Addressing the Mastodon in the Room

A Response to Armin Ronacher

We all know what happened in the last weeks and I didn't want to address any of that on here, largely because I quietly moved to other services and blocked the rest to not get distracted. But, alas, this topic is unavoidable and a recent post on Hacker News made me change my mind, so here I am, back on my bullshit.

The web developer Armin Ronacher wrote a blog post about the apparent shortcomings of Mastodon and decentralization as a whole, not realizing that the internet – the real internet, not what the supposed average users believes it consists of – is built on decentralized services. But before I digress, let's see what he has to say:

Decentralization promotes an utopian view of the world that I belief fails to address actual real problems in practice. Yet on that decentralization wave a lot of projects are riding from crypto-currencies [1], defi or things such as Mastodon. All of these things have one thing in common: distrust. Some movements come from the distrust of governments or taxation, others come from the distrust of central services.

He doesn't elaborate on what he means by “real problems”, so readers are left to guess what he's trying to convey. Ronacher then compares Mastodon, a framework to build your own social media network, to cryptocurrencies, even though a much more fitting analogy would be email services.

Back in the early days of the internet, anyone in need of an email address either ran their own servers or asked somebody else to get the job done. This changed when services like AOL came along and popularized emails among the less tech-savy masses, before being replaced by the likes of hotmail (now Outlook), Yahoo!, and Google. Nowadays, it's rather useless to host your own email due to most major providers blocking self-hosted domains automatically to “prevent spam” and the less tech-savy crowd preferring what they are being served by Big Tech, not really caring about their data being sold to marketers or scanned for potential illegal stuff.

Mastodon and any other framework relying on ActivityPub or similar protocols target internet users that do want their “hot takes” and mirror selfies to be sold to or seen by various third parties for whatever reasons. And distrust is more than justified since the NSA leaks.

In my mind the discussion about centralization and decentralization completely misses the point of the intended outcomes. Centralization or decentralization should really be an implementation detail of the solution to an actual problem. For that particular problem the solution might be one of those two things, or something in the middle. But out of principle it should be neither of those two things.

The intended outcome has already been specified by the creators of Mastodon, Pleroma, Misskey, and other frameworks utilizing ActivityPub: Users are free to either join one of the many social networks or create their own, whether open for everyone or just for a selected few. It's about regaining a sense of control over the data you share voluntarily online.

Ronacher then goes on to talk about software dependencies and how much distribution of Python packages has changed over the years:

NPM and PyPI today can help secure the ecosystem by setting minimum standards or by resurrecting accidentally published packages or to yank hacked versions. These are all clear benefits that we all get something from as community.

The irony is that he seems to be completely unaware that the amount of malicious npm and PyPI packages has not decreased with centralization, in fact centralization makes more developers negligent, as the vast majority now believes that someone else has already checked the package they want to download or that something like a developer intentionally making their package useless would never occur. This also created a single point of failure, in which it's impossible for developers to do anything, if those services are unavailable at the moment. This happens quite often to big code hosting sites such as GitHub, as well.

Obviously there are nuances here and it's clear that central services come with risks, but so do decentralized services and they don't have clear upsides. On decentralized systems in particular I encourage you to read Moxie's take on web3 which outlines the challenges of this much better than I ever could. In particular it makes two very important points, namely that people don't like self hosting (at scale) and that it's easier to move platforms than (decentralized) protocols.

Apparently, he assumes that Mastodon is a supposed “web3 technology”, even though self-hosting originated with “web1” and still is being practiced by thousands, if not millions, of people across the globe. It's also becoming obvious that Ronacher conflates Mastodon, a framework, with ActivityPub, Mastodon's underlying protocol that is also used by other frameworks. It's hard to tell what he really is attempting to criticize.

In my mind in recent years decentralization mostly gained a lot of popular support because of the erosion of society. There is a backlash by some against western governments which are seen as behaving irresponsibly with regulatory over-reach, increasing levels of corruption, decreasing quality of public services and frustration about taxation. And there is some merit to these ideas. There is also a proxy war going on about freedom of speech and expression and the desire to create safe spaces. I welcome you to watch Jonathan Haidt's talk about the moral roots of liberals and conservatives for a bit of context on that.

