Threads’ New Terms & Conditions Affects the Fediverse

Threads, Meta’s new microblogging project that piggybacks off of Instagram, has updated their Terms & Conditions to include new provisions regarding “Third Party Users”.

The new Supplemental Privacy Policy lays out what new data to collect, and from whom:

Threads will also integrate with third-party services (“Third Party Services”) via an interoperable protocol, which will allow Threads users to share content with, view and interact with content from, follow, and be followed by people outside of Threads who use such services (“Third Party Users”). This integration with Third Party Services is not available at launch, but will be coming to Threads soon.

Supplemental Privacy Policy

Provided that a Third Party User is followed by or following a Threads account, Meta will ingest these pieces of data specifically:

  • Username
  • Profile Picture
  • IP Address
  • Name of Third Party Service
  • Posts from profile
  • Post interactions (Follow, Like, Reshare, Mentions)

Granted, these sound like basic table stakes for federation to work well within the Fediverse. Most Mastodon servers collect roughly about the same amount of data for basic features to work correctly. But again, Meta is first and foremost an advertising and data harvesting company, and many people aren’t happy at the idea of being subjected to this treatment from the vantage point of their own servers.

Mike Macgirvin, former dev lead on Friendica and Hubzilla, is taking a proactive stance on the new changes with an update to his new project, Streams.

Fresh release from the streams repository. Available now.

Includes some enhancements to our defenses against Meta/Threads after reviewing their updated ToS.
Also includes access to protected content via OpenWebAuth over Opensearch.
And some other stuff.  

You will want this update regardless of your stance regarding Meta.

If you are uncomfortable with Meta and their business practises, visit ‘admin/security’ and add ‘threads.net’ to ‘Block communications from these sites’ — and also set ‘Require signed fetch requests’.

Mike Macgirvin

The new enhancement examines remote fetch requests against a list of who should be allowed to access a resource. It may prove to be a viable protection against excessive data harvesting.

Sean Tilley

Sean Tilley has been a part of the federated social web for over 15+ years, starting with his experiences with Identi.ca back in 2008. Sean was involved with the Diaspora project as a Community Manager from 2011 to 2013, and helped the project move to a self-governed model. Since then, Sean has continued to study, discuss, and document the evolution of the space and the new platforms that have risen within it.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button