This is one of the strengths of a federated system run by people who aren't looking to profit. Firstly, they care about their users and are more likely to take difficult decisions, like the one Ash has made, for the good of themselves and their users. In doing so everyone involved has time to make an orderly move.
Secondly, the service survives. Mastodon didn't shut down. The Fediverse didn't close. One beloved instance bows out and whilst it is a loss to many, their network endures as they thank the admin(s) and move on.
You think this shows a disadvantage compared to twitter? Let's talk once twitter shuts down. Because it will. How will your argument hold up when f*c*book finishes dying? We'll find out soon enough. Or how about when a telecoms/media conglomerate buys out flickr or tumblr and puts a stake through their heart? Oh, that already happened.
This is a bittersweet testament to exactly how the Internet should be built: on the foundations of openness, community and decentralisation.
Mastodon will probably die first because it's just a software but that's not a problem: ActivityPub, the protocol, and the Fediverse, the network, will most certainly outlast Twitter. Unless Twitter chooses to get compatible with the Fediverse.
A protocol can't die. People are still using IRC, XMPP, good ol' email, decades after they were created. They are still useful, they still work, so there is no reason for them to "die"
I find the idea that X won't / can't happen on a 3 month timeline, in this political climate, silly. Is there such a thing as stability bias? Because folks had best recalibrate their expectations for rate of change, starting a few months ago. I won't be taking any bets on Facebook, but the thing I'm replying to sounds like 6-months ago thinking.
Once the twitter sale is completed, the new owner of twitter can chose whatever they want to do with it, including shutting it down - which in this milleu would be something that the buyer of twitter will consider doing just for LOL's.
imagine the trolling potential of a rolling outage of twitter or ooops "new owner" deleted the database as a joke. Or replace all twitter profiles with sayings from Doge.
before you say "this person can't possibly do this" ... think again.
f*c*book has been floundering for some years now and is lurching from trying to follow one trend to the next, pouring money into each attempt and everything twitter seems to do causes another exodus. They'll be brought out and then hollowed out, or attempt a major pivot which will be fatal for their global relevance. This is without the spectre of data protection laws offering us more and more protection from the abuse of these sorts of platforms, having themselves broken up by monopolies, their revenue stream being cut off wholesale by the likes of Apple, investors and big customers finally realising they're paying for bots and I'm sure several other bear traps just waiting for them to stumble into.
These services may not "shut down" but they might change (or have already changed) so much that many would not have signed up knowing what they know now. This is kind of a danger of an open protocol too (for example, IRC users who signed up in 1998 to talk about Britney Spears gossip are probably not well-served by most current IRC networks), but not to the same extent.
Orkut was super successful and was eventually shutdown.. Meta will live on forever but facebook might well be a relic of the past. Most people don't even log into facebook anymore than a few times a year.
I wouldn't claim Twitter will shut down soon, but one could argue that mastodon is more robust because it's divirsified.
There's no single person on earth who can shut down Mastodon, so Mastodon dies only if this decision is made massively by many people (or if development stops, but then still nothing will stop the server I run on raspberry pi in my bedroom). Twitter otoh can be shut down by one person for a whole multitude of reasons without any concern for the opinion of users.
In some sense of the word they are already shut down. Moderation is very heavy on both and certain topics just can't become widely shared. For example, a recent thread by a sex worker had something like 8/30 tweets censored off the platform (despite none of the content being graphic, offensive, or illegal).
So sure, Twitter will run for a long time. But it doesn't have very strong guarantees to its users about how it will treat them or what content will be allowed.
OP didn't say anything about timing. Everything comes to an end. The point is that the timing in one case is decided by the users, the other by shareholders.
I don't think he was saying either Facebook or Twitter is going to close soon. Heck, MySpace is still around. But sooner or later, centralised systems either shut down or become something completely different: think about Tumblr as a good example of that.
I'll just butt in at this point to note that 'federated' systems are more or less FidoNet and Usenet warmed over, neither of which managed to overtake commercial systems, and in the latter case was rendered useless by spam... much like Mastodon and friends which are rendered useless by racism and porn.
Speaking of which... there's supposed to be a Mastodon Server Covenant(tm)(c)(pat. pending) in regards to such matters, but the https://joinmastodon.org/covenant where it's supposed to be documented is 404. Looks like it was quietly removed sometime after August of this year.
In any case I'll make a prediction: Mastodon will remain a haven for people too racist and/or porn-obsessed for even Twitter and Reddit to tolerate and adoption will be hampered accordingly.
Can someone explain why a Mastodon account is so intrinsically tied to the instance it was registered on? This has always confused me and is part of the reason I haven't started using it, I couldn't decide on which instance to use. Why can't an account be globally unique and not tied to a specific instance? Why, as a user, do I have to deal with the low-level concept of an instance?
Is this all just a consequence of keeping user data private-ish? I understand the data has to be stored somewhere, and if user data were distributed to the entire network, it obviously wouldn't be private. Couldn't e2e + public key encryption be used to work around this somehow?
Mastodon confused me for the longest time as well. Which community do I join? If I create an account on "federatedplumbers.example" why would I interact with a community and follow people at "federatedshoelacecollectionists.example"? Shouldn't I create an account at both communities and interact with each separately? This is what we do now by having a twitter account and a facebook acount, and a etc... A twitter account doesn't ever talk to a facebook account.
Then I saw someone do something I hadn't seen before...
They made their own mastodon insance: toot.firstlastname.example and their identity was @joey@toot.firstlastname.example
Joey could make his own toot feed of social media posts that anyone at any community could subscribe to.
Joey could then subscribe to the entire community at federatedplumbers.example, or he could follow just one user: @phoebe@federatedplumbers.example. Then @monica@federatedshoelacecollectionists.example could follow @joey@firstlastname.example and so on.
It doesn't matter where you start an account. You can join a community that you really like or start from scratch with your own instance and go and make friends in other communities. The real advantage with starting your own is that you have control over your content and aren't in danger of having your account shut down if a community decides it can no longer maintain the server.
because that is your identity, the full "user@domain" the domain you are on is an intrinsic part of addressing to get to your account. so the question then becomes why can't you change your name? and it has mainly to do with avoiding name conflicts in administratively isolated systems.
A major problem in distributed systems is names. one solution is to do what dns did, you can have nice names but you only get to pick them under the part of the hierarchy you control. another solution is to do what git or ipfs does. nobody gets useful names but at least you don't need any sort of central name database.
mastodon went the dns/email route, which makes sense people want nice names. but now your name is stuck on your domain. perhaps someone could have setup a central name server to avoid name collisions, but who would you trust to run it? what happens when it goes down? might as well just use dns.
Off tangent opinion on names in a federated system.
Unfortunately mastodon adopted the twitter style "@user" but because this only make sense in the context of a single domain mastodon mainly uses the awkward form "@user@domain" I think the email/xmpp form "user@domain" would have been better, but if they felt the @ prefix was critical to the experience of a twitter like micro blog than they probably should have adopted the form "@user.domain"
From a technical point of view because ActivityPub is based in HTTP and other instances need to know what endpoint to talk to.
There is already support for basic migration of followers but it would be nice to see fully instance-independant accounts. Probably something based on cryptography so your account is a key and you can publish from any server. However a protocol like this would be a lot more complicated than ActivityPub.
It's because of the sybil problem. If accounts are globally unique, then a bad actor can register as many accounts as they want, and can do things like e.g. reserve other people's usernames and charge real money to have them unreserved.
And who will pay for that openness and decentralization? Let’s hypothetically say that Twitter is closed, millions of users discover Mastodon and move. Mastodon instances will be down in matter of seconds. How do you approach this? By volunteers adding more instances(that they can close anytime)? This will not change anything. Everything cost money and living in an “free” world bubble isn’t helping in any project adoption.
So I do not see any advantage in federated system. It’s cool as technology and all, but completely unprepared for huge traffic or real life scenarios.
PS. Please do not say anything about “anyone can start his own instance”. No, average Twitter/Facebook consumer can’t start his own instance.
Did Web 2.0 make us all forget how open IRC networks were run?
Resources donated by an organization in the form of a server linked into a larger network, a committee that vetted new server applications to the network, volunteer administrators for the network and the individual servers, coordinated regional and global upgrades. And as network users increased, reforming under a hub and spoke models to improve scale and capacity.
And when a single IRC server went away after some time operating for its various reasons, the network kept going.
Could the average IRC user start/host their own instance *and* link it to the larger network? No. But they didn't need to.
