Note: If you're not on the fediverse/activity pub/mastodon, much of this won't make sense to you. If this description fits then feel free to skip this post.

Apologies first

There's a lot to unpack here so I need to start by saying the primary point of this post is to apologize. I also want to give an explanation of what happened from my point of view, and what's been done to correct things going forward.

To loadaverage.org - administrators, users, etc.

By the end of all this, I think everyone saw how each other may have misread intentions. That does not excuse the fact that I was making some hasty judgments and when I acted, I did so without enough enough thought and patience.

To hackers.town - administrators, users, etc.

I'm as proud of the community there as I'm sure loadaverage.org people are of theirs. My missteps here cast the instance in a poor light. This was highly undeserved. My handling of the situation was not exemplary, and didn't represent what htown is about or how its members behave.

Going forward

As the first corrective action, I removed my account on hackers.town. If that sounds like running away, I'd ask that it be seen as voluntary exile. I didn't want to have my friends bear any potential blow-back on account of me. My contact information is moderately easy to find and is at the bottom of this post. If anyone had or has anything to say to me privately, they can. The goal here is keeping any further drama off the fedi.

I've used this hiatus to chill out and slow down. I had gone off half cocked and that is bad practice. This is an area of focus going forward. If we were in the Snow Crash universe I'd willingly accept a “Poor Impulse Control” tattoo on the forehead.

And lastly…

I am writing this because of a related issue. A paper from the University of Milan where they scraped public toots on English speaking instances for use in a study without explicit consent. The problems of feeling safe in public spaces, copyright assignment, and data usage on the fediverse are related in both cases. This needs more discussion. If users, admins, and developers are not understanding federation copyright issues, and not implementing consistent application copyright protocols (in the software or human sense) there could further trouble.

Just look to what happened here - I nearly ended up causing a disaster, and I was just one person acting with honest intentions.

If the details of this incident interest you and/or you would like to see how that relates loosely to University of Milan, please read on.


So what happened with loadaverage? (From my view)

An advantage of having a unique name is that it shows up in searches without “noise” results. I look for myself mostly to check for “leaks” of stuff that I don't want getting around or misused. Years ago, I found someone stealing and reusing my music as their own years back as an example. This is also why I was primed for a fight.

I became concerned when I found my toots on a site I'd never heard of. My profile on my home instance was set to not be indexed, and although I understand how activity pub federation works generally but this just seemed weird: It was not clear that the toots did not originate on site (this has been fixed), and my full bio was in the right margin. It looked like I had an account there if you weren't versed in GNU social, It presented much like a local user's account page. I noticed a copyright notice notice at the bottom said all the site content was under a CC-BY-SA 3.0 license. My immediate conclusion was that a site had scraped my content and was assigning new copyrights without my approval.

I tried to find admin contacts to voice my concerns. I couldn't. I can see it now that I know where to look, but it's still tricky due to infinite scroll which moves the bottom of the page where those links live. Next, looked up the domain registration. There was no contact (or proxy) information for tech/admin/billing etc. for the domain. Just the registrar in another country, which was a complication. They wouldn't pass the message along and, paradoxically, told me to contact the administrators of the domain. All I left was IP address and a site that looked like it was mirroring profiles and misusing content.

I'll apologize again here as this is specifically where I really messed things up. Rather than calming down and seeking advice, I reported what I seemed like someone co-opting my content to the abuse contact of the hosting provider.

This ended up with some heated discussions happening, before and after the actual issue was resolved, and on and off the fediverse. I won't recall specifics here, but there were a lot of angry people, speaking as angry people do. I understand why everyone was upset. Someone (me) was threatening a space with a claim that seemed baseless. How could anyone claim copyright infringement on something shared publicly and knowingly on a distributed/replicated network? Another side of it was copyright was being reassigned without creator consent. Even CC-BY-NA 3.0, which the site used, prohibits modifying the terms. If the author did not explicitly agree to using this license, there could be legal ramifications.

This is just a summary. Understand that I'm not trying to rewrite history if I left out a point of view. No one had a monopoly on the truth. It's still unlikely everyone agrees on the issues that came up, why they came up, or how they came to a close. It warrants ongoing, healthy discussion.

To address my specific concerns, loadaverage changed their theme to make it clear which instance was the origin of toots. This, plus the existing copyright notice (which explicitly applied only to their content) addressed those concerns.

Why even bring this up again? (a.k.a. As Above / So Below)

The microverse mirrors the macroverse mirrors the… fediverse?

I'd planned to stay quiet and let things cool down. Coincidentally, there's been a new controversy about the University of Milan releasing data scraped from English speaking instances. The study it related to is referenced here.

Reactions ranged from rational to emotional. People felt surveiled and misused in spite of the knowing public nature of their posts. Some compared this with being mugged in a public space (yikes! too strong/dramatic, IMO). Others equated it with the creepy intrusion of facial recognition and cameras in public spaces. More points were made that what is public on the internet can go anywhere, and users should keep their security and privacy protections up with that mind. The one that really caught my eye was a user mentioning that they'd explicitly GPL'd or CC-BY-NC-SA'd some of their posts, then implying that they'd use that to go after the publishers if they were found in release. There were others elsewhere saying the same sort of thing.

So here we go again: Copyright as a weapon. In my case I was just one guy who found their content through a search and misread enough cues to suppose unethical use. Now there were people discussing using the same stick to beat up a University for publishing data they gathered through scraping public data.

Where would that stop? Where could it go? What if someone wanted revenge against an individual? What could happen if someone decided they wanted an instance silenced and were acting in bad faith? Maybe this is me begging the question, really. It's still the case that the fediverse is independent and run by individuals not groups or companies. If someone (or a group of someones) felt like it, copyright complaints could be fired off and entire communities could be silenced, defederated, or siloed. Jane Admin probably barely pays the server bill, has a day job, does this as a public service, and can't afford a lawyers or legal fights. I say this now after realizing the scope of fire-raining-from-heaven-bulls**t I nearly caused.

So both incidents have exposed is that perhaps there's not a clear enough idea how copyright works on the fediverse, how it relates to usage of data on the fediverse by third parties, and how that applies to public/federated posts. What is the assumed license of federated toots? Where is copyright implicit? Explicit? Some social media outlets have you sign a lengthy EULA/Privacy statement as part of on-boarding to indemnify themselves. Yuck.

One solution I'd thrown out was setting the creator's license preference in their profile and making that part of post metadata. I for one, would like to flag my stuff is not for commercial re-use by default. It seems like a check would also need to be put in place to ensure that license was compatible with federation and to the instance. Perhaps this could even be overridden on a post by post basis. It could also lead to fracturing of the fediverse, and I will admit to this being a problem beyond my skill set. I'm just a user of mastodon and haven't dug into the protocols and code that's involved. Even more importantly, I'm also not a lawyer.

In this case, I'm just a person who tripped on a virtual pothole that could have a sinkhole below it. I'm concerned that problems like this could be used to weaken, fracture, or even silence the fediverse. The proximity of these two similar, yet unrelated, events made me wonder if it's a more urgent issue than I had thought just a few days ago, so I'm bringing it up now.

This needs discussion. I hope it happens. Soon.

Cooler (and smarter) heads can prevail.


It's my hope that anyone who has anything they feel needs to be said to me, or corrections made to this post, will find my contact information through my keybase proofs or contact page and reach out.