The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> MALLORY KNODEL: Hi everyone. Welcome to the session. I want to first start with a short bit of housekeeping, which is that if you have joined us in person, we are so grateful. And we also have loads of seats up here at the roundtable that we would invite you to occupy if you would like to. It means you get a microphone that is always on. So you could ask questions directly. Otherwise we'll take questions towards the end. And there are mics also out in the audience. So it is your choice.
We're also monitoring for those who have joined online, we'll be monitoring the questions that you drop in there as well.
So welcome, we're talking today about the Fediverse, also known as the open social web. We by design imagine this as ‑‑ the openness means there is an interoperability element that is very critical. And we are curious in this panel about a lot of things. But particularly about the ways in which privacy can be preserved in these interoperable environments. So you are all internet experts. You understand interoperability. And you are here because you are excited about the web. And we are too.
So we have ‑‑ this is the panel before you. We don't have any remote panelists. I'm just ‑‑ I'm going to allow the panelists to really present this idea to you in stages. So if you are not sure what the Fediverse is. If you are not sure about what privacy and interoperability have to with each other, I'm confident the questions we've posed to one another are going to help build that narrative for you. And of course come with your questions.
As well I'm going to ask the panelists please the first time if they speak they can give a brief intro into where they work. Their interests in the topic and so that way I don't have to read bios allowed to you all. I should start with myself actually.
(Off microphone)
They are all switched on all the time. You have to wear a headset. That would help. I'm Mallory Knodel. Executive director one of the founders of the social web foundation, which sees itself really as a steward of a multi polar Fediverse. And so anyway does have elements of protocol. There is the ActivityPub protocol. There are other open pub protocols that are hopefully towards the future interoperable with each other.
It also has this very strong element of community building, that we build and construct and communities we want online. Move them around. Subscribe, follow one another without having sort of impediments to that. It is a really great vision.
And I think one of the crucial pieces for me as someone who's been in this space with you all for many years. Is this element of human rights. We're building a Fediverse and we're building an open internet. But for what? And so human rights and that sort of thing brings me the to this work.
So that is me.
I wanted to pose the initial question to the panel. Where each person can introduce themselves. Just "what do you think we need to know as a level set for this issue of privacy interoperability?Ed."
It can be a short intervention but just to introduce the audience to what are the edges of this issue and why are we here today, what do we care about. So keep first initial question, maybe two minutes. And rest of our questions will be maybe around 4 or 5 minutes. Delara. Can I start with you.
>> DELARA DERAKHSHANI: Thank you all so much for being here and having me. My name is Delara Derakhshani. I serve as director of policy and partnerships at the data transfer initiative. Our entire mission is to empower users with regard to data portability.
I think it is helpful to give just a little bit of context about what we do and you will see how it is connected to our work in the Fediverse.
When we're talking about data portability in this context, it essentially means at the users request, companies should move bulk transfers of users' personal data from one platform or service to another. Our work at DTI is centre odd on translating legal principles into real world practise. On the practise side we're building open source tools with private sector companies. And on the policy side where I sit we work closely with regulators and policymakers to serve both as a resource and help implement portability solutions that are both meaningful and workable in practise.
Ultimately, our goal is an ecosystem that promotes user agency, competition and innovation. And I am heartened to see so many folks at the table today. Because a lot of these issues are absolutely relevant to the Fediverse and looking forward to diving in deeper.
>> MALLORY KNODEL: Awesome.
>> MELINDA CLAYBAUGH: Thanks for having me. I'm happy to be here. Melinda Claybaugh. Director of privacy and AI at Meta.
Really crystallized around our product we launched a couple years ago called "threads." Most people are familiar with Facebook, Instagram, WhatsApp, threads is our newest up a. And it is built on the protocol, the ActivityPub protocol that makes it operate in the Fediverse. Part of the Fediverse. And what that means is that users can opt in to sharing their posts. It is a public posting platform. Sharing posts on other services also built on the ActivityPub protocol.
So this is something we've been working towards and developing and rolling out over the last couple years. In more countries, and with more features. And we think it is a really promising development. As a stand alone product.
I think to your question about contours of this debate. I think existing in the background are increasing calls in regulation and policy circles for interoperability. Potentially as a solve for competition, anticompetitive conduct. So that is always kind of lurking in the background.
The other issue that's always kind of lurking in the background is around privacy. And kind of intersection with existing laws, which I know we'll get into. And how do we actually make privacy rights operate in this interoperable world? So look forward to talking about those.
>> MALLORY KNODEL: Excellent. And Ian you are next.
>> IAN BROWN: Thanks Mallory. Thanks for organising this.
[ Speaking in Spanish ]
This is a topic I've been working on since 2008 with my coauthor who just happens to be sit over there. Professor Chris Marsden. We wrote a book. And speak to a number of policy tradeoffs and issues. And I'm delighted to see it so high on the radar of many regulators. I spent a lot of the last five years talking to EU policymakers because they have actually put it into a law called the Digital Markets Act which passed a couple of years ago. And I'm going to show you later a couple of tables. I'm not going talk through them. I'm not going to do death by PowerPoint, don't worry. But just pointers to a lot more information. If you want detailed technical background, I'm a technologist. I've written a lot about it at, you can see it on my website, Ianbrown.tech.