> By volunteers adding more instances(that they can close anytime)?
"That they can close anytime", just like twitter in this example. Partly, yes. But that sort of total exodus would mean a lot of additional people contributing ideas and code to the Fediverse, not just servers, but by making it easier to run your own instance. Who's to say it couldn't be run just like an email client with the right ideas and effort? It's such an extreme example that I'm not even sure it's useful to discuss.
What traffic is it prepared for? It would be interesting for you to provide the numbers and the evidence which backs this up.
As for real life scenarios...there are upwards of a million people using it right now. I've made friends, networked professionally and found several homes there. I am literally a real life scenario and so are the people behind most of the posts there.
And today you are right about "anyone can start their own instance", but it's a darn sight easier than running your own twitter.com, and it'll get easier every year.
> PS. Please do not say anything about “anyone can start his own instance”. No, average Twitter/Facebook consumer can’t start his own instance.
This isn't a law of the universe, it's just software people haven't written yet. Installing new client-side apps was hard, until it wasn't. "Anyone can start their own instance" will be easy once someone writes the software to make it so. (Presumably a cloud provider like AWS, since that's who stands to profit from lots of people wanting to run server-side apps)
Who said anything about the Fediverse having to be free ?
There is absolutely no doubt that should Twitter die, if no single actor can emerge quickly enough, for-profit actors will emerge and they will have all good reasons to be compatible with something that already exists. There will be mega large instances paid by siphoning data and with ads, there will be large instances paid by users/funds/donations, there will be small, community instances. Maybe HN will have its own instance; how much do you pay for HN today ?
As a counter example, email is a federated system too. I don't think a federated network should, or can for that matter, mimic the user friendliness of a closed system; so there won't be massive exodus of users from Twitter to the federverse, no matter how screwed Twitter became.
Our pay-what-you-can cooperative Mastodon instance at social.coop, running strong for over 5 years, is currently debating what to do with our 10,000€ budget surplus.
The idea that social media costs more to operate than people would be willing to pay is false. It's propaganda from the people who profit from keeping you trapped in their closed networks to monetize your attention.
> Mastodon instances will be down in matter of seconds.
Of course not. Mastodon instances can be capped in the first place, and anybody with a rudimentary server management knowledge can start their own instances on a cheap server. Mastodon has current hundreds of instances, let's not pretend it can't go to thousands if the user base increases.
I think the problem is exactly that the average consumer can't start their own instance. What if there was a front-end service that made creating a fediverse instance as easy as creating a discord or Slack, and handled all the messy technical stuff with setting up an instance for the average user, while at the same time allowing said user to have full control of the cloud files? The front end would be incredibly light weight (just API calls, no data storage), so even if it shut down, as long as it is open source someone else could run their own instance of it on a different URL and the user could keep admin of their instance through that.
Admins of existing instances can configure user limits, close registration, etc., so new user will move to other instances or create demand for commercial instances.
> Mastodon instances will be down in matter of seconds. How do you approach this?
The same people who pay for everything right now will pay for it: us. Some instances will have patreon, others will be voluntary donation, others will use some craptocurrency, others will have contractual subscriptions, some will have ads... And whatever models are best will win out. Quit with the FUD. Just sit, back, relax and watch it happen.
Simple: It collapses and the millions move on to the next one, leaving the collapsed server to catch up and come back online. Like a scared but surviving turtle. Most servers are crowdfunded. Even the project's instances get funding through Patreon.
The official instance finding site seems to be good about spreading the load out every time Twitter burps. You have to meet certain reliability requirements to even be listed.
Is there anything to prevent a person/group from setting up a Mastadon instance with a charge to cover hosting, admin, & support costs (something like businesses charging for service on Open Source software support)? This could both make it more stable and sustainable and be a barrier to bots/trolls.
This is why I view the "federated" form of decentralization to be more of an intermediate stop-gap between fully centralized and fully decentralized in the form of true P2P.
For a decentralized social network to be viable/sustainable (especially on the scale of something like Twitter), it has to be truly P2P, not federated on volunteer-run servers paid for through donations. That volunteer-run federated model is really only sustainable for smaller niche communities, not a global social network.
As of right now, the closest framework I can think of to handle something like this is a social network built on OrbitDB: https://github.com/orbitdb
I am not participant but I have seen some invite only fediverse instances. Can't there be paid instances too, even pay by (please don't hate me here) watching ads ? Does actually anyone need to cater to millions of users?
Yes, hosting is a cost and it is not 'free', hence the frequent downtime with Mastodon instances, even when they had traffic during Elon's takeover of Twitter many of then could not even handle the new users.
Also, these users don't even know which instance to go to, since there is little to no-one to talk on there. If there are 'hundreds of thousands' of users then that means they have just recentralized on Mastodon.social, the "main" instance, defeating the point of it all.
> PS. Please do not say anything about “anyone can start his own instance”. No, average Twitter/Facebook consumer can’t start his own instance.
This is why Mastodon has failed in the first place after almost 6 years with this system.
The Fediverse (or Federated Social Web as it was previously referred to in 2007[0] or so when it was first envisioned) will never close. Single installations may, but the network as a whole can not.
Sure, but commercial entities generally shut down when there's too few users to justify the costs. But then you're not comparing the value of current Twitter shutting down but an empty wasteland Twitter shutting down. An empty wasteland Fediverse also wouldn't be of much use to the vast majority of people.
>Bingo. I say this all the time, Twitter is not immune from being a member of this list (Defunct social networking sites, wikipedia):
It is if people who've decided it's "de facto infrastructure" get their way and the government nationalizes and regulates it. Then we're all stuck with it forever.
> This is one of the strengths of a federated system run by people who aren't looking to profit.
People who aren't looking to make a profit (or even break even) means they are running a social media platform while funding it through some other means. What is that means of making money? What pays for the hosting and the time spent doing ops?
You can't take money out of the equation because you have hosting costs at the least.
How are things funded and why that way should be a conversation. Anything that ignores money ignores the reality of operating something on the Internet. That means it's not sustainable.
"Trying to be self-funding" and "trying to make a profit" are very different things, and it doesn't make sense to conflate them.
Even though funding wasn't the primary focus of this blog post, it seems to make it quite clear where the money was coming from: https://www.patreon.com/ashfurrow
> Secondly, the service survives. Mastodon didn't shut down. The Fediverse didn't close. One beloved instance bows out and whilst it is a loss to many, their network endures as they thank the admin(s) and move on.
I'm understanding that the data is gone and you're bragging about the observation that the protocol still functions?
I'm not sure this is an aspect any of us care about?
I think we can all observe that a common interface for posting and interacting with people will remain and that no corporation right now can unilaterally change that. I don't think pointing that out in a thread about all of the data on that server being gone is a strength.
Just as a small nitpick, there is still a community on Flickr. There are certain elements that Photographers get out of Flickr that we don't get from Instagram, or other platforms. This isn't to say that the service is as big or powerful as it once was, but it has done an adequate, if not satisfactory job, at meeting the needs of its base.
Very true in comparison to Instagram. Flickr doesn't strip your metadata and color profiles. They allow uploading actual rectangle photos instead of square or square-ish. They don't compress the hell out of the images. They store an original of the upload (great for an archiving failure). There's also more community-building tools even if they're no where near the vibrancy of a decade ago (though the unlimited storage is probably what led to the decline as many folks just dumped everything on it).
The biggest beef is everything that comes with it needing to be for-profit and how you can't control the whims of the product owner.
I know a fair few people who were really big Flickr fans back in the day and they lament at how the service has changed, and how its soul was diminished, because of the interests of those who now control it. You're right that it is still a going concern.
All in all, it doesn't mean much. Mastodon makes the domain part of your ID, so moving to another server isn't different than, say, moving to Twitter. Even if it's possible to move your existing content, it doesn't have significant value on an ephemeral timeline. You might as well save your backups and keep going.
Mastodon might be able to force your followers to follow your new account, but AFAIK it doesn't do that either for reasons I don't know. That would've been cool.
Mastodon does inform your followers when your account moves[0], but unfortunately doesn't allow you to automatically migrate your existing posts over to your new account.[1]
Twitter shutting down would need a couple black Swan events, you shouldn’t avoid doing something just because there could be a small chance of death(not walking out side to avoid a meteor strike).
Twitter by all means is superior in every sense, speed, network size, reach and content.
