Alex Schroeder ๐Ÿ is a user on octodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Alex Schroeder ๐Ÿ @kensanata

What I hate about social media sites that all the data is kept, but I can't find anything I need. But the admins, or new owners can always comb through the data (cf. last share). Given that I can't find shit, I'd be better off if old data got deleted. Delete inactive accounts after 90 days. Delete Toots after 90 days. Delete media after 30 days. Data is a liability. Make it easy for people to export threads (share a thread as HTML mail attachment, or save as HTML page for example).

ยท Amaroq ยท 10 ยท 20

@kensanata Partly agree. The downloadable Twitter archive is quite neat, actually:

support.twitter.com/articles/2

You basically get an entire website containing all your old tweets and retweets, ordered by month. It can be stored locally and includes decent search functionality. I use it quite often to search my > 10000 (!) old tweets.

I would love a similar feature here on Mastodon.

@stefanieschulte @kensanata This inacessability of data is one of the reasons I heavily dislike bulletin boards too.

G+ offers a takeout (at least, although the formatting seems to change every other hour) and Mastodon offers a similar means via simple HTTP access. So I can grep my data. And it even allos me to grab your stream, which isn't possible on G+.

@cynix @stefanieschulte The immediate access to Atom feeds is a big plus for Mastodon.

@kensanata @stefanieschulte
Not just Atom feeds, you can "wget octodon.social/@kensanata" too (but I'm sure you knew that already). If I find some spare time (hah ;-/) I'll wrap the retrieval into a perl script ...

@kensanata Yes. In my opinion, it is really well done. I wonder why Twitter did this - are they able to collect user data while people are browsing their local archive? I don't think so. The archive works offline, too.

@stefanieschulte @kensanata well, Google does that too, as does Facebook, to a certain extent. It enhances trust in some way.

Offering this should become a standard.

@stefanieschulte @kensanata Doesn't the Atom feed for your account allow you to solve this?

@edavies @kensanata To my knowledge, .atom feeds include only the latest toots. This means you would have to run something like a cron job in order to catch all your toots, I guess. Or has anybody found a better solution?

@stefanieschulte @kensanata Yes, I think you're right that it'll ownly do recent toots. I've just set my feed reader (Liferea) to โ€œunlimited cacheโ€ for that reason.

@edavies @stefanieschulte I don't think so. Perhaps it does. The first point is that data is still a liability. If the bad guys take over, all your secrets are revealed, basically. Data is a liability because we cannot predict the future. The second point is scale. Once I realized that my GMail Takeout was more than 2G of mail, I decided to archive the file and delete the data on the servers because I don't have the tools to work with the data offline. Better to delete it.

@kensanata @stefanieschulte I was only responding to the local storage/searchability point.

You do realize, @kensanata, that it's most likely that the data you /thought/ you deleted is inaccessible by you in the future but probably archived somewhere for posterity?

People seem to get angry with me when I say what's put online, anywhere, ever, is our permanent record, but companies are archiving & something deleted now probably has no effect on what was archived around the time you put it out there.

@edavies @stefanieschulte
#JustSaying

@Euphoria @edavies @stefanieschulte Sure, but that doesn't mean that we can do better, try harder.

To me this means simply *never posting online* anything that I might later wish I hadn't put there. Since I usually don't know what that might be, and anything could be taken out of context, I decided to (almost always) just go ahead and put it out here & hope I won't be damned by the consequences. That being said, I expect to virtually disappear at some point, when it all becomes too absurd.

@kensanata @edavies @stefanieschulte

@Euphoria @kensanata @edavies This is why I believe that most private communication (e. g. e-mail and messaging) should be encrypted end-to-end by default.

As to (semi) public postings, this is a more complicated story, I think.

And there's a third category of data: Your search history, the links you click in social media etc. Platforms collect that data, too, of course - and we usually don't know what they do with it.

