Overall I see no issues with recommending Mastodon, but minor comments:
Visibility controls protect against the Public Exposure threat, which is not mentioned at the top. Although, these can of course be bypassed if your adversary creates a fake profile meaning it doesn’t really protect against Public Exposure effectively either, and that the measures are more like trying to make private something not designed to be private. [1]
I’ll note in transparency that I am not entirely convinced by my following arguments myself but do feel like it is worth mentioning. I think that
- If the approach is censorship as the privacy benefits are controversial (as noted on github), then the only threat listed should be
Censorshipand notSurveillance Capitalismtoo.
The protections against surveillance capitalism are either account-related [2] or privacy-policy-related, both of which are explicitly omitted due to varying depending on the instance. So what protects against surveillance capitalism? I am assuming it is because Mastodon is not adtech / surveillance capitalism itself, in which case:
- It seems contradictory to specifically exclude some benefits that are given by the instance (account-related) from the requirements, but include other benefits given by the instance (policy-related) in the threats.
especially considering that unlike other public exposure concerns involving third parties, you are fully in control of what you post/share in the first place and aren’t limited to requesting third parties to hide or delete your information after it has been shared. ↩︎
I also think that if sign-up not needing personally identifiable information is not a requirement due to it being instance-specific, it should not be mentioned in the description and very first paragraph, but rather at a later point, as the focus should be on anti-censorship. ↩︎