I've hosted a mastodon instance since 2017 and I see one general misunderstanding over and over, on mastodon or on fediverse related subreddits.
People think it's a completely new concept.
People seem to have forgotten, or not been part of, all the message boards we used to have during the late 90s and all throughout the 2000s.
The ONLY thing Mastodon brings to this is federation. You used to have accounts on over a dozen message boards, sometimes with different avatar names. Most were special interest groups.
All of those boards were hosted by someone.
Having lived through that I view Mastodon as a different kind of PunBB software with federation. Because I view it from the perspective of the hoster.
Fidonet used to provide the federation across message boards in the BBS era, so there is literally nothing new. Really the new thing was smartphones opening up microblogging to average people who want to track celebrities and pretend what they had for lunch is worth sharing. (Edited to clarify fidonet was in the BBS era)
Fidonet boards exchanged messages overnight so the propagation delay was much longer. Also, the topology was different. I don't think the idea of each user publishing a public stream of messages that others subscribe to was a thing back then? Instead you would post messages in forums.
I was replying to a post claiming the only novel part of mastodon compared to old message boards is federation. I’m merely pointing out that many old message boards did have federation.
To your points (1) yes, everything was slower back then (2) people could and did post streams of their work within the BBS framework, everything from multi-part posts to “owning” a message-board topic, to text/ansi e-zines, but back then the focus was much more on following topics than people.
At this point, the Usenet servers which took massive amounts of bandwidth and disk space take tiny amounts of bandwidth and disk space (assuming you don't allow binary posts).
I mean, if people want to give out helpful information about gland enlargement alongside links to where supplements can be purchased for the astonishingly low price of $12 a pill, who are we to try to stop them? Provide an unfiltered free speech platform and the stronger ideas will win, right?
Spam filters can be opt-in. Spam filters can be federated. Spam filters can be local. It simply isn't true that decentralized censorship resistant systems fundamentally require users to be inundated with spam.
The charitable explanation is that you don't know what a killfile is. It is a personally created and maintained list of subject lines and/or poster addresses that you don't want to see. They can be limited to specific groups or be universal; they can be used to remove entire threads or just the messages that match.
In other words, it's a personal filter on incoming information. It's Joo Janta Peril-Sensitive Sunglasses. If it is censorship, it is a censor who works for you, obeys your commands, and never imposes your opinions on anyone else.
And it's not particularly good for spam, nor does anyone think that is its purpose. A killfile works against persistent trolls and idiots.
Right, and still I was super amazed that I could send a message to someone halfway around the world, and it would arrive there only a couple of days later! Compared to a letter that's really fast!
It was cool stuff, for sure, and I'm glad I got to experience it when it was new. A little extra latency in our online discourse would probably do the modern world some good, not that anyone would go for it.
I've been kicking some ideas around. My favourite so far is that instead of posting immediately, the system comes back to you after half an hour and says "do you still want to post this?". Hopefully any emotion has had a chance to work itself out in the half hour.
me neither. I think, based on Twitter's track record, people should remain skeptical until shown otherwise. They haven't delivered much to prove they're willing to do the right thing.
I don't see how it's the same. Message boards are all silos that don't mingle with each other in any way. You're saying the only part where Mastodon diverges is this thing that makes it markedly unlike message boards. I don't see the connection at all, not even to Proboards/Ezboard which had one global account across many boards.
I'd summarize Mastodon as a confusing version of Twitter that most technical people don't even understand. Drawing such a bad analogy like "it's basically like 2000s message boards" just drives this home even further.
It's like nobody can explain what it is. Though I suspect it's like monads where people need to drop the belabored metaphors and use simple language. Though then you just end up with something like "it's Twitter but the same UI shows people registered elsewhere."
I really don't get why the concept of mastodon is so confusing.
It's basically twitter/microblogging* with multiple hosts, and you can see posts from other hosts. So instead of just @andrewzah, my handle becomes @andrewzah@<host-I-chose>. You could visualize twitter as @andrewzah@twitter.com, but it's redundant as twitter is the only host. This is basically how email works, no?
The only other difference is federation, so you have two timelines instead of one: the entire** federated timeline, and the local timeline to your host. Plus the timeline of users you follow.
So unlike twitter, the user must decide what host they want to use. Or they can self-host an instance. I'm not sure if it's up to date, but https://instances.social has a wizard for this.
*: IIRC mastodon's default limit is 500 chars, and pleroma's is 2,000.
**: One exception: Hosts can block other hosts. So if you use i.e. mastodon.social, you won't see posts from users on blocked hosts unless you specifically follow them.
Choosing host is more important than it should be. Mainly because hosts are trying to do 2 things at the same time: being identity provider and being some kind of content host in federated environment (moderation etc).
Because of this when you choosing a host, you are investing too much. Their future policy changes etc will effect you, you cannot afaik move to another host. (like moving your email)
When you give people choice, things are much harder. On other platforms we have few choices depending on what you will publish (media type mainly), but here more like topic based separation, which is making things tricky, as we are humans with many different sides.
This is why I recommend self-hosting via pleroma if possible. Mastodon is a huge resource hog compared to pleroma, which can run nicely on a raspberry pi.
But yes, the issue gets outsourced to the user, and you have to trust a random individual instead of an entity like twitter.
Local timelines are at best an attempt to help with content discovery and really too overrated. If the instance is too big, it feels like reading from the firehose and if the instance is too small it is better to just browse the directory and find the profiles that seem interesting to you.
To me local timelines only make sense if the instance has a very clearly defined group with some kind of shared access, e.g, a company that has an instance for use by its employees, or a club or organization have some kind of membership. Unfortunately Mastodon's culture seems to about aggregating around instances with a very loose sense of "community" - e.g, "photographers", "open source developers", "lgbtq allies". To me this is - quite frankly - stupid. Not a day goes by on /r/mastodon where someone asks "is there an instance for X?" thinking that Mastodon instances works like subreddits.
"To me local timelines only make sense if the instance has a very clearly defined group with some kind of shared access, e.g, a company that has an instance for use by its employees, or a club or organization have some kind of membership"
Wow yeah, this makes a lot of sense. It's too bad nodes became associated with niche hobbies or interests.
E.g. a fraternity/sorority that hosts a node would make perfect sense for a local timeline. I guess the only issue is that these organizations aren't permanent. So people would have to migrate, which isn't a thing for twitter or facebook. I know mastodon has a feature for this specifically but I think people would still find it too confusing if people's handles kept on changing.
> people would still find it too if people's handles kept on changing.
Will they? Isn't it the same case with email? I used my University email when I was a student. I have a different company email for different jobs? Those that needed to communicate with me because of the job, I would give them my company email. When my work at company X ended, no one expected me to still message me at raphael@x.