I should disclose earlier this year Meta conditioned for me an independent assessment, and it was independent, of certain aspects how it is being applied to IOS and I‑pad OS. And the privacy and security for that. I should also disclose that I'm about to start consulting for the UK competition is and markets authority on precisely this topic.
>> MALLORY KNODEL: So you can see the spread. We've got an awesome panel. I can tell also from the audience we've got some really important stakeholders in this room that know a lot about this topic. So I'm counting on you to come in later on with your questions.
There are mics there. A whole bunch of mics up here. If you want to sit and take one, you are welcome. But let me get on wit. In my view this is an obvious question. We see it a lot. There is an intuition users have. The same kinds of users excited about using open, are social protocols the for, you know, consuming content, article, sharing pictures and so on. Are the same users that are going care a lot about their privacy.
So when this comes into play, you know, we have more of a permissionless ecosystem where different entities are now not just maybe in business relationships, which is something I think we were attuned to in the old social media. But in the new social media, it is more of a, you know, instances, allowing, allow listing, block listing that sort of thing. I think there is an intuition that some users have that they might do those, they might take those actions at the instance level, maybe because of privacy concerns. Or maybe because they don't want to be in relationship with or associate with other corners of this very open interoperable ecosystem.
So that is the sort of general reason I think we've gathered today. And hopefully we've started out strong by explaining why each of us are here and why we care about that. But I want to dig in now to some of the prepared questions we have to get a bit deeper these issues.
So I'm posing this first to Delara. Ian I want you to respond also to this question.
First, how can interoperable systems respect user privacy and give users control over their data?
>> DELARA DERAKHSHANI: So I've thought about this question a lot. And one of the things I want to start with is what I think success would look like in an ideal world. And I think at its core it starts at user agency.
Users should know what is being shared, when, with whom. And why. And interoperability shouldn't necessarily mean default exposure. Then there are technical design issues, realtime post visibility across services. Activity portability. And, you know, social graph portability as well. I think there is an education component that could be furthered to the benefit of all in the ecosystem.
But maybe most important is actually a cultural question. A commitment to shared governance and iterative collaboration. Working in the open is a start. But true privacy respecting interoperability demands an ongoing habit of listening, engaging with standard bodies, with multistakeholders. Contributing constructively to tools that others can use.
These all strike me as some of the ideals that we should have. I will also note that at its core some challenges that come with interoperability. It is all about freedom of movement. Enabling users to take that is posts, profiles and relationships across platforms.
It challenges lock‑in. A goal the Fediverse aspires to but some may argue has not fully delivered on yet. And of course interoperability is not without its challenges. For example people may be able to want to move from one server to another and bring all of their content and relationships with them. That may not always be possible. I can speak later to some of the solutions we're looking at DTI.
And something you have touched on earlier, I think it is relevant to human rights. There is another challenge and that is the decentralized systems like the Fediverse can empower users to find and build communities. But inevitably that introduces friction. Different services are different norm, controls. It can lead to different experiences.
But beyond that migration is not just about exporting and data. It is about joining new communities. We've heard repeatedly in my experience and work at DTI that for many users, particularly marginalized group, the safety of the destination matters just as much as the ability to bring the content.
So trust‑building tools must also not just address privacy but also moderation, consent and survivability. And in recognition of time I'll stop there. Happy to expand further on any of those points down the line.
>> MALLORY KNODEL: Yeah, especially if there are questions from the audience about that. Ian I want you to respond but because you are a technologist, I'm going to ask if you can slightly explain for folks who don't know, like on ActivityPub, for example if you delete a post, that doesn't necessarily mean it is deleted everywhere. And you can maybe hook in ways these things work and limits for privacy and son. Whatever you were going to say.
>> IAN BROWN: That is a challenging question but like that.
So let me. Could ‑‑ the our technical friends at the back. I wonder if you could put my first image up on screen. The XKC call 2.
Interoperability I think first it sounds to people who aren't deep in the weeds of this, it sounds abstract, weird, geeky. Techy. And it is not an end in itself. It is a means to greater competition, greater user choice. Diversity of services. Ability of people to talk across communities. I love that idea. It helps people join new community, try out new communities.
You can see this. I wonder if we could have an element of audience interactivity. We always are told to do in universities to make sure the students awake.
Put your hands up if you are on blue sky? Lot of people. I thought in this IGF community that would be the case.
>> MALLORY KNODEL: Via a bridge.
>> IAN BROWN: Well I was going to come to that. That's also good. Who is also or differently on Mastodon or another part of the Fediverse.
And still quite a few people. I'm not going to ask people individually. More of the technical community on Mastodon.
There are services now called bridges which let people, I think the opt in approach is right. People who want can say from my Mastodon account, I want people on blue Sky to be able to follow me and like my posts and repost them and reply so I'll see them on Mastodon and vice versa.
