#Privacy activism on Mastodon and in the fediverse

“Decentralized social networks could be a good match for (decentralized) grassroots organization”

– me, in Grassroots activism is hard. Can open source help? at Open Source Bridge 2017

Mastodon’s grown rapidly over the last several months, and there are now probably a couple of million active accounts in the fediverse (the broader compatible ecosystem of interconnected social media sites and services). Even though that’s just a tiny sliver of the number of people on big corporate social networks, it’s potentially enough to have an impact.

A lot of people on Mastodon and in the fediverse care passionately about privacy. Can we leverage this to complement activis on Twitter and other social networks?

There are a lot of barriers to activism in the fediverse, starting with the general “non-political” attitude of so many people and instances2 (also known as “servers” – different sites running Mastodon or compatible software). Usability issues, mansplaining, anti-Blackness, and racism are also major challenges.  

Still, as Twitter doubles down on racism, anti-LGBTQ+ bigotry, right-wing politics, closing down API access, and shitty software, there’s a pressing need for complementary platforms.  And there’s a lot of excitement about the possibilities of decentralized social networks; as Cindy Cohn and Rory Mir of Electronic Frontier Foundation (EFF) say, The Fediverse Could Be Awesome (If We Don’t Screw It Up). Unsurprisingly, lots of people are looking at organizing and activism in the fediverse. Anarchists and other antifascist organizers who have been kicked off Twitter are active on Mastodon (and many have been there for quite a while – Mastodon’s been an anti-fascist social network from the beginning). Project Mushroom is exploring using Mastodon as part of a climate justice organizing platform. Abolitionists, progressive groups, and non-profits are kicking the tires.

One way to look at Mastodon and other fediverse software today is as prototypes that are usable at scale by many people for some interesting use cases. Experimenting with activism campaigns can help identify specific ways those prototypes need to evolve – and also design considerations for new implementations, grounded in justice and equity from the very beginning.

So for Data Privacy Day, here’s some thoughts about privacy activism in the fediverse.

Interested in what an activism campaign  in the fediverse looks like in practice?  Check out #Privacy activism in “the other Washington”: #waleg #MyHealthMyData #PeoplesPrivacyAct and more.

Privacy activism is a good match for Mastodon and the fediverse

One of the big selling points of Mastodon and the broader fediverse is that it’s not owned by a company like Meta, Twitter, or Google whose business models are based on surveillance and exploiting user data. A lot of people are in the fediverse because they care about privacy. Many have knowledge to share, are eager to learn more, and want to have an impact. EFF, Fight for the Future, Open Rights Group, and many other privacy and digital rights non-profits are building their presence; so are a lot of privacy advocates and academics.  Several instances, including someone.elses.computer, techpolicy.social, and mastodon.think-privacy.com have a strong privacy focus.   The infosec community is also very active on Mastodon, and many of them are allies on these issues.  

And the other activists exploring Mastodon all have good reasons to care about privacy as well. Anarchists, antifascists, climate justice activists, abolitionists … it’s no secret that law enforcement and the surveillance-industrial complex use facial recognition and other privacy-invasive technologies to target all of these groups, here in the US and all over the world.3

Not only that, grassroots privacy activism is a natural match for social networks in general – as successful campaigns including  Get FISA Right on my.barackobama.com in 2008, the Nymwars on Google+ in 2011, SOPA/PIPA protests on multiple social networks in 2012, Restore the Fourth on Reddit in 2013, and the pushback against Facebook’s “real names” policy in 2014 have shown over the years.  

Some kinds of activism will work better than others in the fediverse today

It would be disastrous to use the fediverse to plan direct action – or any other kind of organizing that’s likely to be targeted by law enforcement or intelligence agencies.  Use Signal for stuff you need to keep secret, and assume that anything you put on Mastodon or anywhere else in the fediverse is potentially public.

