The ideal candidate self-hosted or federated social network still doesn’t exist. I don’t think Mastodon is it. I just logged into Diaspora for the first time in a…loooong time, and was unsurprised at the complete lack of progress there.
I do think we might be at a moment where, if there were a suitable alternative, a critical mass of people would say “there is something fundamentally wrong with Facebook, but I value being connected to a social network, so I’m going to make the small investment in time and money to have an alternative that doesn’t skeeve me the fuck out.” Incidentally, a lot of my friends are still on FB, but for the past month of so seem to be relying more Mewe.com—a service that’s in a sense more closed than FB (no publicly viewable posts at all), and weirdly doesn’t appear in Wikipedia at all.
“Open” may not be a compelling argument in itself, but in a federated or self-hosted regime, an open protocol would be necessary to getting the thing to work at all.
That’s why it needs to be open-source. Those of us with the expertise and interest can vet the code to ensure it’s not doing anything evil. The general user just installs and goes, just like they do with bitorrent clients. In fact, the ideal system would behave VERY MUCH like bitorrent-- it would probably be possible to jumstart this sort of design by starting with a bitorrent client.
And, for similar reasons, no, the people who work on the project wouldn’t need to be “full stack” developers. You should not be using any fancy libraries for this-- both because they do make installation more complicated, and because that gives additional attack vectors. Copy code from a library you like, but don’t link to it. (I will admit this is somewhat debatable; but as a long-time developer, administrator, scientist, etc. (since 1980) it is the way I would do it. Your mileage may vary.) And, thus, only one language (for me, pure C).
Yes, the naive user has to trust that the software gets vetted, and that what they install is what was vetted. But this is true absolutely regardless of the software being used. I’m not saying that such a system would be perfect. But it has more chance of giving you privacy than any alternative (other than, as you say, writing your own code to implement an RFC protocol). It could still be attacked by bad actors-- what software is your friend running? Does it send all your information to FB or Google? Better know your friends real well.
Mastodon isn’t bad. But the servers have to be paid for somewhere, and you’re still trusting someone you don’t know to hold your data, and to protect it from crackers. Only if you hold the data yourself, doling it out to only those you authorize, is there any hope for privacy.
Okay, so in your hypothetical scenario of a perfect, self-hosted social media platform, where does this self-updating, install-by-wizard application live? On the user’s personal computer? On a device they plug into their home network? On a server farm owned by a web hosting company? How are you going to handle long-term media storage and hosting? What happens if your hard drive crashes, or your network goes down? Can people still access your content? Are users responsible for maintaining a competent backup solution themselves? Why would you expect them to do that when getting people to back up their own computers is already a huge uphill battle? What sort of bandwidth concerns are you going to run into when Alice’s 40-second video of her puppy falling down the stairs goes mega-viral? (This may be less of a concern if nothing is ever truly public, but if it’s anything like Mastodon or Twitter, your public post could get embedded in a BoingBoing article, and then it’s goodbye rinky-dink home server.) How do you prevent bad actors from DDOSing someone’s server out of existence? Who’s in charge of keeping bots, trolls, and sealions from flooding your mentions?
If this hypothetical PnP social media software is installed on a personal computer or dedicated device located on a home network, how does it work when the user tries to use it from their mobile device? Most ISPs in the US don’t give out static IP addresses to residential customers, and do everything in their power to make it impractical or impossible to run publicly-accessible services on a non-business connection. Not being able to establish a single authoritative point for your social media address makes it essentially impossible for protocols like ActivityPub (or heck, even IMAP) to reliably find you or transmit your data into the fediverse.
If this application is hosted on an external server of some kind, how much is that going to cost? Because if it’s more than $0, forget anyone ever bothering with it. People on the whole don’t even pay for their own email. They are not going to pay for someone else to run their social media hardware for them. And if they’re just going to provision some space from a provider that gives away server time/space for free in exchange for nebulous access to your information, how is that any better than Twitter, or a Mastodon instance hosted by a large corporation (like Google)? If each person’s data is going to be stored on a server that they control, how competently do they need to administer that server to protect it from attack? Most people have no idea how to do that, and you want to put the onus entirely on them to keep their own server protected? In the same universe where people’s refrigerators are being roped into unprecedentedly enormous bot nets? Seriously?
