woodland creature :pleroma_fox_tan: on Nostr: realcaseyrollins ✝️ Alex here's a translation... Mostr: Fediverse, Nostr and ...
realcaseyrollins ✝️ (nprofile…8m0s) Alex (nprofile…uf7k)
here's a translation...
Mostr: Fediverse, Nostr and bridges where everything fails
Jan 1, 2025 - #Computer Science
We have drama again in the Fediverse, this time because of a bridge called “Mostr”. I will try to explain the situation in a relatively simple way, because this has its substance.
How the Fediverse works
The Fediverse consists of multiple nodes (or servers, computers dedicated to sharing information on the Internet) with different applications that are able to exchange information with each other because they “speak the same language” called ActivityPub, which is a standard. These nodes can federate with each other or not, that is, they accept this exchange of communication or deny it because it is “non grata”.
When nodes federate, they can have copies of the messages emitted on a foreign node. This is not a concept that should be foreign to you: think of email: when you write an email, a copy is left in your “outbox”, and another in the recipient’s “inbox”. This is exactly the same: messages arrive at federated nodes. In addition, public messages can be pulled via RSS from outside the network, which is completely correct behaviour.
Bridges and the Mostr bridge
A bridge is a system that carries content from one platform to another. In the case at hand, it basically performs a translation between protocols. In the case at hand today, from ActivityPub to Nostr.
My first impressions when I looked at Mostr were the following:
Technical part: Mostr obtains a copy of the information you publish in your node profile on its node, which is completely correct. It then creates a copy of your Fediverse profile on a second Fediverse profile within its node, which is not so correct because you have not agreed to the conditions of being a node at any time. In turn, that second profile is “bridged to Nostr”, writing the text translated into the Nostr protocol (or language) within a third account of the Nostr network, whose conditions you have not read or accepted at any time.
Legal part: If there is any legal problem, the original owner of the messages cannot do anything with the Nostr account, which he does not own, nor with the Mostr account except request the application of the legal route of the GDPR (General Data Protection Regulation), according to which they have the obligation to delete the content that has been obtained without consent when requested.
Ethical part: In the past I have spoken about BridgyFed, which although I personally do not like it as the best solution due to some technical and legal loopholes, it is ethical because the owner of the account is the one who decides to get in there voluntarily in an informed manner, so I respect them and I believe that everyone can do what best suits them according to their needs. In the case of Mostr, this is not the case: it accepts a series of conditions regarding the replicated content without the consent of the owner, who has never been informed.
Given these circumstances, my course of action has been the following:
Block that domain from my Fediverse account: if that domain wants something from within the Fediverse, I am not going to give it to them easily.
Contact the administrator of my node within the Fediverse, because I consider it a global problem. This wonderful person told me that it was already informed and implemented at the server level, so I should not worry.
Be careful because this is a problem on a larger scale than me or my server.
The GDPR and its limits
I don't speak legal language, the technical language of lawyers, so what I'm going to reproduce is a simplification made to me by an acquaintance who does belong to that profession:
Public data can be obtained and handled without corporate interest: there is nothing wrong with taking the original public messages and reproducing them in their original state, as long as they are not trying to monetize them.
Your data can be used with corporate interest if you have given your informed consent in an unequivocal manner: the key word here is consent.
You have the right to modify or delete it: if you ask them to delete it, they must do so, because that is the law.
Identifiable personal data (full legal name, home address) can be collected when necessary, but given their sensitive nature they must receive special treatment and not be shared: if you have to fill in your address for a payment or a shipment it is correct that they have it, but they cannot share it publicly just like that.
Contacting Mostr: the situation has escalated rapidly
It is important to find a point of contact, and I was surprised to find that I knew this person before: he was behind GAB, some nodes of the Fediverse of extreme ideology that had already been defederated years ago, and later he had been an engineer at TRUTH, the social network
here's a translation...
Mostr: Fediverse, Nostr and bridges where everything fails
Jan 1, 2025 - #Computer Science
We have drama again in the Fediverse, this time because of a bridge called “Mostr”. I will try to explain the situation in a relatively simple way, because this has its substance.
How the Fediverse works
The Fediverse consists of multiple nodes (or servers, computers dedicated to sharing information on the Internet) with different applications that are able to exchange information with each other because they “speak the same language” called ActivityPub, which is a standard. These nodes can federate with each other or not, that is, they accept this exchange of communication or deny it because it is “non grata”.
When nodes federate, they can have copies of the messages emitted on a foreign node. This is not a concept that should be foreign to you: think of email: when you write an email, a copy is left in your “outbox”, and another in the recipient’s “inbox”. This is exactly the same: messages arrive at federated nodes. In addition, public messages can be pulled via RSS from outside the network, which is completely correct behaviour.
Bridges and the Mostr bridge
A bridge is a system that carries content from one platform to another. In the case at hand, it basically performs a translation between protocols. In the case at hand today, from ActivityPub to Nostr.
My first impressions when I looked at Mostr were the following:
Technical part: Mostr obtains a copy of the information you publish in your node profile on its node, which is completely correct. It then creates a copy of your Fediverse profile on a second Fediverse profile within its node, which is not so correct because you have not agreed to the conditions of being a node at any time. In turn, that second profile is “bridged to Nostr”, writing the text translated into the Nostr protocol (or language) within a third account of the Nostr network, whose conditions you have not read or accepted at any time.
Legal part: If there is any legal problem, the original owner of the messages cannot do anything with the Nostr account, which he does not own, nor with the Mostr account except request the application of the legal route of the GDPR (General Data Protection Regulation), according to which they have the obligation to delete the content that has been obtained without consent when requested.
Ethical part: In the past I have spoken about BridgyFed, which although I personally do not like it as the best solution due to some technical and legal loopholes, it is ethical because the owner of the account is the one who decides to get in there voluntarily in an informed manner, so I respect them and I believe that everyone can do what best suits them according to their needs. In the case of Mostr, this is not the case: it accepts a series of conditions regarding the replicated content without the consent of the owner, who has never been informed.
Given these circumstances, my course of action has been the following:
Block that domain from my Fediverse account: if that domain wants something from within the Fediverse, I am not going to give it to them easily.
Contact the administrator of my node within the Fediverse, because I consider it a global problem. This wonderful person told me that it was already informed and implemented at the server level, so I should not worry.
Be careful because this is a problem on a larger scale than me or my server.
The GDPR and its limits
I don't speak legal language, the technical language of lawyers, so what I'm going to reproduce is a simplification made to me by an acquaintance who does belong to that profession:
Public data can be obtained and handled without corporate interest: there is nothing wrong with taking the original public messages and reproducing them in their original state, as long as they are not trying to monetize them.
Your data can be used with corporate interest if you have given your informed consent in an unequivocal manner: the key word here is consent.
You have the right to modify or delete it: if you ask them to delete it, they must do so, because that is the law.
Identifiable personal data (full legal name, home address) can be collected when necessary, but given their sensitive nature they must receive special treatment and not be shared: if you have to fill in your address for a payment or a shipment it is correct that they have it, but they cannot share it publicly just like that.
Contacting Mostr: the situation has escalated rapidly
It is important to find a point of contact, and I was surprised to find that I knew this person before: he was behind GAB, some nodes of the Fediverse of extreme ideology that had already been defederated years ago, and later he had been an engineer at TRUTH, the social network