Meta has launched a twitter alternative called “Threads”. The application allows Instagram accounts and followers to be migrated directly. From what I can find, there are already over 90 million users using threads.[1] It is Meta’s plan to allow Threads to interact via ActivityPub with other platforms in the fediverse.

Mander has a generally open federation policy. I don’t want to prevent users from accessing specific content through the fediverse purely on ideological grounds, nor do I want to block our information from being accessed. There is a very strong argument to be made to remain federated with Threads in the spirit of having an open and accessible network.

But, after seeing the rushed, non-transparent, and non-EU compliant way that Threads is being deployed, it is obviously not wise to remain federated during the deployment phase. I would be willing to re-federate once it is proven that we can federate with them safely, it is demonstrated that a good amount of value to the users is added by doing so, and that at least a portion of the users is interested in doing so.

Reasons to defederate:

  • The fediverse already lives in a legal gray zone in many respects. Threads was not released into the EU due to regulatory concerns.[2] My server is based in the Netherlands. It appears like no one is sure about what the legal implications are, but I consider federating interactions with Threads to present a new liability with a larger amount of risk. The added risk is related to the fact that Meta is often being looked at by regulators, and instances could be pulled into a Meta-related investigation. A hypothetical example - and I don’t know if this is accurate or not - federated comments from EU users that end up saved in Meta’s servers could be construed as a GDPR violation due to the transfer of EU user data. These are risks that are already present in the fediverse, but interacting with Meta may increase the likelyhood of being pulled into a Meta-related legal problem.

  • Threads is being released in a very hurried manner to capitalize on the unpopularity of Twitter at the moment. They are deploying these tools at random times without first informing the world about how they work. As far as I can tell, they have told us nothing about how they will actually use ActivityPub. All that we know is that suddenly hundreds of millions of people will be able to take actions that in some way interact with our servers. A likely scenario is that this will be similar to mastodon, their users will be able to make comments to a Lemmy server, and this won’t cause a problem. But they may choose to do something differently, or they can make a mistake in their implementation. A mistake at the scale of hundreds of millions of users would easily deal catastrophic damage to a small instance.

  • The developers of Lemmy have strongly encouraged instance admins to defederate with threads. They develop this platform and know it much better than I do. I respect them and trust their judgement, so a strong encouragement coming from them is something that I take very seriously.

  • Most users who have commented on this topic here and in other instances want to defederate. While I do prefer to take a stance in favor of a more open federation policy, I do think that the case of a giant corporate entity deploying a potentially destructive platform into the fediverse is a special case.


Generally I prefer to assume good faith and only defederate as a last resort in response to a practical problem. In this case, we are dealing with a commercial for-profit entity that has a strong record of not acting in good faith. The massive scale of this thing is such that we could lose the luxury of being able to easily respond to a sudden practical problem.

I don’t love Meta, and they are most likely not joining the space because they are passionate about helping us create privacy-centric decentralized social networks in which profit and growth are not the motives. But this is an opinion. In the future, if users actually want that, I am committed to re-assessing and potentially re-federating once the dust settles. But I can’t justify taking this level of risk at this time.

If no one asks for it, I wouldn’t actively try to re-federate.

  • count_borrell@mander.xyz
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Good idea. Thanks for the update and for not just being reactionary anti-Meta. As much as I personally feel they should be defederated simply because of who they are, I’m glad you are running the site in a more sophisticated manner.

  • elavat0r@mander.xyz
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    I think you are making the right call. I frankly hadn’t even thought of all of the potential legal difficulties that small instances might get dragged into, but you make a good point. I simply don’t trust Meta not to trample thoughtlessly over everyone else in the fediverse.

    Thanks once again for explaining your reasoning and keeping the discussion open.

    • Salamander@mander.xyzOPM
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      I frankly hadn’t even thought of all of the potential legal difficulties that small instances might get dragged into

      There is a lengthy analysis that I think provides some valuable insight about this here. I can’t tell you how accurate the analysis is, but it seems to me like the user knows what they are talking about. The general gist is that the way ‘personal data’ is defined may extend to include usernames and potentially even comments, and we are transferring this data to servers within and outside the EU without a transfer agreement in place. We lack mechanism that 100% guarantees data deletion from every federated server upon request, and we lack a mechanism to inform users the specific servers that the data is sent to through federation. There is a complex regulatory framework that was not built with something like the fediverse in mind.

      • fossilesque@mander.xyz
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        I’ll forwarding this to my Mastodon instance owner, thanks for the tip. My partner is half Burmese, so I blocked Meta out of principle for the chaos it’s doing there, but it’s good to find things that apply directly to the west!!

