BlueSky’s “user intents” is a good proposal, and it’s weird to see some people flaming them for it as though this is equivalent to them welcoming in AI scraping (rather than trying to add a consent signal to allow users to communicate preferences for the scraping that is already happening).

https://github.com/bluesky-social/proposals/tree/main/0008-user-intents

#BlueSky #AI

@molly0xfff cc @mastodonmigration

@mackuba @molly0xfff

Saw this. Thanks. Lots of questions.

See also this thread: https://infosec.exchange/@thenexusofprivacy/114164055933078250

Think the place to start is with an understanding of the differences, if any, in the privacy policies. That is, between "the information you post on the Bluesky App is public" (Bluesky) and "Public and unlisted posts are available publicly" (Mastodon) and followed by specific enumeration of the uses.

Unfortunately, busy this weekend, but will pick this up next week.

cc. @nexusofprivacy

I'm not sure what your goal is here, but if you decide to go that route, you'll want to get a good understanding on the interpretation of "publically available" under GDPR (the article I shared earlier by Ulrike Hahn is a good start) as well as the legal landscape around scraping in general -Solove and Hartzog 's recent law review paper on "The Great Scrape" is great here).

Specifically on Bluesky and AI scrapers, Carey Lening's FaceHuggers Are Eating Your Skeets is quite good.

And, make sure you get feedback from privacy experts! My partner's a lawyer who used to run a privacy non-profit and if there's one thing I've learned from her, it's how easy it is for people who aren't experts in privacy law to get things wrong. There are a lot of terms of art here, with very specific meanings, and even though I've been doing this for years I still make mistakes (in fact just a couple of weeks ago I showed her the draft of my testimony on a Washington state bill and she pointed out something I was totally off-base on, oops).

@mastodonmigration @mackuba @molly0xfff

@thenexusofprivacy

Appreciate the references. As far as the immediate goal is concerned, would like to know what difference there is between content being deemed public, vs content being made available publicly. It seems like a pretty big distinction.

Further, it seems like specific enumeration of the limited uses of the later (made available) category is relevant.

Where it is heading is to assess the necessity or even wisdom of user intents content markers, but one step at a time.

@mastodonmigration the difference between “public” and “made publically available” (if any) is a term of art question, so you’ll want to get input on that from privacy lawyers (and other experts but it’s precise enough that you really want at lest some lawyers on this). GDPR and My Health My Data may have different analyses; both Ulrike and Carey both discuss stuff related to this with GDPR.

On uses of data you’ll need to take the ToS into account as well as the privacy policy. But remember that others use of publically available data isn’t necessarily limited by these uses.