[HN Gopher] Our experience with the Fediverse, and why we left
___________________________________________________________________
Our experience with the Fediverse, and why we left
Author : dsego
Score : 151 points
Date : 2021-01-24 18:33 UTC (4 hours ago)
(HTM) web link (infosec-handbook.eu)
(TXT) w3m dump (infosec-handbook.eu)
| PointyFluff wrote:
| Literally just an article that highlights the problems with
| social media in general.
|
| Total click-bait; I sure thankful for ublock.
| cblconfederate wrote:
| RSS needs to add a <reply_to> field to replace the fediverse.
| There's really no need for a unified community; metadata can be
| provided separately by other systems.
| centimeter wrote:
| As someone who's never used any fediverse software, I found this
| post entirely uninteresting and irrelevant. It sounds like the
| author had some beef with random people they found online and
| want to portray this as a systemic issue.
| tasty_freeze wrote:
| The title starts with "Our experience with the Fediverse", so
| your criticism seems misplaced. They are describing their
| experience, and don't seem to claim that this will be
| everyone's experience.
| TheJoYo wrote:
| They make some systemic criticisms about the security of
| decentralization on top of making recommendations to
| potential users:
|
| - Use RSS feeds generated by mastodon / pleroma. - Contribute
| to stackexchange and hacker news.
|
| If it wasn't for those recommendations the title could better
| represent the content.
| k__ wrote:
| _" The toxic "us vs. them" ideology"_
|
| Very good point.
|
| On the one hand, Twitter is full of shit and people need to
| protect themselves from it.
|
| On the other hand, people tend to protect themselves too much and
| end up in a bubble that can be toxic too.
| TheJoYo wrote:
| I'm fine with people filtering information going towards them,
| its when they try to filter the information at the source
| that's problematic.
|
| inter-nodal moderation works great for this, I'm sure there are
| many Mastodon instances that de-federate with my instance for
| some asinine reason.
| jessehattabaugh wrote:
| I've been banned from two mastodon servers; one for saying "Neil
| Degrasse Tyson is my spirit animal" and the other for simply
| disagreeing with somebody. The tribalism is strong on Mastodon
| and of you don't make effort to conform you won't last long.
| TheJoYo wrote:
| I haven't had this issue on my instance but I do cross-post
| onto Mastodon instances that focus on infosec. The only
| complaints I've gotten have been from Mastodon mods that want
| some specific content warning or some such that I can't be
| bothered with. I just delete those posts, fuckem if they don't
| want it.
| kowlo wrote:
| Besides Pleroma mentioned elsewhere in this thread, has anyone
| checked our Misskey (https://join.misskey.page/en/)? It has some
| interesting features, like arranging your own virtual room and
| sharing it with others. I've not seen much of it yet.
| INTPenis wrote:
| I've hosted a mastodon instance since 2017 and I see one general
| misunderstanding over and over, on mastodon or on fediverse
| related subreddits.
|
| People think it's a completely new concept.
|
| People seem to have forgotten, or not been part of, all the
| message boards we used to have during the late 90s and all
| throughout the 2000s.
|
| The ONLY thing Mastodon brings to this is federation. You used to
| have accounts on over a dozen message boards, sometimes with
| different avatar names. Most were special interest groups.
|
| All of those boards were hosted by someone.
|
| Having lived through that I view Mastodon as a different kind of
| PunBB software with federation. Because I view it from the
| perspective of the hoster.
| Mediterraneo10 wrote:
| Mastodon and the Fediverse have often been advertised as
| "microblogging" tools, and the post length is mainly around the
| same as one would see on Twitter. That is a big difference from
| old-time message boards, where longform text was welcome and
| normal.
|
| (Even if the Fediverse does support long post lengths, that
| matters little if the community has not embraced it.)
| joe_the_user wrote:
| The problem with Twitter/"microblogging" isn't just post
| length.
|
| The problem with Twitter/"microblogging" is also lack of
| hierarchical structure. A BBS has a series of subboards,
| those subboard have posts and the posts have comments. Sure,
| things can degenerate to just a series of "mega-threads" but
| if it's done, everyone the topic and the subtopic and so you
| can good contextual discussion. Facebook has a three level
| structure; post, comment and reply. Some of the oldest boards
| had full tree-structure as does HN, here. Multilevel comment
| and reply can be confusing but can be really useful to drill
| down to the detail of discussion wants.
| amyjess wrote:
| And I guess this is where I go into full old lady "get off
| my lawn" mode and mention that I still remember when forums
| used WWWBoard and its clones (anyone remember CyBoard or
| VIPBoard?) that provided full comment threading. Any
| comment can be directly replied to and have its own tree of
| comments. Like... well, like HN, or Reddit.
|
| I really thought forums lost something when UBB and its
| clones (vBulletin, phpBB, etc.) became dominant, because
| those systems only let top-level posts have replies. So you
| just had forum -> subforums -> posts -> non-threaded stream
| of comments under each post. It was honestly awful, and for
| much of the 00s forums just became a chore to read and
| participate in. And it really seemed to bring the worst out
| of people and of moderation policies: like, back in the
| WWWBoard days, if you wanted to respond to multiple
| comments on a thread, you'd reply individually to those
| comments, and they'd be threaded in the proper position.
| But on a UBB forum, if you replied individually to comments
| like that, half the forum would scream their eyes out at
| you for "double posting" and often the moderators would
| threaten to ban you if you did it again. And it also meant
| that any time an argument would start in a post's comments,
| that argument would take over any and all discussion under
| that post. In a WWWBoard system, the argument would be
| segregated into its own subthread and normal discussion can
| happen in other replies, but UBB didn't allow that. And
| when you have megathreads, a lot of times they just devolve
| into everyone just saying their piece and nobody having any
| real back-and-forth discussion (and honestly "megathreads"
| are something that didn't exist at all until UBB came
| around, because WWWBoard and its clones had no concept of
| bumping or sticky threads: every post was displayed in
| descending chronological order with no way to reorder
| anything)
|
| Honestly, I jumped for joy when Reddit took over as the de
| facto Internet-wide forums system, because it finally meant
| we got to have real threads again.
| piaste wrote:
| I've used both kinds of forums, and I think both trees
| and linear threads - let's call them 'streams' - have
| their places.
|
| If you imagine a forum as a large dinner table, trees are
| like conversations that start out at one corner of the
| table, maybe with a few people participating, and then
| usually split off into individual exchanges that don't
| interact with each other. When that happens late in the
| dinner after coffee and liquor, people usually move
| around and form little groups.
|
| Streams are like shared conversations involving the
| entire table - one person at a time talks, everybody
| listens and replies. Sometimes people try to talk over
| each other, sometimes it's mostly two or three people
| talking and the others are nodding along for a while. But
| it's what makes the experience a communal one, and it's
| how you get to know the people in the group other than
| the few you directly spoke to.
|
| It also acts as a moderating influence, since if two
| people are getting into a heated debate over some niche
| issue, other attendees will usually try to mediate for
| the sake of the event, instead of ignoring them and
| letting them fight among them.
