"Admins of <website> can read data on <website>" is just a tautology. It's true of everything you use on the internet where you don't own the server, and even then it's dubious.
If people don't get that about mastodon they probably don't get it about everything else they use either, so this recurring argument just seems like FUD...
[note: Edited <service> to <website> above because people keep coming at this from the angle of chat clients that run on your phone, and we're talking about websites here - a website can't have "e2e" encryption because it is both ends. That said, some of y'all believe way too hard in the perfectness of e2e in general and I addressed that in some of my replies]
I don't know much about Mastodon, but I know that it's main selling point is that it's decentralized, and it's pretty easy to assume that decentralized means there isn't anybody with special privileges who can read private messages. The same way decentralized finance (blockchain) means there isn't anybody with special privileges who can take your money.
And I would certainly assume that in 2022, any service would be built using encryption for the parts that are private, and aren't DM's private? Why would admins be able to read them? Is there a justification for that?
yeah, but on twitter you're probably a nobody, the staff have no incentive to read your dms. on mastodon, you're at least a friend-of-a-friend of the operator unless you're on a huge instance.
Forget about what instance owners can do within the confines of the common Mastodon server codebase - Mastodon in the end is a protocol, so there are NO guarantees about the behavior of individual instances.
It seems like Mastodon assumes that misbehaving nodes will be cut off and just ignored by well-behaved ones - but that assumes that abuse is detectable and that standards of behavior will be enforced even if it means cutting off potentially large communities.
Whatever your software, the person running it can read your messages. Unless you're using a non-web client that does E2EE, of which there are none right now.
Most Mastodon instance are hosted by individuals. Granted, I would assume most people are hosting the service with good faith, but there is no binding way to ensure that. With Twitter, doing something feral will (at least was possible to bring) doom to the company and it's investment, which is far bigger balancing factor than just someone's honesty.
I'm not promoting Twitter here, but for Mastodon, something needs to be done to protect the integrity of the content posted, so the admin cannot modify it easily (moderation can still be done through deletion).
But there's also less of a reason for anyone with permission to read DMs @ Twitter to do so, possibly with logging for any audits into unauthorized access. For mastodon, chances are your instance is focused around some general interest and thus getting on an admin's bad side could mean abusing their power to extract personal information/DMs from your account.
Also, instance owners can unilaterally control what you see and who may follow you (by blocking individual users and whole servers from federating with theirs). Whether or not such a block exists is transparent to you as a user (this is different from earlier, similar approaches, like NNTP-Servers, where it was pretty clear when a particular group was not being distributed by your server - also, differently from Mastodon, NNTP did not represent your identity identifier - using different servers for different groups was perfectly usable with the same identity (which came down to your email address).
They sell this as a feature and celebrate when "undesirable" servers get blocked.
Mastodon is a good idea turned bad by building in pretty dystopian functionality.
Calling it dystopian is a bit harsh. Some degree of moderation is unavoidable or you end up with 4chan (actually, even 4chan had moderation, I think; it's just unavoidable).
Ultimately of course you're supposed to choose a server that you like and trust. At least here you have that choice. On Twitter or Facebook you don't.
Of course it should have had end to end encryption. It sounds like a massive omission. I found a discussion about adding that to ActivityPub[0] where someone points out that if you don't want server admins able to read messages, you can't store private keys on the server, which sounds to me like it would hurt usability. Makes you wonder how unbreakable the end-to-end encryption of other systems really is. I'm not enough of an encryption guru to say how big of a problem this really is.
It's pretty easy to migrate your account from one instance to another. So if you don't like the policies of your current instance, there isn't anything keeping you there.
In a sense, yes. Email contents in gmail are technically accessible to Google. But they are protected like hell via a bunch of dedicated systems that make it very difficult to access this material without an explicit auditable ticket associated with helping that user with some problem and permission to access their gmail contents. Attempts to circumvent this will get people fired.
This does rely on you trusting Google to implement and use these systems. The question is whether you trust a major tech company or whatever Mastodon server owner more to not peek at your DMs.
AFAIK if you access a user's private info at Facebook your employee's ID will be immediately flagged leading to very severe consequences (instant firing in most cases).
I really don't like that ActivityPub does not support encryption. I wanted to setup an instance of one of these platforms for friends and family to use, but hated the thought of having to tell them that, by the way I can read all of your messages. I wouldn't, but I hate that that's even possible. So, instead I'm trying to twist Matrix to work more like a social media platform. It's janky, but totally workable, so long as you're not looking for global engagement.
