Everyone on fedi hates this and it is probably a violation of GDPR too

[xyhhx]

This post summarizes what you should know:
https://labyrinth.zone/objects/c015da36-a289-4542-8337-c8a0f1c5855f

I think you do not – or perhaps deliberately do not – understand the concept of “informed consent”. I am going to give you the benefit of the doubt and assume that you have good intentions here. The road to hell is paved with those, and this is going to be another slab.

You are also assuming that people who do not want this will somehow be aware that this is happening, find your blog post (that nobody will ever read) and then realise they should put a hashtag in their bio to remove themselves. That’s not really an “opt-out” because how will anyone know this is happening? Even if a hundred people boost your primary post, that is only a small selection of all fediverse users, let alone instances that even know.

That means there is no way that any given user will even know they can opt-out of something that they do not even know is scraping them. How can you moderate user behaivour when you do not even know this is happening in the first place?

Especially since this means our posts will be on BlueSky, without any recourse for us to remove them from BlueSky because we do not have a consent agreement with BlueSky.

This is also highly illegal under the GDPR, which applies in the EEA and UK, which means you are breaking the law of 30+ nations at the same time. So not only are you just oblivious to the concept of “hey, I don’t like my posts being on BlueSky”, you are also oblivious to your legal requirements as a data handler.

[snarfed]

I definitely hear you. It wasn't an easy call. I wrote up the result of conversations I had with a number of people in the fediverse moderation community, I'd love to hear any thoughts you have on that.

On the legalities, I've looked into it a fair amount and talked with GDPR lawyers, and we're comfortable that it doesn't violate the GDPR or related laws like the CCPA and DMA/DSA. Background here: https://brid.gy/about#gdpr . (Different service, one or two small bits there differ from this project, but don't change the result.)

Regardless, I get that the bigger and more important point is consent and opt in vs opt out.

[xyhhx]

Regardless, I get that the bigger and more important point is consent and opt in vs opt out.

Yup. Jokes aside (I couldn't help myself with #837), you should probably consider making this opt-in. As far as I know my instance will block yours so it shouldn't be a problem for me personally, but for the benefit of everyone who isn't as aware or on a well-moderated instance, opt-in would be better

[snarfed]

Understood. I liked the joke. 😁

Merging into the broader conversation in #835.

[mackuba]

Not everyone, I don't hate it

[nukeop]

The person who posted this doesn't understand what GDPR is, or how it works.