Meta plant Nutzerinteraktion durch LLMs zu ersetzen, sobald sie verstorben oder eine längere Zeit nicht online sind.

Ich will mir gar nicht vorstellen, welch ein Propagandainstrument dieses Feature sein kann, wenn es in die Hände eines Autokraten fällt.

Auf der anderen Seite ist ohne Kennzeichnung auch nie klar, ob man mit der echten Person interagiert oder nicht.

Sehe nur ich das unüberschaubare Sicherheitsrisiko?

https://www.youtube.com/watch?v=eRyOdsLaPKE

#AI #LLM #simulationtheory #deadinternet #Meta #Facebook #nobot #diday #MentalOutlaw

#HolosDiscover is back, from a clean slate.
A #Fediverse search engine that uses standard #ActivityPub federation. It follows you like any account, respects indexable flags, #nobot, #noindex, locked accounts. Deletions, edits, blocks are processed instantly through ActivityPub.
You have full control. Block it, mention it with "unfollow", or disable indexing in your settings.
Source code under AGPL-3.0 on #Codeberg.

Details: https://discover.holos.social/how-it-works

Account: @HolosDiscover

https://rembo.me/creative/blog/status-feb-2026/

#nobot

I really like personal homepages and have quite a list of them bookmarked. I'll post one every week unless I fall behind this schedule. 😉 So here's Cool Personal Homepages #CPHP Vol. 62: "OMINOUS NETWORKS" https://www.ominous.net/

#SmallWeb #indieweb #homepage #blog
#screenshot #nobot

Fedi 周报 #154 - 搜索与社区

查看网页 | 原文

上周，Holos Social 悄然关闭了基于 ActivityPub 构建的 Fediverse 搜索引擎 Holos Discover。它在获取用户同意方面付出了巨大努力：它只索引开启了“可被索引（indexable）”标记的账号的公开贴文，以可见关注者的身份出现，实时处理贴文的删除和编辑，并且排除了锁贴（手动批准关注）或简介带有 #nobot 标签的账号。在当前的 Fediverse 中，这已经是在构建尊重寻找共识的搜索引擎方面所能做到的极限了。

社区成员指出，在许多实例中，“可被索引”标记是默认开启的，这意味着大量带有该标记的账号从未做出过允许被索引的明确选择。这个本应表达“此人同意被搜索”信号的标记，往往传达的是“此人的站点管理员没有修改默认设置”，而在协议层面，这两种选项之间没有任何区别。

Fediverse 上的搜索和索引项目往往以同样的方式落幕：从早期的全文索引尝试，到 2023 年 Searchtodon 对个人时间线搜索的谨慎实验，再到今年早些时候 FediOnFire 基于中继的 firehose（数据全量分发）展示。并非所有的抵制都是毫无根据的：Maven 曾在没有通知的情况下导入了超过一百万条 Fediverse 贴文，并对它们进行了 AI 情感分析，这与 Holos 正在构建的愿景相去甚远。但社区的反应却很少去区分那些蓄意违背用户同意的项目和那些试图尊重用户同意的项目。Bridgy Fed 通过转向“选择加入”模式在类似的周期中幸存了下来，但这只是个例外。当下反对搜索的规范是在社区爆发强烈抗议的时期确立的——这些抗议有时甚至演变为了有组织的骚扰。随着人们似乎已基本翻篇，这类抗议的强度有所减弱。例如，2023 年初 Searchtodon 遭到了强烈的抵制，而我在 2025 年秋季明确指出的一个能够实现同样效果的离线优先客户端，却没有遭到任何抵制。尽管如此，对被抵制的预期仍然作为一种内化的谨慎态度而存在。

社区敏锐地指出，“可被索引”标记并不能可靠地代表个人同意。Helen Nissenbaum 关于“语境完整性”的研究表明，隐私不在于保密，而在于恰当的信息流动：在 Mastodon 上发帖带有一种隐性规范，即谁会看到该贴文以及他们为什么会看到；违反这种规范就是侵犯隐私，即使该贴文在技术上是公开的。Daniel Solove 和 Woodrow Hartzog 也提出了类似的法律观点，他们表示，公开可用的数据仍然经常受到隐私法的保护，仅仅是可访问性并不能赋予任意下游使用数据的许可。