You are correct. There is currently an open issue[0] requesting support for migrating posts, that was opened in 2019 and unsurprisingly has some comments from today pointing out how useful such a feature would be.
To be clear, when you move accounts, your old server will notify the servers of all the people who follow you such that they will silently be updated to following your new account. This is not something you can do yourself at all; you can contact all of those people and tell them about your new account, but then they'd have to take action to follow it.
Why not consider twitter, Facebook, tumblr as decentralized instances of social media? Why build decentralization into the tech instead of having decentralization through multiple companies existing? A real community is being destroyed here, even though other similar ones exist
This article is replete with examples of the weaknesses of a federated system run by people who aren't looking to profit.
> This made me realize how little joy I’ve been getting from being an admin. How I’ve come to resent the work I have volunteered to do. I’ve donated countless hours to running the instance, solving both technical and moderation problems, and I’ve always put the instance above my own needs. But I can’t put the instance above the needs of my family.
> Why Not Transfer to a New Admin?
> Users have put their trust in me with their data. Choosing a new admin would require a massive amount of trust, since they’d have access to over a half decade of user data. Not just data from my local users, but from users they have interacted with.
The ideal inherent in federated systems- "people will use servers run by their anarchist commune's sysadmin" breaks down in real life. Nobody actually has a personal anarchist sysadmin to run their mastodon instance for them. In absence of this, the servers in federated systems are run by strangers on the internet who foolishly volunteer themselves for a huge amount of unpaid work, and who you just have to hope are going to be responsible with user's data.
This is why the anarcho-capitalist philosophy of the blockchain world has been so much more successful. The first thing they figured out was how to reward people running the servers, and how to make it so you don't have to trust them. It's a viable, expanding system, and with improvements to scalability and privacy, it will handle decentralized social media as well.
I always wondered when twitter is ultimately shuttered if they will hand off (at least all the public facing) tweet to some place like the the library of congress for historical purposes.
Closed source dies with the lack of money. Open source dies with the lack of users and attention. The problem is, money buys users. So for FOSS, it's a chicken and egg problem with the interplay of money and eyeballs.
Thanks for your hard work Ash, and sorry to hear about your loved one.
As much as I love the Fediverse, I think the culture leans toward instances that are too big. I think the number of people on each instance should be much closer to 1 than 1000.
The problem is self-hosting is too difficult for the average person. But that doesn't have to be the case. Self-hosting shouldn't be any more complicated or less secure than installing an app on your phone. You shouldn't need to understand DNS, TLS, NAT, HTTP, TCP, UDP, etc, etc. Domain names shouldn't be any more difficult to buy or use than phone numbers. Apps should be sandboxed in KVM/WHPX/HVP-accelerated virtual machines that run on Windows, Mac, and Linux and are secure-by-default. Tunneling out to the public internet should be a quick OAuth flow that lets you connect a given app to a specific subdomain, with TLS certs automatically obtained from Let's Encrypt and stored locally for end-to-end encryption.
I think part of it is there are instances that are just sooooo broad. Mastodon.social … shouldn’t exist? I think. It’s too broad and kinda duplicates the general social network issues of everyone using the thing.
Meanwhile there are loads of three-digit-user instances that are more focused (and have less problems on a tech level, and on a social level)
I think the project instances exist so people will at least get on board, try it, figure it out, and move on to a more suitable instance rather than abandon the whole thing entirely. The alternative is losing lots of potential users at the front door.
Honestly I think some big issues are that not everyone has a fast machine thats going to be up all the time to host the instance. It would be cool to implement something like BitTorrent but for websites.
A major note in the Mastodon fediverse brought down by the fact that it's administered by one person who, despite the fact they are running a social network node, never built up the real world trust connections to find somebody they could share the toil of administration with or tap in when it was time for them to bow out because we are all mortal.
The technological problems are not the hard problems in this space. The hard problems are social problems.
> Users have put their trust in me with their data. Choosing a new admin would require a massive amount of trust, since they’d have access to over a half decade of user data. Not just data from my local users, but from users they have interacted with.
I'm not a Mastodon user, but this is haunting. Just like shady data brokers, political shadow companies and "the feds" are running VPN nodes, subreddits etc, this architecture is practically designed for malicious actors. It wouldn't surprise me if it's already being used this way on other nodes.
To be clear, in 2005 this would have been great, tech is moving fast so one has to remain humble when critizising architectural decisions. Nevertheless, today we can't trust private data in hands of benevolent (and often de-facto anonymous) volunteer actors, if we want scale and security in the decentralized (or even federated) world.
We have had enormous progress in applied cryptography, both in social apps (Signal, Matrix) and defi (some successes, many failures to learn from). We should have the expectation for private data that the operator cannot read it. Doesn't mean that all data on a social app must be private, but DMs and invite only "groups" should be.
Currently, the typical website with per-node password auth doesn't satisfy these constraints, since credential harvesting is trivial. It's very difficult to build E2EE web apps and even if, users have no habit of keeping secrets on-device. The client itself needs to be vetted and accessed securely. Perhaps Matrix is best positioned in this space.
If this is a concern of yours, don't migrate your account. All instance admins play the role of Twitter CEO on Mastodon, which means (much like Amazon, Apple, Google, Facebook, Microsoft, Netflix, et. al) they can access all data you've trusted them with. The point of Mastodon is that it broke down these data silos, and give people more sane ownership models for social media. Your privacy concern is valid, but Mastodon doesn't advertise itself as a private protocol. A glorified microblogging platform doesn't really have a whole lot of data to leak besides maybe your DMs.
> We should have the expectation for private data that the operator cannot read it
That's called heterogenous encryption, and it's the technological equivalent of Mythril. End-to-end encryption doesn't stop the operator from decrypting your data. In fact, pretty much everyone has to, since raw encrypted TLS data can't just get slotted into your OneDrive/iCloud account. These operators literally need to read your data to operate on it. I genuinely don't know how you would engineer a more secure architecture here.
If you want to talk about architectures designed for malicious actors, you probably shouldn't start with distributed systems. Monolithic, profit-driven corporations like Twitter are much easier to tempt with salacious "data brokers, political shadow companies and "the feds""
> The technological problems are not the hard problems in this space. The hard problems are social problems.
This is something that perplexed me when Mastodon and Diaspora and others appeared: why would you want to recreate/mimic the toxicity of FB and Twitter ? The resharing, the upvotes, etc. If social networks all have the seeds of their defaults, why clone it ?
Mastodon and other Fediverse microblogging platforms aren't trying to recreate these abusive systems. They don't show boost/favourite counts, don't offer paid promotion or adverts, don't have the manipulation of the timelines or the other abusive dark patterns used to keep people hooked on the toxic pipes. I feel that being able to show appreciation for a post, or send it to the people who are interested in you, are both important ways to interact and can be implemented without the unhealthy byproducts of the corporate social media orgs.
yeah, idk if you could count this as a success when by his own admission there's so much user data essentially sited on one single point of failure/compromise.
Ash: I'm sorry to hear about the health issue that precipitated this. I wish you the best outcome but realize that that does not always happen.
Rest: As someone who does not (yet) use Mastodon, I'm curious about the impact of a single node shutting down. At least in this case this is happening in an orderly manner and with warning.
I'm also curious if this is a problem with Mastodon in general or did this particular node just become too popular for its own good. I seem to recall that some instances (Adam Curry's No Agenda related instance) limiting membership. Or perhaps I'm thinking of something else. But that may not help if the problem is traffic generated by the entire network as seems to be hinted at in the post.
Please excuse my ignorance of how Mastodon operates that may be implicit in my questions.
Mastodon has a migration path for users to move to other instances. So when the server admins allow it (i.e. don't just shutdown, or kick someone off) moving is rather easy.
Today, several in my mastodon timeline mentioned they finished the move. But without them mentioning, I, an outstander (i'm on another instance) wouldn't notice it.
What will happen, though, is that a portion of the users won't migrate. Either because they forget, or they can't be bothered, are "zombie accounts", or because its too challenging: it does involve down- and uploading and/or copypasting zips/datafiles. This means a bit of pruning or culling, and that could be considered good, IDK.
What will also happen, on a more technical level, is that other instances and maybe bots and automation will hit timeouts and connection errors when it really shuts down. Most instances and fediverse software can handle this just fine, it's built with this mind; it might at most cause some overhead and load. Some flakey or poorly developed software might crash or break (for a moment).
> Today, several in my mastodon timeline mentioned they finished the move. But without them mentioning, I, an outstander (i'm on another instance) wouldn't notice it.