I first learned about email encryption in the Nineties from a man who worked on producing PGP and tried to get me to use it. Of course I could see his points and got a bit paranoid for a while but, aside from work related correspondence (unencrypted by default) not much of what I was saying seemed all that important to hide. I figured that if I /tried to/ hide it it would /seem/ more important to snoopers.
@stefanieschulte @kensanata @edavies

@Euphoria @kensanata @edavies I think the point about widespread adoption of end-to-end encryption is that it wouldn't make individual users stand out anymore.

I think Open Whisper Systems has succeeded at this, at least partly. WhatsApp (which I'm not using) is now encrypted by default, and their own messenger app, Signal, has become fairly popular, too. Kudos to them.

Which is a good step in the right direction, Stefanie, though it may be too late for that. Someone's previous online behavior can easily catch the attention of a government entity, or even some rich person with lots of resources and enough curiosity to decide to work on decrypting something.

1/2

@stefanieschulte @kensanata @edavies

Maybe I'm just cynical, but I believe that nearly all decryption can be broken nowadays with the right resources. Ironically the book I've been reading, Mr. Penumbra's 24 Hour Book Shop, has Google fail to decrypt a very old book, but I suspect the decryption will succeed before I finish the story.

2/2

@stefanieschulte @kensanata @edavies

@Euphoria @stefanieschulte @kensanata @edavies Far more frequently, the problem isn't that the /encryption/ can be broken, as it can be worked around.

Encryption makes the encrypted-state data exceedingly difficult to unencrypt. So you don't bother.

* Get someone to reveal their password or other key.
* Intercept the data before, or after, it has been decrypted.
* Have someone send you the (unencrypted) data directly.

1/

* Impute information from other sources. E.g., call records or geolocation rather than decrypting a calendar.

The biggest target, generally, though is to simply rely on other metadata which aren't encypted in the first place. These data are almost always more useful (standardised) and informative.

It makes the issue fairly moot.

@edavies @kensanata @stefanieschulte @Euphoria
2/

Exactly! What's the point of going through all the extra effort, and asking others to do so, too, when there's likely to be something along the way that will invalidate it all?

If something's really private and important the only way to keep it that way is face to face communication, away from cameras and curious eyes and ears. If that sort of thing is even possible anymore. ;)

@dredmorbius @edavies @kensanata @stefanieschulte

@Euphoria @edavies @kensanata @stefanieschulte Because data-at-rest is /also/ a problem.

When you've got a multiple-points-of-failure system, you don't just shrug, say "there are lots of holes", and walk away. *You start fixing what you can.*

If you fix up /one/ set of holes, to the point it's no longer the biggest threat, you turn to the next.

It's an iterative process.

The /other/ holes /don't/ give away the whole enchilada.

@Euphoria In particular, metdata /can/ be secured, though the route there is almost certainly regulatory: make the data too hot to collect or hold, make it useless to trade. It is cheap, but not /completely/ costless, to collect. And if you can switch the economics, making it far more trouble than it's worth, then it won't be collected, stored, or sold.

@stefanieschulte @kensanata @edavies

Do you think this is actually likely to happen some time in the near future, @dredmorbius?

@stefanieschulte @kensanata @edavies

@kensanata @Euphoria Maybe I've followed infosec Twitter for too long ๐Ÿ˜‰ , but to my knowledge, Signal hasn't been broken so far. The same applies to GnuPG, if used properly with a modern cipher algorithm (even if many people have tried to break Signal and/or GnuPG, I guess).

The problems mentioned by @dredmorbius still apply, but at least it won't be possible for providers to freely "mine" all the messages on their servers anymore.

@dredmorbius @Euphoria @kensanata I don't believe that end-to-end encryption can prevent all attacks on individuals. However, it might make automated data mining on "cloud" servers a lot harder.

@stefanieschulte @Euphoria @kensanata That is pretty much the key point.

Though there's more to it than just that.

@dredmorbius @stefanieschulte @Euphoria @kensanata
I use Signal but still don't trust it (or anything else TBH!) for 100% privacy.

The main reason is simply that I can send pics of cats (and other animals) to my sister - which otherwise would cost โ‚ฌ0,50 to send via MMS messaging!

@Euphoria The more cat photos are encrypted, the more cat photos must be /decrypted/ to find non-cat-photo content.