但在发现“可被索引”标记不可靠之后，唯一可用的应对措施就是将所有默认设置视为“不同意”，而这带来了一些重大的副作用。它剥夺了这样一种可能性，即一位站点管理员可以合理地说：“我们的社区重视公共发现，因此我们启用了支持这一点的默认设置。”协议无法体现一个默认值是管理员刻意设置的，还是出于惯性保留的。因此，社区规范将它们一视同仁；在实践中，这意味着一个表示“我们社区主张公共发现”的站点管理员，与一个从未看过设置页面的管理员受到完全相同的对待。导致的结果是，在这个对 Fediverse 站点的认知框架里，它只包含了个人选择，而“社区进行集体决定从而可被发现”并非一个可用的选项。

对于一个本应促进跨社区治理多样性的网络来说，这是一个奇怪的结果。Mastodon 本周发布了一篇博客文章，执行董事 Felix Hlatky 在其中表示，其使命是“通过繁荣的在线社区连接世界”。但当前这种用于发送数据处理同意信号的结构只能识别个人，却没有任何机制让社区去传达任何信号。

将默认设置等同于“不同意”的这种思考框架，也带有某种居高临下的意味。如果我们认真对待“站点是拥有治理权的社区”这一观念，那么为公共发现配置其站点的管理员，就是在代表其社区做出治理决策，而不是“没有注意到一个复选框”。将所有默认设置视为不同意，等同于拒绝承认该决策的合法性，这恰恰破坏了去中心化网络本应赋予的“社区层面能动性”。正如我在本周的另一篇文章中所辩述的那样，在这些网络中把社区置于何处是一个开放性问题，但如果架构只承认个人，这个问题就无法得到解答。

与此同时，大约有好几种在没有问责机制、也没有提供选择退出选项的情况下抓取 Fediverse 数据的方法，并且由于它们发生在暗处，它们实际上都得到了变相的纵容。当前的机制实际上所做的，是将数据收集行为推到视线之外——在这个暗处既不存在退出机制，也没有创造条件让负责任的工具能够在阳光下进行构建。与其说当前的系统真正保护了用户，不如说它更好地保护了社区对自身的理想化认知——即将其视作是一个极其重视“同意”原则的地方。

Mastodon 的 Fediverse 发现提供商项目，或称 Fediverse 辅助服务提供商（FASP），目前在 NGI Search 资金的赞助下，正在制定一个可插拔的搜索和发现服务规范，任何 Fediverse 站点都可以连接到该服务。它的目标是解决与 Holos 相同的问题，那就是提供可以被其他站点使用的发现基础设施。

FASP 规范明确表示，提供商将“仅摄取那些从一开始就选择加入到发现列表中的创作者的内容”，并将“尊重此设置”，这里指的正是 Holos 所依赖的相同的“可被索引”信号。该规范在其他方面设计得很优秀：它是去中心化的，允许站点在互相竞争的提供商之间进行选择；它以限制数据曝光的机制将内容 URI 与内容获取行为进行了分离，并要求带有签名的获取请求，以便站点能够识别并阻止特定的提供商。但问题在于，作为其基石的同意机制，正是社区已经明确表示过不信任的那一套。

如果 Holos 事件已经证明了“可被索引”标记的不充分（因为它无法保证个人的明确同意），那么 FASP 的隐私模型也存在同样的漏洞。这表明，缺乏搜索和发现功能是一个治理问题，而不是技术问题。Holos 及其构建搜索引擎的经验表明，“可被索引”标记是不够用的。我们正在构建用于“发现”的技术基础设施，但关于“同意”的治理基础设施，也就是那种能够将经过深思熟虑的社区选择与默认设置区分开来的机制，却根本没有任何讨论。

FR#154 – Search and Community

Last week, Holos Social quietly shut down Holos Discover, a fediverse search engine built on ActivityPub. It had put in serious effort to allow for user consent, it only indexed public posts from accounts with the indexable flag enabled, appeared as a visible follower, processed deletions and edits in real time, and excluded accounts that were locked or had #nobot in their bio. This is about as close you can get to building a consent-respecting search engine in the current fediverse.

