Six posts, a presentation, and a preview on privacy and prototyping: Fediverse update, July 3

As usual it's interesting times in the ecosystem of decentralized social networks known as the "fediverse".    It's always grown in waves, and now thanks to Reddit's ongoing footgun and Twitter's latest management brilliance, there are at least two in progress.  And while the last several waves have focused primarily on Twitter competitor Mastodon, this one is also sparking interest in Reddit-like kbin and Lemmy, Instagram-like Pixelfed, and the rich functionality of Misskey (growing rapidly in Japan) and its about-to-be-renamed Calckey fork.  As if that's not enough, Facebook parent company Meta's about to introduce a Twitter-competitor (probably known as Threads), and there's a lot to say about that.  Interesting times indeed.

So there's a lot to write about, and I've been doing a lot of writing about it.  Rather embarassingly for a blog/newsletter called "Nexus of Privacy", almost none of it has been directly about privacy, for which I apologize.  I'm working on a privacy-related fediverse post and hope to have a draft out by the end of the long weekend. I've got an excerpt at the bottom – that's the "preview" in the title.

A lot of the other writing I've done in the last week has been updates of previously-published posts.  Individual updates have small enough, and frequent enough, that it's not worth ending out individual newsletter updates.  Insrtead, I figured I'd collect them in a single post. Also, I have a lot of new subscribers since last November, so some of you may not have seen the earlier versions of some of these – or Flocking to Mastodon, the "presentation" in the title.

Six posts

I know this is only five bullets, but the first bullet is two separate posts.

• How to choose the right Mastodon instance? and How to use filtering and muting to hear less discussion of odious people on Mastodon both have minor updates from last fall.  If you're one of the many frustrated Twitter or Reddit users who's checking out Mastodon, I hope you'll find them useful!
• A (partial) queer, trans, and non-binary history of Mastodon and the fediverse (on WeDistribute) is the revised version of We’re here, we’re queer, and we’re federated, with a different introduction (including several additional quotes, and more of an emphasis on recognizing people who aren't mentioned).  It also highlights several additional contributors, including Solstice School, Artemis developer Harriet, Calckey maintainer Kainoa, and Hajkey / Blahaj team of Kaity and Ada.
• Should the Fediverse welcome its new surveillance-capitalism overlords? Opinions differ! has quite a few new quotes and links as sigificant edits in the Two views of the fediverse and  In chaos there is opportunity! sectiuons
• Don’t tell people “it’s easy”, and seven more things Kbin, Lemmy, and the fediverse can learn from Mastodon has several new sections (Experiment to find what approaches are a good fit for the current state of the software , Ten days later, and A few more thoughts on moderation) and several updates on the bot infestation.
• Mastodon: a partial history (DRAFT) has some updates to the section on Does Mastodon really prioritize stopping harassment? and a few other minor cleanups, although it still mostly ends in December 2022.  I've got some notes for a followon bringing it up-to-date (as well as a section on Gab), but I'm not sure about the timeframe.  The activity on the BlackMastodon and BlackJoy s a huge positive difference from a year ago ... but in so many ways Mastodon hasn't really addressed its problems: over-centricity on mastodon.social, it's cis white guy-heavy power structure, its well-deserved reputation for racism and reply guys, lagging innovation energy compared to apps, other platforms, and forks.  n chaos there is opportunity!, but will Mastodon itself be able to seize it? We shall see.

A presentation: Flocking to Mastodon

This is a presentation Alka Roy and RI Labs hosted in late 2022.   The section on "Navigating Mastodon: How to Use it?" has a lot of tips for newcomers, and the "It’s Evolving: Why it Matters & What Next?" remains relevant as well.  There were problems with the video quality so we never put it up on YouTube but the slides have a lot of information in them.  Here's the Google Slides link; I'll work on getting a surveillance-free PDF available as well.

Flocking to Mastodon? Here’s what you need to know!

Do we know why we are playing the game we are playing? 1 RI Labs Leadership Circle Talks © Alka Roy, RI Labs 2022, All Rights Reserved. Love How You Lead Jon Pincus Founder, Nexus of Privacy RI Labs Future of Leadership Program Participant @jdp23@indieweb.social Flocking to Mastodon?: What You Ne…

Google Docs

A preview on privacy and protoyping: excerpts from "Threat modeling, Meta, and privacy in the fediverse"

Title subject to change!  This is an early draft,

Meta's potential arrival may well catalyze a lot of positive changes in the fediverse.  And changes are certainly needed!

– from In chaos there is opportunity!

Privacy is one of those areas of the fediverse where change is badly needed. Mastodon wasn't designed and implemented with privacy in mind – in fact it violates pretty much all of the seven principles of Privacy by Design. Privacy by default?  End-to-end security?  User-centricity?  Uh, no.

And it's not just Mastodon, the same's true with most if not all other fediverse software.  Even the underlying AcitivityPub protocal that powers the fedierse has major limitations.  Christine Lemmer-Webber (who co-authored the spec) says that from a security and social threat perspective, "the way ActivityPub is currently rolled out is under-prepared to protect its users." Ariadne Conill's ActivityPub: The “Worse Is Better” Approach to Federated Social Networking describes ActivityPub's approach as prioritizing other concerns over safety, and the same's true for privacy.

We interrupt this blog post for a public for a public service ammouncement.  
Pleas do not use the fediverse for confidential or secret information. Don't use Facebook, Instagram, Twitter, or any other social network either. Use Signal or some other encrypted messaging system.

We now return you to your regularly-scheduled programming.

Meta's potential arrival on the fediverse increases the urgency of addressing these longstanding privacy issues.

For one thing, Meta's a threat in many ways: to the safety and mental health of many people in the fediverse, to many marginalized communities who are trying to make a new home there, to democracy ... and to our data. Meta's business model is exploit data they've gathered without consent by selling ads and influence elections; they're exploring collaborating with Mastodon instance admins in "win/win" partnerships to monetize their users (and their data).  People in the region of the fediverse that doesn't collaborate with Meta will need stronger privacy protections to protect their data.  

That said, privacy's even worse on Facebook and Instgram than it is in the fediverse.  Their software is the opposite of Privacy by Design, everything about it is designed to track your every move and encourage you to give them as much data as possible and feed their racist algorithms.  

So there's also a huge opportunity here. If the fediverse can provide a more private alternative, that will be hugely appealing to a lot of people.

Either way you look at it, now's a good time for the fediverse to take privacy more seriously.

And not just privacy, of course.  One way to look at fediverse is that we've been doing a prototype at scale of a decentralized network, big enough to get experience with the complexities of federation, good enough that many people find it usable and even enjoyable for a social network activities – but with big holes including privacy (and safety and accessibility and equity and usability and sustainability and ...).  To effectively respond to Meta, the fediverse is going to have to get beyond the prototyping stage.  

One path forward is to evolve today's implementations and addressing problems incrementally.  From this perspective, threat modeling can help identify low-hanging fruit to make more rapid progress in the short term as well as highlight important areas where there aren't any good short-term answers yet.  And threat modeling's also useful for new implementations that start with a focus on privacy by design (and design from the margins, and software engineering best practices, and safety, and equity, and accessibility, and ...).  

So let's get to it!