By contrast, activism that benefits from visibility is likely to work better. For example:

  • Helping people better protect their privacy, for example by sharing tips, how-tos, and resources or answering questions.  This includes helping people to better understand the privacy risks on Mastodon, and learn ways to pretect themselves.
  • Getting the word out about local organizing opportunities and activism campaigns like #StopShotspotter in different cities. Regionally-focused instances like sfba.social and pnw.zone are especially good matches for this.
  • Anti-corporate activism – publicizing ethical and privacy-friendly alternatives to commercial surveillance, pressuring advertisers, threatening and organizing boycotts, shareholder resolutions, exploring class action litigation.  It’s also a good match for the anti-commercial surveillance, anti-capitalist, and anti-Big Tech values that are common in large chunks of the fediverse.
  • Legislative activism – pressuring state or federal lawmakers to support (or oppose, as the case may be) proposed legislation.  Of course, most state and federal legislators aren’t on Mastodon yet, so you can’t contact them directly – but amplifying “call/email your legislator” actions, with information about how to contact legislators and sample scripts, can be very effective.

The next two sections delve into legislative activism in detail, first here in Washington state and then generalizing to other states and federally.  Depending on how interested you are in legislative activism, you may want to skip ahead to It’s worth a try! which discusses challenges to activism in the Fediverse including

Learning by doing: #MyHealthMyData and #PeoplesPrivacyAct in #waleg

“Here in “the other Washington”, our legislative session is in high gear.  There are some important privacy bills in the state legislature this year, including My Health My Data, the Shield Law, the People’s Privacy Act, and a bill limiting Department of Corrections cooperation with federal immigration authorities.”

#Privacy activism in “the other Washington”: #waleg #MyHealthMyData #PeoplesPrivacyAct and more

Legislative advocacy here in Washington state is a great opportunity for learning by doing.  

UPDATE, June 2023:  Indeed it was!  I added a section below discussing our learnings.

Like activists everywhere, we use social networks (including Facebook, Twitter, and more recently Instagram) for a lot of different things, including getting word out about events; amplifying news stories; live-tweeting hearings; engaging with journalists, legislators, and experts; and encouraging people to share their opinions with legislators.  There aren’t a lot of legislators in the fediverse yet, but everything else I listed is very doable.

Mastodon and the fediverse are a lot smaller than these other platforms. Still, getting just a few dozen more people involved in advocating for (or against) a bill can potentially have an impact – especially if they can bring in their networks on other platforms and in real life. It might or might not work out, but it’s certainly possible.

The legislative session started in early January, we’ve already done our first experiment, asking people to “sign in” in support at the My Health My Data health data privacy bill’s hearing last week; this week, there’s a key committee vote, so another opportunity for activism.  With luck, we can steadly get more people involved over the course of the session, which runs until April 23.

So please check out hashtags like #MyHealthMyData, #waleg,  #privacy, @waprivacy@pnw.zone and the @jdp23@pnw.zone and account to see how the experiment is going.  If you know people on the fediverse who are in Washington and care about privacy, encourage them to get involved!

Privacy hashtags in “the other Washington”: #waleg #MyHealthMyData #PeoplesPrivacyAct and more has more.

UPDATE, June 2023:  it was indeed a good learning opportunity!  To be honest, we didn’t invest a lot in this: social network campaigns weren’t our top priority in general and compared to larger social networks the fediverse (currently) was a lower priority. Still, we did a few posts, they got at least some traction, and there was at least one case where somebody took an action after seeing a post in the fediverse, so at last it’s a proof point.   Some useful takeaways:

  • single-post actions with a link (or phone number) work better than threads where the action is delayed until the end – there’s no guarantee that the whole thread will federate.  A 500-char limit (as on mastodon.social and most other Mastodon instances) is very limiting, so posts from sites which allow longer messages may well be more effective.
  • there isn’t yet a convention about hashtagging or filtering requests for activism. The goal is to make it easy for people who are interested in a specific topic (#privacy) or a legislative session (#waleg) to follow what’s going on while and see how they can get involved, while also making it easy for people who don’t care about this stuff to filter it out.
  • with people using a chronological feed (as opposed to algorithmic), tactics
  • the fediverse has a nucleus of Washington state organizers and activists, but is not yet a good place to reach a broad and diverse audience of Washingtonians.  It’s not clear how many Washingtonians are in the fediverse, most of them are probably not on Washington-focused instances.  In the short term, campaigns on national or international issues may be more likely to get to critical mass in the fediverse.
  • Take Action Network (a non-federated, custom-built social network for Washington state organizers and activists) has a significant impact on Washington state legislation.  Where are the potential synergies with ActivityPub and the fediverse?  