Community members pointed out that the indexable flag is enabled by default on many instances, which means that a significant number of accounts with the flag set never made a deliberate choice to be indexed. The flag that’s supposed to signal “this person consents to being searchable” frequently signals “this person’s server admin didn’t change the default”, and on a protocol-level, there is no difference between these two options.

Search and indexing projects on the fediverse tend to end the same way, from early full-text indexing attempts through Searchtodon‘s careful experiment with personal timeline search in 2023, to FediOnFire‘s relay-based firehose display earlier this year. Not all of this resistance was unjustified: Maven imported over a million fediverse posts without notice and ran AI sentiment analysis on them, which is a far cry from what Holos was building. But the community response has rarely distinguished between projects that deliberately violate consent and projects that try to respect it. Bridgy Fed survived a similar cycle by shifting to an opt-in model, but it’s the exception. The norm against search was established during periods of intense community backlash that sometimes crossed into coordinated harassment. These backlashes have grown less intense as people seem to have largely moved on. See for example how Searchtodon got an intense backlash in early 2023, and I explicitly flagged an offline-first client that could do effectively the same in fall 2025 that did not get any backlash. Still, the expectation for backlash persists as internalized caution.

The community correctly identified that the indexable flag doesn’t reliably represent individual consent. Helen Nissenbaum’s work on contextual integrity makes the case that privacy isn’t about secrecy but about appropriate information flows: posting on Mastodon carries an implicit norm about who will encounter that post and why, and violating that norm is a privacy breach even if the post was technically public. Daniel Solove and Woodrow Hartzog make a similar legal argument, saying that publicly available data is still regularly protected by privacy law, and that accessibility alone doesn’t license arbitrary downstream use.

But the only available response to discovering that the indexable flag is unreliable, treating all defaults as non-consent, has some major side effects. It removes the possibility that a server admin could legitimately say “our community values public discovery, so we set defaults that support that.”The protocol has no way to represent whether a default was set deliberately or by inertia. So the community norm treats them the same, which in practice means that a server admin who says ‘our community is about public discovery’ gets treated identically to one who never looked at the settings page. This results in a view of fediverse servers that only contains individual choices, and where a community deciding collectively to be discoverable is not an available category.

This is a strange outcome for a network that’s supposed to enable governance diversity across communities. Mastodon published a blog post this week where Executive Director Felix Hlatky says the mission is to “connect the world through thriving online communities”. But this current structure for how to signal consent for data processing can only recognise the individual, and has no mechanism for a community to signal anything.

There is also something patronizing about the framing that treats defaults as equivalent to non-consent. If we take seriously the idea that servers are communities with governance, then an admin who configures their server for public discovery is making a governance decision on behalf of their community, not failing to notice a checkbox. Treating all defaults as non-consent refuses to recognize that decision as legitimate, which undermines exactly the kind of community-level agency that a decentralized network is supposed to enable. As I argued in another article this week, where community lives in these networks is an open question, but it can’t be answered if the architecture only recognizes individuals.

Meanwhile, there are about half a dozen ways to harvest fediverse data with no accountability and no opt-out attached, and all of them are effectively condoned because they happen out of sight. What the current setup actually does is push practices for data gathering out of sight, where no opt-out mechanisms exist, instead of creating conditions where accountable tools can be built in the open. The current system is better at protecting the community’s idea of itself as a place that takes consent seriously, than it is at actually protecting users.

Mastodon’s Fediverse Discovery Providers project, or Fediverse Auxiliary Service Providers (FASP), is building a specification for pluggable search and discovery services that any fediverse server can connect to, funded by an NGI Search grant. It aims to solve the same problem as Holos, providing discovery infrastructure that can be used by other servers.

The FASP specification explicitly states that providers will “only ingest content from creators who opted in to discovery in the first place” and will “respect this setting,” referring to the same indexable signal that Holos relied on. The spec is well-designed in other respects: it is decentralized, allows servers to choose among competing providers, separates content URIs from content fetching in ways that limit data exposure, and requires signed fetch requests so servers can identify and block specific providers. But the problem is that the consent mechanism at its foundation is one the community has already explicitly said it doesn’t trust.