The same with addresses from "email providers". They change less often, but it is still possible. My first account was probably at yahoo, but when gmail came up, I migrated, started to tell people my new address and auto forwarded any message that went to the old email.
"Well", that may be a lot of work to some people. To which the answer is "the only way to have absolute stability regarding your identity is if you own it". You can buy a domain a use a managed email service, you can have a domain and have a managed activitypub service provider.
I really don't get people's confusion over federation. It's just like email.
But with work/university email, you only use it for work/university. It's not a social network. It's not like you are sharing a pic of your cat, and want to keep the replies after you move to another job.
After starting a new job, I don't care about my old job's emails, but my twitter (which is my social network) is still the same
But even then, you can only pick one server per account, which seems asinine in this day and age. I should be able to browse any topic with one identity.
> I should be able to browse any topic with one identity.
You can. Who said otherwise? Where did you get that idea?
An account at Mastodon (or Pleroma/Misskey/Pixelfed/anything) lets you follow anyone you want. There is no restriction about server talking with each other at the protocol level. If the server is federating and its admin is not trigger-happy with federation, you are good to go.
Not every mastodon instance lets you browse their local feed if you're not registered to that instance. Now, it would be interesting if one could subscribe to multiple "local" feeds...
I think you're mistaken. I have permissions to access posts from any server (apart from those that the administrator has blocked, anyway), but that doesn't mean I can view another server's local feed in the Mastodon UI, which is the question at hand.
yeah I replied in sibling thread, mostly topic based instances and federation is the problem. (when identity is bound to host)
When I first saw Mastodon and topic based servers, I was thinking "photography" hosts will federate between each other, "developers" between each other etc. If you are a photography liking developer, you will have 2 accounts, one in "photographers in SF" instance, another one "developers in SF" maybe.
I do agree that because mastodon became focused around specific niches per host, it made things much more complicated for new users. Do I join mastodon.social? Do I join bsd.network? Do I join writing.exchange? Etc.
What I realized was I should have been asking: Do I care about the federated timeline? Do I care if my host blocks other hosts at random? Do I care if my host allows certain things (I.e. pornography with or without a NSFW tag, or at all). Do I know who the host is and can I trust them with my private messages and to not randomly ban me?
I personally like seeing the federated timeline as I have discovered some accounts through it. But my host absolutely needs to do some filtering because some hosts will allow -anything-. I never really found much use for the local timeline.
So for me, hosting was clearly the best option. I do try to get my friends to consider joining the fediverse, and I offer hosting to them to solve this issue.
I have a single user pleroma instance and I don't check local or federated timelines.
I think I even disabled them.
If I want to discover new content or users I go to the instances that interest me and explore their timelines.
Actually that was exactly my point, you managed to separate identity and content by using your own instance. But for average user this will be pretty hard.
It's a cultural issue, not a technical one. When Mastodon started to take off, one of differentiating factors was about the sort of people they wanted to attract. It's very easy to market to a tribe and appeal to their identity, so it started to stick.
One of my goals with communick is to get rid of this idea, actually. I try to make the point that an instance does not say anything about who you are or who you should follow.
A lot of people can put themselves onto the Fediverse with little more than a WordPress site and an ActivityPub plugin. You're right though, it goes beyond an average user's technical capability to do so at the moment.
Perhaps Automattic (the current owner of Tumblr) can shoehorn the ActivityPub protocol into Tumblr and find a way to market that system to your average Joe.
Not really, because the account is less coupled to the topics. I have one reddit account even though I'm in a bunch of different subreddits (and I'm not even in the subreddit that I originally joined reddit for). I have one discord account even though I'm in a bunch of different discords (and even have different usernames in different ones).
There is only the choice of whether to use the service or not. If you get banned for wrongthink on Twitter, it does not immediately affect you on Facebook.
Twitter and Facebook only ban the more extreme or inconvenient forms of wrongthink. Mastodon servers on the other hand often are Subreddit style echochambers.
I am questioning the presupposition that one chooses to make any account at all.
Using your analogy:
I don't need to create an account to view a subreddit or reddit.
I don't need to create an account to view federated instances.
When I publish content on any social network I am always thinking about who it is intended for.
I don't post the same things on Facebook that I would on Instagram, for example.
Users have to make the same choice of what to publish with any other social media service.
The choosing host part is exactly why I want to emphasize that nothing has changed in regards to hosting.
Just like before someone needs to host the "message board" and that someone needs to be relied upon.
I often see posts on fediverse related subreddits of people who are dismayed because their instance admin did something. They expect every instance to be a "Mastodon instance" and follow some sort of rules.
People need to be reminded of the internet that was. Before Facebook and Twitter started to run it for them.
Mastodon is only a little confusing (it's inherently going to be a bit more confusing than Twitter, which was the GP's main point). The complaints of the OP and much of the thread are more related to Twitter and microblogging being kind of, well, terrible. The "us versus them" quality is magnified if Mastodon consists of Twitter refugees. Twitter is moderated by the way the whole world can hear you when you scream - and that does not seem to moderate it well. Equating these constructs with BBSes seems kind of absurd. BBSes are the opposite are far as "controllabillity" goes - of course. You can moderate them any way you wish, including no moderate or even moderation intended to set people against each other (if you're truly evil). But the BBS or web forum belongs to someone and has this flexibility.
Mastodon and the Fediverse have often been advertised as "microblogging" tools, and the post length is mainly around the same as one would see on Twitter. That is a big difference from old-time message boards, where longform text was welcome and normal.
(Even if the Fediverse does support long post lengths, that matters little if the community has not embraced it.)
The problem with Twitter/"microblogging" isn't just post length.
The problem with Twitter/"microblogging" is also lack of hierarchical structure. A BBS has a series of subboards, those subboard have posts and the posts have comments. Sure, things can degenerate to just a series of "mega-threads" but if it's done, everyone the topic and the subtopic and so you can good contextual discussion. Facebook has a three level structure; post, comment and reply. Some of the oldest boards had full tree-structure as does HN, here. Multilevel comment and reply can be confusing but can be really useful to drill down to the detail of discussion wants.
And I guess this is where I go into full old lady "get off my lawn" mode and mention that I still remember when forums used WWWBoard and its clones (anyone remember CyBoard or VIPBoard?) that provided full comment threading. Any comment can be directly replied to and have its own tree of comments. Like... well, like HN, or Reddit.
