Some people think that privacy, openness, and user consent are all at odds with one another. Here's a guide on how to navigate all three as a developer.

Sometimes, developing a new app, platform, or concept for the Fediverse can seem like a minefield. Here’s some rules of thumb on how to maintain goodwill with the community, and ideas of how to do it.

    • Sean Tilley@lemmy.worldOPEnglish
      0·
      3 months ago

      I agree with you in spirit, but some of this stuff needs to be spelled out for people interested in the space. Not every person that builds for ActivityPub is overly aware of technical and cultural expectations. A lot of that knowledge exists in someone’s head somewhere, and the Fediverse does a pretty poor job of making assumptions about those people.

      Case in point: one of the stories linked in the piece discusses a guy that implemented ActivityPub on his own, got it to work, but didn’t know enough about the space. People thought it was a crawler, turns out it was a blogging platform, but the drama ignited to the point that someone remote-loaded CSAM on the dude’s server using Webfinger. Dude was in Germany, and could have gone to prison simply for having it.

      We can’t hold two contradictory positions, where we invite people to build for this space, and then gaslight them over not knowing things that nobody told them about. More than ever, we need quality resources to help devs figure this stuff out early on. This article is one small step in service to that.

  • Skull giver@popplesburger.hilciferous.nlEnglish
    0·
    3 months ago

    Pretty funny to quote the GDPR consent description when the website shares your visit with Google without your consent (through Google Fonts), as well as various other third parties.

    One important addition to the considerations: don’t join ActivityPub if you’re successful or popular. The way the community responded to BridgyFed showed that large parts of the Fediverse want it to stay their own little obscure corner away from most of the world, and that doesn’t even touch the whole Threads thing.

    There are exceptions to this rule, like being a Cool Internet Company such as WordPress/Tumblr, where forced login prompts and ever shittier paid subscriptions are tolerated because these companies have a historical cool factor that other companies don’t have.

    As for legal consent, make sure you know the legal obligations that come with consent if you run a product or service as a company or organisation. You may be required to tell end users what profile information you’ve shared with what servers when, that you’ve encrypted your database, and may be required to enforce deletion of PII on remote servers as the primary responsible party for protecting your users’ privacy when your users withdraw consent.

    Or you can just ignore the law, which most of the Fediverse seems to do, including several government servers.

    • Sean Tilley@lemmy.worldOPEnglish
      0·
      3 months ago

      Google Fonts

      Yeah, I need to work on that. It’s been on the back burner, because writing and publishing has kind of been a main focus for me in recent months. But, this hasn’t been the highest priority, mostly because modifying WordPress and making it behave correctly can be a massive pain in the dick.

      I’ll get around to it when I’m able.