For all the relevant news on the Fediverse

Last Week in the Fediverse, ep 4: ⚡

Welcome to another episode of Last Week in the Fediverse! The major theme of this week is news around technical infrastructure. Mastodon.social experiences a DDoS attack, Twitter shuts down free access to the API, Stanford is called on by the community to start their own Mastodon server, and new tools get released with some interesting implications on the capabilities of the fediverse.

Before we start: I prefer to write little about Twitter. Its already enough in the news as it is, with other publications covering it very well. Today I do cover it, but only the implications that this has on the fediverse, which turn out to be pretty significant. Lets get started!

Mastodon.social experiences a DDoS attack

A significant part of Mastodon experienced a DDoS attack on January 31st, as confirmed by lead developer Eugen Rochko. The attack targeted the instances mastodon.social, mastodon.online, and joinmastodon.org. The services experienced some downtime for a few hours, and the experience on mastodon was noticable slower the next day, but no major disruption happened. This was also partially due to the timing, it happened deep in the night for European users and late evenings for Americans.

DDoS attacks might feel like an unfortunate annoyance of modern life, and an attack like this with minor impact not a big deal. However, it did lead to some interesting community responses and discussion that are worth highlighting.

Adding a firewall

Because of the attack, Eugen Rochko decided to move the two instances (that are hosted by the Mastodon non-profit organization) behind an online firewall by Fastly. This cloud service helps prevent DDoS attacks by routing the traffic through their own services. Companies like CloudFlare and Fastly provide services that are very effective at preventing such attacks. The downside is however, that this requires the use of private, for-profit companies that can see all your traffic.

This trade-off creates tension: on one hand, using advanced firewall services is basic security practices for platforms as large as Mastodon.social. On the other hand, Mastodon prides itself on its ideological grounds, which seem to be in conflict here. Mastodon is supposed to be a move away from surveillance and Big Tech. But with the use of such a firewall, a big private company can read all the traffic’s metadata.

The argument is not only an anti-capitalist and surveillance argument, but also an anti-centralization argument. CloudFlare has massive influence on the internet, providing valuable protection services to a large number of sites. While they have been careful in using that power, CloudFlare did decide to use its gatekeeping power by cutting their service to social network 8chan in 2019. Without the protection from Cloudflare, 8chan got immedialely knocked offline. There is certainly no lost love for 8chan within the Mastodon community, and the internet is certainly better off without them.

But the fediverse also promises to decentralize the internet. Centralizing under the power of a few companies such as Fastly and CloudFlare runs counter to that ideal. The fact that they provide such valuable services makes this an interesting clash of ideas.

Server size

The reason that a DDoS is feasible in the first place, is the large size of Mastodon.social. With almost a million users, it dwarfs all other instances in size. This also runs somewhat counter to the idea of decentralization in the first place: the idea behind federation and decentralization is to have people spread out over a large number of different services. In practice, mastodon.social turns out to have significant appeal to people, especially when they come from Twitter and see Mastodon as a Twitter replacement, not as it’s own unique thing.

This DDoS attack brings this discussion to the foreground again, and illustrates a practical drawback of centralization: it creates vulnerability. For the people who were not on mastodon.social, the DDoS attack had barely any impact; the only problem is that they could not load posts from people on mastodon.social that they follow. Otherwise, for them the fediverse continued along just like normal.

I’m interested to see how this develops further, especially the conversation about people spreading out to smaller servers and instances. Large name instances do provide a helpful service with onboarding new users. This is visible in how projects like Mammoth, but also Vivaldi, create specific new servers to on-board people. But I am curious to see if it will lead to further conversation about having people move away from mastodon.social.

Twitter shuts down free access to their API

On Februari 1st, Twitter announced that it will shut down free access to their API next week. Other publications have covered this news well, and it has been a major source of chatter on the timelines in the last few days. I will not go over the impact this has on Twitter, but it does affect the fediverse as well in multiple ways:

Friend finding services

Tools like Movetodon and Fedifinder allow you to scan your Twitter friend list for people who also have a Mastodon account. They do this by reading the bios of your friends, and scanning for Mastodon handles.

Your social graph is the most valuable aspect of a social network. In the earlier days of Big Tech, you could easily export and import your social graph to a new social network. Famously this is how Instagram could grow quickly in its early days, by allowing you to import your friends from Twitter. Companies have grown wise to this immense power, and have since by-and-large moved to walled gardens to prevent competitors to grow and compete.

Twitter also does allow a direct import/export of your social graph to Mastodon, but these tools provided a work-around. Losing this ability is a major blow for a competing social network such as Mastodon to grow.

These are all the friend-finding tools that you might want to try and use before the deadline, courtesy of the Awesome-Mastodon list by @huey@kopiti.am">huey.

EDIT 2023-02-03: Movetodon creator Tibor Martini confirms that Movetodon has been shut down due to an unspecified rules violation. This has some bad implications for the other friend finding services as well. It is too early to confirm what will happen to them. As of writing the other services still work.

Cross-posting

People have been using cross-posting tools such as Moa to automatically cross post their Twitter messages to Mastodon. Moa has announced it will shut down in response to the switch to paid API access. Considering that Elon Musk floated a price of around 100 dollars per month, it seems likely that this will relegate cross-posting to a very marginal group of people, and most likely kill it completely.