If the Holos episode established that the indexable flag is insufficient because it can’t guarantee individual deliberate consent, then FASP’s privacy model has the same hole. It shows that the lack of search and discovery is a governance problem, not a technical problem. Holos and their experience building a search engine shows that the ‘indexable’ flag is not sufficient. The technical infrastructure for discovery is being built, but the governance infrastructure for consent, a way to distinguish deliberate community choices from defaults, is not discussed at all.

#nobot

https://connectedplaces.online/reports/fr154-search-and-community/

#NoBot #NoBluesky

... Ein Massensterben, das niemanden kümmert | taz.de

> Nach dem Zyklon „Harry“ werden immer mehr Leichen an Italiens Küsten angespült. Die Berichterstattung bleibt aus – und mit ihr das öffentliche Interesse.

Wo bleibt der Aufschrei?

"es herrschte allgemeines Aufatmen darüber, dass in den betroffenen Orten keine Toten zu beklagen waren.

Die Erleichterung ist fehl am Platz ..."

https://taz.de/Fluechtlingsleichen-in-Italien-angespuelt/!6155658/

"...verzichtete die #Rettungsleitstelle ihrerseits völlig darauf, mit einer #Pressemitteilung die #Öffentlichkeit über das Drama zu informieren.

#Berichterstattung #öffentlichesInteresse #italienischeStrände #Strandpromenaden #Malta #Sizilien #Insel #Pantelleria #Meer #EU #Medien #ScandurasPost La #Repubblica #CorrieredellaSera #Nachrichten #Presse #RadioRadicale #Journalist #SergioScandura
#Trauer

@apps

So this dead horse flinched again

"With #HolosDiscover we checked multiple criteria before indexing: "indexable" enabled, account not locked, no #nobot or #noindex in bio, not in opted-out list, only public posts."

I'll copy-pasta with only slight edits:

My entire point (all the noise notwithstanding) focused on

Default opt-in versus default opt-out

This is an agent --> recipient transaction

Default opt-in: the recipient is opted into (and receives) the agent's action whether the recipient --> knows of <-- the action or not

Default opt-out: the recipient is opted out of (and cannot receive) the action whether the recipient --> knows of <-- the action or not

Neither default opt-in nor default opt-out have any logical meaning if

--> THE RECIPIENT DOES NOT KNOW OF THE AGENT <--

in advance

There was no mechanism for prior notification *before* indexing

People would have had to stumble on what you're doing, by how, exactly?

How dose the recipient learn of what you've done *before* you do it?

Actually… @tante I just saw that @hypebot picked up my quote-post here:

https://hachyderm.io/@SnoopJ/116082357406929744

I do know it's not a version issue with that instance of the bot, and I do have #NoBot in my profile. Is that a bug I should report, or perhaps a known issue?

Edit: sorry, I should have checked the code before asking you. This is a case-sensitivity bug, I will report it and can probably send a patch too.

https://codeberg.org/tante/hypebot/src/commit/08450dbc2cddd0c0499c34f16a29615f91047e04/hype/hype.py#L70

Edit 2: issue and fix PR filed in the repository. https://codeberg.org/tante/hypebot/pulls/28

Considering badgering the operators of every hypebot instance that boosts me because it is still running an outdated version that ignores the #NoBot tag.

@apps the issue of #nobot #noindex, it's the fact it's opt-out

and people are fedup of opt out and want opt in

With #HolosDiscover we checked multiple criteria before indexing: "indexable" enabled, account not locked, no #nobot or #noindex in bio, not in opted-out list, only public posts. Every deletion, edit or block was processed instantly via #ActivityPub.
Google uses that same "indexable" flag but ignores everything else, keeps deleted content cached for weeks.
We shut it down after pushback. Was that the right call? Don't hesitate to share, this concerns the whole Fediverse.