Mallory got straight to one of the important technical questions which I think at this cartoon which someone in the tech company sent me yesterday knowing I was take talking about this today. And details very important for protecting human rights and privacy and enabling freedom of expression and opinion. For making sure people don't get harassed by being exposed to communities they might not want to.
So to give you another example, there are bridges between X, X Twitter. And some other services. And I quite understand why. Many people on blue Sky and Mastodon would not want people on X to be able to interact with them. Because there is a lot of harassment goes on on that service sadly. And I deleted my own account month or two ago.
And very specific question Mali asked. Okay if you might be on one service. Mastodon, for example, I know because I do it myself. You can set your posted to auto delete after X weeks or months. I want it to be a post of record. Not a social media post.
I want to talk to people. I want to share ideas. I want to be able to make mistakes. That is a key thing that privacy enables. You can try new things out. It is one of the really critical elements of children growing up. Those with parents or nephew os nieces that. People can make mistakes. That is how we learn. You don't want people to think if I make a mistake it is going to be imprinted forever more on my permanent record and employers, university, governments. When I enter the United States, for example might be chequing my social media posts. As is the current US government policy.
So that very specific question Mallory asked is really good because it gets to the crux of some of these issues. Say Mallory has ‑‑ let's use me as the example. I delete my Mastodon post after two months. I use a bridge. Bridgy Fed, I love the name. Which lets people on blue Sky read my Mastodon posts. Blue Sky is not necessarily currently, I have a account. But it does not have an option to auto delete all my posts they type myself into blue Sky. Nor because Bridgy Fed currently puck up my preference from Mastodon to auto delete after two months and apply that on the other side of the bridge. It could.
Also in Europe and many other countries have implemented GDPR‑like privacy laws. And included in the GDPR, I think article 22. But I'd have to cheque. GDPR says if an organisation publishes your information in some way, if it shares it, like a bridge, like a social media service. And then you withdraw your consent for the use of the data. The company has to stop using it but also the company has to make best efforts to tell others organisations its shared your personal information they should stop as well. And that is a good legal way I think of dealing with this issue Mallory.
>> MALLORY KNODEL: I think while we rely a lot on the privacy realm and security realm for that matter how users think about their own data and own experience when there is absence of regulation. I think this is really critical. And why we have to have this conversation now. Because the new social media is introducing so many different dimensions. So many ways to interact.
So let's talk about regulation. Because even with the existing regulation we have. Even in a old social media regime, there are still questions.
Melinda, can you tell us about what challenges you face regarding compliance with national and regional privacy regulations like GDPR? And how in a decentralized environment how those challenges can be either exacerbated or alleviated. But essentially, how should Fediverse platforms and instances better align with privacy laws in general.
>> MELINDA CLAYBAUGH: I think these fundamental concepts that are enshrined in GDPR and now many, many other laws around the world, are ones anyway around your data subject rights. Your rights to access information that you shared. A right to correct and to transfer and to delete.
These have been enshrined for a long time now. And people have come to expect them and rely on them and operate accordingly. And that works really well for things like, you know, if you post something on Instagram and then you want to delete it, it is deleted.
It works less well in this kind of Fediverse concept. So if you post something on Threads. And then you delete it. We will send that request along the chain to wherever. You know to Mastodon or wherever it may have also flowed. But we don't have a mechanism for ensuring that that post is deleted down the chain.
And I think this is where it is so important that we need to take a fresh look at the existing, you know, data protection regimes. Not to say those rights aren't important. They are important and they should stay. But the implementation I think is where we need to come together. Also to Delara's earlier point. Come together with some norms and expectations within industry around how this should work.
Equally, I think there is a real challenge as this new social media proliferates. I think, you know, those in the tech community are already well‑versed in these communities. But to your average user who may be starting on Threads or starting on Blue Sky or wherever people went after Twitter. You know, they may not understand this network. They may not understand really what it means to be posting something on Threads and then have it go to other services.
And so that is where I think the user education piece and really understanding user expectations, importantly, is going to be really critical.
So at Threads, what we do is when you are first on boarded onto Threads, we kind of explain with pictures what the Fediverse is and what it means for what you are posting and what happens when you delete. And so I think we have to really meet people where they are and understand kind of who is a power user, who is a tech user and then who is your average user who maybe is poking around and trying out new things online. Which is great.
So I think the collision of the legal regimes is one that needs to be ‑‑ I guess the collision of the new social media and the legal regime is one that needs to be worked out in the regulatory space. In the industry space among companies. And then at the user experience level as well.
>> MALLORY KNODEL: Absolutely and thank you for that. Hopefully there are questions from the audience about that. I think one thing I wanted to just point out is part of how the ecosystem is evolving now. Although it could always change because it is interoperable and open.
