The glaring challenge for Mastodon

Bluesky rather than Mastodon/Fediverse, but that moderation problem again.

A lot of buzzwords and handwaving there. They have the advantage that it’s currently an invite-only garden at the moment.

The Bluesky hype engine is cranking up, even though it’s still running in beta and has a skyverse federation count of … one, re-checks, one instance. (/tap tap tap, is this thing on?)

Here’s a good thread on why it’s a bad idea.

[…] which also has a rich history of garbage people run wild.

But instead of something that applies any of that, they have apparently produced the same sort of tired neoliberal marketplace-of-ideas horseshit product that Twitter was to start.

(a thread)

No block button? Running in beta, or not,

eta: Blocks now.

In short, decentralizing things, and allowing many different approaches, and open systems and tooling doesn’t solve all problems, but it presents some creative ways to handle the Nazi Bar problem that seem likely to be a lot more effective than living in denial and staring blankly into the Zoom screen as a reporter asks you a fairly basic question about how you’ll handle racist assholes on your platform.

Before getting to the Telegram conversation with the person involved in running a cryptocurrency scam, Brian Krebs asked a programmer involved in Mastodon about what they’ve been dealing with.

Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform.
…
“We suddenly went from like three registrations per minute to 900 a minute,” Chaput said. “There was nothing in the Mastodon software to detect that activity, and the protocol is not designed to handle this.”

Seeking to gain a temporary handle on the spam wave, Chaput said he briefly disabled new account registrations on mastodon.social and mastondon.online. Shortly after that, those same servers came under a sustained distributed denial-of-service (DDoS) attack.
…
“This was three hours non-stop, 200,000 to 400,000 requests per second,” Chaput said of the DDoS. “At first, they were targeting one path, and when we blocked that they started to randomize things. Over three hours the attack evolved several times.”

Chaput says the spam waves have died down since they retrofitted mastodon.social with a CAPTCHA, those squiggly letter and number combinations designed to stymie automated account creation tools. But he’s worried that other Mastodon instances may not be as well-staffed and might be easy prey for these spammers.

This has been a concern of mine with Mastadon/the Fediverse. Your data is only as safe as (potentially) a guy with a server in his closet makes it.

In addition to serving as a warning… I think the fact that the FBI is raiding the homes of anarchists is sort of a big deal… WTF?

I have not been able to find anything about why he was arrested other than the FBI statement that it was unrelated to Mastodon. I will post a follow up if I find anything

never assume your social media data is safe. It’s why we take great pains to keep as little personal data as possible about people and say so in our privacy policy - partly to protect folks, partly to deter raids in the first place.

Gotta do something with all the funding they are not using to deal with the violent Nazi problem.

Please do…

And of course, they don’t always tip their hats about ongoing investigations, until they got some charges…

I’ve been surprised how satisfying the migration from GIANT MASH EVERYONE IN THE SAME ROOM TWITTER to a smaller community on Mastodon has been. Is it more insular? Maybe. But can I now retain my sanity? Also maybe!

So win-win, I think, if federation grows up and works as it should?

“If it works as it should” being the operative word. I look forward to my family moving to something like Threads if they aren’t willing to move to mastodon directly so at the very least I can subscribe to their posts (and them to mine) - finally - without having to directly use the same platform they are on!

That article’s premise is pretty inflammatory, that the ability to find CSAM in the Fediverse is somehow the indicator that the problem is worse there - but then goes on to suggest that no, really the problem is that it could be worse, with all the usual suspects about decentralization meaning it’s not as easy to combat. The last paragraphs sums that up well:

“The problem, in my opinion, is not that decentralization is somehow worse, it’s that every technical tool available for fighting CSAM was designed with a small number of centralized platforms in mind. We need new tools for a new environment, which will take engineering resources and funding.”

That paragraph is 100% correct, but it misses the point. It’s not the Fediverse that started this trend.

As someone who’s had to deal with CSAM for nearly my entire career - from when I started as a SysAdmin for a local ISP and fought this stuff in Usenet and IRC, to being DTO for the Wikimedia Foundation (including Wikimedia Commons, which is where all the media for Wikipedia goes) to BB and the BBS - I can tell you that this has been an ongoing problem that is so much worse now than it was even ten years ago, and that the fediverse isn’t the cause - it’s decentralization in general that has made the problem so much worse.

A quick search of the usual suspect search terms on Twitter (don’t do this, trust me ) turns up references to Discord, Telegram, file sharing sites like dropbox and mega.nz, OnlyFans and clones, various social media extension sites like Linktree being exploited to share information, and extensive use of crypto, gift cards, and other indirect payment methods to fund all this behaviour.