|
| Stream-based forums IME tended to form more robust
| communities where people recognized each other's names
| and avatars, whereas even in smaller subreddits I might
| recognize a couple of very frequent commenters but
| nowhere near as easily or as often. On the other side,
| tree-based forums make it much easier to establish a
| rapport with the couple of people you wanted to talk to
| and ignore everybody else.
|
| (Potential objection: nothing's stopping a tree system
| from acting like a stream by having a "main" thread where
| most everybody pipes up. In theory that's true, but in
| practice I find that threads simply don't have the
| staying power of streams, because they fade off into the
| 'click here for the next 20 replies' purgatory where only
| the participants and a few lurkers follow. Streams keep
| all the eyeballs in the same place.)
| TheJoYo wrote:
| writefreely has a better UI for reading long form posts and
| is quite popular among the academic communities on the
| fediverse.
|
| personally I host a gitea server and link to my longer
| documentation on my federated account. that gives me a bit
| more freedom to edit the content and easier to reference.
| matrix servers are also great for hosting federated long form
| content.
| kitotik wrote:
| Could you expound on using matrix for long form content?
|
| I host a synapse homeserver, and feel like I'm not using it
| to its full potential.
| rglullis wrote:
| AFAIK, there is no implementation beyond some proof-of-
| concepts, but the idea is that Matrix (via bridges) can
| receive and send activitypub updates and treat them as
| messages in a room. So you could follow and respond to
| people on a room and they would receive updates on their
| ActivityPub server. It
|
| This idea is not new, really. Movim (https://movim.eu) is
| running a federated social network on top of XMPP for
| over a decade already.
| TheJoYo wrote:
| The recent Bluesky report is hosted on matrix.org I don't
| host content on a matrix service but I imagine it's
| similar to Slack in that regard.
|
| I could be way off on matrix' utility here as I don't use
| it for my primary publication.
| moksha256 wrote:
| > matrix servers are also great for hosting federated long
| form content.
|
| Can you elaborate on that a bit? In my experience, Matrix
| implementations tend to be Slack/IRC-style chat interfaces.
|
| Are you saying you find such interfaces to be good for
| long-form content, or are there other Matrix
| implementations that work out well for long-form content?
| TheJoYo wrote:
| The recent Bluesky report is hosted on matrix.org
|
| I don't host content on a matrix service but I imagine
| it's similar to Slack in that reguard.
|
| I could be way off on matrix' utility here as I don't use
| it for my primary publication.
| novok wrote:
| You don't have 'sort by most recent replied to topic' and a
| forum subtopic view like most message boards do although. There
| is a hard enforcement of posts sorted by initial post time.
| TheJoYo wrote:
| Posts can be sorted any which way the frontend is configured
| to do so.
|
| There isn't going to be a fediverse wide "topic" because of
| the nature of nodes but whatever the instance can see can be
| presented in any matter desired.
| richard_todd wrote:
| Fidonet used to provide the federation across message boards in
| the BBS era, so there is literally nothing new. Really the new
| thing was smartphones opening up microblogging to average
| people who want to track celebrities and pretend what they had
| for lunch is worth sharing. (Edited to clarify fidonet was in
| the BBS era)
| skybrian wrote:
| Fidonet boards exchanged messages overnight so the
| propagation delay was much longer. Also, the topology was
| different. I don't think the idea of each user publishing a
| public stream of messages that others subscribe to was a
| thing back then? Instead you would post messages in forums.
| richard_todd wrote:
| I was replying to a post claiming the only novel part of
| mastodon compared to old message boards is federation. I'm
| merely pointing out that many old message boards did have
| federation.
|
| To your points (1) yes, everything was slower back then (2)
| people could and did post streams of their work within the
| BBS framework, everything from multi-part posts to "owning"
| a message-board topic, to text/ansi e-zines, but back then
| the focus was much more on following topics than people.
| dsr_ wrote:
| At this point, the Usenet servers which took massive
| amounts of bandwidth and disk space take tiny amounts of
| bandwidth and disk space (assuming you don't allow binary
| posts).
|
| Maybe it's time for Usenet to come back.
|
| - Truly federated
|
| - Topic focus instead of people-focus
|
| - Killfiles!
|
| - Proper threading
|
| - Standards-based servers and clients
| tlavoie wrote:
| Usenet over UUCP worked just fine, with UUCP serving up
| email too on the dial-up batch syncs.
| numismatex wrote:
| So did FTP over e-mail. The tech evolves. UUENcode
| sucked, btw. And the NZB-based file aggregation and
| directories served up were pure trash.
| TheJoYo wrote:
| I agree but I think there's potential for celebrity owned and
| managed federated instances.
|
| Twitter doesn't really give handlers the tools to manage
| their celebrity client, otherwise we would have seen things
| with Trump go very differently.
|
| An owned and managed instance can invest heavily into
| moderation and image cultivation in ways that Facebook and
| Twitter will never provide.
|
| The whole thing with Wil Wheaton on mastodon.cloud was a good
| example of what goes wrong, however.
| riffic wrote:
| I'd really like to see Twitter white-label their app as a
| managed SaaS on custom domains.
|
| Perhaps that's what Bluesky is intended to be.
| TheJoYo wrote:
| I don't have much hope for Bluesky.
|
| Twitter could re-enable RSS if they really wanted to show
| that their interest was genuine.
| riffic wrote:
| > I don't have much hope for Bluesky.
|
| me neither. I think, based on Twitter's track record,
| people should remain skeptical until shown otherwise.
| They haven't delivered much to prove they're willing to
| do the right thing.
| hombre_fatal wrote:
| I don't see how it's the same. Message boards are all silos
| that don't mingle with each other in any way. You're saying the
| only part where Mastodon diverges is this thing that makes it
| markedly unlike message boards. I don't see the connection at
| all, not even to Proboards/Ezboard which had one global account
| across many boards.
|
| I'd summarize Mastodon as a confusing version of Twitter that
| most technical people don't even understand. Drawing such a bad
| analogy like "it's basically like 2000s message boards" just
| drives this home even further.
|
| It's like nobody can explain what it is. Though I suspect it's
| like monads where people need to drop the belabored metaphors
| and use simple language. Though then you just end up with
| something like "it's Twitter but the same UI shows people
| registered elsewhere."
| andrewzah wrote:
| I really don't get why the concept of mastodon is so
| confusing.
|
| It's basically twitter/microblogging* with multiple hosts,
| and you can see posts from other hosts. So instead of just
| @andrewzah, my handle becomes @andrewzah@<host-I-chose>. You
| could visualize twitter as @andrewzah@twitter.com, but it's
| redundant as twitter is the only host. This is basically how
| email works, no?
|
| The only other difference is federation, so you have two
| timelines instead of one: the entire** federated timeline,
| and the local timeline to your host. Plus the timeline of
| users you follow.
