Fediverse

Oh fucking YIKES.

Do NOT send our post history straight to OpenAI, that's just ... extremely gross.

Sure, it's "public", but that doesn't mean feeding it directly to the slop machine is okay.

-- Frost

I think the use of AI or LLMs for the Fediverse is a fair topic of discussion. Instances are run by volunteers, and these instances are free to dictate how their communities are to be administered. These Instance Admins can determine the jurisdictions that they operate under, and the laws that they are subject to. I'd suggest then the use of "AI" or LLM products are a choice made by each Instance.

But, just as Instance admins have these powerful choices, I believe that end users should also be given notice that these products are expected to be used so they can decide to continue with their account or move. I also recall that when many "Redditors" decided to leave, they also made a lot of fuss about salting their posts so that their contents not be used as training material to develop a commercial LLM. I'd point out this was a time when Meta and others were found to be combing the internet, downloading pirated materials, and using these for training purposes.

In 2026, these LLMs have already taken these pirated materials and public social media posts. There are news articles of how failed start-ups are even selling their Slack and other work related chats as training materials as well. In time, perhaps these issues can be properly litigated in courts. But for social media Instances run by volunteers, resources are limited already. I don't think these Instances should be responsible for the privacy of the end users. Rather, good education in generating throw-away email addresses, strong passwords, and VPN use can give users real choices.

While there's an argument that posts should not have any expectation of privacy, that doesn't mean we don't collectively share an interest in the value of privacy - a human right. I don't believe users who sign up for accounts on the Fediverse and are asked for their email to set up an account, expect in turn that information to just be published to the world with full, open access without some kind of notice or choice to opt out, for example. Ultimately though, I believe the issue must be dealt with at the government level, and that means people getting pitted against professional lobbyists and politicians.

I want to also clarify that there will also be times when intervention is necessary. We're here to join together in community, and "AI" or LLM activity that ultimately attacks that objective should be a top issue. For example, I'm not sure anyone here would be comfortable with "AI" duplicating an Instance and impersonating the community members within it. Yet that did happen on Mastodon. I recall the community responding, making reports and complaints to ultimately get the instance taken down. Another example would be AI or LLM accounts that do not identify themselves as bots, and are here to post on the Fediverse to astroturf issues or manipulate discussion are clear threats to proper discussion.

But I don't want to digress too far from the original concern, which was how people feel about LLMs processing Fediverse posts, and related issues. Assuming we are not discussing materials that are already restricted or illegal, we cannot control what people choose to share on these platforms of themselves, and I don't suggest we even attempt or consider it. But we can try to control how much information these platforms retain about its users - and I suggest that should be as close to zero or nil as possible. In this way, even if an Instance admin faces terrible pressure from a state, the platform itself has as close to nothing additional to report or share besides the face value posts of an account.

I'd also want to point out that we all do some form of labelling or profiling as we go over posts or read. Is there a difference between what we do already, and what an LLM does to create an opinion to profile a collection of posts? Humans get it wrong all the time, as would any LLM for that matter. Computers are valued because they're good at copying and pasting information. What changed exactly if one person copy and pastes for free and for themselves, vs another who copy and pastes on behalf of a third party for a fee? I'm not really inviting philosophical discussion, this is mostly a question for myself. Whether the copy and paste procedure is done once by hand or thousands of times by computer, I'm still weighing the question.

I think it comes down to exploitation of asymmetric information and the appropriate use of the profits from this exploitation. But I suppose that's always been an evergreen issue.

GDPR-wise, this is the absolute nightmare scenario.

Data about the political orientation is defined as especially sensitive ("special category data"). When people just straight post their ideological leanings, that's one thing. But what's described here is profiling. All the available data relating to a person is analyzed by "automatic means" and used to assess their leanings. This then is used to discriminate against them. It doesn't get much worse.

This might be legal in very specific circumstances. EG non-profit religious or political organizations are allowed to police their members and associates to some degree. That would involve quite some extra paperwork. But it doesn't apply here anyway.

Apparently that is on top of ordinary GDPR violations. The processing is done by a third party (OpenAI) without the necessary paperwork. You remember that billion Euro fine that Meta got? That was because they processed data outside the EU, in the US. And that wasn't even "special" data.

You know how those cookie banners in the EU look like? That's for normal data. All the disclosure, all those settings are legally required. Some people on the Fediverse go apeshit over far smaller things.

This may also be a problem for other instances. Your instance sends all your data (except e-mail and IP address) to anyone in the world who asks, with no strings attached. That may be okay as long as users understand that that's exactly what they sign up for. Looking at comments here, it doesn't seem like that is universally understood. That's a problem. On top of that, we now have a situation where there are hints that the personal data is being abused.

I'm mostly just surprised that a mod would pay for tokens to moderate. The Fediverse is radically public by design, so I don't have any expectation of privacy. I'd bet at least someone is gobbling up the entire Fediverse to train AI, since companies are so desperate for new human-generated data.

LinkedIn's LLM-powered automation banned my account on a false positive a few months ago, and it took ages to get it sorted out and they treated me like shit the entire way through even after acknowledging that they'd made a mistake. Sadly it's extremely difficult to operate in my field without a LinkedIn account, because I would love to be able to delete it.

This shit is poison

Is Rimu okay lately? He’s been acting so hostile.

Lol it's dbzer0 isn't it.

But also, I don't really care. The fediverse is open by design, you don't even need an account to access the data. I don't like it but we can't really do anything against it.

What now? Nothing, really, because nothing has really changed. I don’t care whether an admin tool is based on an LLM or on a simple regular expression. I only care about the outcome, meaning the mod actions it takes.

I think you’re just looking for excuses to defederate from dbzer0. I think you’re throwing things at the wall to see what sticks.

I don't like this happening, and there should be transparency in all moderation decisions, but some of these points make no sense.

There is essentially no expectation of privacy on threadiverse platforms. Everything is public and probably already being used to train models.

There is no private messaging system. Direct messages are unencrypted and potentially visible to any instance admins. They and should not be used to share anything sensitive.