I really thought forums lost something when UBB and its clones (vBulletin, phpBB, etc.) became dominant, because those systems only let top-level posts have replies. So you just had forum -> subforums -> posts -> non-threaded stream of comments under each post. It was honestly awful, and for much of the 00s forums just became a chore to read and participate in. And it really seemed to bring the worst out of people and of moderation policies: like, back in the WWWBoard days, if you wanted to respond to multiple comments on a thread, you'd reply individually to those comments, and they'd be threaded in the proper position. But on a UBB forum, if you replied individually to comments like that, half the forum would scream their eyes out at you for "double posting" and often the moderators would threaten to ban you if you did it again. And it also meant that any time an argument would start in a post's comments, that argument would take over any and all discussion under that post. In a WWWBoard system, the argument would be segregated into its own subthread and normal discussion can happen in other replies, but UBB didn't allow that. And when you have megathreads, a lot of times they just devolve into everyone just saying their piece and nobody having any real back-and-forth discussion (and honestly "megathreads" are something that didn't exist at all until UBB came around, because WWWBoard and its clones had no concept of bumping or sticky threads: every post was displayed in descending chronological order with no way to reorder anything)
Honestly, I jumped for joy when Reddit took over as the de facto Internet-wide forums system, because it finally meant we got to have real threads again.
I've used both kinds of forums, and I think both trees and linear threads - let's call them 'streams' - have their places.
If you imagine a forum as a large dinner table, trees are like conversations that start out at one corner of the table, maybe with a few people participating, and then usually split off into individual exchanges that don't interact with each other. When that happens late in the dinner after coffee and liquor, people usually move around and form little groups.
Streams are like shared conversations involving the entire table - one person at a time talks, everybody listens and replies. Sometimes people try to talk over each other, sometimes it's mostly two or three people talking and the others are nodding along for a while. But it's what makes the experience a communal one, and it's how you get to know the people in the group other than the few you directly spoke to.
It also acts as a moderating influence, since if two people are getting into a heated debate over some niche issue, other attendees will usually try to mediate for the sake of the event, instead of ignoring them and letting them fight among them.
Stream-based forums IME tended to form more robust communities where people recognized each other's names and avatars, whereas even in smaller subreddits I might recognize a couple of very frequent commenters but nowhere near as easily or as often. On the other side, tree-based forums make it much easier to establish a rapport with the couple of people you wanted to talk to and ignore everybody else.
(Potential objection: nothing's stopping a tree system from acting like a stream by having a "main" thread where most everybody pipes up. In theory that's true, but in practice I find that threads simply don't have the staying power of streams, because they fade off into the 'click here for the next 20 replies' purgatory where only the participants and a few lurkers follow. Streams keep all the eyeballs in the same place.)
writefreely has a better UI for reading long form posts and is quite popular among the academic communities on the fediverse.
personally I host a gitea server and link to my longer documentation on my federated account.
that gives me a bit more freedom to edit the content and easier to reference.
matrix servers are also great for hosting federated long form content.
> matrix servers are also great for hosting federated long form content.
Can you elaborate on that a bit? In my experience, Matrix implementations tend to be Slack/IRC-style chat interfaces.
Are you saying you find such interfaces to be good for long-form content, or are there other Matrix implementations that work out well for long-form content?
AFAIK, there is no implementation beyond some proof-of-concepts, but the idea is that Matrix (via bridges) can receive and send activitypub updates and treat them as messages in a room. So you could follow and respond to people on a room and they would receive updates on their ActivityPub server. It
This idea is not new, really. Movim (https://movim.eu) is running a federated social network on top of XMPP for over a decade already.
Can I browse another server from mastodon? it seems I can only choose from my feed (people i follow), the local feed (my server), or the global feed. This is a really rough experience because my server is one of the big generic servers so there is no specific discussion and indeed it’s mostly people and bots screaming into the void, and of course the global feed is the same except the volume of posts is much larger and now half of the feed is in a foreign language.
You don't have 'sort by most recent replied to topic' and a forum subtopic view like most message boards do although. There is a hard enforcement of posts sorted by initial post time.
Posts can be sorted any which way the frontend is configured to do so.
There isn't going to be a fediverse wide "topic" because of the nature of nodes but whatever the instance can see can be presented in any matter desired.
It's close to twitter in features but it's important to understand the hosting aspect.
Facebook and Twitter have been hosting our social media for years, in a centralized way.
Federation makes this possible for every person, denctralized.
So essentially we're back to 12-15 years ago when private people were still hosting message boards for each other. All that changes is that those message boards can now federate content.
And everyone who remembers those days know that hosting a message board that became popular was a struggle.
Which is why I've opted to keep my instance small through various steps I won't say here but they aren't ground breaking or secret. I just don't want to give away my identity because this is my secret account on HN.
After 4 years on the fediverse, listening to issues, reading threads, my opinion is that we should focus on many smaller instance rather than a few huge ones.
I would argue that what is described in this post is inherent in all social networks.
The wonderful thing about the Fediverse is that depending on the node you connect to, or the people you choose to federate with (in the event that you have your own instance) that your experience will be vastly different.
It’s given me some of the most enjoyable interactions I’ve ever had online in the last ten years.
You need to have a thick skin, take the time to use filters, block certain keywords.
And use Pleroma, Mastadon is crap, Pleroma let’s you type for DAYS, “limited character cap” is really only a mastadon thing and it’s crap.
The wonderful part is also its Achilles heel. Mastodon is advertised as an alternative to social networks, but since your identity is tied to your node, its much closer to joining a web forum structured like twitter with the possibility (but not guarantee) of interacting with similar forums. From that perspective it's great. When people offer it as an alternative to conventional social media, it comes up massively short for anyone not trying to live in a bubble.
Contrasted with facebook (or a twitter with groups), if you join a group of motorcyclists, there's little to no risk that you'll be excluded from the Scooter group of-which you're already a member because a few bikers got into a spat with scoot-gang, nor will you be excluded from any of the groups that get along well with scoot-gang.
> Contrasted with facebook (or a twitter with groups), if you join a group of motorcyclists, there's little to no risk that you'll be excluded from the Scooter group of-which you're already a member because a few bikers got into a spat with scoot-gang, nor will you be excluded from any of the groups that get along well with scoot-gang.
Are you sure? On Reddit, membership of one subreddit often results in bans from others, and Reddit is centralized.
I consider those kinds of bans petty, but hardly a platform issue.
Reddit exposes group affiliation by default through public post histories. One can lurk in any public subreddit without consequence. Even banned, you can still consume public subs, though you can't interact with them.
The simple act of account creation (choosing the wrong node) is enough to exclude you from otherwise public content in the fediverse.
Joining Mastodon is often described as joining 'mastodon the network', when in reality there is no cohesive network (though there may be a canonical network). You're joining your instance + an opaque number of unknown nodes, with much of the content arbitrarily disappeared for any number of historical reasons to-which you may not be privy.
Actually we need the rest of social media to have this, and then we don't need these alternative platforms.
There are simply too many people who have grown up without having any meaningful opposition in their lives - without having someone challenge their ideas and values and making them defend said ideas and values, and they simply do. not. know. how to cope with it.
Why is grinning-and-bearing harrassment by people who want you dead virtuous? “people who have grown up without having any meaningful opposition in their lives” always feels like a dogwhistle to me, because the people saying this tend to have far more privileged backgrounds than the people being harassed.
