

Turning that on is probably a GDPR violation for those in Europe.
ETA: Don’t shoot the messenger. I won’t be suing.
Turning that on is probably a GDPR violation for those in Europe.
ETA: Don’t shoot the messenger. I won’t be suing.
I prefer Threads.
You are a very brave person.
Defeatist opinion.
The commercial alternatives hope to make money with every additional user. They use AB testing and statistics to streamline the on-boarding and to increase engagement. The result may not be in the user’s interest (doom-scrolling, ragebait, …) but it works.
For a fediverse instance, any additional user is a cost, not the promise of money. Financially, you wouldn’t want that. Those who fund instances are giving a gift to the world for their own reasons. You can accept the gift or not. Those who keep instances running with donations will usually want to sustain the community of which they are part. They probably don’t want it to change very much.
So, I don’t think matters will change. Partly because the psychological engineering is antithetical to the fediverse ethos (as I see it, in my humble opinion). But mostly because the outcome we see is an inherent result of the incentive structure.
I think I can contribute something to the “privacy” aspect. But I’ll say first that I have noticed the same thing. There are some toxic behaviors that feel more common in these circles than what I have experienced elsewhere.
There is a lot of confusion around European data protection rights and privacy. EG the GDPR is often wrongly called a privacy regulation. In reality, privacy and EU data protection rights are entirely separate.
In the Charter of fundamental rights of the European Union, you will find privacy in Article 7 and data protection in Article 8.
spoiler
Article 7
Respect for private and family life Everyone has the right to respect for his or her private and family life, home and communications.
Article 8
Protection of personal data
EU data protection works similar to copyright in that you have rights over data. Personal data is defined as any data that is “directly or indirectly related” to you (GDPR). It does not matter if the data is public or private, sensitive or banal. It doesn’t even matter if the data can be connected to your real identity. That’s quite unlike what one would think of as privacy.
So, it does not matter if people expected their communications to be secure or not. “Reasonable expectation of privacy” is a concept in US law.
Comments, posts and DMs are personal data because they are connected to a user who is a person. If any other person is mentioned, then this mention is their personal data. You could even argue that some post or comment also becomes someone else’s personal data when they reply to it. Such texts cease to be personal data only when the connection is irreversibly broken. As long as the connection can be restored, it remains personal data, even if that requires access to information that isn’t readily available.
When a DM is sent to some unauthorized recipient, that is literally a violation of the senders fundamental rights. In truth, this is relatively serious compared to some other stuff that causes outrage or gets the authorities involved.
It might have been legally required to notify the authorities of such a data breach within 72 hours.