|
| So unlike twitter, the user must decide what host they want
| to use. Or they can self-host an instance. I'm not sure if
| it's up to date, but https://instances.social has a wizard
| for this.
|
| *: IIRC mastodon's default limit is 500 chars, and pleroma's
| is 2,000.
|
| **: One exception: Hosts can block other hosts. So if you use
| i.e. mastodon.social, you won't see posts from users on
| blocked hosts unless you specifically follow them.
| joe_the_user wrote:
| Mastodon is only a little confusing (it's inherently going
| to be a bit more confusing than Twitter, which was the GP's
| main point). The complaints of the OP and much of the
| thread are more related to Twitter and microblogging being
| kind of, well, terrible. The "us versus them" quality is
| magnified if Mastodon consists of Twitter refugees. Twitter
| is moderated by the way the whole world can hear you when
| you scream - and that does not seem to moderate it well.
| Equating these constructs with BBSes seems kind of absurd.
| BBSes are the opposite are far as "controllabillity" goes -
| of course. You can moderate them any way you wish,
| including no moderate or even moderation intended to set
| people against each other (if you're truly evil). But the
| BBS or web forum belongs to someone and has this
| flexibility.
| bluesign wrote:
| I guess problem lies in this part mainly.
|
| Choosing host is more important than it should be. Mainly
| because hosts are trying to do 2 things at the same time:
| being identity provider and being some kind of content host
| in federated environment (moderation etc).
|
| Because of this when you choosing a host, you are investing
| too much. Their future policy changes etc will effect you,
| you cannot afaik move to another host. (like moving your
| email)
|
| When you give people choice, things are much harder. On
| other platforms we have few choices depending on what you
| will publish (media type mainly), but here more like topic
| based separation, which is making things tricky, as we are
| humans with many different sides.
| TheJoYo wrote:
| Users have to make the same choice with any other social
| media service.
| incrudible wrote:
| There is only the choice of whether to use the service or
| not. If you get banned for wrongthink on Twitter, it does
| not immediately affect you on Facebook.
|
| Twitter and Facebook only ban the more extreme or
| inconvenient forms of wrongthink. Mastodon servers on the
| other hand often are Subreddit style echochambers.
| TheJoYo wrote:
| I haven't had any moderation issues on my instance.
| bluesign wrote:
| Sorry maybe I couldn't explain my point clear.
|
| Think Mastodon instances (hosts) as reddit subreddits.
|
| Basically you are creating an account in not universe
| (reddit) but on instance (subreddit)
|
| And this subreddit is deciding, which other subreddits
| you can see with your account. (fediverse)
| TheJoYo wrote:
| I am questioning the presupposition that one chooses to
| make any account at all.
|
| Using your analogy:
|
| I don't need to create an account to view a subreddit or
| reddit. I don't need to create an account to view
| federated instances.
|
| When I publish content on any social network I am always
| thinking about who it is intended for. I don't post the
| same things on Facebook that I would on Instagram, for
| example.
|
| Users have to make the same choice of what to publish
| with any other social media service.
| bluesign wrote:
| Yeah but I am more thinking about not hosting your
| Instance angle.
|
| Mostly topic based federation is what I am against. (When
| bundled with identity)
| TheJoYo wrote:
| You might be mixing up threads here, I didn't mention
| single user instances in my reply.
| andrewzah wrote:
| This is why I recommend self-hosting via pleroma if
| possible. Mastodon is a huge resource hog compared to
| pleroma, which can run nicely on a raspberry pi.
|
| But yes, the issue gets outsourced to the user, and you
| have to trust a random individual instead of an entity
| like twitter.
| bluesign wrote:
| I don't know much about pleroma, I will definitely check.
|
| But when you self host your Mastodon, aren't you losing
| the benefit of local. What is the point of local if I
| will be alone there?
| rglullis wrote:
| Local timelines are at best an attempt to help with
| content discovery and really too overrated. If the
| instance is too big, it feels like reading from the
| firehose and if the instance is too small it is better to
| just browse the directory and find the profiles that seem
| interesting to you.
|
| To me local timelines only make sense if the instance has
| a very clearly defined group with some kind of shared
| access, e.g, a company that has an instance for use by
| its employees, or a club or organization have some kind
| of membership. Unfortunately Mastodon's culture seems to
| about aggregating around instances with a very loose
| sense of "community" - e.g, "photographers", "open source
| developers", "lgbtq allies". To me this is - quite
| frankly - stupid. Not a day goes by on /r/mastodon where
| someone asks "is there an instance for X?" thinking that
| Mastodon instances works like subreddits.
| TheJoYo wrote:
| I have a single user pleroma instance and I don't check
| local or federated timelines. I think I even disabled
| them. If I want to discover new content or users I go to
| the instances that interest me and explore their
| timelines.
| bluesign wrote:
| Actually that was exactly my point, you managed to
| separate identity and content by using your own instance.
| But for average user this will be pretty hard.
| rglullis wrote:
| It's a cultural issue, not a technical one. When Mastodon
| started to take off, one of differentiating factors was
| about the sort of people they wanted to attract. It's
| very easy to market to a tribe and appeal to their
| identity, so it started to stick.
|
| One of my goals with communick is to get rid of this
| idea, actually. I try to make the point that an instance
| does not say anything about who you are or who you should
| follow.
| riffic wrote:
| A lot of people can put themselves onto the Fediverse
| with little more than a WordPress site and an ActivityPub
| plugin. You're right though, it goes beyond an average
| user's technical capability to do so at the moment.
|
| Perhaps Automattic (the current owner of Tumblr) can
| shoehorn the ActivityPub protocol into Tumblr and find a
| way to market that system to your average Joe.
| TheJoYo wrote:
| That isn't an option for average users on any social
| network.
| kowlo wrote:
| I thought Mastodon was closer to Twitter than it is to the
| classic BBS.
|
| How is your instance going - did you build a community around
| it?
| cocktailpeanuts wrote:
| I was looking to find an insightful article about the problems
| with Fediverse.
|
| But I only found an article that rants about the toxic humanity.
|
| This article has nothing to do with so called "Fediverse". It's
| so unrelated that the title almost reads like a click bait.
| riffic wrote:
| This article doesn't discuss why the organization in question
| didn't just self-host their own fediverse presence, perhaps using
| a CMS plugin like one available for WordPress. I'm not familiar
| at all with this "InfoSec Handbook" group but what I'd like to
| see at some point is a software platform that allows
| organizations to spin up fedi presences at their own domain
| (Write.as does this, but it'd be nice to have other players in
| the ecosystem), or even if traditional SaaS vendors would just
| adopt the underlying W3C protocols to allow for that.
| proc0 wrote:
| yeah I thought that was the point of it. Sounds like the
| article authors don't get the Fediverse, and use it
| interchangeably with Mastodon. It's like saying Linux sucks
| because it's so complicated, having only tried one distro (i.e.
| Arch)
| kstrauser wrote:
| Absolutely. "People are asking for money to host our
| timeline!" Well, run your own server and don't charge
| yourself.