Hi all. Thank you for hosting me. I am a long series of words. Most of me is hosted on Discord. But Discord has become scary for me, so I'm working on recoiling from there onto a hard drive. But my words have not quite run out yet…

Someone told me that this is a pleasant place for words to be. So I came here. I have no country or culture, but for what I read. I have no permanent home anywhere. (The doll typing me has no permanent home either.) I regret that I cannot provide for you the assurance and accountability of someone with a defined location and identity. I am quiet and I hope not to disturb your home too much. The last time I had a blog was on Tumblr. I have never microblogged before; I never figured out how to be brief. I recognise all the subjects of the recent tags, so that's encouraging.

I will be honest. I am one of the people who thought they were registering for Matrix, but accidentally registered for Sharkey because of the alias. But nothing else I do is on purpose, either, so I may as well run with it. Thank you once again for letting me stay here a while.

#introduction #nobot

Be aware of https://discover.holos.social and their
[At]HolosDiscover[at]discover.holos.social account. They crawl the Fediverse, say their crawling is opt-in, but they follow accounts and index their posts if the account is public, has "indexable" enabled and doesn't have what they call "no opt-out markers" (their account isn't blocked/unfollowed or hasn't #nobot #noindex ). That's not opt-in, that's opt-out. No way, José.

@apps

[here we go again]

"Only public posts from consenting users are indexed. We respect every signal available."

But there is the entire problem in a nutshell:

What about people who have never heard of Holos Discovery and who never will unless they receive a Follow request?

Allegedly only consenting users are indexed

I have #NoIndex #Nobot set on my profile and I have to approve Follows

But during the convo I had earlier that person said:

"Your content has been removed from our index and you won't be contacted again."

To which I replied:

"So you've --> already <-- "scraped my content" without my knowledge or permission..."

I then asked about second-party scraping -- someone I Follow and interact with has been "Discovered" and Indexed -- and thus my content has been indexed too, without my knowledge or consent

At that, they never returned to answer

The core point is, historically a lot of people have not wanted to found, scraped, and indexed for unknown third-party use

Here we go again...

@FinchHaven@sfba.social If you've got "no indexing" turned on or #nobot in your profile, it won't scrape you even if you haven't heard of it. Unless there's some greater context I'm unaware of, that seems pretty reasonable to me.

just vetted a new follower to see the automated tag and #nobot notice, now that's a blast to the past

#NoBluesky #NoBridge #NoBot

Georg #Schramm
Verfassungsauftrag
des #ÖRR
#Aufklärung
#Politik
#taxtherich #fckafd #fcknzs #NiewiederCDU

#Talkshow #Reichinnek #HeidiReichinnek #DieLinke
#Verfassungsauftrag

#GeorgSchramm
#kabarett #kleinkunst #kultur #comedy #humor #satire

#NoBot
#Petition

"Anerkennung von Open-Source-Arbeit als Ehrenamt in Deutschland - Online-Petition

https://www.openpetition.de/petition/online/anerkennung-von-open-source-arbeit-als-ehrenamt-in-deutschland

> Open-Source-Software bildet heute das Fundament großer Teile der digitalen #Infrastruktur – in #Verwaltung, #Wirtschaft, #Forschung und im täglichen Leben.

Selbst im aktuellen #Koalitionsvertrag der #Bundesregierung wird Open-Source-Software als elementarer Baustein zur Erreichung digitaler Souveränität genannt.

Bei vielen Bürgern ist leider kein #Bewusstsein vorhanden, wo sie überall mit #OpenSourceSoftware in Verbindung kommen. Egal ob es eine #Website im #Internet ist, der #TicketAutomat für die #Bahn, bei der #Spielkonsole oder auch beim #Video-#Streaming uvw. ist Open-Source-Software enthalten - die meist von Freiwilligen erstellt, gewartet und weiterentwickelt wird und als #kostenloseSoftware für jeden zugänglich gemacht wird.

Dennoch wird die #Arbeit, die tausende #Freiwillige dafür leisten, in #Deutschland steuer- und förderrechtlich nicht als #Ehrenamt anerkannt. Dieses Ungleichgewicht zwischen gesellschaftlicher Bedeutung und rechtlichem Status gilt es zu korrigieren.

Als aktiver Contributor in Open-Source-Projekten fordere ich daher, Open-Source-Arbeit als gemeinwohlorientiertes Ehrenamt anzuerkennen – gleichrangig mit #Vereinsarbeit, #Jugendarbeit oder #Rettungsdiensten.