You cannot expect someone to run their own internet-facing social networking infrastructure without also expecting them to be competent at the job - because doing that is a job. Unless you can magic up a solution that involves a perfectly trustworthy network of providers offering freely-hosted boxes that are easier to administer than a toaster without some sort of compromise in privacy, the world in which everyone runs their own social media hardware is never going to happen. Again, this is something that’s already theoretically achievable with email, and no one does it. I could run my own IMAP server off of my laptop (hell, I actually have a home server that I could run my whole family’s email off of). But Christ, the complexity of getting Comcast to route traffic to it reliably, maintaining SSL certificates, software updates, troubleshooting, spam prevention, DDOS prevention, network security, uptime reliability… it’s just so much easier to trust a company like Apple to do all of that shit for me, because a) they have teams of engineers whose job is to do that full-time, and b) I don’t. My ability to go to the movies or out to dinner with my wife is more important to me than spending that time trying to track down why emails from my aunt are bouncing all of a sudden.
There will always be a need to trust someone else to do work for you, because not everyone has the capacity to do it all themselves. It’s why we have specialized professions in the first place, so I don’t have to be a farmer, a cattle-hand, a seamstress, a cobbler, a car mechanic, an architect, and a sysadmin. Right now, we’ve put our faith and trust in massive corporations to host our data for us. These corporations are now proving daily that they don’t deserve that faith or trust, and that our data was never actually safe with them in the first place. But the solution is not to eschew the idea of cooperative enterprise altogether and go it alone as much as possible. Even if the solutions existed to enable that, you’d never get the whole world to go along with it.
I guess the fundamental problem is that, unlike with personal computing, your privacy in social networking is limited to whatever the least-privacy-minded link in the chain will do with whatever you send them. If Google or Facebook were to start up a Mastodon instance, any toots that got federated to them would essentially be fair game for collection and profiling, just as SMS messages sent to Android users who had Facebook installed on their phones apparently were, and just as inbound emails to Gmail are. You can trust your own instance admin with your life, but there’s no way to extend that trust to every instance owner on the planet, and no way to ensure that even the people you trust personally won’t join an instance with a more permissive privacy policy than you prefer. There’s probably more that services like Mastodon can and should do to secure DMs (which, since Eugen has decided to truly fork from GNU social without worrying about compatibility, may eventually happen if they can figure out how to layer it on top of OStatus), but public stuff is always going to be impossible to wrangle, and even email itself is largely vulnerable to the same sorts of sysadmin maliciousness as Mastodon DMs. (Yes, you can end-to-end encrypt email, but holy cats, the workflow for doing that is atrocious pretty much everywhere, so again, basically nobody does it.)
@Entity447B It depends on your goal. If you want more privacy, you need to block social media tracking code and stop using it altogether. If you want freedom, then you archive your discourse outside social media’s walled garden. You still get to decide which of it to share and where you want it. You have a duplicate of all of it so that your friends can follow you without having to sign up and join a site which they haven’t started their own account on. Break down those garden walls! When a platform fails, you get to keep all your stuff and march onward without looking back.
That’s great, really it is. But what are the odds that your Wordpress install could be hacked? Does the one-click install include automatic security updates, including those for any plugins/extensions that you’ve added? Are the authors of that code providing updates that can be seamlessly installed?
I’ve seen so many breaking updates and outdated installs. I’d love to think it’s simple, but in the real world, my experience tells me it’s not. And I don’t think that the average person is prepared to deal with those issues.
I have never claimed it to be perfect. In fact, I have gone out of my way to point to some of its problems. The question is: which set of problems to you want? Weaponized corporate silos, or some (maybe many, maybe nearly all) poorly managed sites? Which latter we already have-- including in the weaponized corporate silos.
Yes.
Absolutely not. That makes you beholden to the manufacturer.
No, for much the same reason.
One problem I see, is that you’re assuming an HTTP interface. I am not. There’s no need for a general-purpose web server; that complicates what is essentially a simple task.
It’s stored locally. People who connect to you might cache copies, though that could be managed by a combination of their caching choices and possibly negotiated caching requests from the owner of the information.
Sucks to be you. The same is true for any local data. This is social networking; it’s not like it’s your financial records.
Then you’re temporarily down. This is not brain surgery. Nobody dies if they can’t see your baby picture for 2 hours. Up 24x7x365.25 is not a requirement.
Nope. See previous comment.
Yes, and so what? See again: not brain surgery.
Not that much of a concern. Something that truly had no restrictions on who could have it can simply be passed on P2P. No need to hit the home server. If it’s not truly public, lots of request denied, which runs up bandwidth some, but not nearly the runaway bandwidth killer you envision.
I already acknowledged that these are weaknesses. OTOH, do you trust the watchmen we currently have?
This problem is already solved both by bitorrent and SIP. One or the other or both could be adapted.