Using secure channels for /all/ traffic helps protect the traffic that /requires/ secure channels.

@vfrmedia @stefanieschulte @kensanata

What I wonder about is if those messages get stored on the servers--can they be accessed later? Not that it really matters for me.

@stefanieschulte @kensanata @dredmorbius

I suspect I'm a lot older than you are, Alex, but I realized long ago that my online persona actually has a life of its own and will continue whether I'm around or not. There may already be someone studying who they think I am based on what I share. What helped me understand this was when I totally disconnected years ago only to check my email to see Twitter wanted to profile me. They never did.
@kensanata @edavies @stefanieschulte

@Euphoria Not sure about age. I'm over forty? But keep talking. ๐Ÿ˜‡

There are actually AIs that profile people based on what they tweet, & probably other site usage, too. Supposedly one has to give them permission to do so, but I suspect they're doing it anyhow, possibly via government access, so I decided not to worry about it, choosing to participate for the moment.
@kensanata @edavies @stefanieschulte

@Euphoria @kensanata @edavies Maybe we all need to get used to having some sort of "public online persona", and guard it accordingly (occasional pseudonymity can help with this, too, but it's no panacea).

At the same time, I believe that we all need some degree of privacy, and this should include online activities as well (including cell phone whereabouts etc.)

It all got mixed up for me at some point, and was too difficult to keep things completely separate. So much so that I don't even try anymore. I guess using an anonymous avatar would help a lot. I considered doing that when I joined here, and using another name, too, but in the end I chose not to. ๐Ÿคท๐Ÿฝ For me it was just too much compartmentalization. Made me feel schizophrenic or disingenuous.

@stefanieschulte @kensanata @edavies

@Euphoria @kensanata @edavies I've become somewhat less worried about this, too. As a former journalist (full time for more than ten years), I'm somewhat used to having a "public persona", anyway.

I think it has something to do with age, too. When I was younger, I was much more concerned about posting something "embarrassing" and get "caught" later.

It's possible that, like me, you've seen how something seemingly very innocuous can be misinterpreted or taken out of context. We can never really know how others might react to what's been shared online, or even when. Could be decades later. And then there's the problem of finding things for ourselves when we want or need to.

Oh, what a tangled web we're all in!

@stefanieschulte @kensanata @edavies

@stefanieschulte @Euphoria @edavies Sadly, these days my concerns are more political. With people denied entry to a country because of tweets, a national conservative backlash everywhere I look, I think we need to prepare ourselves, our culture, and work on our software engineering expectations because I want to fight for both the freedom to authentic self expression and a measure of control. I want it both ways. I refuse to believe no improvements are possible.

I'm sure you really had to be careful about what you posted online as a journaist, too, Stefanie, though some journalists seem to think that whatever they want to share with the world is fine.

@stefanieschulte @kensanata @edavies

@stefanieschulte @Euphoria @edavies when I hear people say that we need to "guard" ourselves, or of keeping an online persona, then I hear that we are less free than before. Just to be clear, I don't mind there being consequences now for speech happening now, but if I said stupid things a few months ago and I regret that, it should be easy for me to find it and at least undo my own posting. Yes, snoops, crooks, and the rich still keep their records. But not I!

@kensanata @Euphoria @edavies This is why most modern social media platforms allow you to delete individual posts.

It's a huge problem with publicly archived mailing lists, by the way (you cannot retract your posts unless you can persuade the mailing list admins to do so).

On the other hand, deleted tweets may remain somewhere on the Twitter servers, and somebody might have taken a screenshot, too.

@stefanieschulte @Euphoria @edavies most social media platforms allow you to delete messages one by one, slowly, interactively. It's untenable if you are prolific.

@kensanata @Euphoria @edavies On Twitter, a lot of third party apps can do this for you (you need to trust the apps, though, of course).

Privacy is nice. I really wish Google would stop turning on GPS on my phone. I turn it off, go into my settings for something, and see that it's turned back on. I thought I'd removed all the apps that might want to use it but there's something that turns it back on sometimes. I can't seem to figure out what or why. It's very annoying. I noticed it goes on when I enter specific areas. It's kind of creepy.