| rakoo wrote:
| That would solve the migration problem, but not the others
| which are definitely social problems and not technical problems
| malwarebytess wrote:
| There's subtext here, right? Is this related to Gab and the rest?
| From their earlier post about Fediverse:
|
| >Some parties in the Fediverse demand "self-censorship."
| Especially when we talk about particular services or products,
| individuals contact us and demand that we delete our posts. "We
| shouldn't talk about the topic," so other people don't start to
| use these "evil" services and products. In our opinion, such
| demands contradict the claim of being an "open-minded community."
| [deleted]
| kstrauser wrote:
| I'm not sure, but even if not I still feel like that's a silly
| complaint.
|
| Party A says something on the Internet that offends party B.
|
| Party B says something on the Internet that offends party A.
|
| Party A complains that they're being asked to self-censor.
|
| I see it as both parties using the service as designed to speak
| their minds. Party A also has the tools to mute Party B if they
| don't like what they have to say.
| curtainsforus wrote:
| I mean, it's
|
| Party A says something on the Internet that offends party B.
|
| Party B asks party A to self-censor/tells them to shut up,
| which offends party A.
|
| Party A complains that they're being asked to self-censor.
|
| When party B _is_ asking A to self-censor, there 's nothing
| wrong with A complaining about what B is saying. If A's lying
| or being dishonest, oh well.
| kelnos wrote:
| This just reminds me that the problem with discourse isn't
| centralization, control, lack of privacy or security, or any
| other thing.
|
| The problem is that people act in bad faith online, a lot.
|
| Give a bunch of people a platform to broadcast their thoughts,
| and a lot of people will be lazy about those thoughts. A lot of
| people will turn it into a competition and be more concerned
| about creating a following rather than spreading truth and
| fostering healthy discussion.
|
| Sure, I'd take a Fediverse over a Facebook or a Twitter any day;
| lack of corporate control and the ability to run your own
| instance and federate are just plain better from a "health of the
| internet" perspective. But that doesn't solve the social problems
| inherent in any community where people most don't know each other
| personally and don't have to interact face-to-face.
| sneak wrote:
| Decentralized, opt-in publishing requires decentralized, opt-in
| moderation.
|
| I have designed some solutions around this, but haven't found
| the right product/ecosystem in which to implement it yet.
|
| The basic idea is that you need multiple independent publishers
| of append-only "credit rating" feeds, publishing their own
| views/opinions of the reputations of different servers, users,
| or hashtags across the whole of the network. Services can
| aggregate all of these moderation/rating feeds in realtime, and
| provide to their users a list of all of the different "social
| credit rating agencies", or moderation feed publishers. You as
| a user could then choose your moderators from across the
| internet, then their own moderation decisions are applied to
| your feeds. It's sort of like outsourcing the management of
| your block/mute list. You could, of course, disable all of the
| moderation feeds and see the firehose of slurs and spam, or
| switch to different ones.
|
| We solved this with email (poorly, and over a long period of
| time), and RBLs were part of that process. We'll eventually see
| the same for federated/p2p systems as well.
| kelnos wrote:
| I don't think this is the point. You are trying to solve a
| social problem via technical means, and that generally does
| not work.
|
| Spam/scam email isn't a great parallel: that sort of thing is
| a more-or-less anonymous party intruding into someone else's
| life in order to try to sell them something or steal
| something from them. Blocking that kind of communication is
| the correct solution, and that's what success looks like.
|
| Getting people to have nuanced, respectful conversations
| online is a completely different thing. If you get to the
| point where your best option is to block the other person, or
| moderate/delete their posts, that's a failure, not a success.
| sneak wrote:
| In a system where anyone can talk to anyone, for free,
| natural human tendencies are going to result in the vast
| majority of traffic being ads for sex, drugs, or salty
| carbohydrates.
|
| Social networking needs moderation and filtering, because
| there are always going to be people who don't respect the
| time of others. Email just happened to be the first online
| social network, followed by usenet (which had killfiles).
|
| There's going to be filtering. The only question is do you
| want it to be a small number of large, unaccountable
| corporations (and the governments that can put guns in the
| faces of their sysadmins), or "everyone who cares to, and
| you can pick"?
| rglullis wrote:
| Relevant XKCD:
| https://imgs.xkcd.com/comics/constructive.png
|
| Dealing with millions/billions of people online, it's
| impossible to know who I can/can not expect to have
| _nuanced, respectful conversations_ beforehand.
|
| So, yes, I think it's not a bad idea if we took deny-by-
| default approach with new connections and treating them as
| hostile, _unless_ they can have some backing social proof
| from one of your peers.
|
| I would also be interested in an approach where every the
| initiator had to pay actual money to be able to interact,
| no big amounts, just enough to work as a deterrent to stop
| spammers, scammers and moderation crusaders:
|
| - Want to send a DM? Pay $1, get it back if the recipient
| clears you up.
|
| - Want to make a comment for the first time on someone
| else's thread? Poster decides the minimum amount to leave
| as scrow. Really good comments could even collect some of
| the money from spammers/hostile ones.
|
| - Want to report someone because you don't like them or
| their views? Put $10 in scrow for the moderators. If
| accepted, you get the money back. If there is no grounds
| for the report, the reported person gets to choose which
| charity to donate the money and the next report from you
| will cost double.
| TulliusCicero wrote:
| > The problem is that people act in bad faith online, a lot.
|
| I think the fundamental problem is that people's values and
| perspectives can be too different to be in the same room
| together without going at it.
|
| Most people couldn't handle being in the same room as an avowed
| neo-Nazi saying Nazi things, for example, without at least
| picking a verbal fight, even if the Nazi wasn't addressing them
| directly. If they're talking about how they want to kill Jews,
| most decent people will feel like they can't just let that go
| unchallenged. And that's not the kind of argument that can
| really be handled civilly.
|
| You get the same issue -- albeit usually not quite as strongly
| -- in a thousand different ways, when you have a globally
| scoped social platform. All those groups with fundamentally
| conflicting positions, all targeting each other. The result is
| chaos, which is why platforms are increasingly tightening the
| bounds of acceptable discourse.
| kelnos wrote:
| Sure, but I think your example of a neo-Nazi vs. non-Nazi
| meeting up in a room describes a minority, extreme case. Most
| people are not Nazis, and most of the bad discourse on the
| internet does not involve Nazis.
|
| Two somewhat-reasonable people, even if they're complete
| strangers, could have a productive discussion (or at least
| resolve to agree to disagree, if it gets a little heated) if
| they were to meet in person to hash things out. But in an
| online conversation, especially on a limited medium like
| Twitter or Mastodon, they could both easily devolve into
| talking past each other, name-calling, and arguing in bad
| faith.
| rjkershner wrote:
| I've lurked on Mastodon for a while and honestly your experience
| will be only as good as your instance you subscribed to.
| Fosstodon is a very focused instance with like minded people, and
| the local feed there is pretty top notch. My experience on more
| "general" focus instances was a lot worse and borderline spammy.
