Right now the fediverse is nipping at the heels of the silos.
They know we are here, and they perceive us as a threat. We know this from leaked emails from facebook.
That said, they could attack us in an oblique manner with any number of poisoned waterhole attacks.
Earlier today someone predicted one or more of those platforms just integrate activitypub and crush us by incorporating us.
Another pointed at the potential for procedurally generated instances that just harvest data, or overwhelm our ability to suspend all of the instances they throw up.
When these attacks are adapted to... they'll get concerned, and will try to frame us as part of "the dark web(tm)"...
That's how we'll know we're winning.
Registry of instance to a peer to peer shared federated list of instances
and with the moderators and hosts of the
Theres so many already!
Facebook is going to be regulated soon anyway, is my tangible reality goal. They aren't going to be. At all. Go away entirely fb
So I've been brainstorming since the last toot
Is there a mastodon specific security group or instance set up or on chat?
Or just people who are looking for a puzzle?
How about this
Developers need to get paid enough for food, water, shelter, healthcare, so they can live their ethics and values, avoiding being compromised
Moderators who also need to get paid a bit or donated to can have an allotment of individual accounts number they're ideally responsible for personally verifying person as person and making sure they have the basics of security and data storage in check
Creating and refreshing an open redundant list of the fediverse and all attached instances and users and how many each instance has in overlap can help us identify weak links and see if there's any vulnerabilities in the awareness linkup
Sorta like finding broken packages, only we'd have a list of traits of nonreal cues to watch for and when finding a part, removing it somehow probably by alerting surrounding mods
IMO, to a certain extent, this is a question of what our goals are.
Is our goal to have a federated network which _everyone_ can join with their instance, then we should allow Facebook et al. join us, and we should work on ways to make sure that the joining of Facebook won't cause harm to people on other instances.
If our goal is to have an isolated safe space away from mainstream socnets, then whitelisting would be a good approach, but it wouldn't be "Fediverse" anymore.
But there isn't a single code of conduct governing the whole Fediverse. Every instance has different rules, and most of them can still live peacefully together, despite the differences.
Also, it's not just Mastodon. It's also Pleroma, Pixelfed, Friendica, Hubzilla, Misskey, Peertube...
Focusing on having people here as people and throwing out organizational associations or brands and such is my view.
The benefit of being here is it isnt about someone elses agenda
I think approaching security in this way, person to person at their degree of responsibility and clearly defined roles and code of conduct and people running the servers that are aware of each other, being aware of the people theyre near
The verification process would be a little behind the computer part of the system. Like, literally, humans interacting
That would mean for every user there would be at least one assigned mod
And instances that are large would require, ideally, mods for every set of users number.
And then we can be really tight socially without loose ends or weird 'idk what this is its just here' and it turns into death
I don't think it's even desirable. In such a large amount of people it's very easy to find 2 individuals who just don't like each other and would rather not be forced to talk to each other.
At the beginning of thinking of this all, I was thinking of the difference between making an audio signal chain and just having an infinite fractal and is this something that we even have power over and I came to the conclusion individuals have power in here, and not much higher does it go
@Wolf480pl @TheGibson @Food if FB decided to federate, I doubt any existing fediverse instance could survive without blocking FB. I don’t see this is a philosophical question, but rather a technical and economic one. FB probably has 3 orders of magnitude more users and 4 to 5 orders of magnitude more traffic than does the fediverse. Even if pleroma/mastodon/etc could scale to that level of traffic without major changes, it would be too expensive to operate.
AFAIK, if people from my instance follow total of 5 people from .social, then my instance will only receive posts of 5 people from .social, not all posts from everyone on .social.
(if it's not the case then the protocol is terribly broken)
Now, do you think people from your instance would suddenly follow everyone from FB?
So the key here is to distinguish a legit user following profiles from <bigInstance> from a bot following profiles from <bigInstance> in order to fill your disk.
Or is it?
Even if it's a real user following too many people from <bigInstnace> that can cause trouble for the admin. 1/2
So we need a method in place for admins to identify users who cause too much load on the server and either politely ask them to move somewhere else, or to reduce the load they're causing, or have them cover part of the costs of the server, or find some other solution.
Either way, AFAIU, only people on your server can cause load on it (or, for that matter, other issues), and you need a way to monitor which of your users are causing issues.
So, kind of....
Let's say I have a compromised account on your server.
I follow a bunch of accounts from a thousand different instances that are mostly quiet.
Those accounts at some point start to all post heavy video content.
All of it comes to the federated timeline on your server.
@TheGibson @jerry @Food
hmm... yeah, sounds like something that can be solved by manual intervention, but will cause downtime anyway, and a well prepared attacker can repeat the attack with different accounts over and over again.
Maybe some per-user rate limits for downloading content from other instances? This way other users of the instance wouldn't be affected by the compromised account.
@jerry @TheGibson @Food
And even if people from your instance followed a lot of people from FB, that'd mean they'd follow the same amount of people if all of them were on Fediverse instead of FB. So you'd get the same amount of traffic.
If fedi can't deal with the traffic your users want from FB, it means fedi is not a good replacement for FB.
Thats the terrifyingly beautiful part.
These tools to communicate are for people who are looking to communicate
They've got a finite reach in an infinitely complex organic world
The server is a direct reflection of the mods tending and the users being
Theres probably a N Korea and an Egypt and a USA set of instances and USA blocked N Korea or something
I'm thinking of FB as a North Korea of socnets, successively brainwashing everyone who uses it.
Also, it's a problem when someone you want (a friend) or need (a classmate with whom you're doing a pair project) to communicate with uses only FB and expects everyone to be on FB.
If you're on FB, FB will abuse you and your data.
If you're not on FB, you won't have a way to communicate with people.
This is why we need to replace FB.
Why we need everyone to use sth else.
Meanwhile the student's council still announces the most important announcements only on FB group, even though the university provides a mailing list on which all students are subscribed automatically, and which is a much better channel for official announcements.
A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.