The entire world has been forced to act as diplomats. When coming from vastly different world views and experiences, being charitable in your interpretation of others is essential; it is important to distinguish disagreement, harassment, and true threat so as to avoid false positives and further degradation of the conversation. That charity requires having a very thick skin, and yes, it’s unfair when it’s not reciprocated and you are being targeted.
I think social media has taught us that most people are terrible diplomats. Which is to expected when a person’s threat response is engaged. Having a thick skinned and measured reaction to threat is still the best way to reduce that threat. And it requires a level of discomfort unprivileged people are generally much better at dealing with; the people who need to hear that advice most are those advantaged enough to be unfamiliar with dealing with discomfort.
I think a better solution than forcing everyone to become diplomatic or banning those who violate the norms of others is to have somewhat siloed social groups that are represented by open minded thick skinned diplomatic types that permeate the borders. That’s part of what’s appealing about a federated model; I think it better mirrors our social tendencies and historically successful political systems with diverse constituents (representative republics seem to be the only proven systems capable of dealing with lots of different peoples long term).
I’m of the opinion that the most virulent partisanship is actually due to the lack of silos rather than the echo chamber narrative. Before the internet, in group conversations stayed behind closed doors. That privacy allowed people who would be outraged at the contents of those conversations to get along in a diplomatic middle.
Now those conversations are public, and people seem to be fighting over control of one big room where all the walls have been removed.
I think a better solution than forcing everyone to become diplomatic or banning those who violate the norms of others is to have somewhat siloed social groups that are represented by open minded thick skinned diplomatic types that permeate the borders.
This is a genuinely fascinating idea that I haven’t seen before in discussion around Mastodon & co.
Not convinced it’s an actual possibility because of a lack of scarce resources & the like to actually cause diplomacy to happen over in a familiar way, but I have 0 idea of what the fediverse is like from within the fediverse, so perhaps there is something there I’m just not aware of.
Would upvote and read an insider’s “Diplomacy in the Age of Federation” esque article in a heartbeat.
Is this purely a US phenomenon? I don't see this much at all from people who live here t(the UK), but we're really starting to feel the effects of social media censorship hit hard, and I know a lot of people are really angry about Big Tech pushing their own moralistic world view on our country.
America has a long tradition of being vocal and offensive in its communications. At the very founding of our nation, you could find political cartoons of George Washington on a donkey, with the caption, "An ass being led to Washington."
In general Americans seem to be more thick-skinned than others. Or at least we used to be.
EDIT: Here you go buddy... this is almost a word-for-word of the argument that was used in the actual Supreme Court case, and should illustrate why we're at such a dangerous time in history - https://www.youtube.com/watch?v=MeTuNES82O0
Check out the book Infamous Scribblers: The Founding Fathers and the Rowdy Beginnings of American Journalism.
> I'd think that's how people you happen to hang out with, or talk with on the internet, might be.
You literally have no data to support that comment, whereas I'm referencing existing documents throughout American history that show just how vitriolic communications were.
You realize that our politicians used to get into fistfights on the floor of Congress, right?
> But not people in general, at least not the ones I've met from the US (lots of people).
What you've just described is selection bias, but I understand why would you feel that way. You're likely not exposed to a diverse selection of Americans. Do you know many corn farmers from the Midwest states? Do you know any deep sea welders from Mississippi? Do you know many club promoters from California? Do you know many book editors from New York?
>I would argue that what is described in this post is inherent in all social networks.
This is just what I was thinking. I can't imagine any platform that would meet some of the criteria demanded in this writeup. In what universe would you expect to close your account on twitter, move over to a new account, and migrate your history into a newly opened Twitter account? You can't do that on any private social platform. You also can't update posts on Twitter at all, let alone update and keep comments + replies. You can't know how many of your Twitter followers are "real" either; another thing not unique to Mastodon.
You actually can go past 500 characters on various instances. I'm on one that goes to 1024. As for character limits on "the fediverse" there are non-mastodon projects that let you go beyond 500 characters.
The larger project of federation is just so much more important than all these bizarre little idiosyncratic preferences. It's so maddening to listen to people who think the project of decentralized alternative to private social networks should live or die on whether it includes some new added feature that they can't even get on the private platforms.
Yep. I've been using Fosstodon for a couple months. It's not much different from the others, except that the typical Fosster is at least as tech-focused as HN. Without room for 10-paragraph expositions.
My daily surf starts with topical sites I know will pay off for me from experience. Later I'll quickly scan HN and various subReddit headlines for items of interest. Finally (time allowing) do I drop into xtodon to walk the seashore and see what the waves left.
Some nice days I like to sit and people-watch. Social media's more like mind-watch. Like BBS's did, sometimes the waves leave some useful flotsam. Mostly it's kelp.
> The wonderful thing about the Fediverse is that depending on the node you connect to, or the people you choose to federate with (in the event that you have your own instance) that your experience will be vastly different.
The same argument works with Twitter, and I genuinely believed so a decade ago (Twitter has been the only social network I still continuously use). I don't buy it at all after the decade-long experience. Your favorite followers will fight to each other no matter you've carefully chosen them. No amount of filter solves your timeline being messed.
All social networks do not work, federated or not. I'm going back to the good ol' IRC or whatever it follows.
Moderation alleviates those issues and the difference between Mastodon instances and Twitter is that the former can moderate content according to local community standards.
It's wrong to think of Mastodon as a 'social network', it's literally what the name suggests a federation of 'micro nations' with their own rules, more like subreddits than Twitter.
If your instance is large enough or your instance is small but peering to other instances, there would be enough interactions that will bother you eventually. Otherwise there is no point using them at all, a small IRC or Matrix or Slack or Discord server would work better.
> If your instance is large enough or your instance is small but peering to other instances, there would be enough interactions that will bother you eventually.
I had this problem. And unless you are the moderator/host, there's nothing to do. I was having problems with some other instances, but as a user there was nothing I could do. I thought Mastodon would do a better job on allowing me to block or limit my viewers based on their instance, but no luck.
So I went back to Twitter. If I can't do anything about instances I don't like, better use Twitter and get rid of that extra layer of complexity.
This article doesn't discuss why the organization in question didn't just self-host their own fediverse presence, perhaps using a CMS plugin like one available for WordPress. I'm not familiar at all with this "InfoSec Handbook" group but what I'd like to see at some point is a software platform that allows organizations to spin up fedi presences at their own domain (Write.as does this, but it'd be nice to have other players in the ecosystem), or even if traditional SaaS vendors would just adopt the underlying W3C protocols to allow for that.
yeah I thought that was the point of it. Sounds like the article authors don't get the Fediverse, and use it interchangeably with Mastodon. It's like saying Linux sucks because it's so complicated, having only tried one distro (i.e. Arch)
With the ActivityPub plugin (this one to be specific: https://wordpress.org/plugins/activitypub/), your WordPress site implements the underlying ActivityPub protocols and becomes an Actor that can be subscribed to by other ActivityPub installations.