Do you mean that part of the protocol allows for a migration process that includes changing who your follows are pointing at? (assuming all servers involved are up to date and have this feature) I.e. did your account automatically start following your friends' new accounts?
> a migration path for users to move to other instances
Thanks for clarifying - without that bit of background, this post reads like, "if I can't have it, no one can". But I guess the post is directed at people who do understand the background behind mastodon in general (which I and OP didn't).
Wouldn't it make sense for there to be a cryptographic verification based on a private key held by the user, so that they can prove to other servers/users that they are the same account as one that existed on a server that has shut down already? Is there something like that in Mastodon?
Very little actually. Depending on how the shutdown works in practice, the impact is basically nothing. Other instances just stop receiving updates from the instance, which just results in the users in the closed instance being cached artifacts (zombie accounts) that need to be cleaned out manually.
There's also a "self destruct" feature in Mastodon which is the nice way to shut down an instance; it issues account deletion messages for every account to every instance it federates with. The idea being that this results in the federating instances processing the account deletions accurately.
As for requests to the original server; basically all instance software (Mastodon included) implement a backoff mechanism, meaning that if after 3 months your server is still returning 404s when requesting new information, the software will quietly stop requesting new info unless explicitly asked to do so by a user.
A know a fair amount of Fedi folk who have moved instances. The move feature means we haven't lost touch, that they haven't lost their network. Some have even moved to start their own instance, or chose to move elsewhere. Whilst I am sure many lament not being able to bring posts to a new account, they can be exported and it's one's network which is most important.
I myself moved off mastodon.technology when I didn't agree with a change to the ToS, and was banned from mastodon.social without reason or redress, and neither event meant I had to start from scratch.
> The server has also gotten too large and too complex for me to administer.
I always suspected this would be a massive problem with Mastodon. I contemplated running a server, but there's no way to know beforehand when you'll be running into a limit, like cost or time. Can you really build a social network on volunteers that invest their own money and time, with little reward?
It's a "typical" Rails application: large, convoluted, lot's of moving parts, and services, and generally slow as molasses (solved by throwing more hardware at it). As experienced Rails dev(ops), I managed to run and help run an instance, but it's not something done on a friday afternoon, let alone scale up.
What we really need in this landscape is dead simple services. I'm thinking about the difference between setting up a gitlab or a gitea. The first is Rails, needs ruby, gems, bundler, workers, database server, redis, mailserver and whatnot. And thats for manually installing on a server - no pipeline or anything to manage future changes. The second a single binary (pre compiled from a go codebase) everything statically linked (even sqlite is built in, with option to upgrade to postgres). Plop it on a server start it and go. For an intranet you might even skip putting a server/https in front, just run on exposed ports.
We can dockerize all the ruby-stuff, but that might make it easier, it doesn't make it simpler, it really makes it more complex. And the performance-issues aren't solved.
The fediverse needs this as well: just plop a binary on your VPS or homeserver and you're running. Such lean and simple servers are being worked on, but Mastodon itself is a huge, slow and hairy beast.
There are plenty of other choices. Pleroma[1] is probably the biggest competitor and is lightweight enough that you can deploy it on a raspberry pi. It's written in Elixir which takes a bit to set up, but the devs offer OTP releases that don't require you to have Elixir installed to use it and are the closest to "single file" deployment you get. Resourcewise it takes up only a fraction of what Mastodon demands in terms of memory & cpu usage.
DB backend is postgres. It's also by default far less cache heavy than Mastodon (which caches every external attachment, avatar and header locally, which causes a lot of issues since it's the main reason instances run out of disk space).
Featurewise it actually surpasses Mastodon on almost everything except for not offering a tweetdeck-like UI.
> What we really need in this landscape is dead simple services.
I'm working on exactly that: a service that acts as an ActivityPub server (code[1], example[2], example application running on top of it[3]) for users in the form of a static binary. It supports multiple storage backends that can be selected individually or all together at build time and it can be extended to many more.
> The fediverse needs this as well: just plop a binary on your VPS or homeserver and you're running. Such lean and simple servers are being worked on, but Mastodon itself is a huge, slow and hairy beast.
Even if you get the tech stack solved to an easily deployable package: The problem is you still need to invest immense amounts of time on moderation. Some of that responsibility is enforced legally (e.g. CSAM, warez, US COPPA, EU GDPR, German NetzDG), some of it socially (e.g. kicking Nazis, conspiracy spreaders or other forms of hate speech out), some of it by the federation system (e.g. kicking spammers out) and some of it you need to do to keep your community healthy (e.g. kick general trolls and creeps out). If your instance allows adult material, gambling or games, you'll need to moderate your instance as well in some jurisdictions. And you'll need someone always available to support police, court and secret service requests.
Maintaining a service that hosts user-generated content is a thankless nightmare, and no matter what you do it is a huge liability. In the end, either you make your users pay for it in cash (subscription fees, patreon/gofundme/paypal donations), with their data (advertising) or you'll eventually burn out (such as the author of the blog entry).
Oh, and add on top of all of that the constant dealing with abuse: 4chan edgelords DDoS'ing your instance "for the lulz", random skiddies constantly running exploit scans against your server (which additionally means you have to have someone 24/7 to upgrade software in the case of a 0-day), people reporting your server / IP to blocklists to get you booted off the net... then you have to take care of hardware maintenance itself, making backups, testing backups. It's a full time job essentially, requiring an awful lot of time, money and connections (e.g. lawyers).
It's mostly large if you make it large. I run a single-user Pleroma instance, my fediverse network is relatively small and for the most part I can keep my timeline clean purely by reaction.
Even having around 20 users or so is still relatively manageable (used to run an open signup instance in the past). Basically as long as you don't exceed Dunbars Number[1], moderating a fedi instance is fairly painless.
External moderation can generally be managed with snap decisions. If you use Pleroma (and you should, it's much more technically competent than Mastodon), you can manually disable external user accounts specifically from federating with your instance.
Beyond that, most fediverse servers kinda make it really obvious whether or not you want to associate with them; they tend to be fairly open about what is and isn't allowed on their about pages so if you get a misbehaving user, you can usually see at a glance if the problem is instance-wide or just some random vandal.
Your biggest burden really is local moderation, external moderation isn't a big deal at all.
> Can you really build a social network on volunteers that invest their own money and time, with little reward?
You can at least use it for existing communities and "social networks": family, friends, geographical communities, hobby- or work-related ones. To provide them a somewhat self-administered space online to connect and share photos and other info.
Thanks to federation this community can have its own "space" without being isolated from the rest of the internet. Open-ness can be somewhat gradual.
There's lots of different of ways to organize funding and the ongoing technical work for such communities.
I think it becomes harder to build sustainable instances the less socially connected the admins are to the average user.
The Fediverse isn't just Mastodon, and there are other microblogging platforms. Epicyon is designed to be a lightweight server: https://libreserver.org/epicyon/
"Epicyon is a fediverse server suitable for self-hosting a small number of accounts on low power systems."
In a testament to how the Fediverse really does Just Work, I stumbled across Bob, the developer, quite by accident from my Mastodon account and now follow him. His posts, from his Epicyon instance, appear just like anyone else on my home feed and we interact as if he lived on my home server. There are at least half a dozen people I interact with who aren't on Mastodon, either.
Yes, you can. However, you will also encounter nothing but grief because of jerks who want to screw it up. For a historical example of how this turns out, see FidoNet.
Sorry, but this simply isn't true. Hasn't been ever, really.
I say this as someone who set up and scaled one of Europe's large dedicated WordPress hosting platforms. Everything, from nginx-phpfpm to varnish to scaling that horrible mess of plugins and themes your Fiverr dev delivered beyond just five req/min.
It really isn't very easy. And certainly not simple.
It's also a governance issue. Any site or service that's run by a single person, whether it's well-financed or not, is subject to burnout, illness, death, etc. Having a team and/or having a succession plan can help insulate from the impact these can cause. I submit as an example Metafilter. Matthowie ran it himself for a very long time but over time built a team that took over when he "retired". It's one of those things that must be put in place well before it's truly needed and doesn't lend itself to last-minute scrambles.
On the one hand, I am sad to hear about it and even more so due to the circumstances.
On the other, I feel a bit validated in my belief that we need to have professionally managed instances on the fediverse. "Community Support" only goes so far. Thousands of people using a service, but how many of them actually help with its upkeep?