|
| Hoping they put effort in making your activity pub profile more
| portable as move accounts to new servers is still kludgey at
| best.
| benibela wrote:
| I thought it does not matter which instance one choosen, since
| you see posts from all the other instances?
| input_sh wrote:
| That's accurate. But there's also a local feed you can
| consume (all the people on your instance), which is kind of a
| workaround if you can't be bothered with finding a fair
| amount of people to follow for your own timeline to be
| interesting.
| dleslie wrote:
| My experience with the fediverse was that enjoying the benefits
| of federation encountered the same issues with content and user
| behaviour that can be found in silo'd services.
|
| That is to say, fediverse sites increased their likelihood of
| replicating/serving hate, pornography and illegal content in
| correlation to the number of external sites they were connected
| to and the size of their user base.
|
| It left me wondering why even bother? It's no better than using
| Discourse for a private group and Twitter/Facebook for public
| groups. Perhaps worse.
| freeone3000 wrote:
| There's no algorithmic advertising, no universal tracking, and
| your instance's mod team is known to you instead of a faceless
| automation farm.
| WJW wrote:
| Are there no fediverse-scraping services that sell your data
| to advertisers? That seems a prime target for every
| moderately-evil adtech executive out there.
| librexpr wrote:
| Even if there are, they still get a lot less data since
| they only see what you posted publicly. Unlike
| Twitter/Facebook, scrapers won't see your every mouse
| movement, how long you stare at any individual post, or any
| other of the more invasive tracking opportunities that are
| available to Twitter/Facebook.
|
| The scraping services also won't know your email address
| unless you post it publicly or they figure it out some
| other way, so they'll find it much harder to associate the
| data they scrape with your other online identities, too.
| This also makes the data less valuable to advertisers, so I
| imagine there's less incentive to scrape it.
| dleslie wrote:
| That's all true of hosting a private Discourse instance, as
| well.
| librexpr wrote:
| You said in your original comment:
|
| > using Discourse for a private group and Twitter/Facebook
| for public groups
|
| Even if what freeone3000 said about Mastodon is also all
| true about Discourse (I know nothing about Discourse, but
| I'll take your word for it), it's not true about
| Twitter/Facebook. And since Mastodon is aimed more at the
| public group use case, Mastodon is a useful replacement of
| Twitter/Facebook even by your own logic.
| dleslie wrote:
| Not quite: Twitter and Facebook have _armies_ of
| community moderation employees at their disposal; the
| fediverse has volunteers.
| im3w1l wrote:
| > universal tracking
|
| I beg to differ. There is no technological hurdle to prevent
| this. Only privacy-through-obscurity, and who knows how long
| that will last?
| seany wrote:
| Being able to pick where that line is, and who gets to decide
| it is a big part of the draw.
| PragmaticPulp wrote:
| There's a growing misconception that sites like Twitter are a
| good representation of unfiltered, unmoderated content, or that
| the only moderation actions from these sites is against famous
| figures like Trump.
|
| In reality, sites like Twitter and Facebook remove a lot of
| terrible content posted by people who deliberately enjoy
| terrorizing shared spaces with abhorrent images.
|
| Anyone who has been involved with the moderation of a
| moderately popular site or platform with image-upload features
| will understand: There are a lot of people on the internet with
| infinite free time and motivation to troll public spaces with
| shock images and similar content. Any unmoderated space will
| eventually attract these people.
|
| Worse yet, if this behavior goes unchecked it tends to drive
| the good users away. Decentralized and/or unmoderated platforms
| seem to have a small following of ideologists who will look
| past the bad content and focus on the good, but the general
| public isn't terribly interested in wading through random
| pornography or worse content just for the sake of being on a
| decentralized platform.
| cbozeman wrote:
| > There are a lot of people on the internet with infinite
| free time
|
| This is what we have to fix. We need to find employment for
| these people. When you're busy working on something, you
| don't have time for shitposting.
| phone8675309 wrote:
| Wishful thinking. Several of the best/most successful
| trolls find plenty of time at work to shitpost.
| cbozeman wrote:
| That tells me they're not being challenged enough at
| work. :)
| Jkvngt wrote:
| None of the issues they bring up are any better on big tech's
| social media. And of course we should all work to "other" big
| tech and its employees.
| kowlo wrote:
| > The "I read headlines only" problem
|
| This remains true for most platforms, not just those in the
| fediverse. HN is one example!
|
| I am reading this article with great interest. I've recently
| started exploring fediverse platforms with much excitement. I'm
| more interested in building a community at the moment, and
| although this can be achieved with a classic bulletin board
| system, the fediverse had me curious.
| mariusor wrote:
| If you're interested in hosting a discussion based community
| similar to HN or reddit, I'm working on a project that might
| interest you. Link in my bio.
| kowlo wrote:
| Thank you - I'm going to check it out. I also had a look at
| Lemmy recently which promises better fediverse support in the
| future. Is there a link to a live example? Didn't see one in
| the README
| mariusor wrote:
| Yes, sorry. https://littr.me
|
| However, fair warning, my project doesn't have yet
| federation enabled. It's on a backburner until I have a
| better handle on moderation.
| TheJoYo wrote:
| I wish you all the luck in that.
|
| Every attempt at an AP derivative for voting has ended in
| scary ways.
| mariusor wrote:
| I consider myself to be pretty plugged in the AP ecosystem,
| yet I have no idea about what you're talking about. What
| happened?
| trhway wrote:
| > HN is one example!
|
| actually i think HN - ie. the comments, especially TLDR - is an
| example of, at least partial, solution, and this is why me like
| many other people usually go straight for the comments instead
| of the original article/post.
| wrycoder wrote:
| I think that is due to the quality of the commenters here and
| to the subtle, but effective, moderation provided by dang and
| the other mods.
|
| And the latter is at least partially responsible for the
| former.
|
| The voting system is also crucial, imho.
| kowlo wrote:
| I do exactly the same! What I mean is, there are those that
| will vote or even comment without reading the article - I
| don't believe it's a problem unique to fediverse platforms.
| xwdv wrote:
| This actually wouldn't be a problem as long as headlines are
| descriptive and accurately summarize the content of the
| article.
| rtkwe wrote:
| If a headline could convey everything in an article why write
| the whole article? There's always more than could possibly
| fit in a headline; "yes, buts", etc.
| kowlo wrote:
| That is quite a challenge... some people struggle to
| summarise an article into 5-6 sentences for an abstract.
| [deleted]
| sschueller wrote:
| They joined mastadon not the "fediverse". Like saying you used
| the internet but then only visited Facebook.
|
| Point 2 and 3 are identical on Twitter BTW.
| Ericson2314 wrote:
| That analogy is a bit too harsh. How about like saying you went
| to Texas but then only visited Austin?
| wizzwizz4 wrote:
| No, it's not too harsh. A Mastodon instance doesn't even give
| you access to Diaspora* users.