Other CMS plugins may be worth looking into, or it may be worth looking into having your favorite CMS implement these protocols directly.
so you didn't like a particular implementation of activitypub designed for a specific ux not aligned with you, and some people you didn't like tried to argue with you on the internet.
these are problems you will have in any social media.
open source and federation give you the chance to find or design an implementation you do like.
people are much harder but at least you're not beholden to dictated rules from a large american corporation, and you aren't waiting on some unknown entity to moderate.
issues you raise with privacy are generally understood. public things are of course public. but there is also a lot of fediverse happening in places you can't see, and users in that space can satisfy themselves knowing those conversations aren't likely to live forever.
publishing and consuming rss is a good conclusion since you're oriented to longform content and less casual discussion.
This just reminds me that the problem with discourse isn't centralization, control, lack of privacy or security, or any other thing.
The problem is that people act in bad faith online, a lot.
Give a bunch of people a platform to broadcast their thoughts, and a lot of people will be lazy about those thoughts. A lot of people will turn it into a competition and be more concerned about creating a following rather than spreading truth and fostering healthy discussion.
Sure, I'd take a Fediverse over a Facebook or a Twitter any day; lack of corporate control and the ability to run your own instance and federate are just plain better from a "health of the internet" perspective. But that doesn't solve the social problems inherent in any community where people most don't know each other personally and don't have to interact face-to-face.
I have designed some solutions around this, but haven't found the right product/ecosystem in which to implement it yet.
The basic idea is that you need multiple independent publishers of append-only "credit rating" feeds, publishing their own views/opinions of the reputations of different servers, users, or hashtags across the whole of the network. Services can aggregate all of these moderation/rating feeds in realtime, and provide to their users a list of all of the different "social credit rating agencies", or moderation feed publishers. You as a user could then choose your moderators from across the internet, then their own moderation decisions are applied to your feeds. It's sort of like outsourcing the management of your block/mute list. You could, of course, disable all of the moderation feeds and see the firehose of slurs and spam, or switch to different ones.
We solved this with email (poorly, and over a long period of time), and RBLs were part of that process. We'll eventually see the same for federated/p2p systems as well.
I don't think this is the point. You are trying to solve a social problem via technical means, and that generally does not work.
Spam/scam email isn't a great parallel: that sort of thing is a more-or-less anonymous party intruding into someone else's life in order to try to sell them something or steal something from them. Blocking that kind of communication is the correct solution, and that's what success looks like.
Getting people to have nuanced, respectful conversations online is a completely different thing. If you get to the point where your best option is to block the other person, or moderate/delete their posts, that's a failure, not a success.
In a system where anyone can talk to anyone, for free, natural human tendencies are going to result in the vast majority of traffic being ads for sex, drugs, or salty carbohydrates.
Social networking needs moderation and filtering, because there are always going to be people who don't respect the time of others. Email just happened to be the first online social network, followed by usenet (which had killfiles).
There's going to be filtering. The only question is do you want it to be a small number of large, unaccountable corporations (and the governments that can put guns in the faces of their sysadmins), or "everyone who cares to, and you can pick"?
Dealing with millions/billions of people online, it's impossible to know who I can/can not expect to have nuanced, respectful conversations beforehand.
So, yes, I think it's not a bad idea if we took deny-by-default approach with new connections and treating them as hostile, unless they can have some backing social proof from one of your peers.
I would also be interested in an approach where every the initiator had to pay actual money to be able to interact, no big amounts, just enough to work as a deterrent to stop spammers, scammers and moderation crusaders:
- Want to send a DM? Pay $1, get it back if the recipient clears you up.
- Want to make a comment for the first time on someone else's thread? Poster decides the minimum amount to leave as scrow. Really good comments could even collect some of the money from spammers/hostile ones.
- Want to report someone because you don't like them or their views? Put $10 in scrow for the moderators. If accepted, you get the money back. If there is no grounds for the report, the reported person gets to choose which charity to donate the money and the next report from you will cost double.
Sadly, these sorts of bond-posting antispam systems are rendered mostly illegal due to financial surveillance requirements in the US: you can't really do micropayments like this without going through full KYC/AML on everyone you're receiving from or paying, which is a huge barrier to entry and adoption.
The intense regulatory requirements for total financial surveillance in the USA are holding so many insanely cool apps from being developed now that there's programmable money. Doing anything novel or cool with it is basically illegal.
https://kleros.io/ can do it on ethereum. Alas, it's still too expensive to do due to gas fees. I wouldn't be surprised if they come up with a Layer-2 approach for it, though.
> The problem is that people act in bad faith online, a lot.
I think the fundamental problem is that people's values and perspectives can be too different to be in the same room together without going at it.
Most people couldn't handle being in the same room as an avowed neo-Nazi saying Nazi things, for example, without at least picking a verbal fight, even if the Nazi wasn't addressing them directly. If they're talking about how they want to kill Jews, most decent people will feel like they can't just let that go unchallenged. And that's not the kind of argument that can really be handled civilly.
You get the same issue -- albeit usually not quite as strongly -- in a thousand different ways, when you have a globally scoped social platform. All those groups with fundamentally conflicting positions, all targeting each other. The result is chaos, which is why platforms are increasingly tightening the bounds of acceptable discourse.
Sure, but I think your example of a neo-Nazi vs. non-Nazi meeting up in a room describes a minority, extreme case. Most people are not Nazis, and most of the bad discourse on the internet does not involve Nazis.
Two somewhat-reasonable people, even if they're complete strangers, could have a productive discussion (or at least resolve to agree to disagree, if it gets a little heated) if they were to meet in person to hash things out. But in an online conversation, especially on a limited medium like Twitter or Mastodon, they could both easily devolve into talking past each other, name-calling, and arguing in bad faith.
This remains true for most platforms, not just those in the fediverse. HN is one example!
I am reading this article with great interest. I've recently started exploring fediverse platforms with much excitement. I'm more interested in building a community at the moment, and although this can be achieved with a classic bulletin board system, the fediverse had me curious.
If you're interested in hosting a discussion based community similar to HN or reddit, I'm working on a project that might interest you. Link in my bio.
What would be involved in hosting something like this? I'm always looking for stuff to host (and have been sick of reddit for a few years now), but anything I host would just be a server in my room on a residential IP, which may not have the reliability you want
Sorry for the late-late reply, I am not very active on HN. Hosting this requires a go compiler mostly and patience to fiddle with the sources, or to pester me on the mailing list to write proper instructions for deployment. The little documentation that there is is hosted here[1].