People have written whole books on how to use twitter. There's a whole generation that needed this kind of introduction to make sense of it, when it was relatively new.
Every time a twitter thread gets posted on HN, there's at least one comment on how difficult it is to read it, for one reason or another.
Are you serious? It took me 5 minutes to spin up twitter and post a shitty twit. It took me half an hour to get mastodon and i still dont know what it is, other than a distributed clone of twitter with unlimited powers given to server owners.
The Mastodon registration comes to a halt for many already at the server selection page where you are presented with topics (why?) and list of instances. There should be a default choice in the express signup for people who don’t care about instances at all.
I've used it for months and I still couldn't tell you exactly how it works. Open efforts like Mastodon desperately need simple infographics to explain the service to newcomers or you'll end up with a bunch of ex-twatter users signing up, using it for 5 minutes, being annoyed that it's not nearly as simple as twatter and then idling their accounts while they switch to something else. See also: matrix, which has some uptake by the open source technical crowd but nowhere near the general adoption of telegram.
It's possible that it is simple to use, but the community hasn't been able to explain it yet. My attempt: Mastadon is Twitter with far fewer users. The self-hosting and federation stuff is really detail to most people, much like most of email infrastructure.
I don't think it's correct or useful to make an equivalence between Twitter and Mastodon.
Mastodon is software. It implements the ActivityPub protocol. People run Mastodon instances of their own to connect to other ActivityPub systems. There are other ActivityPub implementations, Mastodon is just one. It's not a platform like Twitter any more than WordPress is like the NYTimes.
The qualities that make a social network successful have little to do with the protocol technologies involved. If the next hit social network happens to be on Mastodon, that will only be a coincidence.
It's not hard to use. Make an account and visit the web page or use a client app. But people feel they don't have a valid reason _why_ they'd use it over Twitter.
So geeks explain the geeky benefits, which are substantial, but virtually no non-geeks care about.
My wife was struggling with the password reset flow yesterday, which behaved in unexpectedly and seemingly broken ways via the mobile app she was using. Just basic usability.
For 3 months I visited the Fosstodon server daily (and tried to participate, but ...) My overall impression: there were few incidences of conversation going on. It was like a blog for a group of hundreds of people who had somewhat related interests ... but (unlike HN) no sense of community. I left disappointed; the technology worked, the experience pleasant enough (if museum-like) but something very essential was missing. (A critical mass? Forums?)
I have the same experience so far but also acknowledge that it will take a very long time for communities to form around individual Mastodon instances. Of course, that might never happen at scale (a large number of instances with functioning communities). Twitter (and Reddit, IG, etc) certainly benefited from mixing different people together and not being limited to a specific niche. On the other hand, niche forums and discussion boards in the 90s and early 2000s had a wide variety of amazing communities. So maybe it's just a question of time.
I think what's missing is that Mastodon doesn't cultivate the "Local timeline" in a way to encourage people to act like a community. On their iOS application I believe they actively removed the possibility of accessing it - which was hated on at the time, but the devs were very adamant to keep it like that.
There is a mastodon fork called Hometown, that gives the local timeline a higher importance, but I haven't used, I don't know the details.
Timeline should not be focused on posts from local server. It should be tag oriented. I think it would be better to show users posts about their interests and hobbies from all around the network, on whichever sever they were posted.
What if I started my own server, just for me to manage my own data? What would "local timeline" look like then?
Just tried fosstodon and the european commission has an account there?? Cant these political creeps stay the heck out of our daily lives? I dont want to see government propaganda creeping into foss, please! Even if its the eu - sets a precedent for others to follow. Keep politics out of all this.
The EU has their own instance. You likely saw messages from that one that was federated with your instance.
They may also have created an account before their instance was live, but their posts should all be from their instance now so if you don't want to see it you can just block the EU instance
If only there was a way to mute, or block individuals or whole instances from your own account. :P By which I mean: there are some knobs in your profile to ensure that you can do all of that.
In my experience, federation is like email, except in the early days before gmail was email, and if your ISP could arbitrarily and without notice subscribe you to a fire hose of illegal content.
This is the part that never made sense to me. The way mastodon is built the server automatically downloads all content you federate with to your own server. That means if someone on your instance hits follow on any account, boom you're now legally responsible for hosting and disseminating everything that account posts. It's just not practical to moderate every post from every account anyone on your server follows. Even one seriously egregious image squeaks through and you're looking at the possibility of actual jail time.
