1. 37
  1. 24

    As I read this I thought about my experiences with Diaspora and Mastodon. Pages like this one or this one (click “Get Started”, I couldn’t do a deep link because JavaScript) are, IMHO, a big part of the reason these services don’t take off. How can an average user be expected to choose from a basically random list of nodes? How can I, a reasonably “technical” person, even be expected to do so?

    So then why not host my own node? First, I don’t have time and most people I know don’t either. If I was 15 again I totally would because I had nothing better to do. I also don’t want to play tech support for a good chunk of my social network, and providing a service to someone has a tendency to make them view you as the tech support.

    Second, if I do that I’m now in charge of security for my data. As terrible as Twitter and Facebook are, they’re probably still a lot better at securing my data than I am (at the very least they probably patch their systems more often than I would). Even worse, if some non-technical person decides to bite the bullet and create a node for his/her friends, how secure do you think that’s going to be?

    Further, what are the odds that I, or whoever is maintaining the node, basically gets bored of it one day and kills the whole thing? Pretty damn high (maybe I and all my friends are assholes, though, so whatever).

    Anyway, this post really spoke to me because I’ve been trying to escape Evil companies for awhile now and “federated” just doesn’t seem to be the answer. I now believe that centralized is here to stay, but that we should start looking at the organizations that control the data instead of the technology. For example, if Facebook were an open non-profit with a charter that legally prevented certain kinds of data “sharing” and “harvesting” maybe I wouldn’t have any problem with it.

    1. 18

      How can an average user be expected to choose from a basically random list of nodes?

      How did they choose their email provider? Not be carefully weighing the technical options, surely. They chose whatever their friends or parents used, because with working federation it doesn’t matter.

      what are the odds that I, or whoever is maintaining the node, basically gets bored of it one day and kills the whole thing?

      Same as what happened with many early email providers: when they died, people switched to different ones and told their friends their new addresses.

      Really, all this argument of “what if federation isn’t a holy grail” is pointless because we all already use a federated system — email — and we know for a fact that it works for humans, despite all its flaws.

      1. 8

        How did they choose their email provider? Not be carefully weighing the technical options, surely. They chose whatever their friends or parents used, because with working federation it doesn’t matter.

        In contrast to mastodon instances - which are very alike - email providers have differentiated on the interface and guarantees they provide and market that. People react to that.

        1. 2

          In contrast to mastodon instances

          While this was largely true in the beginning, many Fediverse nodes now do market themselves based on default interface, additional features (e.g. running the GlitchSoc fork or something like it), or even using non-Mastodon software like Pleroma. I suspect this will only increase as additional implementations (Rustodon) and forks (#ForkTogether) take off and proliferate.

        2. 8

          How did they choose their email provider?

          I think federated apps like Mastodon are fundamentally different than email providers. Most email providers are sustainable businesses, they earn money with adds or paid plans or whatever and have their own emails servers and clients with specific features. Self-hosted email servers are a minority. Please tell if I wrong, but I don’t think one can easily earn money with a Mastodon instance.

          However I agree that both are federated.

          1. 1

            i don’t know if any nodes do this but you could charge for mastodon hosting

          2. 8

            You’re certainly not wrong, though I would argue that email, particularly as it was 20+ years ago when it went “mainstream”, is much simpler (for instance, it doesn’t require any long-term persistence or complicated access control) and therefore easier to federate successfully (in a way that humans can handle) than social networking.

            1. 1

              AP style social network federation also doesn’t require long-term persistence or complicated access control.

              1. 1

                email is social networking. are there particular social networking features you had in mind?

                1. 3

                  Yeah, I listed them in my comment… “long-term persistence or complicated access control”. Admittedly I didn’t go into much detail. Email is a very simple social network, there isn’t much “meat” to it, particularly as it existed when it became popular.

                  1. 1

                    email has very long term persistence, much longer than something like facebook because it’s much easier to make backups of your emails than to make backups of your facebook interactions.

                    i guess i don’t know what you mean by “complicated access control.”

                    1. 1

                      Email is basically fire and forget. You download it to your computer and then you’ve got it forever (modern email does more, but also includes more of the privacy / data issues that come with other social networks). But most users can’t easily give other people on-demand access to their emails, which is the case with Facebook, Twitter, etc. Email is really meant for private communication (possibly with a large group, but still private), Facebook and company are for private, semi-private, and even public communication, and they require a user to be able to easily retroactively grant or retract permissions. Email doesn’t handle these other use-cases (this isn’t a fault of email, it doesn’t try to).

                  2. 2

                    The ability for interested parties to interact without reply all. I can post a picture of a beautiful burrito, and people can comment or ignore at their leisure, and then reply to each other. I guess there’s some preposterous email solution where I mail out a link to an ad hoc mailing list with every update and various parties subscribe, but… meh.