There’s a lot of opportunities for the fediverse to get involved in doing legislative activism right now

UPDATE, June 2023: bear in mind that this was written back in January, and a lot has changed on the state legislative front since then. My Health My Data passed in Washington, and privacy bills have also passed in 5 other states – most recently Texas.  Other privacy and AI (or automated decision systems) legislation is still active at the state level and meanwhile at the federal level KOSA has indeed been re-introduced along with EARN IT, Stop CSAM, RESTRICT, and various other horrible legislation.  So the details differ, and I’ll update this section at some point, but the overall point remains valid: there’s still a lot of opportunity here.

Washington state’s legislative session is a great chance to experiment with privacy activism in the fediverse.  ‘s far from the only state with privacy legislation in progress right now. New York’s 10-point blueprint to crack down on digital surveillance by police, the broad protections of the Massachusetts Data Privacy Protection Act are only a few of the many important legislative battles over the next few months. David Stauss’ Proposed State Privacy Law Update and Tatiana Rice’s short Twitter thread highlight the huge amount of other state privacy legislation already on the table in 2023: two consumer privacy bills in New York (the Digital Fairness Act and the New York Privacy Act) as well as bills in Indiana, Iowa, Kentucky, Mississippi, New Jersey, New York, Oklahoma, and Tennessee; children’s privacy bills in New Jersey, Oregon, Texas, Virginia, and West Virginia; biometrics-related bills in Maryland, Mississipi, New Hampshire, New Jersey, Missouri, and elsewhere; and health privacy bills in New York and Virginia as well as Washington. The list goes on, and since the year has only just started we’re likely to see more.

There’s a lot happening at the federal level as well.  In his recent Wall Street Journal opion piece, Republicans and Democrats, Unite Against Big Tech Abuses, President Biden asked Congress to pass “serious federal protections for Americans’ privacy” (especially for kids).  Several of the bills that Congress considered last session have bipartisan sponsorship and so are likely to be back on the table in this year – and there will be some new ones as well.  

Here’s a few federal bills that seem like good matches for the fediverse:

  • The Fourth Amendment Is Not For Sale Act has strong support from privacy and civil liberties organizations and is popular with libertarians so is likely to have very broad appeal in the fediverse – with the same alliance that’s been successful with grassroots activism on FISA and SOPA/PIPA activism in the past.
  • LGBTQ rights groups oppose the Kids Online Safety Act (KOSA) in its current form; Mastodon’s pro-LGBTQ values and long history of queer-led development  make this a great opportunity to mobilize people who may not have been involved in the fight so far, who can then bring in their networks.  
  • The comprehensive American Data Privacy Protection Act, which has important priciples like privacy as a civil right data minimization but also has some major weaknesses in its current form, including preempting state privacy bills and significant limits on people’s ability to sue companies who invated their privacy as well as barriers to state AG enforcement.
  • Speaking of FISA, Section 702 (which allows U.S. intelligence agencies to collect data on non-US people) sunsets at the end of the year unless it’s reauthorized. Adam Klein’s FISA Section 702 (2008-2023?) on Lawfare desrcribes this as “the hardest reauthorization yet” – and grassroots activism has had a huge impact in past reauth battles.

So if there are ways leverage the fediverse for legislative activism on privacy, it can have broad benefits – as well as a lot of synergies with local organizing like #StopShotspotter and anti-corporate activism.

It’s worth a try!