Is that it feels like there is a lot of kind of two ways to get on the Fediverse. Maybe you join a new platform for the first time because you want to try it out. Maybe pixel Fed seems cool. So you get on boarded there. Or you are on a platform for a while and that platform adapts new protocols and the process is different. So that is kind of the beauty. It is very diverse in how people arrive in the space. And we're still trying to develop and communicate with end users how that works.
I'm going to move over to another regulation. That you have already mentioned, Ian. This one is to you. And Melinda, I'd love you to respond as well.
What are the opportunities to influence, you know, the Digital Markets Act? It is out. It is baked. But we want to see if there is a possibility to define or enforce interoperability requirements for the existing social media platforms. As far as I know that's not part of the how the DMA is structured now. But there could be opportunities and sounds like you have been working on that. So tell us.
>> IAN BROWN: I've been working endlessly on that the last 5 years. I must have bored all my friends to tears on that subject by now. The DMA has a messaging interoperability requirement. So that currently applies to WhatsApp and Facebook messenger.
And actually Meta ‑‑ and again to emphasise. We didn't practise before. We didn't line up questions. We've never met before.
>> MALLORY KNODEL: Never met.
>> IAN BROWN: And my assessment ended at the e end of February. But actually I'm not always positive about Meta. But actually what Meta has done on WhatsApp privacy and interoperability is really interesting, great I think. A lot of user research and fine tuning in the same way Melinda has talked about the Threads experience. Exactly the same with WhatsApp. And I think the rest of the industry could really ‑‑ it would be great if Meta shares that as much as possible with other industry players and open source projects, so they can all take advantage of that great research Meta has done in that area.
Civil society groups got this close to also requiring social media ‑‑ the biggest. The D Ma only applies to the very largest company, the DMA calls gate keepers. There are only seven it applies. To you can probably guess which they are.
Civil society got this close to saying social media from the very, very largest companies must also be interoperable in the way Threads is. I ‑‑ actually I am using Threads currently. But mainly I follow from Mastodon. I follow Meta's chief AI scientist because he says very interesting, quite independent minded stuff sometimes. I'm sure Zuckerberg rolls his eyes at times. But a good sign of independence.
What can they do? Therefore the final legislation includes it for message but not for social networking services. But this is the cliff hanger. Next year and every three years the European Commission has to review the operation of the legislation. Very standard in European law. And they have to very specifically every three years consider should article 7, which is the messaging interoperability obligation for gatekeepers, be extended to gatekeepers social media services. And we can say pretty much what they would be probably. Because you can look at who are the designated gate keepers. Meta is one.
You know what social media, they are called online social networking services. You know what online social networking services with 45 million users in the EU, 10,000 small business users. Those are two criteria. You can figure that out for yourself if you wanted to.
If the compilation recommended this and the European parliament chose to act on the European Commission's recommendation, the DMA could be extended. So that would become a legal obligation for very largest social media companies in the way it is already for messaging.
For those that are not European, don't worry, I can sort of feel you rolling your eyes at these Europeans, they love passing their baroque regulatory regimes but what relevance to us? Actually like the GPR many countries around the world are already putting these kind of principles into their own national competition laws and related laws.
Also another trend is traditional competition law is very rapidly moving into this space. So if you want to look it up, I'll just say once sentence this. There was a European court of justice decision called Android auto very recently, which basically says dominant firms must enable interoperability for their services, full stop. Otherwise it is an abuse of dominance.
And I think that could have enormous effects around the world.
>> MALLORY KNODEL: You bring up this idea of jurisdiction. So Europe might have done GDPR. The DMA, the DSA, et cetera.
But I can't even really picture how this would work if it only applied to Europeans. It seems to me and melody I'm sure you have a response here but to add onto it. You know how could a company only be interoperable in one jurisdiction, rather than technically speaking it would seem to me if you are interoperable in one place you would be sort of ‑‑ anyway. That's my small‑minded thought on that. Tell us your reaction.
>> MELINDA CLAYBAUGH: I don't have a specific answer to the jurisdiction question. But it does lead to a larger question around "what is interoperability?"
It is one thing to talk about tech space posts and all, you know, that services are built on a certain protocol and it is easier to build that from scratch.
So something like Threads and being able to federate your posts makes sense.
It is very complicated when you start to get into encryption and encrypted messaging. You start to run into the privacy and security issues. The issues then move to a social media interoperability, writ large, of everything that happens in social media, is a whole other can of worms. And so I think that beyond the technical challenges, really need to think about ‑‑ I'm not a competition lawyer with that caveat. So what are we trying to accomplish here? And how would this operate actually as what people want?
We can leave that for another day in European discussions.
>> MALLORY KNODEL: I do think that is relevant. What people want. One answer to interoperability all the time on open web is RSS. That is a pretty basic way to just get content out there in a way that can be consumed in any way but what ActivityPub and other protocols aim do is you can push content out and consume but you can also interact wit. Share it. Reblog it. More all the time.
One thing about interoperable permissions and ecosystems is it really creates new ways of interacting with content that didn't even previously exist before. We're kind of stuck a little bit in an old school social media thing, where it is like you can click the heart. You can click the little swirly arrow thing. And you can like click the back arrow to make a comment. There is a really, really basic ways. There are probably more.
