There's definitely valid reasons to be upset by the scraping these researchers did. They violated their university's ethics guidelines and probably broke the law. People have a right to be upset and should fight back.
But this should serve as a reminder: if you post it on fedi, you should assume it's not private. The purpose of this software, ultimately, is to broadcast what you say. There are likely people scraping fedi right now that will never announce what they've done.
Public really does mean public. Your posts can be found via a Google search once they federate to another server. I know because I've found my stuff stored on other servers even though I've listed my profile as delisted from search engines in my preferences.
Unlisted is about the same.
Followers-only is slightly more private, but the activitypub protocol is imperfect and sometimes people can access these.
Even direct messages are viewable by your instance admin.
At the end of the day, you should use fediverse software to reach people, and weigh the potential costs of someone finding what you've said that you didn't intend to. Just like with email, there's always a risk that what you sent will be intercepted, sent to more people than intended, or forwarded to people you didn't expect.
I don't say this to mean "it's pointless to pursue privacy in the fedi," but rather "this platform is insecure, please be careful."
@sandrockcstm Oh, sure. It's been done before, it'll be done again. Which is not to say that it should be expected or encouraged, but there are always bad actors and they should be called out.
@noelle Right, exactly. We can definitely work to create social norms and try to discourage these things from happening, but we should never forget that, from a software security standpoint, activitypub is pretty full of holes and shouldn't be confused for private communications software. But a lot of people treat it that way and I think they're feeling betrayed.
Maybe that's on all of us for not being more explicit about that :(.
@sandrockcstm When I was growing up the notion "if you put something on the internet assume everyone in the world can see it and it will never go away" was put into me so heavily I'm always surprised at how often other people don't post with that in mind
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!