Threads, Meta’s new microblogging project that piggybacks off of Instagram, has updated their Terms & Conditions to include new provisions regarding “Third Party Users”.
Provided that a Third Party User is followed by or following a Threads account, Meta will ingest these pieces of data specifically:
- Profile Picture
- IP Address
- Name of Third Party Service
- Posts from profile
- Post interactions (Follow, Like, Reshare, Mentions)
Granted, these sound like basic table stakes for federation to work well within the Fediverse. Most Mastodon servers collect roughly about the same amount of data for basic features to work correctly. But again, Meta is first and foremost an advertising and data harvesting company, and many people aren’t happy at the idea of being subjected to this treatment from the vantage point of their own servers.
Fresh release from the streams repository. Available now.
Includes some enhancements to our defenses against Meta/Threads after reviewing their updated ToS.
Also includes access to protected content via OpenWebAuth over Opensearch.
And some other stuff.
You will want this update regardless of your stance regarding Meta.
If you are uncomfortable with Meta and their business practises, visit ‘admin/security’ and add ‘threads.net’ to ‘Block communications from these sites’ — and also set ‘Require signed fetch requests’.Mike Macgirvin
The new enhancement examines remote fetch requests against a list of who should be allowed to access a resource. It may prove to be a viable protection against excessive data harvesting.