Six posts, a presentation, and a preview on privacy and prototyping: Fediverse update, July 3

As usual it’s interesting times in the ecosystem of decentralized social networks known as the “fediverse”.    It’s always grown in waves, and now thanks to Reddit’s ongoing footgun and Twitter’s latest management brilliance, there are at least two in progress.  And while the last several waves have focused primarily on Twitter competitor Mastodon, this one is also sparking interest in Reddit-like kbin and Lemmy, Instagram-like Pixelfed, and the rich functionality of Misskey (growing rapidly in Japan) and its about-to-be-renamed Calckey fork.  As if that’s not enough, Facebook parent company Meta’s about to introduce a Twitter-competitor (probably known as Threads), and there’s a lot to say about that.  Interesting times indeed.

So there’s a lot to write about, and I’ve been doing a lot of writing about it.  Rather embarassingly for a blog/newsletter called “Nexus of Privacy”, almost none of it has been directly about privacy, for which I apologize.  I’m working on a privacy-related fediverse post and hope to have a draft out by the end of the long weekend. I’ve got an excerpt at the bottom – that’s the “preview” in the title.

A lot of the other writing I’ve done in the last week has been updates of previously-published posts.  Individual updates have small enough, and frequent enough, that it’s not worth ending out individual newsletter updates.  Insrtead, I figured I’d collect them in a single post. Also, I have a lot of new subscribers since last November, so some of you may not have seen the earlier versions of some of these – or Flocking to Mastodon, the “presentation” in the title.

Six posts

I know this is only five bullets, but the first bullet is two separate posts.

A presentation: Flocking to Mastodon

This is a presentation Alka Roy and RI Labs hosted in late 2022.   The section on “Navigating Mastodon: How to Use it?” has a lot of tips for newcomers, and the “It’s Evolving: Why it Matters & What Next?” remains relevant as well.  There were problems with the video quality so we never put it up on YouTube but the slides have a lot of information in them.  Here’s the Google Slides link; I’ll work on getting a surveillance-free PDF available as well.

Flocking to Mastodon? Here’s what you need to know!
Do we know why we are playing the game we are playing? 1 RI Labs Leadership Circle Talks © Alka Roy, RI Labs 2022, All Rights Reserved. Love How You Lead Jon Pincus Founder, Nexus of Privacy RI Labs Future of Leadership Program Participant @jdp23@indieweb.social Flocking to Mastodon?: What You Ne…

A preview on privacy and protoyping: excerpts from “Threat modeling, Meta, and privacy in the fediverse”

Title subject to change!  This is an early draft,

Meta’s potential arrival may well catalyze a lot of positive changes in the fediverse.  And changes are certainly needed!

– from In chaos there is opportunity!

Privacy is one of those areas of the fediverse where change is badly needed. Mastodon wasn’t designed and implemented with privacy in mind – in fact it violates pretty much all of the seven principles of Privacy by Design. Privacy by default?  End-to-end security?  User-centricity?  Uh, no.

And it’s not just Mastodon, the same’s true with most if not all other fediverse software.  Even the underlying AcitivityPub protocal that powers the fedierse has major limitations.  Christine Lemmer-Webber (who co-authored the spec) says that from a security and social threat perspective, “the way ActivityPub is currently rolled out is under-prepared to protect its users.” Ariadne Conill’s ActivityPub: The “Worse Is Better” Approach to Federated Social Networking describes ActivityPub’s approach as prioritizing other concerns over safety, and the same’s true for privacy.

We interrupt this blog post for a public for a public service ammouncement.  
Pleas do not use the fediverse for confidential or secret information. Don’t use Facebook, Instagram, Twitter, or any other social network either. Use Signal or some other encrypted messaging system.

We now return you to your regularly-scheduled programming.

Meta’s potential arrival on the fediverse increases the urgency of addressing these longstanding privacy issues.

For one thing, Meta’s a threat in many ways: to the safety and mental health of many people in the fediverse, to many marginalized communities who are trying to make a new home there, to democracy … and to our data. Meta’s business model is exploit data they’ve gathered without consent by selling ads and influence elections; they’re exploring collaborating with Mastodon instance admins in “win/win” partnerships to monetize their users (and their data).  People in the region of the fediverse that doesn’t collaborate with Meta will need stronger privacy protections to protect their data.  

That said, privacy’s even worse on Facebook and Instgram than it is in the fediverse.  Their software is the opposite of Privacy by Design, everything about it is designed to track your every move and encourage you to give them as much data as possible and feed their racist algorithms.  

So there’s also a huge opportunity here. If the fediverse can provide a more private alternative, that will be hugely appealing to a lot of people.

Either way you look at it, now’s a good time for the fediverse to take privacy more seriously.

And not just privacy, of course.  One way to look at fediverse is that we’ve been doing a prototype at scale of a decentralized network, big enough to get experience with the complexities of federation, good enough that many people find it usable and even enjoyable for a social network activities – but with big holes including privacy (and safety and accessibility and equity and usability and sustainability and …).  To effectively respond to Meta, the fediverse is going to have to get beyond the prototyping stage.  

One path forward is to evolve today’s implementations and addressing problems incrementally.  From this perspective, threat modeling can help identify low-hanging fruit to make more rapid progress in the short term as well as highlight important areas where there aren’t any good short-term answers yet.  And threat modeling’s also useful for new implementations that start with a focus on privacy by design (and design from the margins, and software engineering best practices, and safety, and equity, and accessibility, and …).  

So let’s get to it!