So Delara, I want to round out the panel by asking you about, you know, how governance and responsibilities can be distributed so that we can steward all of this together?
We've talked about this like very diverse and very complicated ecosystem, where you can do all manner of things. But then how do we manage this together as it hopefully continues to proliferate, right? Across both existing platforms out there. If you run a social media platform and you are interested or curious about interoperable protocols, we want to talk to you. But then also about brand new folks who come into this space and do things. So tell us your thoughts on this.
>> DELARA DERAKHSHANI: Absolutely. Earlier I set out a number of challenges and then I didn't actually bother to explain any of the solutions we were working on DTI to address these problems. So aim going to do that.
But, you know, the first thing I'll say is it is pretty clear to all of us these issues are bigger than just a single company or entity. So federated ecosystems are by design distributed. But that distribution inherently, obviously, comes with fragmentation. We've talked about this already. But with DTI is doing is we're focussed on creating a sort of a shared governance infrastructure. Not to centralize control, but to really provide coordination mechanisms that align responsibilities across diverse players.
We've done this two ways. First we've developed a trust model. Informed by real‑world use cases. And within the input of a great deal of multistakeholder actors. On how to establish trust during data transfers. So this issue goes beyond just the Fediverse. We see the parallels and the broader online environment. But as I think someone referenced the Digital Markets Act, which mandates user‑initiated data transfers for those seven designated gate keepers, which we can all rattle off quickly off the top of our heads.
But, you know, it is silent about trust‑building mechanisms and leaves it up to each gatekeeper. So to reduce duplication, streamline on boarding across platforms. We've launched a trust registry now in pilot. And it allows developers to complete a verification process that, you know, doesn't have to be duplicated. And leads to harmonisation. And efficiency.
There is, you know, also growing recognition that trust infrastructure must scale down, not just up. Small or emergent companies, or communities, we have to recognise they don't always have the same resources. And then I think the only other thing I'd like to point out is that with that problem of, you know, I think it would be a good thing to improve portability. And one way we're doing that is through initiative that we're calling LOLA, which will help users migrate safely. We're creating shared guardrails. And our work is about turning interoperability into a system that users can trust. Because otherwise they won't use it. And where community control and privacy travel together.
And I think that is a good place to stop. But the beginning after conversation.
>> MALLORY KNODEL: Exactly. I like the idea that community control and privacy travel together. I think in a lot ‑‑ you will hear, and I already have so far. Like many of you. Heard a lot of discussions still about content moderation, social media issues, and so on.
And I can't help but always think, like, right now we have to sort of advocate and lobby. As human rights activists have done this many years. Just a few companies. If you just get a few of them to get on board with whatever current issue there is, and you can solve the problem.
In a world we're talking about hoping and envisioning comes to past you will have thousands. So how can you possibly imagine or governing or dealing with that complex ecosystem. Like you are saying, we now can create efficiencies in cross‑platform institutions that have the trust that you need. That then can hook in and interoperate across the whole ecosystem.
So it isn't about one platform making a decision. It is about how have we all made the decision and how the it easily replicate. You want to come in on this.
>> IAN BROWN: Just for 30 seconds. Put my second image on screen. I'm not going to talk through it. But this image, and let me just public to the third. All I want to do is make you aware they exist in the report, the independent report that Meta commissioned which is on my website, Ianbrand.tech.
The detail. Interoperability, you need to get the details right. Number one. Number 2, it is great that private firms like Meta and associations like DTI are doing all this research already to figure out like, you know, as Mallory said in a shared space. And I'm very much looking forward to all your contributions the rest of this workshop. Figuring out you know what can we learn together?
I promise you because I've done a lot of work for data protection authorities and Europe and European Commission as well. Regulators don't want to regulate. They don't have the resources to regulate. At this level of complexity and get it right very often.
That is what regulation is for. To give incentives to private firms to do a good job themselves.
And as Chris puts it, co‑regulation is great. Where you can have the private firms and civil society do the detailed work. And the regulators are only there as backstops to make sure the public interest, as well as the private interest is being genuinely represented.
The reason these two leads are too complicated. If you are interested, download the report. I'm just going flip backwards and forwards because they took me so long to do. I want you to enjoy the complexity of these two slides. Because this is the level of complexity you have to go into when regulators do have to step in. And regulators don't want do this very often.
>> MALLORY KNODEL: Very instructive actually. That is like impossible to read which is what you are illustrating.
Right, so I as a moderator am going to pat myself on the back for giving us 21 whole minutes for Q&A. I really do want to hear from the audience. I want your questions. Wed would love to be able to respond. So you can make your way to the mics if you are out there. And if you are up here already your mic is actually on. Maybe I should have told you that already. Your mic is on and you can just raise your hand and lean in. And get yourself on the list.
Yeah. Please. If you could introduce yourself that would be helpful.