Worse, any hacked site that has storage becomes a dumping ground for cheap web frontend fileservers that hackers can use to hand-off CSAM for crypto payments that when put through a mixer makes tracking them impossible. When you combine that with the ubiquity of cellphone cameras to create vastly more CSAM than a decade or two ago and the extreme proliferation of teens (or younger) feeling social pressure to record themselves in compromising situations (or worse) that inevitably get leaked due to bad password management or these teens being socially engineered out of their private photos and videos, this is a torrent that frankly is unstoppable in its current form.

The situation is so much worse than it seems on the surface.

No, of course not. And I think they take pains to note that it’s not the cause of the problem, but is indicative of the larger problem on the internet.

right, but isn’t that the issue here? Because part of the appeal is the decentralization, right?

Indeed!

Oh yes, absolutely! But I see the warning flags going up about the Fediverse as if painting that as the villain is the problem, which in a way gives a pass to all the big, well-financed players out there who could be doing so much more than they are. It’s the age-old playbook, right? Blame the little guy who can’t do what the large orgs can as an excuse, while these same orgs are doing even less than they were to combat the problem while claiming to do more.

Big players will spin the fediverse as “dangerous” for CSAM in hopes they can kill it in its’ infancy, meanwhile twitter went from “Bad” at handling CSAM to basically doing nothing anymore, and new well-funded players like BlueSky are literally saying outright that they aren’t going to try, they just want posters to label their CSAM, not block it.

It’s so frustrating to me. I’ve founght this fight my entire professional life and I really feel like we’ve not only lost the battle now, but one of the underfunded, nascent, volunteer networks are a prime target for billionaires to point at as a scapegoat even though they are such a small part of the problem.

sigh sorry for venting. Thanks @Mindysan33 for bringing this topic up. Yes, 100% the fediverse needs to get better at handling CSAM. But it’s not going to help, because the billionaires don’t care and CSAM is hidden everywhere on their networks, and their networks are so massive compared to the fediverse. And now those same billionaires will use the fediverse to distract from their own failure to do shit about this.

Sure, that’s a good point and I agree.

Also a great point, but that doesn’t mean that there isn’t a problem here… While the whole open source infrastructure appeals to many of us because it can be highly anti-corporate, it attracts bad actors for the same reason. That isn’t the fault of the people who work in open source spaces and develop for open source with good intentions, but it’s sort of line the nazi bar parable (you know that one?). What do we do when the nazis invite their friends and take over the bar? I don’t think there is an easy answer, other than just oppose them at every turn, and not to let them get a toe hold in the first place. But that’s more difficult in a landscape that’s inherently scattered, because of a lack of centralized oversight.

But I do agree that the large, centralized social media bears more responsibility. This has a been a major problem online forever, too. It even goes back to prior to the WWW, with white supremacists organizing on old message boards and this kind of sick media being traded online.

Well, it will help the fediverse, of course. Yes, the big platforms will still be a problem, but part of the goal of building an alternative like this (in my view) is to make it a better alternative. I’m thinking of how punk culture drove an alternative mode of cultural production… some labels worked to have an alternative model to the exploitative system of cultural production that was truly better, because it wasn’t based on profit-seeking.

No doubt, but that’s all the more reason to do better, I’d think.

Yep… assholes got to ruin everything don’t they…

I think a big challenge for Mastodon is that despite the wishes of many using it, more on Mastodon don’t want to “succeed” in the sense of becoming the One True Social Network. It’s a hodgepodge of different people, different servers, and no single owner deciding which direction it should go.

Take me, for example. I deliberately chose a smaller instance because it’s geographically of interest to me, and small enough that I can read the daily local postings (it’s muenchen.social if you’re curious). There are other instances I look at, because they are official government owned instances that are verified because the government owns the instance and doesn’t allow for private accounts. So I get pleasure out of Mastodon by maintaining a small enough list of those I follow, and enjoy the chronological order and the way no algorithm tries to second-guess what I want to skim.

But yeah, moderation, and keeping things civil. Communities are like organisms, with all the messy connotations of size limitations, and all sorts of messy imperfect analogies. But maybe federating really is the key, smaller communities policing themselves, or refusing to talk to those communities that won’t rein in their worst users? And the whole CSAM (to my shame, I had to look up that acronym) issue will always be there, but it will be individual servers who will be hit, not one central hub.

I think getting national governments to play a role by running their own servers and not relying on a privately owned social network is the biggest plus to Mastodon. News agencies could do the same, Reuters running one only their reporters can have accounts on, oder the New York Times.

The whole trick, I feel, is to be able as a user to decide who you want to talk to, and mute those you don’t want to talk to. And illegal content, well, it gets compartmentalized. Spam gets filtered, like in email. With lots of servers talking to each other instead of one single hub, the defense mechanisms can freely mutate as well, and successful solutions spread.

I’ve only been on a Mastodon server for a few weeks now, ever since Apollo died, really, but I am really enjoying it. I am cautiously optimistic about its chances at becoming the PHP of social networks against the AOL that Twitter is.