The founder of Mastodon, Eugen Rochko, was merely dissatisfied with Twitter and its ecosystem(s), hence he created his own framework for anyone to fork and modify to fit their own needs. Judging by mastodon.social's moderated servers list, he is more tired of Trump supporters and glorification of national-socialist ideas, rather than “regulatory over-reach” and taxation.

So let's talk more about Mastodon here. I have been using this for a few weeks now in different ways and it's pretty clear that this thing is incredibly brittle. The ActivityPub is a pretty messy protocol, and it also appears to not have been written with scalability in mind much. The thing does not scale to the number of users it currently has and there is probably no trivial way to fix it up.

But before we even hit the issue of the technology, we hit the issue of there being absolutely no agreement of what the thing should look like or what the issue actually is and that's I think much more interesting.

Some people claim the solution to the technical scalability issue is huge instances, some other people have the belief that the actual intended design and solution were micro-instances of in extreme cases a user each.

ActivityPub didn't get accidentally DDoS'ed during the “big migration”, popular Mastodon-based servers did. So far, I've had no issues on non-affected instances such as Octodon, My Interfederation Network (which is hosted by a long-time mutual of mine), and a tiny server that uses both Mastodon and Pleroma, though I was unable to communicate properly with people who joined an affected server such as mastodon.social, which is why I decided to abandon my account on there.

Scalability is entirely dependent on the server administrator and especially Eugen had plenty of time to prepare for the “oncoming storm”, given that the wave preceding the big one occurred just five months prior. And this is just mismanagement on Eugen's behalf, which is limited to his own servers; other servers, largely run by voluntaries, do not want a large userbase, as this would defeat the purpose of federation and become unmanageable for those admins hosting instances as a mere hobby.

You are supposed to create your own “safe space”. How you want to accomplish that, is entirely up to you. That's the point of a federated network.

Yet there is the belief that you can somehow create a coherent experience into a “whatever”. Whatever it is actually. My first mastodon instance was de-federated by accident from my current instance. I moved to that instance though because many other hackers in the Open Source space did, and unlike Fosstodon it seems to allow non English content which I do care about quite a bit. (After all my life and household is multilingual and I don't live in an English speaking country.) Yet that instance still defederates qoto and I'm guessing because qoto permits unpopular opinions and does not block servers itself.

Drama between server administrators isn't a new phenomenon, so either choose a server with an admin you agree with or host your own instance and make your own rules. (Or ask your admin, why they blocked a specific instance and play Devil's advocate to solve the issue because... that's what a community member, not a passive consumer, is supposed to do.)

Federation makes all of these questions play out chaotically and there is no consistency. My first experience of being on Mastodon was in fact that I got shitposted at by accounts on poa.st. The n-word was thrown at me within hours of signed up. Why? I'm not sure. So moderation is something of an issue.

After reading this nonsense, Ronacher probably deserved a good old wave of shitposts because apparently he's too lazy to read server rules and chose one with the least strict ones. He also doesn't tell whether the shitposts originated from the server he signed up on or a different one, let alone if he's aware of the “block domain” option any user on any instance can use. (This is embarrassing for a Python programmer, honestly.)

We clearly won't come to an agreement across all of mastodon about what acceptable behavior is, and there is no central entity controlling it. It will always be a messy process.

THAT'S THE POINT.

Unlike Twitter which was a public company with a certain level of responsibility and accountability, Mastodon is messy legally speaking as well. It's not above the law, even if it maybe wants to be, and instances will have to follow the laws of the countries they are embedded in. We already know how messy this is even for centralized services. But at least those enterprises were large enough to pay lawyers and figures this out in courts.

For large mastodon instances this might turn into a problem, and for small instances the legal risk of hosting the wrong thing might be completely overwhelming. I used to host a pastebin for a few years. It was Open Source and with that others also hosted it. I had to shut it down after it became (by a small percentage of users) used to host illegal content. In some cases links to very, very illegal content. Even today I still receive emails from users who beg me to take down pastes of that software from other domains, because people use it to host doxxed content. I really hard a hard few weeks when I first discovered what my software ended up being used for.