                    1. 2

                      something that handles a feature like that need not be email per se, but it could have a very similar design, or be built on top of email. something like what you suggested wouldn’t seem preposterous if the clients were set up to facilitate that kind of use.

                2. 3

                  In the case of Mastodon, which instance you pick does matter. Users can make posts that are only visible to others in the same instance. If you pick the “wrong” home instance, you’ll have to make another account in another instance to see the instance-private posts there. If you’re a new Mastodon user, you might not know that one instance is good for artists and another good for musicians, etc. In any case, this is as easily solvable problem by adding descriptions and user-provided reviews to each instance.

                3. 2

                  These ‘which instance to join’ sites are completely useless, I wish they wouldn’t exist at all.

                  1. 1

                    Second, if I do that I’m now in charge of security for my data. As terrible as Twitter and Facebook are, they’re probably still a lot better at securing my data than I am

                    Setting a price tag on your datas doesn’t secure them. There are enough scams and hoaxes on Facebook to share your information with other companies that I have to disagree with you. And since those social networks are collecing more data than necessary, it is easier to lose data.

                    1. 2

                      Facebook and Twitter also present single valuable targets and are thus more likely to be targeted. A hundred mastodon instances may be individually less secure due to the operators having fewer resources or less experience, but compromising a single server won’t get you as much.

                      1. 2

                        That’s a good point, although Wordpress vulnerabilities are still a big deal even though there are tons of small servers. The server might not be a monolith, but if the software is then it’s only slightly more work to attack N instances.

                        1. 1

                          True, although it depends whether the vulnerabilities are in the application being served or in the web server or OS serving it.

                  2. 9

                    Interestingly noone seems to bring up these valid arguments when discussing E-Mail. It’s the same distribution model, but either everyone deems it to be a lost cause or does not know/care.

                    All these federated social media discussions can be dehyped if you explain it like you’d explain e-mail…

                    1. 6

                      This article is specifically about privacy. E-mail is well-known to have very poor privacy, to that point that it is often singled out by privacy-related regulatory schemes (like HIPAA) which require additional privacy-protecting measures (like user-level encryption). And email’s privacy weaknesses are the same as those pointed out by the author of this article: you must trust the operators of the federated nodes, and in a federated environment you may not even know all of the nodes you are trusting.

                      1. 1

                        you can just do e2e encryption (like xmpp or matrix do).

                        1. 1

                          E2E encryption is only part of the story. You also need to solve the metadata problem, which is where Cwtch comes in.

                      2. 4

                        There are also federated platforms that provide decent privacy. Matrix supports E2E encrypted messaging so the server only knows who you talk to and not the contents of the messages. The only system I have seen that obfuscates the receiver is bitmessage which works by sending your message to everyone and everyone tries to decrypt it to see if it was sent to them.

                        1. 2

                          It’s not completely one-to-one (at least, with modern email systems, as opposed to getting local unix mail federated on whatever machine you have a shell on thirty years ago), since there’s no sense of users on the local node being closer than users on a remote node anymore. A better match would be usenet, since the number of hops matters more.

                          (Of course, if you don’t look at the local timeline, the fediverse doesn’t have much to do with locality except in terms of general visibility of remote hosts, which you as an unprivileged user have near-total control over.)

                        2. 9

                          The complaints in this essay are largely well-understood by the people who boost federation. The basic reason why federation is being used at all in the context of things like activitypub is that dependence on web standards for things like host-centric URLs implicitly make some degree of centralization necessary (since the hostname needs to be essentially permanent to avoid breakage, and so domain names are used rather than IPs – and once you’re spending twenty bucks on a domain name, it starts to make sense to centralize beyond single-user nodes and rent somebody else’s machine to stick a whole small community on).

                          Of course, SSB shows that proper distribution (as opposed to federation of small kingdoms) is possible.

                          One benefit of something like the fediverse over SSB is that themed nodes + multiple distinct accounts can be combined in a way that makes it possible to minimize the rate at which people see content that’s uninteresting to them.

                          I don’t see many themed SSB pubs, and support for identity-switching with totally distinct pub lists seems to be minimal (though I’ve only used patchwork & sbot, so maybe other clients do this better) – and this has actually caused me problems, since I’ve gotten blocked from general-audience pubs for posting things uninteresting to the people running them.

                          Getting blocked by big pubs on SSB is a problem, since the network of associated pubs controls post reach in an asymmetric way. If I’m blocked by a big pub, then even if I see a post by someone who doesn’t block me, via a path composed mostly of pubs that don’t block me, it’s possible that my response will not be visible to the OP, simply because this big pub is in the way in all paths between the OP and me. While this can be routed around by having individual users subscribe to many small pubs, this really requires everybody concerned about failing to see responses to be really proactive in subscribing to new pubs!

