Generally speaking, the design of the Fediverse leans towards radical transparency and disclosure.

It’s not particularly private at all. Instead it levels the playing field by making a lot of the data companies would normally be harvesting and selling available to literally everyone with minimal effort, drastically reducing its value. It also just collects relatively little data to begin with.

If, however, you were hiding from a hostile government or something, this is one of the last places I would use for communication.

In short, anything you publish here will, by design, be broadcast all around to whatever service is interested in listening. Collecting data about fediverse users is as easy as setting up a federated service designed to collect data, and observe what comes in. In some countries there are regulations for what kind of data you’re allowed to store, but you could always just go somewhere else and do it.

Nobody is going to buy user data from sh.itjust.works or any other service because why the hell would they do that when they can just collect everything for free.

This is not unlike everything else on the Internet. If you publish something, it can be used. Maybe not legally in all countries, but as we have learned from the AI revolution nobody really cares about legality anyway.

Nothing you post here, or anywhere else on the internet, is private. It’s all public, and if companies find a way of profiting off it chances are that they will. If they can’t do it legally in the US they will do so somewhere else. The only way of avoiding it is by not publishing in open forums.

If you’re worried about your user data, the best you can do is probably to jump around between different accounts.

Depends on the location of the instance. The EU and California have laws for that, for example.

With FEP-c118 there is currently an extension to the activitypub protocol in the works to allow setting a license on posts. If you don’t add a license info in your posts the licensing is unclear. I think that some jurisdictions give a default copyright and some protections to the author but I don’t know how that works.

With the fediverse you you have as much or as little rights as when you put it on your private blog without explicit licensing. If someone uses your works without your consent you still have to find out and you have to protected your rights yourself.

There are currently no lemmy or kbin instances that have monetization options. The only ActivityPub software I know that can show ads is misskey.

In the end you have to be aware that any kind of open social network is like screaming your thoughts towards a big crowd. You lose most of your control over it the second it’s out. It is nearly impossible to track who has the information and who shares it with others.

There are legal protections in some parts of the world but even then you first have to find out that something bad happened. If an instance were to start monetizing data it would probably cut off pretty fast and all the communities would probably move.

Still if there is stuff you don’t want everyone to know don’t post it publicly.