- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Some interesting data on hosting service centralization of mastodon instances.
To be honest I think that this posts kinda misses the point of federation. Federation is not really about privacy (it wouldn’t make sense anyway since most of the fediverse content is entirely public).
The fediverse brings freedom to social networking, allowing us not to be dependant on a single host. The state of the fediverse is already significantly better than centralised networks in this regard. Also, the none of the hosting platforms criticised here rely on the number one factor of erosion of privacy: advertisement. I have a really hard time believing that Amazon, and other hosting providers spy on the VMs they host (outside of police investigations). It would be quite expensive and inefficient for them to extract any useful information. Unlike Facebook/Twitter host providers already have a clear business model that doesn’t involve advertisement, and they have a lot to lose if it turned out that they spied on their customer’s VMs.
But this topic isn’t primarily about privacy. Yes privacy is also potentially effected (but as you say not that likely), but what this is mainly about is network resilience (and also censorship resistance).
Edit: Note how it wasn’t even posted on the privacy community :p
If it comes to resilience, shouldn’t those who manage an instance worry about having a backup to upload to another provider’s server by changing the DNS record in case there are problems?
If so it is not a Fediverse problem but a problem of some administrators who naively do not follow good practices in general.
I’m sorry why isn’t federation about privacy? Everything’s free software with little to nothing amount of tracking, except for the fact that almost everything’s public I think the Fediverse is much better than any other social talking of privacy(?)
Free software is heavily correlated to privacy yes. And the Fediverse pretty much entirely free software. However, the technical aspect of federation has little to do with privacy. A free software centralised social network could be pretty private, even more than the Fediverse , because the data is not shared with multiple hosts. And the other way works too. You could build a federated social network that is significantly less private than the Fediverse currently is.
Also, the Fediverse can only be considered private to the extent that there are no advertising trackers on the platforms. However, pretty much every post on the Fediverse can be viewed by anyone.
I don’t see how this is a problem. This is to be expected and not ideal, but very hard to solve and already 100 times better than the alternative
This is to be expected and not ideal
I don’t think many Fediverse users are aware of it and with more awareness it is actually not that hard to solve.
Interesting fact about Matrix.org (a protocol mostly focused on decentralized instant messaging while ActivityPub is more for social networks):
“One thing I love about @matrix is how independent of a server a room can be. It requires at least one server for now, but it’s easier to see it as a “a room in the Matrix universe”. It has one main door, but can have many other doors, all leading to the same room. Each door lives on one server, but the room lives on several servers at once.”
Source: https://mamot.fr/@thibaultamartin/105861724585009325
From a privacy perspective, this is a big problem.
How? Matrix private rooms are e2e-encrypted by default.
Not all rooms are private. When joining a public room, many users assume that only Matrix users can see the content, similarly to IRC. Instead, it’s equivalent to writing on a public website.
Plus, people make mistakes, e.g. typing in the wrong room. The built-in edit mechanism is unable to handle this issue because everything is made public immediately. Deleting a message can even give people a false sense of security.
These are not problems of Matrix but of the UI/UX of the clients you are using!
your hosting provider has access to all your and your user’s data
This statement is a ridiculously absurd exaggeration. It’s like complaining that your bank has access to your money.
Yes, the hosting provider has the ability to access your VM and extract data. They will give access to the police if they receive a warrant. This is not the same as putting your data on platforms like twitter and facebook, which mine your data, sell user profiles to advertisers and manipulate you.
technically not better than using Twitter if the provider decides to act maliciously with the data
This is a big “if”. If a cloud provider is found to leak customer’s data regularly they would lose credibility quickly. (Don’t get me wrong, I still think owned hardware and a P2P model similar to Briar is better)
As a side note, If anything the underlying problem of ActivityPub is that it has no method to prevent centralization. Just like email, a few large companies can capture the majority of users.
This is absolutely true, but expected.
One of the reasons why I see federation only as a stepping stone. The real deal is not a federated system, but a distributed one, and I hope I will live to see one becoming mainstream. Ah, and I hope it is not scuttlebutt … but that’s another question, right? :D
Depending on what you mean with distributed it already exists for the Fediverse: Hubzilla and Zap have build in channel clones and nomadic identities, meaning your channel can live on multiple servers the same time and you can easily move between then and onto new servers.
The problem is that this is mostly incompatible with ActivityPub, but Zot network internally it works great.
That’s not distributed if there are servers involved.
Hence my “depending on what you mean with distributed” ;)
But I hate to break it to you: servers are also just computers and there is no fundamental technical difference between a federation of servers and a p2p network of “clients”.
yeah, well that’s true :D But what I mean is real distribution. Every client is a Server (think IPFS, or scuttlebutt fwiw).
Do you think holochain will be the answer?
Never heard of it.
Perhaps this could be mitigated by making the deployment process simpler, ie: a single static binary to download and run instead of having to set up a million different services and edit a million different configuration files. But then again, as long as there is any friction to the setup process, there will be centralization in the form of large servers, as users will go down the path of least resistance.
I guess the real solution here is to simply abandon the concept of federation all together and instead use a peer-to-peer (p2p) model. A p2p model would completely alleviate the problem of centralization by enforcing decentralization, by simply removing the possibility of centralization using design.
How would a p2p social media network even work? Even peertube has servers it just lightens the load on them by using the BitTorrent protocol.
Check ssb protocol out
Huh that’s really clever
it’s really easy to move a mastodon instance. I know because I did it. it should eventually be as easy to move a lemmy instance. each admin that has the ability to move their instance if they want to represents a meaningful point of decentralization. “The underlying problem” sounds so dramatic.