No. Unless they intentionally set it up that way, in which case they’re presumably sophisticated enough to know what they’re doing. Again, bitorrent is the real model here. Millions of people run bitorrent, at home, exchanging files with each other. In general, it works quite well. Stop thinking purely about the web. The internet is much more than HTTP.
All irrelevant due to my previous answer.
In case you didn’t notice, every one of these people are already running servers that they don’t configure or control. Media streaming, RPC, remote administration, desktop integration, etc., all run on servers that are potentially open to attack. Adding one more is not going to make this situation any worse. Yes, it’s a problem. But it is a global problem, and is why we have botnets and the internet of shit trash fire. Until you fix the other problems, this is nothing.
You are wrong, because they already run similar servers.
I know that. It is a job I did for many years. I was the lead sysadmin for a dotbomb in the first internet bubble.
First, it’s not hardware, nor a web server. It’s simply software they install on their own general purpose device. Just like bitorrent.
Second, I already pointed out that there is an issue with bad actors. However, the question here is: are there bad actors already? How can they abuse the system we have? How can they abuse the suggested solution? Is one of those abuses worse than the other? All systems (in the general sense, here, not in the computer systems sense) can be gamed. What you try to do is make it so that gaming the system is (ideally) unprofitable, or (much more likely) at least less profitable than the current dumpster fire.
I think quite a lot more people do. I have, and will be again. A lot of us old-school sysadmins prefer to.
If it takes you that much time to do these things for a home server, then you’re doing it wrong. I have done it for many mid-size companies, and still had plenty of time to do other things.
I don’t disagree with you here, at least not completely. But as currently envisioned in the neo-liberal Milton Friedman “corporations only exist to profit the stockholder” world, there are NO corporate entities-- even “non-profit” entities-- that can be trusted (I am speaking now as the business professor that I now am-- and let me tell you, the view from behind the lines is horrifying). Given that, and that there is a working model in bitorrent (with possibly some help from internet telephony)-- why not give the truly decentralized option a try?
These are also mostly problems I also pointed out. Is a decentralized model subject to problems? Of course. But, as you point out, every solution is subject to problems. The question is, again, as I noted above: Who benefits from gaming the system? How much do they benefit? Use the answers to those questions to evaluate the alternatives. Is Mastodon doing a good job? Well, it doesn’t look bad. But what happens when some giant hedge fund buys Mastodon? A giant hedge fund isn’t going to go after a truly decentralized network.
I really think your arguments boil down to “your solution isn’t perfect!”. You’re right. It’s not. No solution can be. But I really do think that an open protocol truly decentralized solution provides the least harmful failures. You may feel that slightly more harm can be supported by the tradeoff for simplicity. shrug Your choice. I disagree. Surprisingly, well-informed people do sometimes disagree.
You’re right. And those big companies never lose data, because they are so much better secured!
Reporter: Mr. Dillinger, why do you rob banks?
John Dillinger: Because that’s where they keep the money.
No one wants to hack a home server. There’s not enough value for effort there. Put a bunch of them on a centralized server, now there’s a target worth breaking in to. Even if it is a lot harder.
It’s really less a question of what I want, and more one of what people in general expect. The reason so many small businesses, communities, interest groups, and individuals have replaced their web presence with a Facebook page is because it’s cheaper and easier than maintaining a website of their own. A Facebook page is easy to manage, it provides a consistent channel for communication that doesn’t require creating new account credentials everywhere you go, and it is always available, 24/7, for free. That’s what you’d be competing against. If your network or service can’t provide that (or something very close to it), it will not succeed in attracting a critical mass of switchers.
The utopian future where everyone hosts all of their own content themselves on machines that they own using code that they’ve vetted is simply never going to happen. It didn’t happen with email, it didn’t happen with websites, and it’s not going to happen with social media. There just is no appetite among the general public for doing that. The overwhelming majority of people, again, simply do not have the time, money, or expertise needed to do it themselves. I’m super happy for you that running your own SMTP server is something you’d enjoy doing as unpaid labor in your spare time, and that it’s something you’d do a good job of because you’re an ex-sysadmin. Most of the world does not consist of ex-sysadmins for failed dot com companies, though. It’s mostly composed of people who are afraid of the Windows Control Panel and can’t figure out how to get their VCR to stop blinking 12:00. My statement that “no one” is running their own email server was obviously hyperbolic, but statistically, it’s pretty accurate. The overwhelming majority of people get their email through Gmail, Hotmail, Yahoo, their ISP, maybe even their web host. They do not run it themselves, and you will never convince them to.