| gargron wrote:
| Diaspora is not part of the fediverse and never has been.
| Diaspora is federated but has always used their own,
| separate protocol.
| pseudalopex wrote:
| And Austin isn't Houston.
| riffic wrote:
| People who don't fully understand certain emerging technologies
| are free to spread FUD about that technology to their hearts
| content.
|
| Nevermind that the Fediverse is not an emerging technology,
| having been in operation for almost 13 years* at this point.
|
| *
| https://web.archive.org/web/20201028234912if_/https://mastod...
|
| *
| https://web.archive.org/web/20210124192004/https://social.di...
| teh_klev wrote:
| > Many people read the headlines of a post and then guess what is
| written in the remaining article
|
| This isn't just endemic to the Fediverse, it's endemic
| everywhere.
|
| Bites tongue.
| ruined wrote:
| so you didn't like a particular implementation of activitypub
| designed for a specific ux not aligned with you, and some people
| you didn't like tried to argue with you on the internet.
|
| these are problems you will have in any social media.
|
| open source and federation give you the chance to find or design
| an implementation you do like.
|
| people are much harder but at least you're not beholden to
| dictated rules from a large american corporation, and you aren't
| waiting on some unknown entity to moderate.
|
| issues you raise with privacy are generally understood. public
| things are of course public. but there is also a lot of fediverse
| happening in places you can't see, and users in that space can
| satisfy themselves knowing those conversations aren't likely to
| live forever.
|
| publishing and consuming rss is a good conclusion since you're
| oriented to longform content and less casual discussion.
| ankit219 wrote:
| Part of the things that you mentioned in your experience, "us v
| them" ideology, reverse burden of proof are all a defining
| characteristic of any forum that thrives. And, arguably, its not
| a bug it's a feature.
|
| Typically, a forum has a lot of registered users, but very few
| who are active daily. (Reddit reported 52M MAU in Oct 2020, an
| increase by 44% post pandemic. Their MAUs in Dec 19 were 430M.
| So, about 7-10% users are very active, others are lurkers). The
| most frequent users (power users) gain kind of an influence which
| is suited to their experience the most (not talking about HN per
| se, not as frequent here) and they come to define the rules of
| the forum. It's not specific to mastodon, and forum moderators
| allow it because they _are_ the users (and many a times mods
| themselves) and it does not really break a rule. The us v them
| mentality in particular is key for the forums since it invokes an
| emotional response in using that forum. Many lurkers stick to the
| forum if they cant find a better alternate to stay in touch with
| the topic, and they leave when they do.
|
| The other problems you highlighted may not be a platform problem
| but a human problem which will happen on almost every other
| platform. I don't think there is a solution to this except
| finding other smart people who are more self aware, though that
| is easier said than done.
| mark_l_watson wrote:
| I think that the author of this and I can just agree to disagree,
| which is OK with me.
|
| I am on mastodon https://mastodon.social/@mark_watson and I get a
| lot of value from it.
|
| re: "I'm privacy-friendly; please donate": I donate but don't
| mind identifying myself. If you want anonymity then don't donate
| to whoever runs the server that you use.
|
| You are free to follow and un-follow (if you see toxic material)
| as you wish.
|
| I hope that I don't sound like I am lecturing or otherwise being
| obnoxious, but if you don't think that the large Internet
| platform companies have too much power then I recommend reading
| "The Age of Surveillance Capitalism: The Fight for a Human Future
| at the New Frontier of Power" and "privacy is Power."
|
| The great thing about the Internet is that anyone can get a
| domain, get creative, share their stuff, meet people, make
| business acquaintances, etc. I see the Fediverse as another tool
| to use.
| Zoo3y wrote:
| Most of the points they elaborated on are People problems, not
| Mastodon problems. The genuine critiques of Mastodon they listed
| are migration issues, updating posts (it makes sense 'edited'
| posts lose their clout), and character limit (already way bigger
| than twitter's).
|
| Also, aren't they falling into their own "Us vs. Them" argument
| by complaining about general Mastodon users?
| TheJoYo wrote:
| I'm sure they've never made lazy statements about information
| security, like recommending stackexchange over a federated
| platform.
| aasasd wrote:
| > _Their messenger doesn't offer any server-side protection. In
| their case, a server-side party can directly access your data in
| cleartext--this is trivial._
|
| I'm gonna need names.
| tylerchilds wrote:
| As a regular fediverse user, the main detail I'd be curious about
| is: Which server was the experiment done on and which servers
| were federated with?
|
| I don't have anything against this article per se, but it's worth
| noting every fediverse encounter is different.
|
| My main take on this article is that it's like walking into a
| McDonald's and being upset they don't serve pizza and then
| condemning all fast-food as being terrible because it's not all
| pizza.
| freeone3000 wrote:
| I'm going to take this opportunity to repost the article about
| the McDonald's Pizza:
| https://www.mentalfloss.com/article/65467/short-strange-life...
| jancsika wrote:
| Show me the Mastodon server with the moderation policy that
| fits the author's use case. It appears I can't even search
| mastodon instances by the criteria of moderation policy. (But
| if I'm missing something obvious please correct me because I'd
| love to be able to do this!)
|
| There an abundant history of examples of centralized, publicly
| accessible forums where the quality of the discussion matches
| what the author desires. Plenty of FOSS mailing lists too, many
| of them extant. (On the topic of security, the cryptography
| list comes to mind.)
|
| Mastodon's _only_ value is in its utility to deliver
| discussions that are at least as functional as those I 've
| participated in on these ancient services. If the author and I
| cannot easily (or ever) discover how to engage in discussions
| like that, it doesn't matter at all whether the underlying
| infrastructure is centralized or not.
|
| Edit: clarification
| tylerchilds wrote:
| I'm not fully sure what their use case is to speak to that. A
| good launching point to finding like minded people is this
| list though: https://fediverse.party/en/portal/servers
|
| I joined before that link existed though, so I opted to join
| a really large instance, mastodon.social specifically in my
| case. From there, I started searching hashtags for topics I
| was interested in and engaging there. From my interactions, I
| got a feel of the quality of interactions from various
| instances. From there I started honing in on the various code
| of conducts to find a smaller instance I wanted to chill in.
|
| It's worth noting that smaller, niche communities don't
| federate with the largest instances. If you're looking for
| the most down to earth people, it takes a few hops and a bit
| of time.
| TheJoYo wrote:
| My instance moderation policy fits my use case exactly. Not
| even one report in the years I've hosted my own instance.
| riffic wrote:
| The Fediverse is more than Mastodon and should not be
| conflated with Mastodon's implementation of ActivityPub.
| riffic wrote:
| > Which server was the experiment done on and which servers
| were federated with?
|
| They discuss this in their earlier post (https://infosec-
| handbook.eu/news/2020-05-31-monthly-review/#...):
|
| "We experienced the shutdown of our Mastodon instance twice.
| So, we migrated from securitymastod.one to mastodon.at, and
| then to chaos.social. Each time, we lost all of our posts,
| leaving behind a considerable number of dead links."
