About the scrape (

There is very little you can do about something like that happening to your toots. This is what 'public' posting means: your messages will get read by someone you don't agree with, in contexts that are different than originally intended, using means you dislike.

It is currently trivially easy to scrape the entire fediverse like the researchers did. So it will happen again.

If you are worried about your messages: first of all, don't put on-line what you don't want a random stranger to read. Your audience is always bigger than you imagine.

Second make more use of 'unlisted' and 'followers only' posting modes. The scrape made use of public timelines (http://<instance>/api/v1/timelines/public?local=true) and using these two visibility modes guards against that. This is easily circumvented by a follower bot though. Which is one of the reasons why some folks choose to manually approve their followers.

This stuff is pretty difficult to figure out and I do not at all wish to suggest it is your own fault if your data got scraped. It isn't. (Question is, did we as do enough to inform new users about the meaning and utility of these settings?)

So how about the researchers?


Β· Β· Web Β· 4 Β· 30 Β· 14

Are they allowed to do this? According to the research paper they can do so because posts are public. Additionally the privacy policies of the instances don't explicitly disallow it (tip for instance admins). They also respected robots.txt (tip for instance admins) and they note that many intances' privacy policy is copy pasta of MS (tip for..). They also say that because they do not store and release personally identifiable data it complies with the EU GDPR.

However, they seem to assume the research subjects know their data is open for scraping by being public. This is not the same as *informed consent* which is required under GDPR.

Considering the outcry, it is clear informed consent was not given.

Even more problematic though is the data set they released. It consists of 6M public posts + metadata. While they hashed the author of each public post (What hashing algo though.. did someone already check that?) they left the link to the original post which contains the author. Here is an example of such link:

So this is clearly bad practice and a huge ethics and GDPR violation. In fact the data set has already been taken down.

@er1n and others prepared a letter of complaint on these grounds, see

The letter:


cauliflower morgan queenchandrelle 

It is clear the researchers did not know the net culture they researched, which turned out to be a huge disadvantage to them.

Their research is based around constructing a data set of 'sensitive' and 'inappropriate' posts. Ostensibly to be able to automagically do content moderation (hmmmmmm...). To identify what is 'inappropriate' they filter out posts that contain a 'CW' or that in the toot's json are marked Sensitive:True (see for example:

The big error they make is to take 'Content Warning' and 'Sensitive' labels for granted as the only use. If your on the fedi for just one day however, you know the CW has a much richer culture around it than just flagging 'inappropriate' or 'sensitive'.

Instead of 'CW', the button may has well been labled, 'Spoiler Alert', 'Click-And-Reveal Joke', ' Summary', 'I'm sorry for posting such a wall of text button' etc etc. You can see the effect of this in the word clouds they add to their article. A CW is not at all a measure for the 'appropriateness' of a post.

It is such a shortcoming in their conclusion that could have easily been avoided by actually engaging the communities you study. But that means talking to people which is: 1 hard, 2 not "AI"


cauliflower morgan queenchandrelle 

Computers can not and probably never will be able to account for jokes, irony, cultural contexts etc. so trying to automatically classify the use of language in this way is flawed and potentially extremely dangerous. That is why we don't want 'AI' to make these kinds of value judgements. Someone will at some point make a moderation bot based partly on the cauliflower corpus.

It also shows that irony, shitposting, noise, is a very good way to thwart this kind of reasoning.

Anyway the authors of the objection letter have much more thorough critiques of the research methods and conclusions and I recommend reading it:

cauliflower morgan queenchandrelle 

@rra good summary of appropriateness: "on, sensitive contents fall into two categories: (i) offensive and explicit sexual words, and (ii) spoilers of TV series or movies."

cauliflower morgan queenchandrelle 

@rra thanks for the detailed posts.
I see they did not scrape (admin there probably took measures). Use of CWs there is "like the subject line in an email" so they would have had a lot of false positives in whatever definition of appropriateness they are using.

cauliflower morgan queenchandrelle 

@air_pump they didn't explicitly scrape but the data set does contain 10k+ posts as per the objection letter (maybe in the form of boosts? mentions? threads?).