I know that my instance has only a handful of paying users, and it is barely paying for itself, and far from paying all the work that I've put into it. But charging for access brings a lot of benefits: it keeps spammers and bots away, it is a good filter against trolls and best of all makes it explicit what is expected of all parties.
Yeah, I don't see why more instances wouldn't charge for access. Could be something ridiculously cheap as well, like $1/month or something.
Mastodon.technology have ~1.5K activate users (out of ~24K users in total), charging $1/month would easily cover any cost involved with hosting the instance itself, if done right (avoiding hosting providers that charge for "premium bandwidth" and so on, looking at you AWS).
Saying it as the person in charge of developing Mastodon, probably the most likely reason more servers don't charge for access is that it's not built into the software, so it would require either customizing the code or manually sending out invites based on external payments (e.g. Patreon, some servers actually do that). I would imagine the other likely reason is that complexity of signing up as a business with your local tax office, charging the right taxes based on where the customers are located, and accounting. I do absolutely agree that paying for your account would make running the servers so much more sustainable.
That simply isn't true. I'm a nobody and plenty of folk have found me from seemingly inane posts. People have found me out of the blue, from across the Fediverse, and I have no idea why; all I do know is we now chat frequently and without either of us even looking for one another. What's impossible is to discover how to use a platform without reading the documentation, and assuming that algorithms will just do the work for us.
That's sad to hear, but it makes total sense to shut down the server given its sensitive data, rather than hand it off to another person.
Mastodon/ActivityPub is a poor fit for a social network IMHO.
- Accounts should not be tied a single server and their continued maintenance.
- Private data and DMs should be end-to-end encrypted rather than entrusted with a single administrator.
- People don't want to self-host.
The core problem of a lot of social networks comes down to name aliasing, and who controls the name registry. In the case of nostr[1] this is not a problem because everything is using public keys. Another protocol is Farcaster[2] which plans to use a smart contract to maintain a name registry without requiring a single controller.
> - Accounts should not be tied a single server and their continued maintenance.
you can move your account to another instance in about 2 Minutes of work
> - Private data and DMs should be end-to-end encrypted rather than entrusted with a single administrator.
There is no "private data" on mastodon, I think it gets communicated enough that admins will have access to direct massages. it even says to you "Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon."
if you want more, use the IM of your trust ;)
> - People don't want to self-host.
True MOST ppl don't want to host, but they are a few that like it and even get money for providing a public service.
So I don't have to host smth, I just have to find someone hosting it.
Account migration is a redirect. Your posts do not carry over, and the experience is pretty clunky.[1] Your name alias is tied to the server you created it on, rather than tied to your identity and all that it carries (posts, data, network effects, followers).
Social networks should have private data and E2EE, plain and simple. And the hosting challenges and centralization is why we are here discussing Mastodon.
So it boils down to purchasing an NFT to participate, if yes, I’m not sure how long it will last. I’ve been trying to get a namespace on ENS since forever, and no payment processor wants me to buy eth. If that itself is a major hurdle I’m not sure how people will ever join.
I don’t believe it will feel like this. “Buying an NFT” will be more like “paying for a service.” You visit a Farcaster client, and click the buy account name/domain button, it triggers a stripe payment, and then you are given a private key for the account.
A savvy user could circumvent this and use the blockchain directly if they want to pay in crypto and/or cut down on the payment processing fee.
This strengthens my conviction that federation is a bad architecture for something like Mastodon. A fully distributed system, urbit being the easiest to try right now, can't stick someone with the responsibility to keep a bunch of other people online. It can't stick those people with the responsibility to move off the server. Each user runs a server process, locally or on a remote machine. If any of those goes offline, all the services and data it was providing are gone, but no other user accounts are affected.
Federation works fine for Matrix, although I still think the full peer architecture will dominate long-term. It's less disruptive to something like chat to switch user names because a homeserver shuts down.
Mastodon instances get linked into, and all those links are going to break. Running a redirect for those URLs to the numerous new account homes is impractical given that a lack of time and commitment to server maintenance is the issue.
I think you could create a system that's resilient to such issues even with federation (not saying it's easy, though), and Matrix actually has a solution in the works for this – decentralised user accounts [1].
And all of this makes me wonder – maybe it's better to re-implement something like Mastodon on top of Matrix. If Matrix adopts decentralised user accounts, that would seemingly solve such issues automatically. There was a POC Matrix based Twitter clone demonstrating this, actually [2] (but without the decentralised accounts yet).
We’re hoping to make progress on decentralised accounts on Matrix by the end of the year.
https://cerulean.matrix.org is another POC Matrix based Twitter clone (built for Jack & Parag) that demonstrates this (but without decentralised accounts yet).
Doing full P2P just isn't there yet. It makes total sense but without talking about some web3 Blockchain, it's hard to get everyone to run a distributed database, identity server, etc without it being some single binary.
> it's hard to get everyone to run a distributed database, identity server, etc without it being some single binary.
Then it's a real problem that people keep doing these projects in Ruby and PHP. It was a problem that was ultimately laughed off when Diaspora chose it, and it's a problem that continues to linger and continues to be laughed off.
Make it a single-binary that uses a couple sqlite files in a ~/.directory, and people won't mind running their own server. They could opt to proxy their traffic through a caching intermediary, and we could still federate those caching intermediaries. Being a mule for social traffic could be a commodity service if social were standardized properly. Ideally, one would be able to flip a switch and adjust a few dials on one's own instance to become a caching intermediary for others.
An RSS reader does almost everything I'd expect my fully distributed Twitter instance to do. Only thing missing is ability to post, packaged into the same client.
Urbit exists right now, anyone with a command line can download it, create a comet, and see what they think.
It can't be denied that it's a practical option, given that there are thousands (maybe in the tens?) of users who are doing stuff on the network.
There's a lot of work which needs to be done, to make the core event loop faster, and enable scaling to the kind of social graph celebrities have. I'm confident in the technical leadership of the project at this point in time.
Full disclosure: I've been a user of urbit for many years, and stand to benefit materially if it becomes popular. I neither work on urbit nor on urbit things, never have, and have invested no money in either urbit or its address space.
I still think it's a good idea, just like I did when it was barely usable and much weirder.
> Each user runs a server process, locally or on a remote machine.
Mastodon (and similar services) would benefit greatly from (a) requiring users to own their own instances, via commoditized hosting providers, (b) one-click or few-clicks transition between hosting providers, and (c) enabling serverless-style pricing.
Requiring users to own their own instances safeguards users from admin-shutdown.
Ease of migration safeguards users from poor hosting providers.
Serverless-style pricing (e.g. pay per federated message, not by CPU) reduces the financial barrier to entry for new and lite users who are not yet fully committed users.
Readit News
Secondly, the service survives. Mastodon didn't shut down. The Fediverse didn't close. One beloved instance bows out and whilst it is a loss to many, their network endures as they thank the admin(s) and move on.
You think this shows a disadvantage compared to twitter? Let's talk once twitter shuts down. Because it will. How will your argument hold up when f*c*book finishes dying? We'll find out soon enough. Or how about when a telecoms/media conglomerate buys out flickr or tumblr and puts a stake through their heart? Oh, that already happened.
This is a bittersweet testament to exactly how the Internet should be built: on the foundations of openness, community and decentralisation.
I'm not sure I could reliably predict whether Twitter or Mastodon will live longer.
Edit: A Reddit thread as citation https://www.reddit.com/r/rpg/comments/udegsl/does_anyone_hav...
A protocol can't die. People are still using IRC, XMPP, good ol' email, decades after they were created. They are still useful, they still work, so there is no reason for them to "die"
He didn't say "anytime soon", you added that part.
imagine the trolling potential of a rolling outage of twitter or ooops "new owner" deleted the database as a joke. Or replace all twitter profiles with sayings from Doge.
before you say "this person can't possibly do this" ... think again.
There's no single person on earth who can shut down Mastodon, so Mastodon dies only if this decision is made massively by many people (or if development stops, but then still nothing will stop the server I run on raspberry pi in my bedroom). Twitter otoh can be shut down by one person for a whole multitude of reasons without any concern for the opinion of users.
So sure, Twitter will run for a long time. But it doesn't have very strong guarantees to its users about how it will treat them or what content will be allowed.
Look at email providers who suddenly decided "If you don't use it for X months, you're inactive and I'm deleting everything".
It's not about the service existing but people being able to extract and use what they've put in, in 10/20 years.
where is soon?