                          (The only themed pubs I’ve seen is one for sex workers & one for german speakers. I don’t fit into either of these categories. This might just be a function of the smaller user base, compared to the fediverse. However, despite the proliferation of general-purpose instances on the fediverse, there are nevertheless plenty of extremely specific instances: I have accounts on instances specifically for anime fans, french-speaking communist witches, fans of cyberpunk, forteans, retrocomputing enthusiasts, and people who don’t like the letter ‘e’! It’s possible to keep your posts on-topic from the perspective of instance admins on the fediverse, regardless of their variety, while on SSB, pub admins ultimately have more power.)

                          EDIT: I’m harping on the differences between the fediverse & SSB since those are the most popular examples of federated & distributed social networks respectively. Of course, an IPFS-backed social network would not have the same problems with FOAF-based distribution of content & would still be fully distributed. Discovery could certainly be handled differently! The author isn’t wrong about discovery being solvable, but we need to take into account problems with FOAF when designing distributed discovery systems. (One way, accessible even to SSB, is to explicitly promote low-subscriber pubs in the pub recommendation interface for users, or to encourage pub maintainers to connect theirs to other lower-subscriber pubs, to counteract the trendism/rich-get-richer power dynamic that occurs naturally when already-privileged nodes accumulate visibility in proportion to their existing visibility level.)

                          1. 6

                            When you’re posting information publicly in a social network, the trust of your server operator, besides moderation tasks, is really just tantamount to “person I know who will serve my information to others, and others to me.” And when the biggest issues are to cut costs of usage (utilize existing web server infrastructure) and interaction (delegating what would otherwise be massively time-consuming fully distributed self-moderation to operator-led moderation) the best course of action then is to essentially create a system of public forums that can exchange information between one another. And since these are the actual concerns of most users, I don’t really think these users would see much of a reason to fragment their social spaces further.

                            On a public social network, distributed or centralized, can’t anyone who’s spent enough time scraping trivially derive social graphs? Didn’t a lot of users migrate to Mastodon because they considered the ability of instances to block instances they’d prefer to not interact with desirable?

                            1. 2

                              Instance owners also have complete access to private posts and DMs, which many users may not be aware of.

                              1. 5

                                This has nothing to do with federation though. It’s just a Mastodon thing. There are federated protocols that use end to end encryption.

                            2. 6

                              Immediately connecting this argument to Mastodon, Pleroma, and the rest of the AP-based fediverse is largely missing the point. The use case for federation is Mastodon isn’t privacy; it’s moderation.

                              Mastodon especially, and Pleroma and PeerTube as well, have or are building robust anti-harassment toolkits which integrate well with the federated model, because:

                              1. Keeping nodes (and thus communities) small reduces moderator burden at any one node
                              2. Threat of de-federation will force moderators to actually moderate
                              3. Splinter fediverses can form for instances unwilling to provide adequate moderation (freezepeach.x instances come to mind) or with extremely strict moderation standards (awoo.space did this on purpouse).
                              1. 2

                                Yeah, this is a really good point.

                                In my experience, both instance admins & devs like Gargron are really open about the fact that private messages aren’t really private, & try to make sure folks are basically aware that confidentiality isn’t a priority. The priority is basically always chunking moderation so that it’s doable & trying to make performing that moderation relatively straightforward – to try to grow communities that aren’t cesspools.

                              2. 3

                                I think the goal with federated systems should be that every single person has their own home server. It can be a cheap computer, like a Raspberry Pi, that is always available and stores your data in one place. You can then access the service with your PC, Laptop, Smartphone, etc. Everything is under your control and you get good availability and performance. Federated systems like Mastodon or Matrix.org make this possible, so I really wouldn’t say that federation is always the „worst of all worlds“.

                                1. 2

                                  As others have pointed out, email is a federated model that works just fine. Other federated services are no different in any practical way. The privacy issues with centralized services revolve around them actively working to mine your data. These companies are in the business of making money, and you are their product. This is the fundamental difference between using something like Twitter and Mastodon. Since commercial offerings are trying to monetize you, they have a lot of incentive to invade your privacy by demanding personal information, and to keep you engaged using their services.

                                  The situation is very different with federated services. The code itself is open source allowing people to audit it, and fork it. If a service moves in a direction the community doesn’t like then they can fork the code, and set up new instances.

                                  The federation model is open, meaning that you’re not tied to a specific service. Mastodon, Pleroma, and PeerTube all federate over ActivityPub. This also means that the model is designed for interoperability between services from ground up. Meanwhile, centralized commercial services that try to create walled gardens, and prevent you from moving data between them.