In Germany, hosters are not responsible for illegal user content when a), they're unaware of it, or b) immediately delete it. Especially Mastodon servers hosted in Germany make it clear that anything violation German law will be deleted immediately and the user will get suspended. Servers hosted in America, on the other hand, are protected by the Communications Decency Act, though, just like in Germany, admins only become responsible when they don't remove illegal content after being notified of it. Potential consequences largely affect big servers with more than 500,000 users and severs (almost) exclusively hosting “illegal”* content such as the sex worker server switter.at, which used to be one of the biggest Mastodon instances with more than 200,000 users prior to its shutdown as a response to FOSTA-SESTA.

First of all there is the issue of what illegal content might be hosted there, but then there is also the issue of what happens if someone popular joins the instance.

Actor Will Wheaton, most famous for his role as Wesley Crusher in Star Trek: The Next Generation, got “bullied” off the Fediverse. He didn't like it that many users were bringing up the old “Shut up, Wesley!” quote, others users got uncomfortable by his presence due to this tendency to create block lists, and he got banned from the server for causing the unpaid admin a headache.

Right now, it would be funny to see bigger servers to collapse under the heavy weight celebrities can cause because, quite frankly, quite many celebrities and big accounts don't seem to get the point of the Fediverse. At least Trump was smart enough to let someone set up an own server for him and his most loyal supporters (which anyone can easily block).

Host your own server, god damnit.

But you don't even need to be that popular to be worried about what your instance is like. People put a lot of trust into Twitter accounts over the years. I had plenty of exchanges over private DMs with people which I really would not want to be public. Yet how do I know that my instance operator does not really like to secretly read my communication? Do I know if my instance operator could even keep the communication private in the light of hackers?

Oh boy, do I have some news for you. At least Mastodon reminds users that “direct messages” are just posts shared between two people and the admins from my instances couldn't care less whether I send nudes to somebody (though one probably would like to receive some directly, as well).

Don't share stuff online you wouldn't want others to see. This has been one of the first rules of the internet and it still applies today.

For a large company there at least the money aspect helps a bit here. Particularly public companies have a desire to exist, not go under and invest into security. I'm not so convinced that a business model can be found for most Mastodon hosts that aligns the incentives right for all users.

Mastodon is NOT a business, but a non-profit.

Mastodon is getting some traction today, but Mastodon is around for a long time. And with that, may of the problems it had over the years are still unresolved. For instance you might read about Wil Wheaton's failure to use Mastodon due to his popularity and another server operator's take on the issue. You might be interested to learn that the oldest open Mastodon issue is six years old and asks for backfilling posts after first subscribing and is still unsolved. Or that the most controversial and replied to issue is about optionally disabling replies to posts like on Twitter.

Yeah, he didn't get the point in the slightest.

Or that there are popular forks of Mastodon with different goals than Mastodon who can't get their changes merged back. There is also glitch-soc which has even more of a departure from core Mastodon from what I can tell.

And alongside the Mastodon forks, there are countless of other ActivityPub implementations around as well. This will make protocol changes going forward even harder.

He's probably the same guy that complains about the Linux ecosystem and how “too many distributions exist”.

To be honest, code is simple in comparison, but actually making Mastodon scale technically too will require changes if it wants to absorb some of the larger users on Twitter.

He hasn't considered that the vast majority of Mastodon-based servers likely do not want to absorb “large users”. No idea what Rochko got in mind for his instances but for many users, Mastodon is supposed to be the antithesis to networks like Twitter.

One thing seems relatively certain: if Mastodon wants to host a sizable community where some people have followers from most other instances, then the size of an individual instance will matter a lot and I'm pretty sure that the only sensible approach will be to either not permit small instances to participate at all, or for those to come with some other restrictions that will require special handling.

Most other instances are private servers that do not want to federate with the rest. Ronacher is advocating for Mastodon to become exactly like email services: Ban the small ones from participating, more power to the big guys who turned Twitter into this garbage can that it is today.

He ends his rant by suggesting to create a service similar to Wikipedia. Ouch.

TL;DR

This is the exact reason why I migrated to a less popular instance in the first place. This sudden wave of “Twitter refugees” not being able to comprehend that Mastodon is more similar to email than Twitter and even tech guys being unable to make sense of it due to their sheer addiction to centralized services is baffling and, unfortunately, they currently float the most popular instances with demands to make Mastodon “more like Twitter”, effectively annoying long-time users like me.

If Mastodon and, in return, the Fediverse are too complex for you, maybe this service simply isn't for you and you're better off by staying on Twitter. Please stop whining now.