Thank you - I'm going to check it out. I also had a look at Lemmy recently which promises better fediverse support in the future. Is there a link to a live example? Didn't see one in the README
My project predates prismo I think, and I'm committed to bring it to fruition. That might not be for a while though as I'm working on a lot of low level stuff that might help other developers with writing activitypub services.
actually i think HN - ie. the comments, especially TLDR - is an example of, at least partial, solution, and this is why me like many other people usually go straight for the comments instead of the original article/post.
I do exactly the same! What I mean is, there are those that will vote or even comment without reading the article - I don't believe it's a problem unique to fediverse platforms.
If a headline could convey everything in an article why write the whole article? There's always more than could possibly fit in a headline; "yes, buts", etc.
Most of the points they elaborated on are People problems, not Mastodon problems. The genuine critiques of Mastodon they listed are migration issues, updating posts (it makes sense 'edited' posts lose their clout), and character limit (already way bigger than twitter's).
Also, aren't they falling into their own "Us vs. Them" argument by complaining about general Mastodon users?
People problems and technical problems aren’t so cleanly separated. People speak in pithy soundbites on Twitter in part because of who they are, and in part because of ergonomics of the platform (limited character counts, etc).
Mastodon is a place as much as a product. The technology affects how we interact, and how we interact in turn influences design choices.
As a regular fediverse user, the main detail I'd be curious about is: Which server was the experiment done on and which servers were federated with?
I don't have anything against this article per se, but it's worth noting every fediverse encounter is different.
My main take on this article is that it's like walking into a McDonald's and being upset they don't serve pizza and then condemning all fast-food as being terrible because it's not all pizza.
"We experienced the shutdown of our Mastodon instance twice. So, we migrated from securitymastod.one to mastodon.at, and then to chaos.social. Each time, we lost all of our posts, leaving behind a considerable number of dead links."
IMO organizations should self-host (same as with email, if you have a domain name that you are commonly associated with). If you aren't doing this, you don't fully understand the mechanics of the Fediverse or the underlying W3C ActivityPub protocols.
edit: by self-host, I mean either run your own infra or subcontract that out to a competent vendor. I don't literally mean self-host in the strictest sense.
Thanks for digging that up! Absolutely agreed about self-hosting and treating it like email. I've seen quite a few instances shut down in the ~6 months I've been around.
It's a pretty rough experience for people that are coming from the mainstream, since it's probably hard to imagine a social network powered by a rag-tag few people behind each instance and not multi-billion dollar tech behemoths.
Show me the Mastodon server with the moderation policy that fits the author's use case. It appears I can't even search mastodon instances by the criteria of moderation policy. (But if I'm missing something obvious please correct me because I'd love to be able to do this!)
There an abundant history of examples of centralized, publicly accessible forums where the quality of the discussion matches what the author desires. Plenty of FOSS mailing lists too, many of them extant. (On the topic of security, the cryptography list comes to mind.)
Mastodon's only value is in its utility to deliver discussions that are at least as functional as those I've participated in on these ancient services. If the author and I cannot easily (or ever) discover how to engage in discussions like that, it doesn't matter at all whether the underlying infrastructure is centralized or not.
I'm not fully sure what their use case is to speak to that. A good launching point to finding like minded people is this list though: https://fediverse.party/en/portal/servers
I joined before that link existed though, so I opted to join a really large instance, mastodon.social specifically in my case. From there, I started searching hashtags for topics I was interested in and engaging there. From my interactions, I got a feel of the quality of interactions from various instances. From there I started honing in on the various code of conducts to find a smaller instance I wanted to chill in.
It's worth noting that smaller, niche communities don't federate with the largest instances. If you're looking for the most down to earth people, it takes a few hops and a bit of time.
> I'm not fully sure what their use case is to speak to that.
The article spells it out-- they don't want drive-by, low-effort engagement with their posts.
> A good launching point to finding like minded people is this list though
Perhaps I'm idiosyncratic, but I don't see any value in choosing a server or community based on interest.
What I really care about is choosing a moderation policy, and viewing the content filtered through that lens. E.g., "Wholesome and non-contentious," or "thought-provoking and academic," etc.
Even then, I want to do that through a dropdown, not through a sign up on a server hard-coded to a single policy.
If that were true then email would be at odds with the concept of federation. There aren't interest-based email servers, or at least the concept of email isn't hard-coupled with interest-based servers.
I've lurked on Mastodon for a while and honestly your experience will be only as good as your instance you subscribed to. Fosstodon is a very focused instance with like minded people, and the local feed there is pretty top notch. My experience on more "general" focus instances was a lot worse and borderline spammy.
Hoping they put effort in making your activity pub profile more portable as move accounts to new servers is still kludgey at best.
That's accurate. But there's also a local feed you can consume (all the people on your instance), which is kind of a workaround if you can't be bothered with finding a fair amount of people to follow for your own timeline to be interesting.
My experience with the fediverse was that enjoying the benefits of federation encountered the same issues with content and user behaviour that can be found in silo'd services.
That is to say, fediverse sites increased their likelihood of replicating/serving hate, pornography and illegal content in correlation to the number of external sites they were connected to and the size of their user base.
It left me wondering why even bother? It's no better than using Discourse for a private group and Twitter/Facebook for public groups. Perhaps worse.
> using Discourse for a private group and Twitter/Facebook for public groups
Even if what freeone3000 said about Mastodon is also all true about Discourse (I know nothing about Discourse, but I'll take your word for it), it's not true about Twitter/Facebook. And since Mastodon is aimed more at the public group use case, Mastodon is a useful replacement of Twitter/Facebook even by your own logic.
No, the fediverse has at least one per instance, often more. I would even go as far saying the fedi has more mods per users. They're still only mods, for the instance they're on, though.
I saw pornography of very dubious legality within seconds of opening a public Mastodon server during my first time checking out the fediverse. It was enough to convince me never to use Mastodon again.
And I saw pornography on Twitter, which obviously IS THE ting Mastodon copies, too. It totally depends on the instance's mods what they allow and yes, mastodon.social allows porn. Mastodon is not a social platform for catholics. If you see porn without NSFW Content Warning, you can report it.
You are speaking of some future state, however likely that may be, this doesn't exist now and exists on the corporate platforms now. Obtaining this information by extracting it from ActivityPub streams is also a far cry from getting the information from a centralized platform that is eager to sell it to anyone with money.
It has happened and more than once that I have found a fediverse post when doing a google search. So webcrawlers are already scooping the data up. And I mean why shouldn't they? It's a publicly posted (micro)blog. There is no robots.txt telling them to stay away? The servers are handing it out for free to anyone who asks.
The only missing part is using it to build profiles and join profiles. It may already exist, but I haven't heard anyone doing it... yet.