And also, do you have a crystal ball to predict the future?
Speaking of which... there's supposed to be a Mastodon Server Covenant(tm)(c)(pat. pending) in regards to such matters, but the https://joinmastodon.org/covenant where it's supposed to be documented is 404. Looks like it was quietly removed sometime after August of this year.
In any case I'll make a prediction: Mastodon will remain a haven for people too racist and/or porn-obsessed for even Twitter and Reddit to tolerate and adoption will be hampered accordingly.
Is this all just a consequence of keeping user data private-ish? I understand the data has to be stored somewhere, and if user data were distributed to the entire network, it obviously wouldn't be private. Couldn't e2e + public key encryption be used to work around this somehow?
Then I saw someone do something I hadn't seen before...
They made their own mastodon insance: toot.firstlastname.example and their identity was @joey@toot.firstlastname.example
Joey could make his own toot feed of social media posts that anyone at any community could subscribe to.
Joey could then subscribe to the entire community at federatedplumbers.example, or he could follow just one user: @phoebe@federatedplumbers.example. Then @monica@federatedshoelacecollectionists.example could follow @joey@firstlastname.example and so on.
It doesn't matter where you start an account. You can join a community that you really like or start from scratch with your own instance and go and make friends in other communities. The real advantage with starting your own is that you have control over your content and aren't in danger of having your account shut down if a community decides it can no longer maintain the server.
A major problem in distributed systems is names. one solution is to do what dns did, you can have nice names but you only get to pick them under the part of the hierarchy you control. another solution is to do what git or ipfs does. nobody gets useful names but at least you don't need any sort of central name database.
mastodon went the dns/email route, which makes sense people want nice names. but now your name is stuck on your domain. perhaps someone could have setup a central name server to avoid name collisions, but who would you trust to run it? what happens when it goes down? might as well just use dns.
Off tangent opinion on names in a federated system.
Unfortunately mastodon adopted the twitter style "@user" but because this only make sense in the context of a single domain mastodon mainly uses the awkward form "@user@domain" I think the email/xmpp form "user@domain" would have been better, but if they felt the @ prefix was critical to the experience of a twitter like micro blog than they probably should have adopted the form "@user.domain"
There is already support for basic migration of followers but it would be nice to see fully instance-independant accounts. Probably something based on cryptography so your account is a key and you can publish from any server. However a protocol like this would be a lot more complicated than ActivityPub.
There's no central server, and not all of the instances talk to each other.
Where... where would you put the account data?
Deleted Comment
So I do not see any advantage in federated system. It’s cool as technology and all, but completely unprepared for huge traffic or real life scenarios.
PS. Please do not say anything about “anyone can start his own instance”. No, average Twitter/Facebook consumer can’t start his own instance.
Resources donated by an organization in the form of a server linked into a larger network, a committee that vetted new server applications to the network, volunteer administrators for the network and the individual servers, coordinated regional and global upgrades. And as network users increased, reforming under a hub and spoke models to improve scale and capacity.
And when a single IRC server went away after some time operating for its various reasons, the network kept going.
Could the average IRC user start/host their own instance *and* link it to the larger network? No. But they didn't need to.
> By volunteers adding more instances(that they can close anytime)?
"That they can close anytime", just like twitter in this example. Partly, yes. But that sort of total exodus would mean a lot of additional people contributing ideas and code to the Fediverse, not just servers, but by making it easier to run your own instance. Who's to say it couldn't be run just like an email client with the right ideas and effort? It's such an extreme example that I'm not even sure it's useful to discuss.
What traffic is it prepared for? It would be interesting for you to provide the numbers and the evidence which backs this up.
As for real life scenarios...there are upwards of a million people using it right now. I've made friends, networked professionally and found several homes there. I am literally a real life scenario and so are the people behind most of the posts there.
And today you are right about "anyone can start their own instance", but it's a darn sight easier than running your own twitter.com, and it'll get easier every year.
This isn't a law of the universe, it's just software people haven't written yet. Installing new client-side apps was hard, until it wasn't. "Anyone can start their own instance" will be easy once someone writes the software to make it so. (Presumably a cloud provider like AWS, since that's who stands to profit from lots of people wanting to run server-side apps)
Who said anything about the Fediverse having to be free ?
There is absolutely no doubt that should Twitter die, if no single actor can emerge quickly enough, for-profit actors will emerge and they will have all good reasons to be compatible with something that already exists. There will be mega large instances paid by siphoning data and with ads, there will be large instances paid by users/funds/donations, there will be small, community instances. Maybe HN will have its own instance; how much do you pay for HN today ?
The idea that social media costs more to operate than people would be willing to pay is false. It's propaganda from the people who profit from keeping you trapped in their closed networks to monetize your attention.
Of course not. Mastodon instances can be capped in the first place, and anybody with a rudimentary server management knowledge can start their own instances on a cheap server. Mastodon has current hundreds of instances, let's not pretend it can't go to thousands if the user base increases.
The same people who pay for everything right now will pay for it: us. Some instances will have patreon, others will be voluntary donation, others will use some craptocurrency, others will have contractual subscriptions, some will have ads... And whatever models are best will win out. Quit with the FUD. Just sit, back, relax and watch it happen.
The official instance finding site seems to be good about spreading the load out every time Twitter burps. You have to meet certain reliability requirements to even be listed.
For a decentralized social network to be viable/sustainable (especially on the scale of something like Twitter), it has to be truly P2P, not federated on volunteer-run servers paid for through donations. That volunteer-run federated model is really only sustainable for smaller niche communities, not a global social network.
As of right now, the closest framework I can think of to handle something like this is a social network built on OrbitDB: https://github.com/orbitdb
what, why? The load is hardly that high.
Also, these users don't even know which instance to go to, since there is little to no-one to talk on there. If there are 'hundreds of thousands' of users then that means they have just recentralized on Mastodon.social, the "main" instance, defeating the point of it all.
> PS. Please do not say anything about “anyone can start his own instance”. No, average Twitter/Facebook consumer can’t start his own instance.
This is why Mastodon has failed in the first place after almost 6 years with this system.
Bingo. I say this all the time, Twitter is not immune from being a member of this list (Defunct social networking sites, wikipedia):
https://en.wikipedia.org/wiki/List_of_defunct_social_network...
The Fediverse (or Federated Social Web as it was previously referred to in 2007[0] or so when it was first envisioned) will never close. Single installations may, but the network as a whole can not.
[0] https://www.academia.edu/2760660/Towards_a_Free_Federated_So...
I don't necessarily hold that opinion, but I get the impression most folks I know do.
It is if people who've decided it's "de facto infrastructure" get their way and the government nationalizes and regulates it. Then we're all stuck with it forever.
People who aren't looking to make a profit (or even break even) means they are running a social media platform while funding it through some other means. What is that means of making money? What pays for the hosting and the time spent doing ops?
You can't take money out of the equation because you have hosting costs at the least.
How are things funded and why that way should be a conversation. Anything that ignores money ignores the reality of operating something on the Internet. That means it's not sustainable.
Even though funding wasn't the primary focus of this blog post, it seems to make it quite clear where the money was coming from: https://www.patreon.com/ashfurrow
I'm understanding that the data is gone and you're bragging about the observation that the protocol still functions?
I'm not sure this is an aspect any of us care about?
I think we can all observe that a common interface for posting and interacting with people will remain and that no corporation right now can unilaterally change that. I don't think pointing that out in a thread about all of the data on that server being gone is a strength.
Oh, is that what this thread is about? Who says it is?
The biggest beef is everything that comes with it needing to be for-profit and how you can't control the whims of the product owner.
I know a fair few people who were really big Flickr fans back in the day and they lament at how the service has changed, and how its soul was diminished, because of the interests of those who now control it. You're right that it is still a going concern.
Mastodon might be able to force your followers to follow your new account, but AFAIK it doesn't do that either for reasons I don't know. That would've been cool.
[0] https://github.com/mastodon/mastodon/issues/8003
[1] https://github.com/mastodon/mastodon/issues/12423
We will ALL collectively move to another platform, instead of some users having to move multiple times because the server they are no closed.
Twitter by all means is superior in every sense, speed, network size, reach and content.
Can you (or anyone) please expand on this with some example hypothetical “black swan” events?
I hear they have the greatest censorship. Some say the best censorship. Nobody does censorship like Twitter. Not even close.
I think we might be experiencing this just in this year with its new ownership about to occur.
