I’m not a lawyer, but I know tech companies run social media platforms to create data models about users for ad platforms. It seems to me that they could attempt to integrate themselves into a fediverse network and still harvest data, and not even provide services. So perhaps a software license could require that content posted to the platform by users is by default licensed under CC-BY-SA-NC or something that would prevent this.
I am a bit over my head on what ActivityPub is capable of, but I imagine you could use ActivityPub, for something like a GitHub clone, to distribute git commits pertaining to AGPL licensed source code across federated instances of the application. So I think it is not necessarily the case that everything on the fediverse is available for anyone to use for any reason. The hexbear terms of service forbids anyone to “Use the Services to harvest, collect, gather or assemble information or data regarding the Services or users of the Services except as permitted in these Terms or in a separate agreement with Hexbear”. Of course anyone can violate the rules, especially if they bury it in the plausible deniability of a LLM. But should we just accept that and lay the user data out for big tech companies to leverage?
I know we’re not really talking about Git, but since you mentioned a federated GitHub clone of sorts, Radicle is pretty neat and a cool thing to check out!