@stefanieschulte @kensanata @edavies

@kensanata One analogy is to think of personal data as nuclear waste. You don't want to keep nuclear waste around, you want to get rid of it! You need to manage it carefully etc.

Maciej Cegล‚owski has talked about this metaphor
idlewords.com/talks/haunted_by

I can always go back and delete all the tweets, all the Facebook posts, all the Mails, all the Instagram pics, but have you tried doing it? Deleting old stuff is a sad chore and nobody does it. Forgive and forget? You wish. The search engine indexes would forget, if only you'd delete, but you effectively can't.

@kensanata My own feeling about deleting is that we can't put this genie back in its bottle. We need to explicitly use ephemeral channels and assume that the rest cannot be deleted.

@alephnull For a while I simply thought that new cultural norms would emerge. But that has not happened. So now I'm thinking that perhaps this is the fault of software engineers. The example I am most familiar with is a wiki. Users would ask for a Git backend, for example. They value perfect knowledge of the past and don't consider that this is the exact mindset that is giving us the surveillance society.

@kensanata Knowledge is valuable. When I am recruiting, Stack Overflow gives me a way better picture of people than LinkedIn, for instance. I don't think software engineers are the ones driving the obsessive recording of events. People are just following the money. Note that we have precious few cultural norms that even approach universality.

@kensanata holy, you are following me. How's going all these years?

@xahlee nothing much has changed. Growing older and more mellow. ๐Ÿ˜€

@kensanata I think that the whole situation could be fixed if somehow the data became liability for the the ones storing it, instead of the ones who produce it. Storing personal data should have a cost, then the companies would have incentive to only store the data that is absolutely necessary and only for as long as necessary.

Whether the cost is in form of a risk for high penalties when the data leaks, or simply a "database tax", doesn't matter that much then.

@deshipu @kensanata That's our work policy. We have to store some PHI/PII as part of our service, but we treat it as radioactive and keep as little as possible, and none without an explicit reason for why we have to have it.

@kensanata

I agree I would like a way to backup/export my conversations & likes, but barring that, I'm very grateful that I can go back through my timeline & find things.

The longer the timeline, the more tedious it can become (although it's always an interesting refresher), but I comment or favourite *because* I want to find it again.

(And I DO go back through my feeds often.)

I also think a sense of history is important. ๐Ÿ™‚

@s_evansUP But how far back do you realistically go? I have a Gmail archive that is over 2G. I have a blog with over 6000 posts, more than 8000 tweets, more than 4000 pictures on flickr, and on and on it goes.

@kensanata

I think it depends on how one is personally organised. My email/feed serve as my diary, as prob at least your email/blog do.

The rest is the same housekeeping online that you would do IRL; delete old posts as you would throw out/donate possessions you no longer need/want.

But I would not want an admin to arbitrarily delete everything prior to a certain date.

Nor would I want to burn down the house to avoid housekeeping. (Although once or twice I've been tempted!)

@s_evansUP Sure, that makes sense. But I also find it exceedingly tedious to do this kind of housekeeping. I'd like there to be more options for me.

@kensanata

I think it's like anything; the longer you let it go, the worse it gets.

Then you have no choice but to burn the house down. ๐Ÿ˜ฎ

I *would* like a way to save/export/backup Mastodon threads.

And perhaps you could mention to admins about an auto-delete feature for those who would want it? I do know at least one person (on another site) who would probably use it - he has admitted he 'posts & runs' and rarely goes back.

@s_evansUP I do agree that a sense of history is important, of course, and I do differentiate between stuff I want to keep (my blog) and the stuff I don't want to keep (most of my Facebook posts and pictures), for example.

@kensanata I like this, maybe an option so the user has more control of their data? Set default for 90-days deletion and op-out option, been able to set a X number of days for toots.

Deleting inactive accounts should be a must.

@kensanata i would have previously disagreed with this because i used to read my & friends old live journal archives for nostalgia on the site, but then all this shit with russia happened and now i wish it had been deleted.