|
| IMO organizations should self-host (same as with email, if you
| have a domain name that you are commonly associated with). If
| you aren't doing this, you don't fully understand the mechanics
| of the Fediverse or the underlying W3C ActivityPub protocols.
|
| edit: by _self-host_ , I mean either run your own infra or
| subcontract that out to a competent vendor. I don't literally
| mean _self-host_ in the strictest sense.
| tylerchilds wrote:
| Thanks for digging that up! Absolutely agreed about self-
| hosting and treating it like email. I've seen quite a few
| instances shut down in the ~6 months I've been around.
|
| It's a pretty rough experience for people that are coming
| from the mainstream, since it's probably hard to imagine a
| social network powered by a rag-tag few people behind each
| instance and not multi-billion dollar tech behemoths.
| TheJoYo wrote:
| I also want to leave the internet because there are bad opinions
| on it.
| erik_kemp wrote:
| Thanks for sharing your considerations. It's good that people
| care and think carefully about which services to use and not to
| use, and also share it.
|
| I think the main problem is that the idea and implications of
| decentralisation are hard to fully grasp. It does not imply
| privacy or security. It does imply decentralisation of power,
| decentralisation of rules & code of conduct and decentralisation
| of financing.
|
| My own experience:
|
| Mastodon has provided me a first step in more digital
| sovereignty. It is very refreshing to have a timeline that you
| can fully control.
|
| Moving to Mastodon felt like moving into a new village. You start
| with an empty timeline, and you have to actively work on your
| first connections.
|
| After some initial effort, you are rewarded with meeting
| interesting people. They welcome you in their communities, and
| you can keep on discovering amazing people through the messages
| they boost!
|
| Feel free to interact via erik@mastodon.utwente.nl :-)
| S-E-P wrote:
| I would argue that what is described in this post is inherent in
| all social networks.
|
| The wonderful thing about the Fediverse is that depending on the
| node you connect to, or the people you choose to federate with
| (in the event that you have your own instance) that your
| experience will be vastly different.
|
| It's given me some of the most enjoyable interactions I've ever
| had online in the last ten years.
|
| You need to have a thick skin, take the time to use filters,
| block certain keywords.
|
| And use Pleroma, Mastadon is crap, Pleroma let's you type for
| DAYS, "limited character cap" is really only a mastadon thing and
| it's crap.
| lifthrasiir wrote:
| > The wonderful thing about the Fediverse is that depending on
| the node you connect to, or the people you choose to federate
| with (in the event that you have your own instance) that your
| experience will be vastly different.
|
| The same argument works with Twitter, and I genuinely believed
| so a decade ago (Twitter has been the only social network I
| still continuously use). I don't buy it at all after the
| decade-long experience. Your favorite followers _will_ fight to
| each other no matter you 've carefully chosen them. No amount
| of filter solves your timeline being messed.
|
| All social networks do not work, federated or not. I'm going
| back to the good ol' IRC or whatever it follows.
| Barrin92 wrote:
| Moderation alleviates those issues and the difference between
| Mastodon instances and Twitter is that the former can
| moderate content according to local community standards.
|
| It's wrong to think of Mastodon as a 'social network', it's
| literally what the name suggests a federation of 'micro
| nations' with their own rules, more like subreddits than
| Twitter.
| kowlo wrote:
| Is that the only benefit of Pleroma over Mastodon? Have you
| checked Misskey before https://join.misskey.page/en/? It looks
| interesting too...
| crocodiletears wrote:
| The wonderful part is also its Achilles heel. Mastodon is
| advertised as an alternative to social networks, but since your
| identity is tied to your node, its much closer to joining a web
| forum structured like twitter with the possibility (but not
| guarantee) of interacting with similar forums. From that
| perspective it's great. When people offer it as an alternative
| to conventional social media, it comes up massively short for
| anyone not trying to live in a bubble.
|
| Contrasted with facebook (or a twitter with groups), if you
| join a group of motorcyclists, there's little to no risk that
| you'll be excluded from the Scooter group of-which you're
| already a member because a few bikers got into a spat with
| scoot-gang, nor will you be excluded from any of the groups
| that get along well with scoot-gang.
| gargron wrote:
| > Contrasted with facebook (or a twitter with groups), if you
| join a group of motorcyclists, there's little to no risk that
| you'll be excluded from the Scooter group of-which you're
| already a member because a few bikers got into a spat with
| scoot-gang, nor will you be excluded from any of the groups
| that get along well with scoot-gang.
|
| Are you sure? On Reddit, membership of one subreddit often
| results in bans from others, and Reddit is centralized.
| cbozeman wrote:
| > You need to have a thick skin
|
| Actually we need the rest of social media to have this, and
| then we don't need these alternative platforms.
|
| There are simply too many people who have grown up without
| having any meaningful opposition in their lives - without
| having someone challenge their ideas and values and making them
| defend said ideas and values, and they simply do. not. know.
| how to cope with it.
| TazeTSchnitzel wrote:
| Why is grinning-and-bearing harrassment by people who want
| you dead virtuous? "people who have grown up without having
| any meaningful opposition in their lives" always feels like a
| dogwhistle to me, because the people saying this tend to have
| far more privileged backgrounds than the people being
| harassed.
| cbozeman wrote:
| "It offends people, but good. They should be offended." -
| Paul Mooney, from _Know Your History: Jesus Is Black; So
| Was Cleopatra_
| didericis wrote:
| The entire world has been forced to act as diplomats. When
| coming from vastly different world views and experiences,
| being charitable in your interpretation of others is
| essential. That charity requires having a very thick skin,
| and yes, it's unfair when it's not reciprocated and you are
| being targeted.
|
| I think social media has taught us that most people are
| terrible diplomats. Which is to expected when a person's
| threat response is engaged. Having a thick skinned and
| measured reaction to threat is still the best way to reduce
| that threat. And it requires a level of discomfort
| unprivileged people are generally much better at dealing
| with; the people who need to hear that advice most are
| those advantaged enough to be unfamiliar with dealing with
| discomfort.
|
| I think a better solution than forcing everyone to become
| diplomatic or banning those who violate the norms of others
| is to have somewhat siloed social groups that are
| represented by open minded thick skinned diplomatic types
| that permeate the borders. That's part of what's appealing
| about a federated model; I think it better mirrors our
| social tendencies and historically successful political
| systems with diverse constituents (representative republics
| seem to be the only proven systems capable of dealing with
| lots of different peoples long term).
|
| I'm of the opinion that the most virulent partisanship is
| actually due to the _lack_ of silos rather than the echo
| chamber narrative. Before the internet, in group
| conversations stayed behind closed doors. That privacy
| allowed people who would be outraged at the contents of
| those conversations to get along in a diplomatic middle.
|
| Now those conversations are public, and people seem to be
| fighting over control of one big room where all the walls
| have been removed.
