The filtration capabilities available to most users is pretty robust; depending on what you use to interact with the Fediverse. I thinik it would be possible to filter out problematic bots, users and even whole domain sources with the right kind of software.
I’m going to be bold enough to say we don’t have as wide of an AI/LLM issue on the Fediverse as the other platforms will have.
I’m certain that if someone did collect data from the Fediverse; it would become a hot topic and it might not be enough data anyways as the Fediverse is not mainstream enough normally. So the data and language collected here might skew in a few imaginable ways that one might find undesirable for a general model of word frequencies.
Also the fact that people might not appreciate that data being collected. Let’s be real. It’s too soon for such a project to begin. The AI TREND MUST DIE as it currently lives and it’s corpse must be rotted away completely. Now, in internet time that may not be all that long…a few to several years…the memory of the internet can be short-lived at times. It must, however, fade from the public conscience into some obscurity first.
Once the technology no longer lies in greedy hands again; new development can begin anew.
Now we wait for someone to build an absolutely wonderful chat app on top of this wonderful bit of PoC code…
I genuinely hope someone does. Imagine what this could do if this was routed over Tor using Private Services.
Run this over that; and you’d have a bullet-proof text chat. Wrap a nice GUI client around all of that and you have a proper secure, anonymous messenger with no problems. With a little more build-out; you could even implement the Matrix protocol over this wire-line and basically have full inter-federation and moderation over a secure wire protocol; allowing for complete privacy and client integration.
TL;DR: Matrix over PQChat over Tor. Think about it. A Post-Quantum Dark-Matrix web.
Can it? Maybe. It’s not impossible; but it isn’t practical and most ISPs limit their shenanigans to grabbing your unencrypted DNS requests.
Will it? Probably no; aside from the previously mentioned DNS redirections; they’re not interested in most people’s packets, only in how many they deliver.
Should you care? I won’t tell you not to take precaution, but I do urge you to consider your threat model carefully and consider the tradeoffs. When Security & Privacy goes up, Convenience and Functionality WILL go down. Balance your needs. Don’t put yourself in a state of Privacy fatigue.
Are there easy fixes? Maybe. I think a VPN or using Tor would solve your concerns here anyways; it’s not required that your modem be running OSS that you can control. If you can achieve it; that’s still good for you; but it’s not something to be sweating if your modem isn’t capable and your invasive ISP is the only effective option.
It feels like this vulnerability isn’t notable for the majority of users who don’t typically include “Being compromised by a Nation-State-Level Actor.”
That being said; I do hope they get it fixed; and it looks like there’s already mitigations in place like protecting the authentication by another factor such as a PIN. That helps; for people who do have the rare threat model issue in play.
The complexity of the attack also seems clearly difficult to achieve in any time frame; and would require likely hundreds of man-hours of work to pull off.
If we assume they’re funded enough to park a van of specialty equipment close enough to you; steal your key and clone it; then return it before you notice…nothing you can do can defend against them.
Such a system might be constructed for one’s own scraping needs by taking any one of the current frontend/backends and customizing that behavior such that it could mitigate issues or ingest/ignore data based on your own inputs as well; such that your model could be “riding along on a human surfboard with human guidance”