This in clear violation of ToS.

cauliflower morgan queenchandrelle 

@rra yep sorry just noticing that now reading through the letter. what. a. fail.

re: cauliflower morgan queenchandrelle 

@air_pump @rra It looks like they unpublished the dataset, it says

"Deaccession Reason
Legal issue or Data Usage Agreement
Many entries in the datasets do not fulfill the law about personal data release since they allow identification of personal information"

re: cauliflower morgan queenchandrelle 

@fadelkon @rra yep, not sure when this happened though? it say the data has been online for nearly a year?

re: cauliflower morgan queenchandrelle 

@air_pump @rra It looks so. It was published in Jan 2019 and the latest possible it was unpublished was today 🀨

@rra this is factually incorrect. They ASSUMED that all instances TOS were similar to those of and didn't check. An instance was scraped that SPECIFICALLY disallowed this kind of thing in TOS.

@c24h29clo4 True. Very sloppy research. Maybe they also never read the "about/more" pages of the instances.

@rra There is a server setting called 'Allow unauthenticated access to public timeline'. This should work to stop scraping using the API (I enabled this last night). Brute force scraping would always be possible.

I agree with you that posting something public on the internet is always a hazard. A lot of people are still not aware of that, especially teenagers.

On our server I always had a Robots.txt file and a bad bot blocker. I have to investigate why it was able to bypass this.

I also added long time ago a copyright paragraph saying that the user itself holds the copyright. This is afaik standard European copyright (or at least Dutch). So you can indeed not consider everything public on the Internet in the public domain.

@jeroenpraat @rra for the record, that setting was added in v3.0 as far as I can tell. And v3.0 was released in october 2019, where the scraping of this incident happened in 2018, way before that option was implemented.

And I still don't have it on my instance, because I haven't updated to v3.

Sign in to participate in the conversation

We are an instance for discussions around cultural freedom, experimental, new media art, net and computational culture, and things like that.

<svg xmlns="" id="hometownlogo" x="0px" y="0px" viewBox="25 40 50 20" width="100%" height="100%"><g><path d="M55.9,53.9H35.3c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h20.6c0.7,0,1.3-0.6,1.3-1.3S56.6,53.9,55.9,53.9z"/><path d="M55.9,58.2H35.3c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h20.6c0.7,0,1.3-0.6,1.3-1.3S56.6,58.2,55.9,58.2z"/><path d="M55.9,62.6H35.3c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h20.6c0.7,0,1.3-0.6,1.3-1.3S56.6,62.6,55.9,62.6z"/><path d="M64.8,53.9c-0.7,0-1.3,0.6-1.3,1.3v8.8c0,0.7,0.6,1.3,1.3,1.3s1.3-0.6,1.3-1.3v-8.8C66,54.4,65.4,53.9,64.8,53.9z"/><path d="M60.4,53.9c-0.7,0-1.3,0.6-1.3,1.3v8.8c0,0.7,0.6,1.3,1.3,1.3s1.3-0.6,1.3-1.3v-8.8C61.6,54.4,61.1,53.9,60.4,53.9z"/><path d="M63.7,48.3c1.3-0.7,2-2.5,2-5.6c0-3.6-0.9-7.8-3.3-7.8s-3.3,4.2-3.3,7.8c0,3.1,0.7,4.9,2,5.6v2.4c0,0.7,0.6,1.3,1.3,1.3 s1.3-0.6,1.3-1.3V48.3z M62.4,37.8c0.4,0.8,0.8,2.5,0.8,4.9c0,2.5-0.5,3.4-0.8,3.4s-0.8-0.9-0.8-3.4C61.7,40.3,62.1,38.6,62.4,37.8 z"/><path d="M57,42.7c0-0.1-0.1-0.1-0.1-0.2l-3.2-4.1c-0.2-0.3-0.6-0.5-1-0.5h-1.6v-1.9c0-0.7-0.6-1.3-1.3-1.3s-1.3,0.6-1.3,1.3V38 h-3.9h-1.1h-5.2c-0.4,0-0.7,0.2-1,0.5l-3.2,4.1c0,0.1-0.1,0.1-0.1,0.2c0,0-0.1,0.1-0.1,0.1C34,43,34,43.2,34,43.3v7.4 c0,0.7,0.6,1.3,1.3,1.3h5.2h7.4h8c0.7,0,1.3-0.6,1.3-1.3v-7.4c0-0.2,0-0.3-0.1-0.4C57,42.8,57,42.8,57,42.7z M41.7,49.5h-5.2v-4.9 h10.2v4.9H41.7z M48.5,42.1l-1.2-1.6h4.8l1.2,1.6H48.5z M44.1,40.5l1.2,1.6h-7.5l1.2-1.6H44.1z M49.2,44.6h5.5v4.9h-5.5V44.6z"/></g></svg>