>> Edmund Chung from dot Asia. Thank you very much for bringing the topic in. I have actually two or three questions. One on more social/political side and one more technical side. The first one. First I find the fireside chat with the celebrity star Joseph very interesting because he emphasised on your digital you belongs to you. And this is exactly what we want to talk about.
So my first question is, especially to Ian probably, besides privacy as one aspect, what about the ability to choose or, you know, a choice for curation of information. And how that relates to our democratic institutions and processes and so on. Because that is big topic in my mind.
In your research, does that ‑‑ you know, does it help? This is my first question.
The second question, related to the deletion part. That's really interesting. I was just thinking about it. Even e‑mail doesn't resolve that perfectly yet. But something like time‑based encryption might be useful. But the issue here seems to be the forum or the standards body that the different players and providers are willing to abide by. ActivityPub is I think with W3C.
Is that going forward? Is W3C the right place? Is ETF... is ‑‑ you know, is it a forum ‑‑ does it need a forum to allow interoperability to really happen?
>> MALLORY KNODEL: Maybe I can answer in reverse.
>> IAN BROWN: I was going to say you are more expert on question 1.
>> MALLORY KNODEL: Question 2.
Yeah, so ActivityPub is W3C standard. It is still continuing to standards extensions, which is exactly what you need to build on this as it grows.
So that still happens. And I think you are right to point it out as an important piece. As far as like how you ensure different platforms are implementing it correctly? And doing things like deletes, you know, if requested if that's something that standard can't do and shouldn't do. But certainly is about a community‑based approach to make sure there are good actors following the rules. Not (?). Which is a good governance question that is important to address.
>> IAN BROWN: On that issue, the IETF, internet engineering task force which I'm more familiar with in W3C, certainly organises bakeoffs, maybe, interoperability testing, making sure software following standards are excised. Does actually work. Something like functionality across platforms for good faith implementations is happening. Of course nothing technical can enforce against bad faith actors.s.
That is where you need the legal backstop. And I think the GDPR rules about needing a legal basis for processing, for example, could already be used to enforce that. I think you mentioned earlier Melinda questions that Meta has. And that any other organisation that implemented interoperability in a way you have, had about what if a user chose. They opted in. Right approach. To sharing their content with other platforms.
But then one of those platforms went rogue. Started allowing people on that platform to harass them. Meta can block the harassment crossing over onto threads. But it can't enforce against a bad faith actor. Technically the data has crossed. You know it is on the other side.
What could happen then if necessary? If this was happening on a large scale in particular, Meta and the individuals affected could take legal action in the 160 country, including EU member states that have GDPR privacy laws to say hey bad faith actor, you are clearly ignoring my clearly‑stated limits on processing of my personal data.
It is often going to be sensitive personal data in GDPR terms about political opinions, health, rake of sensitive topics. And if your data protection regulators are doing their job or the courts, they can legally go after the bad faith actors.
>> DELARA DERAKHSHANI: I'd love to also respond. Your digital you belongs to you. I think that is an incredibly powerful statement. E increasingly our lives are online. Increasingly personalisation. For example AI systems is driving our lives.
But I do want to just note that this is the very heart of why portability matters. And why you should have control of your data. And with regard to your deletion point, for whatever it is worth, those conversations are constantly happening. Both at the state and increasingly at the Federal level. And so I'm looking forward to seeing where those conversations go as well.
>> Quickly, you need to attribute to Joseph Gordon‑Levitt not me.
>> DELARA DERAKHSHANI: I'm so (?) I missed him. I didn't know he was here.
>> MALLORY KNODEL: Personal data. Really right up your street. But it is recorded. Know that you can catch it.
We have question here? We'll come to you next. Go ahead.
>> Just to quickly react on the inter‑op question. Same way (?) also very several interpret i testing progress as part of regulation process which could include indeed testing with implementation implement deletion with other service, separate question.
I guess specific question to the panel. So my experience from previous privacy interoperability work is that it is really, really hard to define privacy (?) complexity how people want their digital to be presented. So what we've seen overall is that what gets through process is very simple signals, like do or do not typically.
In the world of social media that feels way too coarse to actually express something users care about. So I don't know how you see disentangling this problem of managing the complexity of the way people understand their social self and the need to bring interoperability in a changing this social media content. Context of portability or interoperability.
>> MALLORY KNODEL: Good question. Would you like to respond to it?... okay. After. Anyone else on the panel want to respond.
>> IAN BROWN: Happy to yeah. This is a really great point and important point. And I think one response to that is to emphasise what Mallory and our other two speakers already said about the importance of shared governance and building these norms together collectively. Because that is going to be much more effective than big platforms building 10 different versions. With the best in the world and very large resources big platforms have, if they can work together that is going to be much better for users than if they define them slightly differently. That is going confuse users. It is going to lead to things happening users don't want. They might have set a privacy control base on understanding of one service but works differently in a another service and I think that would be bad and we all want to avoid that.
>> MALLORY KNODEL: I keep thinking of this instance layer. In old social media, you have platform, you have users.
