Honestly, BlueSky’s AT Protocol fixes pretty much all of these issues (save for having a single actor controlling things as for the moment it’s still in active development and not adopted by any other project).
Even if you never intend to sign up for or use their protocol, I’d give it a read- it’s a really fascinating system design:
I think you’re fundamentally misunderstanding how data is handled in federated systems. When an account from Threads interacts with your post or you interact with a Threads post, information is exchanged exclusively through Actions sent between the servers- never to or from your or their client and another server. It looks like this:
Client <=API=> Instance <=Action=> Instance <=API=> Client
They don’t get any information that isn’t already available publicly to any random user on your instance- no IP address or anything otherwise. Threads’ mobile app data collection has no bearing on their ability to collect information on you.
Edit: To be clear- there is theoretically a set of protocols in the ActivityPub spec that allows for direct client to server communication (unimaginatively called ActivityPub Client-to-Server), but it hasn’t been adopted by any current Fediverse software implementation that I’m aware of.
Threads’ daily app downloads have universally been in the range of 350k-700k for the past month. Mastodon’s MAU for the same time period has been 1.1 million.
More people downloaded the threads mobile app in the past three days then have interacted with Mastodon in any capacity for the past month.
Edit: Even your cited source pegs Threads’ lowest recorded daily active users at nearly half Mastodon’s monthly active users, and that was from before the app was made available in India and the EU
Mastodon was immediately dwarfed from the very first day Threads was launched. Total Fediverse MAU has been hovering a but under 2 million, Threads first day user signups totaled more then 30 million. Threads’ growth has leveled off now but it’s still orders of magnitude more massive.
They wouldn’t be able to get it even from a federated instance as long as you don’t use their frontend.
I don’t know of any major instances that have enabled any of those… And all getting around it would take is to create an account on the instance- which for instances without admin approval can be done fully programmatically anyway so it wouldn’t even require human intervention, just a few extra lines of code.
They could already get all of your profile and post info… I could get that right now through the free api for every account on this and every other thread with a couple dozen lines of code.
Edit: I’m also unclear on how they would ever get your IP- if you never use their frontends the only IP they’d have access to is that of the server your account is hosted on… Which would only be your own IP for the extreme minority who host their own instance from their personal internet connection, and Meta wouldn’t be able to tell that that’s the case anyway.
Creating a paid or ad-supported client app for a website isn’t profiting off of content, it’s profiting off of the user’s desire for a better mobile experience. There’s no ‘stealing’, the developer never has access to nor purports to own any of the content themselves- it’s simply a voluntary intermediary for a user to access their own account with their own content feed.
That said, any client apps that run ads are dumb and will fail miserably. It’s awful for UX. Just so long as client apps can be monetized in other ways I think it’s fine to adopt a license that prohibits specifically ads.