My comments are littered with folks asking "why is it a problem if your blocklist is public on Bluesky?"
-
@vkc When you say “do I trust” I’m pretty sure they’re public; they’re aggregated on https://clearsky.app/.
@adamshostack it is public, I said that in the first sentence of my post!
The point I'm making is that I could imagine Bluesky cooperating with authorities or advertisers in providing additional metadata well beyond the public data, and this could be used for nefarious purposes.
-
@crazyeddie @vkc Even a block list can tell a lot. It's not just about what you don't want others to see, but also what you don't want to see yourself.
@niko @vkc If you just don't want to see it then that's what mute is for. It's possible to provide that feature without it being public and it apparently does that in bluesky.
Mastodon does the very same thing. Mute is just for you. Block also informs the user and won't let them see what you post. This is at least partially public because servers have to know to do this for you. If you are on an openly federating server then you are probably exposed here.
Were you properly informed?
-
@niko @vkc If you just don't want to see it then that's what mute is for. It's possible to provide that feature without it being public and it apparently does that in bluesky.
Mastodon does the very same thing. Mute is just for you. Block also informs the user and won't let them see what you post. This is at least partially public because servers have to know to do this for you. If you are on an openly federating server then you are probably exposed here.
Were you properly informed?
@crazyeddie @niko a big difference here is that on Fedi, the block informs *your server* and *the other server*, but on Bluesky, it informs *everyone* because it's centralized.
An end user has to be pretty smart to exploit that via Mastodon, and it'll be incomplete because of federation/defederation. On Bluesky, it's trivial and complete.
-
@niko @vkc If you just don't want to see it then that's what mute is for. It's possible to provide that feature without it being public and it apparently does that in bluesky.
Mastodon does the very same thing. Mute is just for you. Block also informs the user and won't let them see what you post. This is at least partially public because servers have to know to do this for you. If you are on an openly federating server then you are probably exposed here.
Were you properly informed?
@crazyeddie @vkc I didn't know that, but makes sense. Nice little OSINT trick! To me, it doesn't matter as much it probably does to someone else. I guess I've been lucky (or just privileged).
-
My comments are littered with folks asking "why is it a problem if your blocklist is public on Bluesky?"
I'm glad you asked.
"Who you block" is a reasonable indicator of your personal alignments. If you block TERFs, you're likely trans-friendly, if not trans yourself. If you block white supremacists, you're likely in support of multiculturalism.
If you block government entities, well, you know how this goes.
Do I trust Bluesky to handle that information with care? Hell no.
Is there a collection of national rules on this topic? Are servers hosted in some states more protected than others?
-
@adamshostack it is public, I said that in the first sentence of my post!
The point I'm making is that I could imagine Bluesky cooperating with authorities or advertisers in providing additional metadata well beyond the public data, and this could be used for nefarious purposes.
@vkc Oops, thought you were implying that if they didn't keep the blocklists private... sorry!
-
My comments are littered with folks asking "why is it a problem if your blocklist is public on Bluesky?"
I'm glad you asked.
"Who you block" is a reasonable indicator of your personal alignments. If you block TERFs, you're likely trans-friendly, if not trans yourself. If you block white supremacists, you're likely in support of multiculturalism.
If you block government entities, well, you know how this goes.
Do I trust Bluesky to handle that information with care? Hell no.
Been using Mastodon off an on for some time. Spent some time on BS and felt icky. It stinks of corporate surveillance infrastructure.
-
@crazyeddie @niko a big difference here is that on Fedi, the block informs *your server* and *the other server*, but on Bluesky, it informs *everyone* because it's centralized.
An end user has to be pretty smart to exploit that via Mastodon, and it'll be incomplete because of federation/defederation. On Bluesky, it's trivial and complete.
@vkc @niko It's actually the decentralized and modular design of the architecture that means it informs everyone. If it were centralized it could avoid making the block list public.
The fact that everything you post goes to a PDS that then sends all updates to a "firehose" of information is what does the AT protocol bad here.
Blacksky seem to be planning to plan to do something about this maybe. They want PDS that will limit output to just blacksky. Then it would be more like fedi here.
-
@crazyeddie @niko a big difference here is that on Fedi, the block informs *your server* and *the other server*, but on Bluesky, it informs *everyone* because it's centralized.
An end user has to be pretty smart to exploit that via Mastodon, and it'll be incomplete because of federation/defederation. On Bluesky, it's trivial and complete.
@vkc @crazyeddie @niko A quick clarifying question; do you mean actual blocklists or simply who you have blocked? Because on BlueSky those are two different things
(For anyone who doesn’t know I’ll explain below)
If I make a block list on BS & start adding people to it, that’s easily accessible and trivially availableIf I simply block someone, that information is NOT trivially available, much the same as fedi; you CAN find it but you have to know how.
Block lists are meant to be shared (IIRC)
-
My comments are littered with folks asking "why is it a problem if your blocklist is public on Bluesky?"
I'm glad you asked.
"Who you block" is a reasonable indicator of your personal alignments. If you block TERFs, you're likely trans-friendly, if not trans yourself. If you block white supremacists, you're likely in support of multiculturalism.
If you block government entities, well, you know how this goes.
Do I trust Bluesky to handle that information with care? Hell no.
@vkc and that's also why #ChatControl is just abysmally and morally wrong.