I always wondered if the expectation could be flipped to expect the frontend client to fetch the majority of content remotely from the followees' servers on the fly. The architecture is so complex in a federated scenario though that could be a total mess or not even technically feasible at all.
Kind of like you can send an email attachment containing illegal content to thousands of people and their SMTP servers will automatically download and store it.
This is not a new problem. Shared spam lists and block lists are already emerging on mastodon, matrix, and other decentralized systems too.
Mastodon has a feature where you can choose not to cache content separately, so that it’s served from the original server. I’ve turned that on for instances that host lots of weird content.
Hmm, but isn't this lack of moderation also what is supposed to protect hosts from legal problems, just like it does for ISPs ? (Why wouldn't an ISP be legally bothered about transferring an illegal file ?)
Even better: you can use Mastodon with an RSS reader. All tags and profiles produce RSS feeds. In theory, a feed reader could be ActivityPub aware and support comments/replies for feeds from AP platforms.
Huh. My server (tech.lgbt) is awesome, populated; and the content is relevant to my interests. I'm truly enjoying it. I've been here less than a week and already have 26 followers and I'm following 20. But I'm also a queer programmer; so...maybe it's just really dependant on the particular server you're using and your interests?
LGBT communities are mostly very supportive and welcoming (which I envy as a straight man). Also they are not niche in the same sense as some music genre communities, which I am trying to be a part of but the discussion is just not happening.
Same garbage as twitter but federated. I did a search for #gaming on a local server and sure enough it yielded crypto, politics and identity politics results. No means to ban people from showing up for a particular hash. I just wanted to see bloody gaming setups and gaming videos. How hard is it?
I think you're jumping the gun. I don't like Mastodon's dominant culture, but gaming communities (also in Pleroma) have been some of the few hobby places I've seen that haven't been dominated by culture war infighting.
I hope you are right because i cant stand the mess social networks are in. I really with we had something cool we can use for topics we like. I really really really dont care about politics. It’s all going down the drain anyway might as well make it enjoyable.
You can't expect a platform to solve the pervasive society issue. I mean, I went for a walk and saw someone advertising a car -> doesn't mean world is the same garbage as twitter but 3d.
There's overlap between gaming and crypto and politics and identity. You can select specific people to follow from the #gaming results, so you concentrate on just what you want to see. Alternatively you can mute specific phrases to not see for example crypto. But don't expect people won't post about what they are interested in. People post for themselves and their interests, not for your enjoyment.
Cant they just post those things in places where those are the topic? Or not spam unrelated tags? Why does everyone have to push their little agenda on everyone else? I swear everyone runs their own little politics thinking they change the world but all they do is annoy people.
If you post about topic X and tag tens of unrelated topics it means you are no longer posting for yourself but your pushing a narrative. Stop. I dont care nor does the world care when they search for … #game.
It's much more common to tag things on mastodon since there's no auto-discovery like on twitter. So broadening your timeline is usually a "search for a tag -> follow interesting people" loop.
For me Twitter is mainly a substitute to RSS: a central location to consume interesting content from diverse sources. In that role having an algorithmically curated as opposed to a strictly chronological feed is essential. For most people/entities I follow I'm interested in only a fraction of their tweets and I can rely on Twitter to do a good enough job of surfacing them for me. By following about a thousand accounts I can reliably hear about the latest trends in the areas that interest me by spending about half an hour each day.
On the other hand, right now I follow only a few dozen accounts on Mastodon and I'm already drowning in irrelevant posts. It can at best be a glorified group chat.
Readit News
"Admins of <website> can read data on <website>" is just a tautology. It's true of everything you use on the internet where you don't own the server, and even then it's dubious.
If people don't get that about mastodon they probably don't get it about everything else they use either, so this recurring argument just seems like FUD...
[note: Edited <service> to <website> above because people keep coming at this from the angle of chat clients that run on your phone, and we're talking about websites here - a website can't have "e2e" encryption because it is both ends. That said, some of y'all believe way too hard in the perfectness of e2e in general and I addressed that in some of my replies]
Huh? This is certainly not true for Signal and Matrix, heck even whatsapp and telegram sounds better than some random instance operator.
That said, truly private messages aren't always necessary, as long as the platform is crystal clear about this.
And I would certainly assume that in 2022, any service would be built using encryption for the parts that are private, and aren't DM's private? Why would admins be able to read them? Is there a justification for that?