E: called them tweets
[0] https://github.com/mastodon/mastodon/issues/12423
Deleted Comment
> This made me realize how little joy I’ve been getting from being an admin. How I’ve come to resent the work I have volunteered to do. I’ve donated countless hours to running the instance, solving both technical and moderation problems, and I’ve always put the instance above my own needs. But I can’t put the instance above the needs of my family.
> Why Not Transfer to a New Admin?
> Users have put their trust in me with their data. Choosing a new admin would require a massive amount of trust, since they’d have access to over a half decade of user data. Not just data from my local users, but from users they have interacted with.
The ideal inherent in federated systems- "people will use servers run by their anarchist commune's sysadmin" breaks down in real life. Nobody actually has a personal anarchist sysadmin to run their mastodon instance for them. In absence of this, the servers in federated systems are run by strangers on the internet who foolishly volunteer themselves for a huge amount of unpaid work, and who you just have to hope are going to be responsible with user's data.
This is why the anarcho-capitalist philosophy of the blockchain world has been so much more successful. The first thing they figured out was how to reward people running the servers, and how to make it so you don't have to trust them. It's a viable, expanding system, and with improvements to scalability and privacy, it will handle decentralized social media as well.
And one of the weaknesses of a decentralized model compared to a distributed one.
That doesn't seem like something most people are going to care about.
https://www.smugmug.com/together/
Are we censoring Facebook now? Is this the modern version of using M$ Instead of Microsoft?
Edit: fixed quote, and learned more about hn text styling
As much as I love the Fediverse, I think the culture leans toward instances that are too big. I think the number of people on each instance should be much closer to 1 than 1000.
The problem is self-hosting is too difficult for the average person. But that doesn't have to be the case. Self-hosting shouldn't be any more complicated or less secure than installing an app on your phone. You shouldn't need to understand DNS, TLS, NAT, HTTP, TCP, UDP, etc, etc. Domain names shouldn't be any more difficult to buy or use than phone numbers. Apps should be sandboxed in KVM/WHPX/HVP-accelerated virtual machines that run on Windows, Mac, and Linux and are secure-by-default. Tunneling out to the public internet should be a quick OAuth flow that lets you connect a given app to a specific subdomain, with TLS certs automatically obtained from Let's Encrypt and stored locally for end-to-end encryption.
Meanwhile there are loads of three-digit-user instances that are more focused (and have less problems on a tech level, and on a social level)
https://ipfs.io/
The technological problems are not the hard problems in this space. The hard problems are social problems.
I'm not a Mastodon user, but this is haunting. Just like shady data brokers, political shadow companies and "the feds" are running VPN nodes, subreddits etc, this architecture is practically designed for malicious actors. It wouldn't surprise me if it's already being used this way on other nodes.
To be clear, in 2005 this would have been great, tech is moving fast so one has to remain humble when critizising architectural decisions. Nevertheless, today we can't trust private data in hands of benevolent (and often de-facto anonymous) volunteer actors, if we want scale and security in the decentralized (or even federated) world.
We have had enormous progress in applied cryptography, both in social apps (Signal, Matrix) and defi (some successes, many failures to learn from). We should have the expectation for private data that the operator cannot read it. Doesn't mean that all data on a social app must be private, but DMs and invite only "groups" should be.
Currently, the typical website with per-node password auth doesn't satisfy these constraints, since credential harvesting is trivial. It's very difficult to build E2EE web apps and even if, users have no habit of keeping secrets on-device. The client itself needs to be vetted and accessed securely. Perhaps Matrix is best positioned in this space.
(Please correct me if I got any details wrong)
> We should have the expectation for private data that the operator cannot read it
That's called heterogenous encryption, and it's the technological equivalent of Mythril. End-to-end encryption doesn't stop the operator from decrypting your data. In fact, pretty much everyone has to, since raw encrypted TLS data can't just get slotted into your OneDrive/iCloud account. These operators literally need to read your data to operate on it. I genuinely don't know how you would engineer a more secure architecture here.
If you want to talk about architectures designed for malicious actors, you probably shouldn't start with distributed systems. Monolithic, profit-driven corporations like Twitter are much easier to tempt with salacious "data brokers, political shadow companies and "the feds""
This is something that perplexed me when Mastodon and Diaspora and others appeared: why would you want to recreate/mimic the toxicity of FB and Twitter ? The resharing, the upvotes, etc. If social networks all have the seeds of their defaults, why clone it ?
Deleted Comment
Rest: As someone who does not (yet) use Mastodon, I'm curious about the impact of a single node shutting down. At least in this case this is happening in an orderly manner and with warning.
I'm also curious if this is a problem with Mastodon in general or did this particular node just become too popular for its own good. I seem to recall that some instances (Adam Curry's No Agenda related instance) limiting membership. Or perhaps I'm thinking of something else. But that may not help if the problem is traffic generated by the entire network as seems to be hinted at in the post.
Please excuse my ignorance of how Mastodon operates that may be implicit in my questions.
Today, several in my mastodon timeline mentioned they finished the move. But without them mentioning, I, an outstander (i'm on another instance) wouldn't notice it.
What will happen, though, is that a portion of the users won't migrate. Either because they forget, or they can't be bothered, are "zombie accounts", or because its too challenging: it does involve down- and uploading and/or copypasting zips/datafiles. This means a bit of pruning or culling, and that could be considered good, IDK.
What will also happen, on a more technical level, is that other instances and maybe bots and automation will hit timeouts and connection errors when it really shuts down. Most instances and fediverse software can handle this just fine, it's built with this mind; it might at most cause some overhead and load. Some flakey or poorly developed software might crash or break (for a moment).
Do you mean that part of the protocol allows for a migration process that includes changing who your follows are pointing at? (assuming all servers involved are up to date and have this feature) I.e. did your account automatically start following your friends' new accounts?
Thanks for clarifying - without that bit of background, this post reads like, "if I can't have it, no one can". But I guess the post is directed at people who do understand the background behind mastodon in general (which I and OP didn't).
There's also a "self destruct" feature in Mastodon which is the nice way to shut down an instance; it issues account deletion messages for every account to every instance it federates with. The idea being that this results in the federating instances processing the account deletions accurately.
As for requests to the original server; basically all instance software (Mastodon included) implement a backoff mechanism, meaning that if after 3 months your server is still returning 404s when requesting new information, the software will quietly stop requesting new info unless explicitly asked to do so by a user.
I myself moved off mastodon.technology when I didn't agree with a change to the ToS, and was banned from mastodon.social without reason or redress, and neither event meant I had to start from scratch.
I always suspected this would be a massive problem with Mastodon. I contemplated running a server, but there's no way to know beforehand when you'll be running into a limit, like cost or time. Can you really build a social network on volunteers that invest their own money and time, with little reward?
It's a "typical" Rails application: large, convoluted, lot's of moving parts, and services, and generally slow as molasses (solved by throwing more hardware at it). As experienced Rails dev(ops), I managed to run and help run an instance, but it's not something done on a friday afternoon, let alone scale up.
What we really need in this landscape is dead simple services. I'm thinking about the difference between setting up a gitlab or a gitea. The first is Rails, needs ruby, gems, bundler, workers, database server, redis, mailserver and whatnot. And thats for manually installing on a server - no pipeline or anything to manage future changes. The second a single binary (pre compiled from a go codebase) everything statically linked (even sqlite is built in, with option to upgrade to postgres). Plop it on a server start it and go. For an intranet you might even skip putting a server/https in front, just run on exposed ports.
We can dockerize all the ruby-stuff, but that might make it easier, it doesn't make it simpler, it really makes it more complex. And the performance-issues aren't solved.
The fediverse needs this as well: just plop a binary on your VPS or homeserver and you're running. Such lean and simple servers are being worked on, but Mastodon itself is a huge, slow and hairy beast.
DB backend is postgres. It's also by default far less cache heavy than Mastodon (which caches every external attachment, avatar and header locally, which causes a lot of issues since it's the main reason instances run out of disk space).
Featurewise it actually surpasses Mastodon on almost everything except for not offering a tweetdeck-like UI.
[1]: https://pleroma.social/
I'm working on exactly that: a service that acts as an ActivityPub server (code[1], example[2], example application running on top of it[3]) for users in the form of a static binary. It supports multiple storage backends that can be selected individually or all together at build time and it can be extended to many more.