Are there no fediverse-scraping services that sell your data to advertisers? That seems a prime target for every moderately-evil adtech executive out there.
Even if there are, they still get a lot less data since they only see what you posted publicly. Unlike Twitter/Facebook, scrapers won't see your every mouse movement, how long you stare at any individual post, or any other of the more invasive tracking opportunities that are available to Twitter/Facebook.
The scraping services also won't know your email address unless you post it publicly or they figure it out some other way, so they'll find it much harder to associate the data they scrape with your other online identities, too. This also makes the data less valuable to advertisers, so I imagine there's less incentive to scrape it.
There’s a growing misconception that sites like Twitter are a good representation of unfiltered, unmoderated content, or that the only moderation actions from these sites is against famous figures like Trump.
In reality, sites like Twitter and Facebook remove a lot of terrible content posted by people who deliberately enjoy terrorizing shared spaces with abhorrent images.
Anyone who has been involved with the moderation of a moderately popular site or platform with image-upload features will understand: There are a lot of people on the internet with infinite free time and motivation to troll public spaces with shock images and similar content. Any unmoderated space will eventually attract these people.
Worse yet, if this behavior goes unchecked it tends to drive the good users away. Decentralized and/or unmoderated platforms seem to have a small following of ideologists who will look past the bad content and focus on the good, but the general public isn’t terribly interested in wading through random pornography or worse content just for the sake of being on a decentralized platform.
There are three main sections of the Fediverse: OStatus, Diaspora* and ActivityPub. Most OStatus systems have migrated to ActivityPub, but Diaspora*'s still separate. https://friendi.ca gives you access to all three.
Thanks for sharing your considerations. It's good that people care and think carefully about which services to use and not to use, and also share it.
I think the main problem is that the idea and implications of decentralisation are hard to fully grasp. It does not imply privacy or security. It does imply decentralisation of power, decentralisation of rules & code of conduct and decentralisation of financing.
My own experience:
Mastodon has provided me a first step in more digital sovereignty. It is very refreshing to have a timeline that you can fully control.
Moving to Mastodon felt like moving into a new village. You start with an empty timeline, and you have to actively work on your first connections.
After some initial effort, you are rewarded with meeting interesting people. They welcome you in their communities, and you can keep on discovering amazing people through the messages they boost!
Feel free to interact via erik@mastodon.utwente.nl :-)
There's subtext here, right? Is this related to Gab and the rest? From their earlier post about Fediverse:
>Some parties in the Fediverse demand “self-censorship.” Especially when we talk about particular services or products, individuals contact us and demand that we delete our posts. “We shouldn’t talk about the topic,” so other people don’t start to use these “evil” services and products. In our opinion, such demands contradict the claim of being an “open-minded community.”
I’m not sure, but even if not I still feel like that’s a silly complaint.
Party A says something on the Internet that offends party B.
Party B says something on the Internet that offends party A.
Party A complains that they’re being asked to self-censor.
I see it as both parties using the service as designed to speak their minds. Party A also has the tools to mute Party B if they don’t like what they have to say.
I do get that, but really, B doesn’t have any special sway. They’re just some randos saying that they don’t like A’s posting. While annoying, that’s going to happen on every social network. If I went on Gab and started posting a lot of pro-Biden content, I’m certain plenty of people would tell me to knock it off.
So sure, it’s alright for A to be annoyed by it. That’s definitely not a unique feature of the fediverse, though.
I'm upset that they're painting these social issues as Mastodon-specific ones, and that they're painting the Fediverse as just Mastodon, but they do have a point about RSS.
I've been banned from two mastodon servers; one for saying "Neil Degrasse Tyson is my spirit animal" and the other for simply disagreeing with somebody. The tribalism is strong on Mastodon and of you don't make effort to conform you won't last long.
I haven't had this issue on my instance but I do cross-post onto Mastodon instances that focus on infosec.
The only complaints I've gotten have been from Mastodon mods that want some specific content warning or some such that I can't be bothered with.
I just delete those posts, fuckem if they don't want it.
> Many Fediverse users claim to be the “better and open-minded alternative to Twitter.” We think that this doesn’t reflect reality, as explained below.
I also had my problems with Mastodon and Pleroma users. Unfortunately, there are idiots everywhere and, while federation helps to some degree, separating left/right extremists, trans people and transphobic people, you can still be in an instance focused on anime, and get attacked because you use Mac/Windows instead of linux.
I think that some of their points are good. I think the major one is that unless you run your own instance you have no ownership over your identity (save the mastodon migration tools). I think it is weird that if I want to use Mastodon to post short messages and PeerTube to post videos I need two different identities. I think it would have been better if I could have a shared identity that could be used across multiple fediverse apps, or used to move my identity from a "shared" provide to a new one, or a self-hosted one.
I also think that length-limited posts are not a great basis for a social network, but that is not mastodon specific.
I expected something more technical, but instead the points are mainly based on culture (which seems to be a problem for most social networks). In addition, I find it weird that there are several parts where they argue against decentralization. I mean, those are just examples for specific situations, but putting all examples together tells a story of itself.
Besides Pleroma mentioned elsewhere in this thread, has anyone checked our Misskey (https://join.misskey.page/en/)? It has some interesting features, like arranging your own virtual room and sharing it with others. I've not seen much of it yet.
I’ve had critiques about the fediverse for a long time. I’ve also had critiques about urbit for a long time.
It seems to me that Zot improves pleroma/mastodon to solve their problems (server extinction, account migration). It also seems to me that Urbit improves Zot to solve their problems (user experience, global naming).
re: “I’m privacy-friendly; please donate”: I donate but don't mind identifying myself. If you want anonymity then don't donate to whoever runs the server that you use.
You are free to follow and un-follow (if you see toxic material) as you wish.
I hope that I don't sound like I am lecturing or otherwise being obnoxious, but if you don't think that the large Internet platform companies have too much power then I recommend reading "The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power" and "privacy is Power."
The great thing about the Internet is that anyone can get a domain, get creative, share their stuff, meet people, make business acquaintances, etc. I see the Fediverse as another tool to use.
Can someone contextualize this post somewhat, for readers who have been living under a rock and don't know about the Fediverse nor who is "we" at "infosec-handbook"?
I actually went and read that, but it's wholly unclear what place the fediverse actually has in online culture today, what "kind" of people use it, or parts of it; what it replaces for them; etc.
RSS needs to add a <reply_to> field to replace the fediverse. There's really no need for a unified community; metadata can be provided separately by other systems.
> Their messenger doesn’t offer any server-side protection. In their case, a server-side party can directly access your data in cleartext—this is trivial.
I am one of the people that got a lot of shares on Mastodon for being critical of Signal.
I think this article greatly misrepresents the main arguments going around the Fediverse about Signal, and the arguments for alternatives.
