Threads’ New Terms & Conditions Affects the Fediverse
Threads, Meta’s new microblogging project that piggybacks off of Instagram, has updated their Terms & Conditions to include new provisions regarding “Third Party Users”.
The new Supplemental Privacy Policy lays out what new data to collect, and from whom:
Threads will also integrate with third-party services (“Third Party Servicesâ€) via an interoperable protocol, which will allow Threads users to share content with, view and interact with content from, follow, and be followed by people outside of Threads who use such services (“Third Party Usersâ€). This integration with Third Party Services is not available at launch, but will be coming to Threads soon.
Supplemental Privacy Policy
Provided that a Third Party User is followed by or following a Threads account, Meta will ingest these pieces of data specifically:
- Username
- Profile Picture
- IP Address
- Name of Third Party Service
- Posts from profile
- Post interactions (Follow, Like, Reshare, Mentions)
Granted, these sound like basic table stakes for federation to work well within the Fediverse. Most Mastodon servers collect roughly about the same amount of data for basic features to work correctly. But again, Meta is first and foremost an advertising and data harvesting company, and many people aren’t happy at the idea of being subjected to this treatment from the vantage point of their own servers.
Mike Macgirvin, former dev lead on Friendica and Hubzilla, is taking a proactive stance on the new changes with an update to his new project, Streams.
Fresh release from the streams repository. Available now.
Includes some enhancements to our defenses against Meta/Threads after reviewing their updated ToS.
Also includes access to protected content via OpenWebAuth over Opensearch.
And some other stuff.You will want this update regardless of your stance regarding Meta.
If you are uncomfortable with Meta and their business practises, visit ‘admin/security’ and add ‘threads.net’ to ‘Block communications from these sites’ — and also set ‘Require signed fetch requests’.
Mike Macgirvin
The new enhancement examines remote fetch requests against a list of who should be allowed to access a resource. It may prove to be a viable protection against excessive data harvesting.