[1] https://github.com/go-ap/fedbox
[2] https://federated.id
[3] https://littr.me
Even if you get the tech stack solved to an easily deployable package: The problem is you still need to invest immense amounts of time on moderation. Some of that responsibility is enforced legally (e.g. CSAM, warez, US COPPA, EU GDPR, German NetzDG), some of it socially (e.g. kicking Nazis, conspiracy spreaders or other forms of hate speech out), some of it by the federation system (e.g. kicking spammers out) and some of it you need to do to keep your community healthy (e.g. kick general trolls and creeps out). If your instance allows adult material, gambling or games, you'll need to moderate your instance as well in some jurisdictions. And you'll need someone always available to support police, court and secret service requests.
Maintaining a service that hosts user-generated content is a thankless nightmare, and no matter what you do it is a huge liability. In the end, either you make your users pay for it in cash (subscription fees, patreon/gofundme/paypal donations), with their data (advertising) or you'll eventually burn out (such as the author of the blog entry).
Oh, and add on top of all of that the constant dealing with abuse: 4chan edgelords DDoS'ing your instance "for the lulz", random skiddies constantly running exploit scans against your server (which additionally means you have to have someone 24/7 to upgrade software in the case of a 0-day), people reporting your server / IP to blocklists to get you booted off the net... then you have to take care of hardware maintenance itself, making backups, testing backups. It's a full time job essentially, requiring an awful lot of time, money and connections (e.g. lawyers).
Even having around 20 users or so is still relatively manageable (used to run an open signup instance in the past). Basically as long as you don't exceed Dunbars Number[1], moderating a fedi instance is fairly painless.
External moderation can generally be managed with snap decisions. If you use Pleroma (and you should, it's much more technically competent than Mastodon), you can manually disable external user accounts specifically from federating with your instance.
Beyond that, most fediverse servers kinda make it really obvious whether or not you want to associate with them; they tend to be fairly open about what is and isn't allowed on their about pages so if you get a misbehaving user, you can usually see at a glance if the problem is instance-wide or just some random vandal.
Your biggest burden really is local moderation, external moderation isn't a big deal at all.
[1]: https://en.wikipedia.org/wiki/Dunbar%27s_number
You can at least use it for existing communities and "social networks": family, friends, geographical communities, hobby- or work-related ones. To provide them a somewhat self-administered space online to connect and share photos and other info. Thanks to federation this community can have its own "space" without being isolated from the rest of the internet. Open-ness can be somewhat gradual.
There's lots of different of ways to organize funding and the ongoing technical work for such communities.
I think it becomes harder to build sustainable instances the less socially connected the admins are to the average user.
"Epicyon is a fediverse server suitable for self-hosting a small number of accounts on low power systems."
In a testament to how the Fediverse really does Just Work, I stumbled across Bob, the developer, quite by accident from my Mastodon account and now follow him. His posts, from his Epicyon instance, appear just like anyone else on my home feed and we interact as if he lived on my home server. There are at least half a dozen people I interact with who aren't on Mastodon, either.
I say this as someone who set up and scaled one of Europe's large dedicated WordPress hosting platforms. Everything, from nginx-phpfpm to varnish to scaling that horrible mess of plugins and themes your Fiverr dev delivered beyond just five req/min.
It really isn't very easy. And certainly not simple.
On the other, I feel a bit validated in my belief that we need to have professionally managed instances on the fediverse. "Community Support" only goes so far. Thousands of people using a service, but how many of them actually help with its upkeep?
I know that my instance has only a handful of paying users, and it is barely paying for itself, and far from paying all the work that I've put into it. But charging for access brings a lot of benefits: it keeps spammers and bots away, it is a good filter against trolls and best of all makes it explicit what is expected of all parties.
Mastodon.technology have ~1.5K activate users (out of ~24K users in total), charging $1/month would easily cover any cost involved with hosting the instance itself, if done right (avoiding hosting providers that charge for "premium bandwidth" and so on, looking at you AWS).
The other problem is that charging $1/month is a practical pain in the ass. For micropayments, processors will easily take 20-30% of that.
There is fix for this, which is Fedverse Relays, but guess what ? Mastodons official servers don't use them.
I mean, what's the problem of using other means of communication to publish/promote your identity?
I am far from being internet famous, and I get at least one follower every week on Mastodon simply because I put it on my Twitter bio.
Mastodon/ActivityPub is a poor fit for a social network IMHO.
- Accounts should not be tied a single server and their continued maintenance.
- Private data and DMs should be end-to-end encrypted rather than entrusted with a single administrator.
- People don't want to self-host.
The core problem of a lot of social networks comes down to name aliasing, and who controls the name registry. In the case of nostr[1] this is not a problem because everything is using public keys. Another protocol is Farcaster[2] which plans to use a smart contract to maintain a name registry without requiring a single controller.
[1] https://github.com/nostr-protocol/nostr
[2] https://github.com/farcasterxyz/protocol
you can move your account to another instance in about 2 Minutes of work
> - Private data and DMs should be end-to-end encrypted rather than entrusted with a single administrator.
There is no "private data" on mastodon, I think it gets communicated enough that admins will have access to direct massages. it even says to you "Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon."
if you want more, use the IM of your trust ;)
> - People don't want to self-host.
True MOST ppl don't want to host, but they are a few that like it and even get money for providing a public service. So I don't have to host smth, I just have to find someone hosting it.
Social networks should have private data and E2EE, plain and simple. And the hosting challenges and centralization is why we are here discussing Mastodon.
[1] https://edtechfactotum.com/migrating-to-a-new-mastodon-home/
Maybe 2 minutes for the technical side, then 2 months of getting all your old followers to follow you at your new address.
> if you want more, use the IM of your trust ;)
Or use a different protocol...
A savvy user could circumvent this and use the blockchain directly if they want to pay in crypto and/or cut down on the payment processing fee.
This strengthens my conviction that federation is a bad architecture for something like Mastodon. A fully distributed system, urbit being the easiest to try right now, can't stick someone with the responsibility to keep a bunch of other people online. It can't stick those people with the responsibility to move off the server. Each user runs a server process, locally or on a remote machine. If any of those goes offline, all the services and data it was providing are gone, but no other user accounts are affected.
Federation works fine for Matrix, although I still think the full peer architecture will dominate long-term. It's less disruptive to something like chat to switch user names because a homeserver shuts down.
Mastodon instances get linked into, and all those links are going to break. Running a redirect for those URLs to the numerous new account homes is impractical given that a lack of time and commitment to server maintenance is the issue.
And all of this makes me wonder – maybe it's better to re-implement something like Mastodon on top of Matrix. If Matrix adopts decentralised user accounts, that would seemingly solve such issues automatically. There was a POC Matrix based Twitter clone demonstrating this, actually [2] (but without the decentralised accounts yet).
[1] https://github.com/matrix-org/matrix-spec/issues/246
[2] https://github.com/hackervera/freebird
https://cerulean.matrix.org is another POC Matrix based Twitter clone (built for Jack & Parag) that demonstrates this (but without decentralised accounts yet).
Then it's a real problem that people keep doing these projects in Ruby and PHP. It was a problem that was ultimately laughed off when Diaspora chose it, and it's a problem that continues to linger and continues to be laughed off.
Make it a single-binary that uses a couple sqlite files in a ~/.directory, and people won't mind running their own server. They could opt to proxy their traffic through a caching intermediary, and we could still federate those caching intermediaries. Being a mule for social traffic could be a commodity service if social were standardized properly. Ideally, one would be able to flip a switch and adjust a few dials on one's own instance to become a caching intermediary for others.
It can't be denied that it's a practical option, given that there are thousands (maybe in the tens?) of users who are doing stuff on the network.
There's a lot of work which needs to be done, to make the core event loop faster, and enable scaling to the kind of social graph celebrities have. I'm confident in the technical leadership of the project at this point in time.
Full disclosure: I've been a user of urbit for many years, and stand to benefit materially if it becomes popular. I neither work on urbit nor on urbit things, never have, and have invested no money in either urbit or its address space.
I still think it's a good idea, just like I did when it was barely usable and much weirder.
Mastodon (and similar services) would benefit greatly from (a) requiring users to own their own instances, via commoditized hosting providers, (b) one-click or few-clicks transition between hosting providers, and (c) enabling serverless-style pricing.
Requiring users to own their own instances safeguards users from admin-shutdown.
Ease of migration safeguards users from poor hosting providers.
Serverless-style pricing (e.g. pay per federated message, not by CPU) reduces the financial barrier to entry for new and lite users who are not yet fully committed users.