Given that reality, I can’t imagine a scenario in which “to join our social network, install this software on your computer, make sure to keep it updated, shoulder all of the administrative responsibilities of dealing with spam, trollies, and networking issues, and never turn your machine off again if you don’t want your aunt calling over the weekend to ask why she can’t see your vacation photos anymore” is going to be a winner.
So in order to see the things that you post to this social network, I have to have the network’s application installed? I know the mobile world is basically app-or-nothing, but there’d be no way for me to open my mom’s feed in a browser, link to a senator’s post in a news article, or share a meme in Discord chat? (If so, where is that being cached if it’s not served straight off of the poster’s computer?) I can promise you, that’s just not going to pass muster. The internet is more than just the web, yes, but the web is still the most common access point for public content. If your network isn’t on the web, it’s just another pointless silo.
True. But “you are responsible for your own uptime” is not a message that will sell to the masses, and it throws out decades of precedent for why we even have servers in the first place: to provide reliable endpoints for unreliable clients. Uptime is about more than just making sure your own content is available, too. If your computer isn’t accessible, material that is sent directly to you will bounce, just like email does when the receiving server is down. (Alternatively, you could send messages to a central server so that they can be redelivered when your client reconnects, but now we’re back to the problem of data being centralized, and even metadata about people’s communications is valuable enough that storing a reference saying “ping X for the message they want to send you” on a central server is probably beyond the pale for the super security-conscious. Of course, you could try to work around this using some sort of P2P network or blockchain, but then we’re back at the problem of your data being basically everywhere, and not just in the hands of those you trust to have it. You could directly poll people you follow for updates when you reconnect, but incoming messages from non-mutuals would still be lost.) A social network that can’t reliably deliver or receive messages for all participants is essentially useless.
I’ll stop thinking purely about the web when you tell me how Rob can show us videos of baby hippos “mauling” their caretakers when they’re posted somewhere that a browser can’t reach. Social media is built on the web and shared on the web. Yes, there are tons of technologies that make up the internet, but for public communication, the web is still king (consider: we’re talking on a “BBS” that runs on the web, and not in a dedicated BBS terminal).
Also, despite Bittorrent’s best efforts, BT does not make for a very good general communication protocol. All parties have to be online together to successfully send and receive messages (something that it also has in common with SIP), accessing a “public” piece of content requires either exchanging more files or trading in enormous magnet:// links, and syncing communications between multiple same-user end-points is tough even for sever-side chat services.
I’m honestly not sure how “remote desktop and iTunes Library Sharing exist, therefore people know how to keep their computers secure when hosting publicly-accessible material” is a logical argument. Any additional holes you open in a computer’s defenses are going to broaden the attack surface, especially when the act of hosting a social media node is going to inherently attract attention. Just because your plan isn’t to run a web server doesn’t mean it won’t have security consequences. I also don’t understand how “we already have botnets, so broadening the pool of potential slaves isn’t an issue” makes any sense. We had botnets before the Internet of Shit too, but adding tens of millions of new potential slaves in the form of WAN-accessible light bulbs and garage door openers sure as hell did actually make the situation worse.
You cannot invite Joe Q Public to install complex, internet-accessible content hosting/broadcasting software on their computer and expect everything to be completely fine just because it’s not responding on port 80. There will be security flaws in that software, and on a network of sufficient size, they will be taken advantage of. Decentralizing the target isn’t a solution; if it were, we wouldn’t have two-bit WordPress sites and phpBB forums being hijacked on a regular basis to serve malware.
There are a lot of different abuses to consider. There’s the abuse of trust on the part of a host, should they use a user’s data inappropriately. There’s abuse of the platform by other users in the form of spam and other undesirable or illegal content. There’s also abuse of the platform’s users by others in the form of harassment. Not all of these abuses require profitability to be effective or worth someone’s time, and total decentralization is not a panacea for any of them.
Host abuse is most likely to occur in any setting where other people’s servers are involved. Centralized platforms have a high motivation to exploit users’ data for profit due to the high operating costs of running such a monolithic service, and the significant value in having tens of millions of users’ data in one place. Decentralizing the platform onto independently-operated servers reduces the value of the data set by masking off whole swaths of the overall social graph from each instance admin. It could still be an issue if you sign up on an instance that is run by an unscrupulous individual, or follow/are followed by someone on such an instance, but I think the overall risk is, in general, lower. Smaller servers are more likely to be run by someone you know (or can know) a little better than Mark Zuckerberg, and are probably going to be able to cover operational costs through donations or a Patreon, reducing the incentive to mine users’ data for profit. A p2p network is even more resistant to host abuse, but still not immune. The incentive shifts from hacking the central server to providing an implementation that is installed widely enough that its developers can build a sizable social graph from its users, and profit off of data aggregated from every user/follower/followee that interfaces with it. In a way, this is actually more dangerous than an unscrupulous instance owner, due to its potential to directly reach a more critical mass of platform users.