If the government (or any one entity with sufficient power over our every day life) has access to your social connections and messages you can be sure it'll only be a matter of time before they will selectively restrict minorities... -
@vkc @crazyeddie @niko A quick clarifying question; do you mean actual blocklists or simply who you have blocked? Because on BlueSky those are two different things
(For anyone who doesn’t know I’ll explain below)
If I make a block list on BS & start adding people to it, that’s easily accessible and trivially availableIf I simply block someone, that information is NOT trivially available, much the same as fedi; you CAN find it but you have to know how.
Block lists are meant to be shared (IIRC)
@vkc @crazyeddie @niko To be clear, I think Mastodon and BlueSky both have massive problems that need to be fixed, but they both have some promise; I like BlueSkys approach to account portability and better anti-abuse controls and I like Mastodon/fedi approach to distribution.
hopefully, both of them will fix their problems. It would be great to have multiple alternatives talking to each other other.
-
@vkc @crazyeddie @niko A quick clarifying question; do you mean actual blocklists or simply who you have blocked? Because on BlueSky those are two different things
(For anyone who doesn’t know I’ll explain below)
If I make a block list on BS & start adding people to it, that’s easily accessible and trivially availableIf I simply block someone, that information is NOT trivially available, much the same as fedi; you CAN find it but you have to know how.
Block lists are meant to be shared (IIRC)
-
@vkc @crazyeddie @niko A quick clarifying question; do you mean actual blocklists or simply who you have blocked? Because on BlueSky those are two different things
(For anyone who doesn’t know I’ll explain below)
If I make a block list on BS & start adding people to it, that’s easily accessible and trivially availableIf I simply block someone, that information is NOT trivially available, much the same as fedi; you CAN find it but you have to know how.
Block lists are meant to be shared (IIRC)
I'm referring to "who you block."
> If I simply block someone, that information is NOT trivially available, much the same as fedi; you CAN find it but you have to know how.
This isn't exactly true. The protocol publishes this stuff and scrapers make it easily available, see ClearSky for an example.
This differs from Fedi where "who you block" is obfuscated by decentralization and defederation (plus literal network hiccups like firewalls, etc).
-
You seem to think I'm talking about public blocklists, I'm not. I'm talking about "who you block as a user" and how they get made into blocklists by the protocol, see ClearSky as an example.
-
I'm referring to "who you block."
> If I simply block someone, that information is NOT trivially available, much the same as fedi; you CAN find it but you have to know how.
This isn't exactly true. The protocol publishes this stuff and scrapers make it easily available, see ClearSky for an example.
This differs from Fedi where "who you block" is obfuscated by decentralization and defederation (plus literal network hiccups like firewalls, etc).
@vkc @crazyeddie @niko OK, thank you for the clarification!
And yes, the fact that people are easily able to make tools is a potential issue
Now, whether it would be possible to do the same thing with fedi instances, that’s way above my coding grade.
-
I'm not going to talk about Bluesky anymore for a bit, but I know folks are coming back here after hanging out there for a while, and I want to encourage Fedi users not to gloat, not to be jerks about it.
And if you're just (re)joining us on Fedi, like all affinity groups, you're going to run into enthusiasts who are gloating, but I promise most of us are just happy you're here and want to help make this place awesome for you.
It's a #Mastodon instance that went bad and people are moving. It happens. That the owners of the instance in question thought that They Were The Special Ones hardly matters.
-
@vkc @crazyeddie @niko OK, thank you for the clarification!
And yes, the fact that people are easily able to make tools is a potential issue
Now, whether it would be possible to do the same thing with fedi instances, that’s way above my coding grade.
Based on what I'm reading basically there is no block list sent to anyone. The user you blocked receives a notification in their inbox.
They could still log peoples' preferences by setting up honeypot accounts and servers to get blocked. They'd not be able to just scrape or watch a public database for the info though.
Bluesky should remove the block feature. It can't be implemented in that architecture. The public processing pipeline discludes the possibility.
-
I'm not going to talk about Bluesky anymore for a bit, but I know folks are coming back here after hanging out there for a while, and I want to encourage Fedi users not to gloat, not to be jerks about it.
And if you're just (re)joining us on Fedi, like all affinity groups, you're going to run into enthusiasts who are gloating, but I promise most of us are just happy you're here and want to help make this place awesome for you.
@vkc bluesky is no different than twitter. even if its leadership might be a bit better, it's still a proprietary site, and i don't care what anyone says about that. better to use fedi. you're still handing all your data and opsec over to an entity that you can't trust with either.
who do you trust more with your data? an american corporation called bluesky, or the cat-eared furry running your local friendly mastodon instance? i know which one i trust.
edit: and to be clear, i trust the furry.
-
My comments are littered with folks asking "why is it a problem if your blocklist is public on Bluesky?"
I'm glad you asked.
"Who you block" is a reasonable indicator of your personal alignments. If you block TERFs, you're likely trans-friendly, if not trans yourself. If you block white supremacists, you're likely in support of multiculturalism.
If you block government entities, well, you know how this goes.
Do I trust Bluesky to handle that information with care? Hell no.
@vkc I remember this being an issue with Twitter lists, too. I might be misremembering, but I seem to recall it being public info the names of the lists others had added you to, so even if your account was private, someone could figure out a lot of information about you just based on how others “categorized” or “labeled” you.
-
@vkc @mkj @draeand ClearSky https://clearsky.app collects the blocked accounts on from AT Protocol (Bluesky) data feeds, and it will show that data for publicly visible accounts.
Data is only hidden for those accounts that have been set to be visible for only the logged-in Bluesky users (even though the data itself is still publicly accessible via other AT Protocol tools, even from those "hidden" accounts).
