It's worth noting that part of Facebook's culpability regarding Cambridge Analytica is that the CA "personality survey" was able to gather "personally identifiable information such as real name, location and contact details" of participating users, and also "the app did the same thing for all the friends of the user who installed it".[0]
I suppose that a lot of personal data could be gleaned about someone (and their friends) from a rogue ActivityPub node reading the posts that were federated with it, but people would be suspicious if, for example, Mastodon suddenly started asking users for their phone number, Social Security number, and a picture of their driver's license.[1] And people would be very unlikely to sign up to a node which was actually run by Cambridge Analytica, right?[2]
I suppose that a lot of personal data could be gleaned about someone (and their friends) from a rogue ActivityPub node reading the posts that were federated with it, but people would be suspicious if, for example, Mastodon suddenly started asking users for their phone number, Social Security number, and a picture of their driver's license.[1] And people would be very unlikely to sign up to a node which was actually run by Cambridge Analytica, right?[2]
[0] https://www.theguardian.com/news/2018/may/06/cambridge-analy...
[1] https://www.washingtonexaminer.com/opinion/parler-is-not-the...
[2] https://www.techdirt.com/articles/20201116/01141545710/what-...