Cross-posting is somewhat controversial. On one hand, it fills Mastodon with content where it could feel empty, and allows you to follow people without actually having to log in to Twitter. But a social network thrives by it’s ability to engage with people. Content that is cross posted does not allow for others to engage with you, because you signal that you will not respond to interactions.

It seems to me that cross-posting impedes the growth of Mastodon in the long term. It allows you to pretend that you’ve switched, while not actually doing so. Instead, you kept the real network alive on Twitter instead, because a social network is where you interact.

That said, a large group of people do enjoy cross posting, as it allows them to see posts they otherwise would not see. In the short time its unlikely that people suddenly would start posting on Mastodon, if they did not have the interest to do so before. This will create a bigger distance between Twitter and Mastodon, which will certainly be painful for people. Losing your connection to friends simply sucks.

Bots

Twitter’s API has been an invaluable source for people creating bots on Twitter. Ranging from useful weather-services, delightful animal-picture posts, indispensable blocking services to just outright dumb. It has been the go-to place if you want to share something automatically with the world.

The fediverse is an obvious replacement for this use case. It’s been painful for developers to have the API that they trusted on be suddenly taken away by an owner who does not understand the value that developers and creators provide. Mastodon is in stark contrast with this: the open-source nature makes it trustworthy to build upon.

The instance botsin.space is an ideal starting point for creators looking to make new bots. The new service Cheap Bots Toot Sweet by @BooDoo helps with that as well.

If this expected inflow of developers creating bots does indeed pan out, this should turn into a huge boon for the fediverse. Twitter under older ownership was very aware of the value that 3rd party creators added to it’s product. Inheriting even part of that value from Twitter is an exciting potential

API scraping

Twitter’s cultural values (and the ToS) allow people to scrape the API for the content of the messages on Twitter. The practical applications of this range from extensive academic research on extremist content to more nefarious usecases and harrasment.

This approach to API access clashes with the undocumented values and expectations that a significant user base of the fediverse has. Even though the fediverse cán be scraped, it is strongly looked down upon. People use the fediverse expecting to be able to own their data, and not have it tracked and registered via other parties.

One of the difficulties is that this cultural value is not documented in a ToS, and differs per group of users. Especially for early adopters, not being indexed is an important cultural value of why they joined the fediverse. For journalists and other high-profile individuals on the fediverse, the lack of search an indexing proves to be a barrier.

This friction has played out for a while in the fediverse, and unless a solution is found where people can make sure that their data is not scraped if they do not want to, it seems like it will continue for a while. The new influx of API users that are accustomed to a different value set with regards to content scraping will only reinforce this debate.

One of the first signs I’ve seen of a fracturing of community standards is this announcement by the admin of the Universeodon server, offering free total API access to developers.

While the phrase ‘community fracturing’ is often associated as something negative, in this context it can be interpreted as positive. People who are okay having their posts scraped/indexed via APIs can use the Universeodon server, while people who do not want such a thing use different servers. Keeping my eyes on how the Universeodon community reacts to this, and if other servers also implement such understandings.

Universities and Mastodon

The Stanford Daily, a newspaper dedicated to Stanford University, published an opinion article ‘from the community’ about how Stanford should run their own Mastodon server. It explains in detail the problems with the current Twitter-centered communication as well as the benefits of a university owning their own content platform.

The article is well written in a way that feels strongly applicable to other universities as well: just replace Stanford with your own university’s name.

I would not be surprised to see a wider call on universities to own their communications channels. Worth keeping eyes on to see where the discourse goes.

StreetPass

StreetPass is a newly launched extension for Chrome and Firefox, created by @tvler, that makes clever use of the authentification system that the fediverse provides.

Users of Mastodon can verify themselves by proving they own a website. If they do, a link appears green in their bio:

You do this by adding a small piece of code to your website. StreetPass makes use of this same system, by checking this validation if you visit a website. So anytime you visit any website that has this validation enabled, you get a tiny notification that shows you who the owner of the website is.

Here is how I used it this morning when visiting Movetodon: I got a notification that it registered it’s owner. So with one click I could visit their Mastodon profile, and see if they had posted anything about the service not working.

I’m intrigued by new efforts like this that use the fediverse’s authentification system in wholly new ways. Expect a more in-depth article on this soon.

As a warning note: only install this extension if you know exactly what you are doing. The extension asks for full read permissions on all websites. You can check the source code, but always be very careful when anything asks for these sorts of permissions.

Twitter co-founder advises on Mastodon

Twitter co-founder Biz Stone offered his help to advise on Mastodon. One of the recurring themes on this blog is the cultural value clash between big tech and user-run federated software. And now one of the co-founders of a big tech company is working together with the main fediverse software.

I don’t want to write much more about this right now, until I have more information on this. Worth watching for sure, both the actual cooperation as well as the community response to it.

Project launches and updates

There have been a signficant number of launches and updates to projects on the fediverse. I will not cover them all here, just note a few that stood out to me.

That is all for this week. If you enjoy this weekly update, don’t forget to subscribe! You can follow here at fediversereport.com or follow my Mastodon account.