pragmatic about any issues it has. A privacy comparison between the Apple App Store self-reported claims really isn’t an honest comparison of “the fediverse” vs other social media.
@james @antdesros @AndikaCJ @Cal
That’s the whole point though: separating the app and the server is a really good thing.
When the app and the servers are run by different people using open standards, it gives end users the ability to combine a non-surveillance app with a server run by people they trust, or even set up their own server.
Services which spy on you through the app anyway and/or force the user to use a particular server, are taking away this power from the user.
@[email protected] @[email protected] @[email protected] @[email protected] Yes, but it’s dishonest to claim “This is in stark contrast to other social networks which seem to collect lots of personal info.” as you did in the root message. A typical Mastodon server collects a lot of personal information from me (because it kind of has to, to work). Don’t compare a standalone app to a “social network”.
And it’s more dishonest to then show “a comparison of the privacy policies of various official social network apps.” - because that’s not what those policies are. They show the social network privacy details (because they’re one and the same). It’s not a fair comparison.
The point you appear to make is that the fediverse keeps no information about me at all. This is not true.
Is the fediverse better because it isn’t correlating my IP address with ad brokers to work out who is in my household and where I live? Yes.
@[email protected] @[email protected] @[email protected] @[email protected]
p.s. As for IP addresses, it’s impossible to use anything online without giving some form of IP address. That’s how the internet knows where to send stuff. It would be like trying to order something to be delivered without giving any kind of delivery address.
That doesn’t mean you have to give your own IP address, the Tor network and VPNs let people hide it.
@[email protected] I posted a link to this on #Bluesky: https://bsky.app/profile/clairefromclare.bsky.social/post/3l6yj4nxyts2r
@[email protected] It seems to be that Bluesky is benign here, with diagnostics arguably being excusable, and the other ones just counting data submitted to the server (which Mastodon would then “collect”, too)
It is worrying that BlueSky is already collecting data they don’t need.
“(which Mastodon would then “collect”, too)”
No, they wouldn’t. The makers of Mastodon’s software and the owners of Mastodon servers are totally separate things.
Most people are on third party Mastodon servers which have no connection to the makers of Mastodon’s software or the official apps.
This is one of the points of decentralisation, to avoid having any kind of central control point.
@[email protected] Right, that was my point. BlueSky is also technically decentralized and I am saying that maybe this data collection listed here is not by the app itself, but by the relevant server.
@FediTips I don’t know if this is the case but I also don’t see any reason to believe otherwise.
The reason to believe otherwise is to compare the entry for Mastodon and BlueSky.
According to their app store entries, Mastodon collects nothing, BlueSky collects something.
This is the point of my original post with its comparisons of screenshots from app stores.
@[email protected] As I understand app developers are given some latitude in how they fill in these boxes, so what I was considering was the possibility that the BlueSky developers interpreted the requirements for this information differently.
Ahh okay… that’s an interesting point. It would be good to have more info on that.
@[email protected] Twitter now automatically opts you in to using your data to train their LLM. And you cannot opt out, which is why many are moving over to Blue Sky.
@[email protected] I’m not sure to understand from where that data comes from. Do you have the original link somewhere ?
@spokeek @FediTips These appear to be screenshots from Apple’s app store. https://apps.apple.com/us/app/bluesky-social/id6444370199
@baralheia @FediTips Nice, wouldn’t have known. Thank you a lot.
Yup, they’re all Apple app store screenshots taken today. For example if you search for instagram app store you will get a link to https://apps.apple.com/app/instagram/id389801252
@[email protected] well bsky at least does not seem to sniff browsing history… but the others 😰
@mariuszklimczak @FediTips Some of the others get even more “fun” when you notice the “sensitive data” category popping up here and there.
Yeah… what exactly is that? 🤔 I tried looking at Apple’s info page and it just describes it as “Sensitive Info”. 😬
@[email protected] Apple defines it on their developers’ site: “racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data.”
Good grief… 😬
That is just dystopian. That kind of info could get people arrested (or worse) in countries with repressive regimes. 😞
@mariuszklimczak @FediTips Yeah I was thinking that same thing. Bluesky at least looks like reasonable stuff their own service might want to make recommendations to you.
@edward_jazzhands @mariuszklimczak
They don’t need to gather that through the app though if they really are a decentralised network.
(But they are much more reasonable requirements though than Threads etc, yes!)
@[email protected] A reminder that the App Privacy section in the Apple App Store is self-reported. Apple doesn’t appear to check, other than “providing resources” to help app developers “fill out this information accurately”. https://support.apple.com/en-us/102399
Isn’t that a well known thing though? Most people here on Mastodon already know that Mastodon is privacy respecting, alongside most Fediverse apps. Don’t get how thats a tip.
Also, they are operated by huge greedy companies, of course they’ll collect data.
It’s the sad truth.
No, not everyone knows.
For example someone replied to this post as follows:
It SHOULD be common sense though, right?
@[email protected] not to even mention every action you take becoming training material for an LLM, ready to be accidentally reproduced / hacked! 😨
@[email protected] what fediverse apps do collect data? (Besides Threads of course)
None that I’m aware of, but there are so many apps available that it’s difficult to know about all of them.
Main thing is to check an app’s app store privacy section before you install an app (which is where the info in this post came from).
@[email protected] most users on instagram, X ond other:
I think it’s because they’re not seeing this happening directly.
If someone came up to them in the street and started following them around 24/7, filming them, recording their location, demanding their financial and medical details, stealing their browsing history, asking if they are pregnant etc they would feel differently.
Because this surveillance happens within their phone, at some level people can pretend it isn’t happening.
@[email protected] @[email protected] Guy I work with wants me to use WhatsApp. Said no, that’s meta and they’re snoopers.
@[email protected] What’s really amazing is that you don’t need to use the official app. Unlike Reddit and Twitter/X that have killed off third-party support, the Fediverse can be accessed through numerous apps.
Decentralisation is the future!
Talking security, I keep hoping that XMPP will become the DM system because it uses end to end encryption and has been around for years. No need to reinvent the wheel. Plus it can be connected to the ALSO de-federated chat servers 😁
If only I knew JavaScript to make a bridge…
@[email protected] and that is the reason i never use apps on my phone for anything unless i have to
if there’s a web interface i use that
linked in keep suggesting i verify myself, but you can only do it with the app on your phone, yeah right, not going to happen