But now we have users, instances, platforms and multiple different iterations thereof. So this idea of the instance level can also be a place where default settings are set. Where actions can be taken. Like one of the things we've been discussing but haven't called out is specific notion of defederation as an action. Like my instance could use to defederate with your instance, if you are not acting in good faith. If you are not respecting what my users want. If my users actually just want me to do.
There is a good report out about defederation and the politics of that. What does that really look like.
>> MELINDA CLAYBAUGH: One other nuance I want to through in. Basically we're talking about how to kind of systematize some of the experiences we think people want or make it simple as possible across the federated universe.
At the same time we want to preserve the uniqueness of each of the communities. So I think you made a point about algorithms earlier. So maybe you post something on Threads and it goes elsewhere and it is going to be surfaced differently. Or maybe not surfaced on other services. Because of what the content of it is.
And that is the beauty of it. In a way. You know that you have different types of communities on different services. So it is really this fine balance of what are the core things we want to make protected and acted across the Fediverse. But what can we leave to be variable and unique?
>> MALLORY KNODEL: Question down here. Introduce yourself. And please ask.
>> Hi. Hi name is Caspian. What are your visions for privacy servicing interoperability internet in 10 years. What steps should we take to ensure that it exists?
>> MALLORY KNODEL: Maybe the ideas in 10 years. I love the idea. We can think backwards to what 10 years ago was like. Very profo of what we have now. And I think it is a good question. Thank you for asking it. Anybody have a response?
>> IAN BROWN: I do if the other two don't want to go first.
>> You go first. I'll ‑‑
>> IAN BROWN: Okay. I was reminded walking in the wonderful display at the entrance by the organisers. How Norway was a real pioneer in bringing the internet to Europe. I know that in particular because I was looking for a photo of my Ph.D as you were who was part of that. And he was in London and worked with the Norwegians to bring the internet from the United States. I think there were only four sites and the original. And very soon after that Norway and my supervisor Peter brought that over to Europe. So that is going back to the '70s.
So that is a very long ‑‑ that's 50 years ago. I'm not going to even try to remember 10 years ago. But it seems all a blur. But 10 years forward is great horizon. I'm very optimistic what is happening really quickly. So way before 10 years actually. I think what is happening with several of the projects we've already talked about today, with free (?) stuff bringing this into reality much faster than expected. Software tools because just I use them personally. One is called open vibe, it is a social media platform that lets you look at your Mastodon, Bluesky, Threads, and Nostr accounts. All at one time. I you can finalise the time line and adopt different algorithms. As Bluesky also does. So really important one.
We don't want to standards everything. Often a criticism of interoperability. Standardizing and homogenizing everything. We want to avoid that and leave space for services to compete and develop and do a better job for users. And that includes the type of communities they focus on.
But we want to give users choice. Whatever service, Threads, Bluesky, Mastodon. Any of the services want to say. Because I know people on Mastodon are very privacy protective. Very for good reason. And nothing is requiring them to open up even beyond their own instance if they choose. And as Mallory said, defederation is a sort of nuclear option.
And things are moving so fast here. I've done these kind of futures exercises mere for the Europe commission. And things are moving so fast I'm not sure what they will look like.
As a super nerd I hope social media looks like the internet at the IP layer. It is that configurable and flexible and provides a layer in the middle. And all of the stuff we've talked about. The famous hourglass model. The extra two layers at the top. The ITF tee shot famously says financial and political. All of that stuff is being coordinated by some of these organisations and other people in the room. Legal interoperability, my colleague is in the front and has done lot of work on that.
You need all this working together. So this wasn't ‑‑ I didn't intend this to be a plea for the IGF to continue. But I know it is potentially may not. And I think this is an example of how the IGF can add a lot of value to these debates.
>> MALLORY KNODEL: Well you helped me complete my bingo card. And Chris, you have a question I want to get. In we still have 10 minutes left. We should be able to take those questions folks.
>> Danger of putting a man in front of a microphone you didn't know was already on. Thank you more that. Ski think often when you look at this question trying to predict forward ten years, you also have to look back. And Ian and I worked on the tours of future internet project 16 or so years ago. Remember teaching my interoperability to Melinda's colleague Marcus Rinus back in the last century. And I think one of the really important lessons we learned back there, to mention (?). Machine readable code. Lawyer readable code. And human readable code. And had a great conversation last night. One reason IGF should continue is great conversations with policymakers and lawyers and others about these things.
And engineers started studying law. Said wow the legal element is really quite straightforward by comparing what we do. The DMA is very straightforward compared what we do on standards committees.
But the difficulty of course is users simply go for defaults. And so one thing I would hope would happen in 10 years time, going to Ian's straw poll of the audience is people would find some kind of form of Fediverse they are comfortable with using in the way where interoperability is invisible to the using.
Often citing the regulator code but citing, (?). Myth of super user. Danger of giving people not too many choices but too many defaults which they find difficult to actually make into a privacy‑preserving element.