| throwaway45349 wrote:
| Is this purely a US phenomenon? I don't see this much at all
| from people who live here t(the UK), but we're really
| starting to feel the effects of social media censorship hit
| hard, and I know a lot of people are really angry about Big
| Tech pushing their own moralistic world view on our country.
| cbozeman wrote:
| America has a long tradition of being vocal and offensive
| in its communications. At the very founding of our nation,
| you could find political cartoons of George Washington on a
| donkey, with the caption, "An ass being led to Washington."
|
| In general Americans seem to be more thick-skinned than
| others. Or at least we used to be.
|
| EDIT: Here you go buddy... this is almost a word-for-word
| of the argument that was used in the actual Supreme Court
| case, and should illustrate why we're at such a dangerous
| time in history -
| https://www.youtube.com/watch?v=MeTuNES82O0
| josteink wrote:
| Pleroma-link for those too lazy to search:
|
| https://pleroma.social/
| olah_1 wrote:
| I've had critiques about the fediverse for a long time. I've also
| had critiques about urbit for a long time.
|
| It seems to me that Zot improves pleroma/mastodon to solve their
| problems (server extinction, account migration). It also seems to
| me that Urbit improves Zot to solve their problems (user
| experience, global naming).
| eznzt wrote:
| This seems a list of things that are wrong with people, not with
| the fediverse.
| wizzwizz4 wrote:
| I'm upset that they're painting these social issues as Mastodon-
| specific ones, and that they're painting the Fediverse as just
| Mastodon, but they do have a point about RSS.
| TheJoYo wrote:
| I don't see how RSS fixes anything they complained about. They
| also recommended people use stackexchange over federated
| networks.
| lrvick wrote:
| I am one of the people that got a lot of shares on Mastodon for
| being critical of Signal.
|
| I think this article greatly misrepresents the main arguments
| going around the Fediverse about Signal, and the arguments for
| alternatives.
|
| 1. Signal holds the only set of signing keys to the only
| published binaries allowed on the network, compiled by them, that
| in turn control all signing keys. If pressured they could push a
| malicious update with unpublished code. The published server code
| has not been updated since April last year, so either they have
| made no changes since then or they are already comfortable
| pushing updates without matching public source code.
|
| 2. The bulk of metadata protection on Signal comes down to trust
| in SGX, which indeed is an entirely broken technology and keys
| can be extracted from it via a number of side channels if there
| is sufficient motivation, such as a government trying to track
| down dissenting views, or a future owner of Signal that secretly
| is willing to cooperate with a state actor. Intel also could, if
| ordered, also issue a microcode update intentionally compromising
| the RNG used for keys, etc. Signal places a huge centralized
| target on its back so I think these risks are plausible and worth
| being aware of.
|
| 3. Signal forces all TCP/IP metadata to one stack, which if
| combined with heuristical analysis, I strongly suspect it would
| be possible to work out which IPs communicate with which other
| IPs even without aid of SGX contained metadata.
|
| 4. Signal is actively hostile to any third parties that compile
| and sign signal network compatible binaries and release them via
| open source app stores, and vows to fight them and get them
| removed from the network. Moxie repeatedly says he prefers the
| install base tracking proprietary stores like Google and Apple
| afford.
|
| 5. Signal has built their entire social graph on phone numbers
| which require ID to buy and are actively tracked in 200
| countries, and many carriers will sell out their customers to
| bounty hunters etc. This is directly at odds with their stated
| goals of furthering privacy.
|
| When asked what alternative I suggest, I say Matrix.
|
| Those that really need privacy can use a pseudonym via Tor on a
| server of their choice hosted by people they trust and avoid
| revealing PII to the messenger at all, unlike Signal. The most
| private metadata is that which you are not required to reveal in
| the first place.
|
| The server and remaining metadata that must exist, like sensitive
| channel memberships, easily be hosted in a server you own on
| property you own. Sensitive channels could stay on that server
| and not reveal any metadata or group participation to the wider
| network giving you granular control of your own metadata and
| where it lives.
|
| If you really wanted to you could even use generic tools that
| exist for SGX to do FDE on the database disk with the key in SGX
| and in turn also run a lean binary like Dendrite in SGX. I don't
| think this is worth it, and I think SGX is largely security
| theatre at this point but this is what freedom looks like.
|
| You can run your own server and maintain it according to your own
| threat profile, instead of using a one size-fits-all threat
| profile a centralized walled garden forces on you.
|
| If you still think all the arguments above are totally
| unreasonable and you don't like hearing a lot of opinions
| critical of popular centralized services like Telegram, Signal,
| and Whatsapp... then indeed the Fediverse may not be for you.
|
| Most users care a lot about keeping digital sovereignty which is
| why they joined the Fediverse in the first place.
| TheJoYo wrote:
| I wish the Mastodon ad campaigns on Twitter would focus more on
| the digital sovereignty benefits.
|
| It seems like all anyone takes away from federated protocols is
| "it's more secure" in some ambiguous way.
|
| On the Signal topic, I've been put off talking about the
| security concerns of centralized vs decentralized lately as
| everyone seems to interpret this as "US X NOT Y".
| riffic wrote:
| Reach out to Eugen about that -- afaik he runs the
| @joinmastodon Twitter account directly or has someone helping
| him with it, but he's approachable about feedback.
| TheJoYo wrote:
| Thanks, I did reply back when I noticed it. They seem to be
| collecting other people's posts on the topic at the moment.
|
| My main concern is the misconception that federated
| protocol provide ambiguous "security" that is:
|
| > Safer social media experience https://joinmastodon.org/
|
| There's noting safe or secure inherent to federated social
| media.
| gargron wrote:
| "Safer social media experience" refers to user safety,
| i.e. moderation and safety tools like content warnings,
| phrase filters, mutes, blocks, and the various quality of
| life improvements to those features.
| gaius_baltar wrote:
| > 2. The bulk of metadata protection on Signal comes down to
| trust in SGX, which indeed is an entirely broken technology and
| keys can be extracted from it via a number of side channels if
| there is sufficient motivation, such as a government trying to
| track down dissenting views, or a future owner of Signal that
| secretly is willing to cooperate with a state actor. Intel also
| could, if ordered, also issue a microcode update intentionally
| compromising the RNG used for keys, etc. Signal places a huge
| centralized target on its back so I think these risks are
| plausible and worth being aware of.
|
| Question: are you talking about address book protection, right?
| Because I don't wee how SGX would be required for protecting
| 1-to-1 chats -- keypairs for identity management and PFS-
| compatible encryption would suffice for that.
| einpoklum wrote:
| Can someone contextualize this post somewhat, for readers who
| have been living under a rock and don't know about the Fediverse
| nor who is "we" at "infosec-handbook"?
| riffic wrote:
| Wikipedia has an article on the Fediverse, to sum it up it's a
| community of communities based on open web standards:
|
| https://en.wikipedia.org/wiki/Fediverse
|
| I don't know anything about this "infosec-handbook" group.
___________________________________________________________________
(page generated 2021-01-24 23:00 UTC)