Platform abuse is going to be a problem in any implementation. Theoretically, a centralized platform would provide the best possible means of dealing with platform abuse. Since there’s only one implementation of the platform, dealing with bad actors like spammers and scammers in a permanent fashion should be more effective than the comparatively wild-west nature of decentralized systems. In practice, that simply hasn’t happened. The scope of the problem is too large for one company to handle on its own, and user-driven reporting tools can be easily gamed. In a decentralized server approach, individual communities can police themselves more effectively, and decide whether to cut off communications with other problematic servers entirely. A purely individual decentralized system is going to have the same problems with platform abuse that email does: nobody is really policing the issue of platform abuse, so it falls to every user to wade through mountains of spam and phishing attempts on their own, managing their own block lists manually, etc. I don’t see a social network being any different. (Decentralized systems also have bigger potential problems with user impersonation, since there is no central authenticating authority. However, that’s something which could be mitigated through supplemental means like Keybase if it’s really important, and a decentralized-server solution would give instances the same kind of authenticating authority that email does; if you’re seeing toots from Elon Musk and he’s not tooting from @elonmusk@spacex.com, it’s probably not actually Elon.)
While not the most damaging to people’s privacy in the long-term, user abuse is the biggest immediate threat to user retention, and absolutely something that must be taken seriously by anyone attempting to replace our current centralized ecosystem. Again, a centralized platform seems on the surface like it would be best equipped to tackle this problem by being an easily-severed single point of connection between an abuser and their target. But again, that hasn’t happened. If anything, centralizing everyone onto a single platform just makes it easier for abusers to find targets, engage in bandwagoning attacks, and abuse community reporting tools to silence the marginalized. Decentralized servers give more power to instance owners to establish specific codes of conduct, block persistent bad actors on particular servers or IP addresses, and provide smaller communities with ways to congregate without necessarily interfacing with every other server on the fediverse. P2P networks put that power in the hands of the user, which in a utopian world where everyone is fundamentally nice to each other, is sufficient for letting people choose who to engage with. But we don’t live in that world, and I again feel that it is inappropriate to ask every person to be responsible for dealing with the fallout if the internet suddenly decides to come down on their head because of something beyond their immediate control. It’s relatively difficult (though certainly not impossible) to drive someone like Emma Gonzalez off of Twitter. But it would be trivial to knock her personal social media node offline (any attempts to guard against DDoS attacks would inherently violate the “you control where your data goes” principle), or flood her mentions until she leaves in ways that even Twitter is competent enough to prevent.
Your question makes no sense. A giant hedge fund can’t buy Mastodon for the same reason a giant hedge fund can’t buy GNU social or IMAP or Jabber or IRC. It’s an open implementation of a collection of W3C-standard communication and message-formatting protocols. A hedge fund could theoretically buy the Mastodon server/web application’s source code, but the same is true of the hypothetical p2p application you’ve proposed. Even then, Mastodon’s code is AGPL-licensed, so closing it in the future would be very difficult, and it could still easily be forked to preserve the project’s open nature. Technically you don’t really even need to use any of Mastodon’s code to federate with other Mastodon instances; again, because it’s built on a set of open standards, you could write your own implementation to properly handle the ActivityPub connections and parse OStatus messages.
It’s a valid question to ask what happens if a company were to buy the mastodon.social instance, but I don’t think that’s a huge cause for concern. The underlying platform supports account deletion and data export, so you can easily move off of the now-corporate-owned instance and set up shop again somewhere else. (It is still lacking when it comes to notifying your followers that you’ve moved, though, and your post history would be lost. These are things I’m hopeful are still being worked on.) I also just don’t see that purchase happening… the value of Mastodon is really the platform, not any particular instance (even the flagship), and the platform itself can’t be owned. As you suggested, companies aren’t going to want to buy something they don’t and can’t have total control over. They’d much rather just build their own silo (Slack, Discord, Hangouts, Telegram, Peach, Ello, WhatsApp…). It’s also valid to ask what happens if a company produces a popular front-end client for Mastodon that basically acts as a data scraper, but then we’re right back where we started with never trusting code that you haven’t personally vetted.
