Opt-in consent issue re: ActivityPub users

Some ActivityPub users believe that all bridges to another platform should be Opt-In (i.e. in this particular case, ActivityPub users should be able to explicitly allow whether or not they want their profile to be available on Nostr and use the bridge) and that this belief has led to incidents in the past.

Many users flee from proprietary networks to free networks as these, in general terms, are more privacy friendly and give them more control over what they do or do not want to see.

I think bridges are good tools to interconnect different free networks, such as Nostr, the Fediverse or Bluesky (although this last network is dominated by a corporation that sooner or later will capitalise user data and become a corporate capitalist network like the rest of the traditional proprietary ones).

This is why I think it is important that all bridges are Opt-In, that is, that the user can choose whether to participate in another network before their data is processed, because if they are not, it can lead to many users and admins being reluctant and blocking them, eliminating their purpose.

In addition, making it Opt-In would improve compliance with the legal requirements of the GDPR. The GDPR requires you to provide a complete export of a user's data (15.1, 15.3, 20), to delete that data (17) or to terminate the account (17) upon request. By making it Opt-In, you would avoid legal problems from users who do not want their accounts to be replicated or perform manual deletion of their data, which would be a tedious task. In addition, this would also mean that when a user wanted to stop using the bridge, they could Opt-Out and automatically send a request to delete their data in Nostr (although it is not possible to delete accounts as such in Nostr, a deletion event could be sent to the known relays of all the data associated with that key via NIP09), and even before deleting the private key from the bridge database, provide it to the user in case they want to try Nostr natively in the future. Currently, Mostr tries to delete in Nostr the posts that are deleted from the fediverse as soon as the different relays allow it, but it would be nice if when doing Opt-out, the deletion action was performed for all known data for that key. #49 (closed)

To make it Opt-In, you could do something similar to how Bridgy Fed, Bluesky's bridge (which was initially Opt-Out and then changed to Opt-In after user complaints) is implemented, which I think has a very good implementation of Opt-In and Opt-Out by simply following a bot.

I believe that taking this into consideration will be beneficial for you, for your project and for bridge users, as it will also avoid potential problems with legislation such as the European GDPR.

Further reading on the topic and reasons why Bridgy Fed went Opt-In for better project management:

• https://github.com/snarfed/bridgy-fed/issues/835
• https://github.com/snarfed/bridgy-fed/issues/836
• https://github.com/snarfed/bridgy-fed/issues/873
• https://brid.gy/about#gdpr

Same petition is sended to momostr bridge https://github.com/nanikamado/momostr/issues/8 Similar petition for Nostr #26