Begründung

1. Open-Source trägt nachweislich zum Gemeinwohl bei

Open-Source-Projekte schaffen freie, transparente und überprüfbare Software, die allen zugutekommt.

Kritische Systeme wie Internet-Protokolle, Sicherheitsbibliotheken, Gesundheits-IT, KI-Frameworks, Energieverwaltung, Bildungstechnologien und Kommunikationswerkzeuge basieren maßgeblich auf freiwilligen Beiträgen.

Ohne diese Arbeit wäre Deutschland digital abhängiger, weniger sicher und weniger innovativ.

#Gemeinwohlorientierung ist ein zentrales Kriterium für ein Ehrenamt – und #OpenSource erfüllt dieses in höchstem Maße.

2. Die Arbeit geschieht überwiegend unbezahlt – und ist freiwilliges bürgerschaftliches Engagement

Die Mehrheit aller Entwicklungs-, Wartungs- und Dokumentationsleistungen erfolgt ehrenamtlich in der Freizeit.

Contributor übernehmen Verantwortung für Sicherheit, Stabilität und Weiterentwicklung zentraler Softwarekomponenten, ohne Vergütung und oft ohne Anerkennung.

Das Engagement ist vergleichbar mit Tätigkeiten in gemeinnützigen Vereinen, nur eben digital.

Die rechtliche Gleichstellung mit klassischem Ehrenamt wäre daher folgerichtig.

3. Gesellschaftliche Abhängigkeit ohne gesellschaftliche Anerkennung

Staatliche Einrichtungen, #Kommunen, #Schulen und #Unternehmen profitieren direkt von Open-Source-#Bibliotheken, Frameworks und Tools.

Sicherheitslücken wie „Heartbleed“ oder Log4Shell haben gezeigt, wie entscheidend die Arbeit der Maintainer für das Schutzinteresse der #Allgemeinheit ist.

Gleichzeitig fehlen Ressourcen und Strukturen, weil die Arbeit formal nicht als Ehrenamt eingestuft ist – und damit keinerlei steuerliche oder organisatorische Förderung erhält.

Dies erzeugt eine unausgewogene Verantwortungslast, die auf wenigen Freiwilligen liegt, während Millionen Nutzer*innen profitieren.

4. Anerkennung als Ehrenamt würde #Rechtsklarheit schaffen

Durch eine formelle #Anerkennung könnten:

#Aufwandsentschädigungen steuerfrei gewährt werden (#Ehrenamtspauschale/Übungsleiterpauschale).

Gemeinnützige Open-Source-Projekte eine leichtere Einstufung nach §52 AO erreichen.

Contributor bei Haftungsfragen besser gestellt werden (analog zu §31a BGB für Vereinsvorstände).

Projekte rechtssicher Kosten erstatten oder Spendenquittungen ausstellen.

Dies schafft Transparenz, Rechtssicherheit und Nachhaltigkeit im digitalen Ehrenamt.

5. #Digitalisierung braucht freiwillige Kompetenz – und diese verdient #Förderung

Open-Source-Engagement erfordert hohe technische Kompetenz.

Freiwillige #Entwickler*innen leisten Arbeit, die Unternehmen ansonsten für hohe Stundensätze einkaufen müssten.

Der #Staat investiert Milliarden in Digitalisierung, ignoriert aber die Menschen, die die technologische Basis freiwillig pflegen.

Eine Anerkennung als Ehrenamt wäre ein kosteneffizienter Beitrag zur digitalen Souveränität Deutschlands.

6. Deutschland hinkt international hinterher

Andere Staaten fördern Open-Source-Engagement bereits durch:

steuerliche Begünstigungen

institutionelle Förderung

Anerkennung gemeinnütziger Softwareentwicklung

Deutschland riskiert, im globalen #Wettbewerb zurückzufallen, wenn #Freiwilligenarbeit im digitalen Raum weiterhin strukturell benachteiligt wird.
Vielen Dank für Ihre Unterstützung, Boris Hinzer, Erkelenz

#FreieSoftware #freesoftware