        • Salamander@mander.xyzOPM
          link
          fedilink
          arrow-up
          5
          ·
          1 year ago

          Sure thing!

          I’ve been looking more into it, and the agency that has supervisory authority over GDPR compliance hosts their own Mastodon server.

          They have their privacy policy here, which we can look at and take as an example.

          The EU Commission is on Mastodon too. And NLNet Foundation funded a large portion of the development of Lemmy and other federated projects.

          This does make things a bit better, because at least the regulators are aware of the fediverse and to an extent they are also actively involved in the ecosystem. I don’t think that we can take this as proof that it is all good, though.

          It is unlikely that draconian actions will be taken against instance owners because the regulators themselves are instance owners. But I do think that Meta joining can create some turbulence in this space.

          • fossilesque@mander.xyz
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            1 year ago

            PS: I just copy pasta’d a lot of your arguments to the mod chat and added my own comments. Thanks for articulating this, I get way too lost in the details sometimes. Bless.

          • fossilesque@mander.xyz
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            I just got the link to where they are discussing it. Will look into this more in a bit. Cheers for the links.

      • deathbird@mander.xyz
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        I would think that requests around ‘personal data’ in federated social media platforms would have to be handled in a manner similar to how e-mail is handled since the data is distributed in a similar manner (not that I’m familiar with how Right to be Forgotten and other EU privacy laws interact with email servers).

  • SnailMagnitude@mander.xyz
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Trying to understand the Fediverse was getting confusing… I’ve been trying to understand it for while now. The Meta impact seems to have gone from me struggling to grasp Newtonian physics, to me trying to integrate relativity, quantum & chaos theory.

    On the plus side, thank you Salamander. You appear to have a sane and level head and I am very grateful for your approach to community, and provision of resources, in this instance.

  • deathbird@mander.xyz
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I appreciate this update, and I respect your reasoning here. One of the things I really like the most about your instance is your cautious approach to defederation.

  • verde.viento@mander.xyz
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    One more voice in agreement, and thank you for the considered argument. I value your good faith approach, and also resting the benefit of the doubt on the best available evidence, which in the case of FB is pretty damning, imo.

  • NormalTownLeader@mander.xyz
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Hey I just wanted to say thank you for this, I understand how generally anti-defederation you are based on past posts and I really appreciate someone who can re-evaluate their stance on a case by case basis like this as new information comes up.

  • SpaceMonk@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Why would ANYONE want to deal or associate with companies who have violated human rights and knowingly ruined so many lives and STILL haphazardly releases questionable platforms in order to shove their bs down your throats? It is not sensible to me.

  • Flying Squid@mander.xyz
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I agree with your reasoning and I’m glad you’re doing this. I’m also worried it’s an EEE strategy on the part of Meta.

    • Salamander@mander.xyzOPM
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      1 year ago

      I’m happy you agree.

      Personally I don’t find the ‘EEE’ strategy to be so scary because the ‘extend’ step of this process takes time and requires the active collaboration from the developers. Forking is also a potential solution down the line. It would be possible to defeat this strategy without defederating at all, and I don’t think that defederation does much to stop it other than shining light on the issue.

      Unfortunately, I think that Meta can skip the ‘Extend’ step altogether. ‘Embrace and Extinguish’ could be enough. My personal hypothesis is that one of their motivations for joining the fediverse is to put the regulatory framework to the test, and to either use federation to exploit regulatory loopholes or to bring the whole network down by demonstrating non-compliance.

      As I understand it, regulations are being built to try to protect our data from being exploited by large corporations. The fediverse presents an alternative way of networking that attempts to solve many of the problems with centralized networks. However, if we apply the same regulatory framework that Meta has to abide by to the fediverse, it may be found that we are all non-compliant. We are ‘flying-under-the radar’ because the network consists of small independently-run sites and are of little interest to regulators. Once Meta joins the space, regulators will have to actually care about the fediverse and look closely at it. At that point - will they use nuance to create balanced set of rules that can keep something like Threads in check while allowing the rest of the fediverse to thrive? Or will they double-down on current regulations, apply them indiscriminately, and threaten instance admins to close their instances down or face legal consequences? O, even worse, will they skip the threats and issue hefty fines for non-compliance to set an example?

      Maybe my concerns are unfounded, and the law does make a sharp distinction between a for-profit corporation and an instance run by a hobbyist with no intention to make a profit… I don’t think that they do, but I’m a scientist, not a lawyer 😅