                                  Access to the data for the services is democratized as well. The things you post on a public forum will obviously be public, however only the service provider has the ability to analyze it with commercial service. Federated services like Mastodon have no incentive from keeping the users from accessing the data. I think it’s a better situation where everybody has access to the data the service collects as opposed to just the providers themselves.

                                  The scale advantage comes from the fact that you’re not stuck with a single provider. The system is inherently more robust, and not only in terms of technology. When you have a federation, it’s no longer possible to enforce a single set of rules for everybody. Twitter of Facebook get to choose what content you see, this allows them to sensor content and manipulate the network much more easily that you can with a distributed system.

                                  1. 1

                                    The privacy issues with centralized services revolve around them actively working to mine your data. These companies are in the business of making money, and you are their product.

                                    This is a common error. Centralized doesn’t immediately equal evil or selling you out. It depends on how they’re set up. There’s companies that just sell you a service without trying to send your data to others. FastMail was a popular Gmail alternative whose users say it’s super-fast and stuff, too. MyKolab was a Swiss one I found for $5 a month with privacy policy. ProtonMail is a recent entry with crypto. HushMail is possibly the oldest of those. ZixCorp has similar services. The PGP company should probably be in this list.

                                    That’s just email. There’s long been solutions doing similar things for chat, backups, mobiles, and so on. There’s just hardly anyone buying them. A few have been around a long time making money. Mostly selling to businesses, though. There is a market but won’t get you rich easily. One can build centralized, non-profit companies with charters protecting privacy. I’ve pushed this a long time. Also, put it in the EULA’s with EU-style penalties for privacy failures if users push for them. Maybe also in the hiring agreement for employees where they can refuse to work on surveillance or privacy-defeating features without termination. On top of that, one might build several of the same company in different countries as a public-benefit multi-national where they sort of check on each other but otherwise operate independently in their own market with tailored solutions.

                                    There’s a lot of potential. There’s also companies taking care of their customers every day using tiny subsets of what I described. Often just owners or company culture that believes in it. People talking like all businesses are evil or have to sell out their customers do those businesses a disservice. Instead, we should try to see what protections we can build on top of those proven models in centralized form before telling people they have no choice but use decentralized stuff. I mean, we can have people developing both in parallel. I even encourage to mitigate impact of failures.

                                    1. 2

                                      Centralization might not immediately equal evil. But it eventually does. As things get bigger, they require more resources, at some non-linear rate.

                                      So the only reason you can use those non-gmail services, the only way they can stay in business without “going evil” is to remain small enough that their requirements remain low. If they got as popular as gmail, they’d be trying to datamine our emails from grandma to sell us shit too.

                                      There’s practically no examples of some large centralized thing not becoming evil. I don’t think this is solvable.

                                      1. 2

                                        Costco and Publix? Vanguard for investing?

                                        1. 1

                                          I’d say, instead, that centralization makes large-scale evil possible. Whether or not somebody steps up to the plate to take advantage of that possibility depends on how long the system exists, how big a scam they can run, and what social systems are in place to prevent it. If something is making a non-zero amount of money and exists for a few years, the likelihood that it’ll become a scam is pretty high.

                                        2. 2

                                          Centralization itself doesn’t equal selling you out, but the business model for current social media companies is what ultimately drives that. The way centralization plays into this is by locking you into the platform once you start using it. For me the biggest value of federation is that it removes central control from the platform. Anybody can run their own instance and manage it the way they see fit, and people can choose what instances they federate with.

                                          I don’t really have any problem with businesses providing services, and as email shows it’s perfectly possible to do that on top of a federated model. My view is that this is a more robust model overall because it prevents companies from dictating how a service will work for everybody.

                                          1. 1

                                            “ but the business model for current social media companies is what ultimately drives that.”

                                            I definitely agree with that. Now we’re in tricky territory, though. The uptake model for social media is it has to be easy to use/understand, preferably free if maximizing participants, and dirt cheap to scale if either free or low-cost. That already disqualifies most decentralized schemes people create. The last thing is people go where other people are. So, to bring in the masses, it needs to sort of already be popular at least among groups of them with some motivation for them to invite their friends. Those people are mostly locked into Facebook and such right now with lots of friends, family photos, etc they might stand to lose.

                                            With that, I’m not sure how to make decentralized, private, social media take off in a big way. It’s one of the only types of applications I have no confidence in. That’s in general, not just decentralized. Only a small number of players even made huge waves. Fewer than that survived with any large usage. We might be stuck with a situation where they stay stuck on social media but we push private messaging as extra medium with other benefits like no limits on characters, immediate delivery, etc. Fortunately, a ton of people already moved to IM. It should be an easier sell than before.