Of course, the challenges that Dr. Johnathan Flowers and others have brought up about doing activism on Mastodon today are very real.  For example:

  • Mastodon and the broader fediverse’s power structures are currently very white, and long-term patterns of behavior such as anti-blackness reinforce this. Changing these dynamics is vital; otherwise building a succesful activism platform leaves it vulnerable to a white power structure.  [Flowers’ The Whiteness of Mastodon and others who I quote and link to in Mastodon: a partial history, have a lot more context here.]  In the short term, it will be vital to continue activism on other more diverse platforms like Twitter and Instagram.  Update, June 2023: the Twitter’s continued transformation into a hard-right explicitly racist transphobic political media network highlights the challenges in doing this.
  • A lot of people would prefer to avoid “political stuff” so there may be a backlash against activism – especially if it foregrounds the racism, anti-trans, and anti-immigrant aspects of privacy and algorithmic abuses.
  • Some of Mastodon’s design decisions are intended to cut down on “viral” posts, so activists will need to experiment with techniques for getting the word out.

Attitudes about political posts have long been a source of tension on Mastodon and often play out in racialized attitudes about content warnings (CWs).  Should a CW be used when somebody shares a news article about a Black man was wrongfully jailed for a week in Louisiana after a facial recognition error?  What if they also say “contact your legislators”, and include a phone number or link making it easy to take action, along with a sample script to use?  Opinions may well differ.  My guess is that different norms will evolve on different instances; hopefully debates about whether action-related posts should be CW’ed won’t take up so much oxygen that the actions themselves don’t get traction.  

And decentralization also introduces complexity.  Most users are on a handful of relatively-large instances … but there are a lot of smaller instances as well, and many of them block or silence some of the larger instances.5  Not only that, people’s view of conversations depends on what instances they’re on and who other people on their instance are following, so there’s plenty of room for confusion and cross signals.  For the Washington legislative activism, I set up the @waprivacy on pnw.zone … does that make sense, or would it be better based on large general-purpose instance like hachyderm.io?  There isn’t a playbook yet, so we’ll need to do some experimenting to find out.

Then again Twitter was actually a really sucky platform for activism back in the day (it didn’t even have retweets!) and people still made it work.  So activists will probably figure out some tactics that work well in the fediverse.  My guess is that it’ll be a decentralized and somewhat messy approach, with different organizers posting on different instances (some with CWs and some without), and people making their own judgements about which to amplify.

At any rate, it seems to me it’s worth a try.  Hopefully others agree!


Notes

1 Content Warnings, one of the areas where Mastodon has useful functionality that Twitter doesn’t.  Dogpiling, weaponized content warning discourse, and a fig leaf for mundane white supremacy discusses the origin of the long-standing tensions around CWs.

2 Instead of a single “twitter.com” that everybody logs into, the fediverse has thousands of different instances, most of which communicate with each others. Different instances can run different software, including forks (variants) of Mastodon’s code base as well as other compatible platforms including Misskey, Calkkey, Akkoma, Pixelfed (photo-sharing a la Instagram), write.as (longer-form blogging), Funkwhale, and more. Per Axbom’s The many branches of the Fediverse is a good overview.

3 While I’m focusing almost completely on the US in this post, it’s really worth highlighting the international aspects of all of these battles.  Iran uses facial recognition to identify women breaking hijab laws, China deploys facial recognition as part of surveillance,  a Black man was wrongfully jailed for a week in Louisiana after a facial recognition error … hey wait a second, I’m noticing a pattern here.  

4 When signons skew overwhelmingly one way or another, legislators notice.In 2022, for example, strong signins at the Silenced No More Act’s early hearings helped build momentum and a strong version of the bill sailed through the legislature.  Signins can also help kill bad legislation; after over 100 people signed in CON and only one PRO, the Bad Washington Privacy Act’s last-gasp Ways & Means hearing was ignominiously canceled.

5 The Nexus Today has an account on mastodon.social (which some sites block or silence because of its history of bad moderation) and infosec.exchange (which some sites block because employees of the US Government CISA organization ahve acounts there).  Tricky!


Image Credit: Photo by Credit Score Geek via Flickr, licensed under CC BY 2.0.