1. Signal holds the only set of signing keys to the only published binaries allowed on the network, compiled by them, that in turn control all signing keys. If pressured they could push a malicious update with unpublished code. The published server code has not been updated since April last year, so either they have made no changes since then or they are already comfortable pushing updates without matching public source code.
2. The bulk of metadata protection on Signal comes down to trust in SGX, which indeed is an entirely broken technology and keys can be extracted from it via a number of side channels if there is sufficient motivation, such as a government trying to track down dissenting views, or a future owner of Signal that secretly is willing to cooperate with a state actor. Intel also could, if ordered, also issue a microcode update intentionally compromising the RNG used for keys, etc. Signal places a huge centralized target on its back so I think these risks are plausible and worth being aware of.
3. Signal forces all TCP/IP metadata to one stack, which if combined with heuristical analysis, I strongly suspect it would be possible to work out which IPs communicate with which other IPs even without aid of SGX contained metadata.
4. Signal is actively hostile to any third parties that compile and sign signal network compatible binaries and release them via open source app stores, and vows to fight them and get them removed from the network. Moxie repeatedly says he prefers the install base tracking proprietary stores like Google and Apple afford.
5. Signal has built their entire social graph on phone numbers which require ID to buy and are actively tracked in 200 countries, and many carriers will sell out their customers to bounty hunters etc. This is directly at odds with their stated goals of furthering privacy.
When asked what alternative I suggest, I say Matrix.
Those that really need privacy can use a pseudonym via Tor on a server of their choice hosted by people they trust and avoid revealing PII to the messenger at all, unlike Signal. The most private metadata is that which you are not required to reveal in the first place.
The server and remaining metadata that must exist, like sensitive channel memberships, easily be hosted in a server you own on property you own. Sensitive channels could stay on that server and not reveal any metadata or group participation to the wider network giving you granular control of your own metadata and where it lives.
If you really wanted to you could even use generic tools that exist for SGX to do FDE on the database disk with the key in SGX and in turn also run a lean binary like Dendrite in SGX. I don't think this is worth it, and I think SGX is largely security theatre at this point but this is what freedom looks like.
You can run your own server and maintain it according to your own threat profile, instead of using a one size-fits-all threat profile a centralized walled garden forces on you.
If you still think all the arguments above are totally unreasonable and you don't like hearing a lot of opinions critical of popular centralized services like Telegram, Signal, and Whatsapp... then indeed the Fediverse may not be for you.
Most users care a lot about keeping digital sovereignty which is why they joined the Fediverse in the first place.
> 3. Signal forces all TCP/IP metadata to one stack, which if combined with heuristical analysis, I strongly suspect it would be possible to work out which IPs communicate with which other IPs even without aid of SGX contained metadata.
I don't think you've thought about this properly. The fact you've mistaken this (the Don't Stand Out principle) for a flaw in Signal - rather than a clear strength compared to federated systems - is a bad sign.
> 5. Signal has built their entire social graph on phone numbers
The Signal system doesn't maintain a social graph. That's another huge flaw of many alternatives, since of course an attacker would (and this has already happened) harvest the social graph from the system.
Suppose you turn up with a Federal Judge tomorrow at Signal's offices, demanding a list of the groups I'm in, friends I know, people I've communicated with. Moxie can't help you. You supply my telephone number. Moxie still can't help you. OK, you demand a list of all Signal groups. Well here's all the new-style Signal groups. They have opaque IDs, their names, membership lists and all other metadata are encrypted, with keys Signal does not have.
Now, if you do the same for Riot.im you get truckloads of interesting information about whichever user or users you were interested in, including where to look next for more information about other users they know or communicate with. Even better, the "privacy conscious" users will often, as you've recommended, not be on Riot but instead on a low population Matrix server they control, neatly isolating them so you needn't even bother gathering a "graph" at all.
> 2. The bulk of metadata protection on Signal comes down to trust in SGX, which indeed is an entirely broken technology and keys can be extracted from it via a number of side channels if there is sufficient motivation, such as a government trying to track down dissenting views, or a future owner of Signal that secretly is willing to cooperate with a state actor. Intel also could, if ordered, also issue a microcode update intentionally compromising the RNG used for keys, etc. Signal places a huge centralized target on its back so I think these risks are plausible and worth being aware of.
Question: are you talking about address book protection, right? Because I don't wee how SGX would be required for protecting 1-to-1 chats -- keypairs for identity management and PFS-compatible encryption would suffice for that.
I wish the Mastodon ad campaigns on Twitter would focus more on the digital sovereignty benefits.
It seems like all anyone takes away from federated protocols is "it's more secure" in some ambiguous way.
On the Signal topic, I've been put off talking about the security concerns of centralized vs decentralized lately as everyone seems to interpret this as "US X NOT Y".
Reach out to Eugen about that -- afaik he runs the @joinmastodon Twitter account directly or has someone helping him with it, but he's approachable about feedback.
"Safer social media experience" refers to user safety, i.e. moderation and safety tools like content warnings, phrase filters, mutes, blocks, and the various quality of life improvements to those features.
That's not what I think is being conveyed to the people I link that page.
They take those descriptions as it applies to their own posts, "your messages are safe".
When I am put in the position to need to explain that Mastodon isn't an end-to-end encryption platform I've lost them completely.
Part of the things that you mentioned in your experience, "us v them" ideology, reverse burden of proof are all a defining characteristic of any forum that thrives. And, arguably, its not a bug it's a feature.
Typically, a forum has a lot of registered users, but very few who are active daily. (Reddit reported 52M MAU in Oct 2020, an increase by 44% post pandemic. Their MAUs in Dec 19 were 430M. So, about 7-10% users are very active, others are lurkers). The most frequent users (power users) gain kind of an influence which is suited to their experience the most (not talking about HN per se, not as frequent here) and they come to define the rules of the forum. It's not specific to mastodon, and forum moderators allow it because they are the users (and many a times mods themselves) and it does not really break a rule. The us v them mentality in particular is key for the forums since it invokes an emotional response in using that forum. Many lurkers stick to the forum if they cant find a better alternate to stay in touch with the topic, and they leave when they do.
The other problems you highlighted may not be a platform problem but a human problem which will happen on almost every other platform. I don't think there is a solution to this except finding other smart people who are more self aware, though that is easier said than done.
The title starts with "Our experience with the Fediverse", so your criticism seems misplaced. They are describing their experience, and don't seem to claim that this will be everyone's experience.
People think it's a completely new concept.
People seem to have forgotten, or not been part of, all the message boards we used to have during the late 90s and all throughout the 2000s.
The ONLY thing Mastodon brings to this is federation. You used to have accounts on over a dozen message boards, sometimes with different avatar names. Most were special interest groups.
All of those boards were hosted by someone.
Having lived through that I view Mastodon as a different kind of PunBB software with federation. Because I view it from the perspective of the hoster.