So I guess my question is for everybody. Given the last year has been a great experiment is in people quitting Mastodon. Have noisy quit X and quiet quit Mastodon and moved to Bluesky and other things and thank you Ian for and learning how to quiet quit in much more usable way. The how to see the user out who doesn't have abilities to understand these things. How do we make it easier for them to avoid the same problems which occurred? We're in middle of natural experiment, right, where X has become something that almost everybody wants to avoid except seemingly government official pronouncements which is a very weird thing.
So making it more usable for the user so in 10 years users aren't stuck in this position of having to do more research than they ever want to do.
And I'm not based in Melbourne Australia. The compilation just issued their final digital platforms report. It is their 10th over six years. So that has some ideas in it as well I hope.
>> MALLORY KNODEL: Yeah. Quick question. For me I would answer both questions with I don't want to have to sign up for another service ever again.
>> Yeah.
>> MALLORY KNODEL: I just want to be able to all the new people that service has brought to the internet. But in interests of time. If I could just maybe suggest that we take. I think we can only maybe take three of these questions. Because if we have five minutes if they are quick. And then we'll see if Delara, parallel disagree and Ian have closing remarks.
>> IAN BROWN: Can you do four? There are only four people at the mics.
>> MALLORY KNODEL: Let's do. If you can all promise to make it succinct. I think we can manage four questions and responses in five minutes. Totally works out.
>> I'm Winston and from Hong Kong. I want to ask question as now the many users of internets are like childrens. So is it anything that for youths can do in the interoperability and the Fediverse and off the internet?
>> MALLORY KNODEL: Awesome question. Thank you Wilson. Go ahead.
>> I want a ask a bit of open‑ended question about more the cultures of each platform. And how taking things into a different platform may change the context and remove maybe some culture from the first platform.
Thinking of maybe like link sharing and screen shot sharing and how that can very easily spiral out of control.
Yeah, how can that be done ethically and interoperable system?
>> MALLORY KNODEL: Great. I like that one too. Thank you for bringing it up. And back over this side.
>> Hello. My name is Gabriel. So the Fediverse, being decentralized, you have to deal with lots of different instances probably hundreds.
How do you ensure trust between them?
I read a while ago there was, if it was found out that, for example, direct messages through Mastodon could be read through if someone was misusing the protocol.
So how do you ensure that? Other instance that are interfaced with can be trusted?
>> MALLORY KNODEL: Thank you for bringing up direct messages. Good one, especially for a privacy panel. And then our last question please.
>> Good afternoon. Thank you. Perhaps as we or reflection. What takes of food of thought for the private sector that hopefully now we talk about interoperability can be shared about. Because resilience is about sharing of learnings of what went wrong or what went right. What will you share to the public sector, for instance, in public services. And services for portable health or for municipalities for the social welfare of children or families. What can be shared? Picture for both the good and bad. And focus on the standards because they are weighted on standards only.
>> MALLORY KNODEL: Thank you so much.
Let's go in this order. Ian if you want to start, just respond to any of that you can. And we'll work our way down.
>> IAN BROWN: Incredibly briefly and let's keep the conversation going online afterwards. Let me pick out two. The great one from my right, your left. And the last question.
So on the, I think... mentioning uncontrolled shares of screen shots. I think that is a great way to think about how ActivityPub and ATProto, Bluesky's protocol and others like it. Protocol features that make sure as users and good faith actors are followed and legal backstops for bad faith actors that choose not to.
So uncontrolled sharing via screen shots is something that is never going to go away. You can't stop people screen shotting. That was a dream from and from a technical perspective, that is a bad idea. Mallory's way is the way.
And last question. Very simple point. Picks up what Chris said as well. One thing governments can do is for goodness sake share your information on multiple platforms. Not only an X. Don't have politician real on one hand on X and then force all your citizens to join G if they want to get information from the government.
>> MALLORY KNODEL: Hey, maybe government should have instance a source of truth that is verified and then that's ‑‑ just an idea.
>> MELINDA CLAYBAUGH: I think we're at the very beginning of this journey. So I would encourage. You know, Meta is learning as we go. We launched last week in Threads feed that pulls posts from whatever else you are connected to. That was at the response of users who wanted that.
So you know, keep pushing for what you want in this Fediverse. And that will help drive the conversation.
>> DELARA DERAKHSHANI: Yeah. I'll finish by saying that lot of DTI's work is focussed on this. I would really encourage you all to reach out to continue these conversations. The issue of trust during transfers. The user wants to move their account or content from one surface to another. How do we know that the surface will respect the expectations or that it was actually authorised? How do we confirm identity?
And integrity? And making sure that the message was not lost or maliciously changed?
But crucially, you know, these are things that we're working on. And I really hope that you all reach out for further conversations.
>> MALLORY KNODEL: Thanks so much for coming. Thank you for your questions. Thank you to the panelists who spent their time thinking about these issues in depth. At the social web foundation and with all of you, right, we're actually really trying to have these conversations together. Like Melinda said. This is only the beginning.
So hopefully we can stay engaged. Hopefully we can share learnings and make this space more robust and better.
Great. That's it.
Thank you.