Use e2ee messengers (like Signal) for DMs, use Mastodon (or whatever you want) for public posts.
It seems like Mastodon assumes that misbehaving nodes will be cut off and just ignored by well-behaved ones - but that assumes that abuse is detectable and that standards of behavior will be enforced even if it means cutting off potentially large communities.
Most Mastodon instance are hosted by individuals. Granted, I would assume most people are hosting the service with good faith, but there is no binding way to ensure that. With Twitter, doing something feral will (at least was possible to bring) doom to the company and it's investment, which is far bigger balancing factor than just someone's honesty.
I'm not promoting Twitter here, but for Mastodon, something needs to be done to protect the integrity of the content posted, so the admin cannot modify it easily (moderation can still be done through deletion).
A de novo Eris-free network?
The only real issue with this wrt Twitter is that such failure of their internal employee auth allows malicious attackers to access DMs as well: https://techcrunch.com/2020/07/22/twitter-admits-hackers-acc...
They sell this as a feature and celebrate when "undesirable" servers get blocked.
Mastodon is a good idea turned bad by building in pretty dystopian functionality.
Ultimately of course you're supposed to choose a server that you like and trust. At least here you have that choice. On Twitter or Facebook you don't.
Of course it should have had end to end encryption. It sounds like a massive omission. I found a discussion about adding that to ActivityPub[0] where someone points out that if you don't want server admins able to read messages, you can't store private keys on the server, which sounds to me like it would hurt usability. Makes you wonder how unbreakable the end-to-end encryption of other systems really is. I'm not enough of an encryption guru to say how big of a problem this really is.
[0] https://github.com/w3c/activitypub/issues/225
Also, is the functionality dystopian or the application thereof?
I know yahoo employees read email, I got my account back once by telling them recent subject lines.
This does rely on you trusting Google to implement and use these systems. The question is whether you trust a major tech company or whatever Mastodon server owner more to not peek at your DMs.
Every time a twitter thread gets posted on HN, there's at least one comment on how difficult it is to read it, for one reason or another.
Mastodon is software. It implements the ActivityPub protocol. People run Mastodon instances of their own to connect to other ActivityPub systems. There are other ActivityPub implementations, Mastodon is just one. It's not a platform like Twitter any more than WordPress is like the NYTimes.
So geeks explain the geeky benefits, which are substantial, but virtually no non-geeks care about.
Deleted Comment
Deleted Comment
There is a mastodon fork called Hometown, that gives the local timeline a higher importance, but I haven't used, I don't know the details.
What if I started my own server, just for me to manage my own data? What would "local timeline" look like then?
They may also have created an account before their instance was live, but their posts should all be from their instance now so if you don't want to see it you can just block the EU instance
I always wondered if the expectation could be flipped to expect the frontend client to fetch the majority of content remotely from the followees' servers on the fly. The architecture is so complex in a federated scenario though that could be a total mess or not even technically feasible at all.
This is not a new problem. Shared spam lists and block lists are already emerging on mastodon, matrix, and other decentralized systems too.
It's the reason Twitter isn't liable when someone uses it to send death threats to another person.
I only see things from people I follow. It is perfectly valid to use Mastodon like an RSS reader.
Here is the spec: https://www.w3.org/TR/activitypub/
I haven't read the whole thing yet, but it doesn't look very complex.
On the one I can still login there is no one on it.
Mastadon is NOT a replacement for twitter in its current form. I actually cant tell you what it is.
But the text on this story is pretty close... just unintelligent gobblygook.
There's overlap between gaming and crypto and politics and identity. You can select specific people to follow from the #gaming results, so you concentrate on just what you want to see. Alternatively you can mute specific phrases to not see for example crypto. But don't expect people won't post about what they are interested in. People post for themselves and their interests, not for your enjoyment.
If you post about topic X and tag tens of unrelated topics it means you are no longer posting for yourself but your pushing a narrative. Stop. I dont care nor does the world care when they search for … #game.
On the other hand, right now I follow only a few dozen accounts on Mastodon and I'm already drowning in irrelevant posts. It can at best be a glorified group chat.
On Twitter I just follow say 100 people and my client shows me their posts in chronological order and nothing else, with no ads.
If a feed tried to algorithmically insert a post I’d stop using that service in a hurry.
What I have seen from mastodon is that there is such a feed available so by the look of it, so far so good.