I see talk here and there about how any company or individual can easily use anything we post on Lemmy however they want. This could include AI training, behavior analysis, or user profiling. With the recent news of Reddit data being sold and licensed for AI training, I thought this would be a great time to preemptively discuss how we feel about this topic and brainstorm ways to discourage unwanted use of the content we post.

I’ve seen some users add a license to the end of each of their comments. One idea might be this: Add a feature to Lemmy where each user can choose a content license that applies to everything they post. For example, one user might choose to no rights for their content (like CC0) because they don’t care how their data is used. Another user might not want companies profiting off their posts, so they’d choose a more restrictive license.

I’m eager to here everyone’s thoughts on the whole topic, so to kick things off:

  1. Do you care how your public data and posted content is used? Why or why not?
  2. What do you think of choosing a content license for your Lemmy account? Does this contradict the FOSS model?
  3. Should Lemmy have features to protect user data/content in this way, or should that be left up to the user to figure out on their own?

Data is becoming an increasingly valuable commodity in the digital world. Hopefully these big-picture conversations can help us see what we value as a community and be more prepared for the future.

  • Scrubbles@poptalk.scrubbles.tech
    link
    fedilink
    English
    arrow-up
    29
    arrow-down
    3
    ·
    edit-2
    9 months ago

    I’m sorry, but that’s just impossible here. I’m sorry to tell you, but it is.

    ActivityPub is a protocol which takes your content and blasts it out to anyone who listens. That’s the design of it, that we all listen on our own servers and we can then treat our servers as we want. There is no profit motive on our servers because anyone could just jump to a new server.

    However, this means there is literally no opt out protocol. Anyone can start a server, which means anyone can start a server. Governments, corporations, the jerk down the street, anyone. The only way to turn that off is by saying “Defederate from this server”, but of course the anonymous nature… we don’t have to know who they are.

    Of course we can defederate from other servers but since anyone can spin up a server on any domain, how do you know that Meta doesn’t have a server right now at some weird domain? OpenAI could be listening right now and training. In fact I’d be surprised if the site formerly known as Twitter didn’t have a mastodon server up so they could keep tabs on it

    Even deleting a message is another blast out to all other servers. “Hey, this user requests you delete this message”. So what happens if someone modifies their code to just ignore that?

    I guess what I’m trying to say is that the fediverse is open and free - and the downside of being open and free is that it’s open and free - to everyone. There is no permenent delete. There is no way to way to license it because by clicking post you are saying “Blast this out to everyone who is listening”, once it’s on their server it’s their data. You gave it to them. There is no way to protect data because the protocol quite literally does the opposite.

    • Metawish
      link
      fedilink
      English
      arrow-up
      7
      ·
      9 months ago

      I understand on a current technical side why this is not possible, but the post still has some merit in that misuse of original posts can lead to legal action.

      Right now, all content posted online is generally accepted as unlicensed, free to use however one pleases, works. This was fine at the beginning, but as the internet grew, control of one’s data increasingly got more difficult to control - once social media became the dominate form of communicating, it was all over.

      Early blogs still have copyrights posted on them that, legally, can be enforced and respected. So if each user was able to indicated in meta data their choices, with most defaulting probably to a free license, then there is some level of control returned to the user, regardless of protocol and how things get replicated on servers.

      Licenses include reproduction, and the way activitypub works can make that quite murky (its being republished on servers) but that is not all it covers.

      OP, I think this is a very interesting topic to discuss, thanks for bringing it up!

      • silas@programming.devOP
        link
        fedilink
        English
        arrow-up
        4
        ·
        9 months ago

        Of course! Yeah, this post was intended to be less of a proposal and more of a brainstorm session. Maybe licenses aren’t the way to go about this, or we create our own licenses to be compatible with ActivityPub and match Lemmy’s values? Maybe it doesn’t matter how our content is used, or there’s nothing we can do?

    • silas@programming.devOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      9 months ago

      You might be right, I definitely see your point. ActivityPub adds a whole new layer to this too. In the end though, isn’t the content we post no different than anything else published on the Internet? I guess it’s important to note that technically nothing public can be 100% prevented from being used in unwanted ways. However, there might be other ways (legally, socially, etc.) we could discourage it.

      Regardless, I’d love to get a better sense of how much this matters to us here on Lemmy—or if it should even matter in the first place

      • Scrubbles@poptalk.scrubbles.tech
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        9 months ago

        It’s more akin to handing out flyers to people you meet randomly, with a note at the bottom that they can’t do anything with it. The note might hold up in court, but at the end of the day it’s probably going to be asked why you were handing the flyer out in the first place if you didn’t want people to read it. On top of that, that’s one court, we’re talking about the entire world here, who knows who or what is listening. I think that’s the biggest invert of the head, you aren’t posting to someone’s server like Reddit, you’re throwing it out to everyone who wants to listen.

        To me, this doesn’t make a huge difference. If someone wants to train on it, fine, at least we get a free open platform that we can modify however we want. I just also am a bit more careful about what I post.

    • Die4Ever@programming.dev
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      9 months ago

      cloning data in that way isn’t legally different than what The Wayback Machine does for other websites, it doesn’t mean a company can just ignore the legal license of the content just because they can get a copy of it

      if the only concern was getting a copy of the data, then Reddit wouldn’t be able to sell access to the data for $75mil or whatever, the AI company would just scrape the pages or pay the API fees directly, and then they could even store the data and serve it to other people as a mirror and make some money off of the content with ads too!

      same thing with licenses on Git repos, you can’t just clone it and do whatever you want with it, there are laws

      • Scrubbles@poptalk.scrubbles.tech
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        9 months ago

        The problem is that does another server have to listen to the license. You’re on programming.dev. Say they obey your license that you put there. Well, say my server explicitely says “Do not send me things if you want it licensed. By sending me your data you waive all rights to your data and waive all licenses”. I can put this in my legal area too. So, who wins then? That’s different than git where if I clone it I’m pulling your data, you willingly pushed it to my server where I said what I would do with it.

        ActivityPub sent it to me automatically, it’s on my server, and on my server I say anything you give me has no license. To me, that’s like the people who say FB has no right my data in a FB post.

        The difference between Lemmy and Reddit is that it was Reddit’s servers, they owned the data, and there was an agreement by signing up on who owned it - Reddit. Lemmy has no such agreement, and the data is not on a “Lemmy” server, it’s stored on everyone’s servers.

        • Die4Ever@programming.dev
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          9 months ago

          you make a good point about push vs pull, although things are only pushed if someone is subscribed (opt-ed in)

          I think the proposal is for licenses to become part of the ActivityPub protocol, so all applications would retain the original license of the content, license would be a first class citizen

          although without licenses this is functionally the same as email, I wonder how the laws work for that, for example I don’t think you can just plagiarize something that someone wrote, quoted, or copy-pasted to you in an email if it’s actually copyrighted content like from a book (aka content that had a license)

    • nutomicMA
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      You can run Lemmy in allowlist mode so it only federates with instances that you trust.