Freedombone Blog

Freedom in the Cloud

Common misunderstandings of the fediverse

I don't ordinarily read the Hacker News site but Mastodon is trending on it again so I thought I'd read the comments and see if anything can be learned from them. The TL;DR is that there isn't really anything new here. It's the same misunderstandings as existed a year ago.

The top comment, that is, the one with the most votes, provides a good indication of the most common misconceptions.

you want me to get excited about Mastodon? Show me something exciting I can do with it that I can't do with twitter, instagram, or Snapchat

This assumes that there is some set of technical features which are better. There are a few, but to focus on those misses the point. The main point of the fediverse is that it's not centralized. It's has federated governance rather than being a dictatorship by some deluded CEO. Fediverse systems are also Free Software, so you have the advantages of the freedom which that provides. I can't fork Snapchat and make a customized version of it.

Alternatively, is there some new and novel porn that Mastodon will allow me to access?

I don't know of any porn instances as such, but in principle there's nothing to prevent that happening.

Or is there a new generation of FIFA stars on Mastodon? Or new generation of NBA stars?

This assumes that celebrities are what social life should be about, and there is no point in joining a system which doesn't have them. Not having celebrities is really a feature not a bug. Celebrities only provide the illusion of community. They're not actually a substitute for developing real relationships, and are a distraction from that. Celebrity culture is broadcast culture. It's not about participation or reciprocity.

There's nothing to stop celebrities from creating their own fediverse accounts. In the past some did that. But they always quickly leave once they realize that they're not going to get millions of adoring fans, and are not immune from criticism or from being kicked off if they abuse their welcome. This is in contrast to Twitter, where celebrities can break the rules but receive special treatment because of their status.

I mean, it might work? But I think Las Vegas hit on a much better method...

The fediverse isn't about stars, or creating stars. Nor should it be. The fediverse is more about friends.

Considering the future of the web

Does the web have a future? I was listening to the talks from the Decentralized Web Summit recently. A couple of them were mildly interesting, including the one about legal aspects. Mostly though it wasn't all that enlightening and there was a big cryptocurrency presence with a highly technocratic "brogrammer" narrative.

What this and other factors indicate to me is that the web is in trouble, and not just because of "Russians". The Russia paranoia in the US and also frequently mentioned at the summit has reached ludicrous levels, such that every bad thing on the internet now seems to be blamed on Russia. I think it's a sign that the political system is weak and disintegrating and looking for someone else to blame. Replacing analysis with magical realism.

But there are other problems. The main browsers which most people use seem to be inextricably entwined with a Surveillance Capital business model. They're increasingly supporting centralised schemes. Only Beaker Browser, based on Chromium, seems to be going in a decentralized direction.

What might happen if current trends continue?

In a business as usual scenario in which you just assume that a few giant companies will try to maximize their profit by fully controlling end users I have a few predictions:

  • Common internet devices will have no operating system. Instead they will have a ROM delivering screen display functionality and a network stack with integrated DRM. It will not be possible to root your phone or install an alternative image.
  • Running Free Software on a laptop will be something that only people using very expensive open hardware designs manufactured in small quantities can do. All other laptops will have a fully locked down boot process which isn't end user modifiable.
  • Only licensed and regulated social networks will be permitted. No ordinary user will be allowed to run one without risking jail time. An official registry of licensed site operators will be set up by every government. The license fees will be high enough to exclude most of the population.
  • While "hackers" of a certain kind were somewhat celebrated during the Web 2.0 phase in future they will return to being persona non grata. Not just people doing crimes with computers, but in the broad sense of the term as anyone trying to customize their computing experience outside of corporate limits or run their own systems outside of the official licensing system.
  • Systems like TOR won't be beaten but will be rendered sufficiently impractical by ubiquitous blocking of known nodes that almost nobody will be able to use it.
  • The main technology companies will implement something like a virtual decentralized layer on top of their centralized "serverless" system. This will give the illusion of differing communities having varying degrees of "autonomy" and "privacy", while all still being under centralized control. This, and not AI, will be the solution to the moderation problem. Leaders of the various sub-communities will be individuals who are centrally appointed and operate under government license, which can be revoked at any time should any of them decide to "go native".
  • Systems like Aadhar will be rolled out in every country. Aadhar was just a trial run for the far more restrictive identity systems which followed.

This is a darker future. We're already in the dark future of the web compared to its origins in the 1990s. I think this kind of future is preventable if enough people choose to do something else and don't support restrictive laws or regulations.

Counter-strategies to the fediverse

If the fediverse gets large enough then what are the strategies which the incumbents will use against it? We can have a pretty good idea of what this might look like, because similar things have happened in the past.

Fear, Uncertainty and Doubt (FUD)

They'll claim that the fediverse is an evil place packed with evildoers, deviants, crooks, baby-killing terrorists and other Bad Cybers. Generating fear as a method of deterring people from even trying to use the system. Microsoft used this strategy in the 2000s against GNU/Linux. It was also used by various governments against TOR project. The music industry used the same methods against "home taping" in the 1980s and later against peer-to-peer file sharing systems after Napster.

Embrace, Extend, Extinguish

A method used by both Microsoft and Google. They would be enthusiastic about the fediverse and make a closed source ActivityPub server. It would be hyped as much as possible to attract the maximum number of users and create a single giant instance. A few fediverse stallwarts would probably be hired as a way of gaining community confidence. Once they had enough users they'd then begin going beyond ActivityPub by adding new features "for greater convenience" or "better integrated with proprietary system XYZ". These new features would begin breaking federation with other instances. After a while you're back to one big silo which is closed and incompatible with anything else.

Google did this with Gmail, and to some extent XMPP (they abandoned it and transitioned users to a system which they fully control). Microsoft did it with their non-standard C++ extensions and have been trying to do it with GNU/Linux more generally.

Legal challenges

They might try to take legal actions against developers or instance admins. Companies which have monopoly status can afford to buy legislation, so they might try to get something onto the books which criminalizes running a fediverse instance.

Perhaps they would say that running social networks "must be regulated to prevent abuse or ensure cooperation with authorities".

Maybe "running an unregulated social network" becomes a crime.

Perhaps they might try to introduce a licensing scheme with prohibitively high costs such that only large companies can afford them.

Net non-neutrality would also be a possible counter-strategy if they can ensure that ISPs block fediverse traffic.

Sponsor instance admins

It's generally true that instance admins are not rich. By the standards of large tech companies tiny amounts of money could be used to bribe them. This strategy would be like that weird fungus which takes over the brain of its host and makes it do something against its usual behavior pattern.

The deal would be like this: if we sponsor you then you have to meet our targets for ads inserted into the local timeline and agree to allow us to algorithmically adjust the local timeline. Maybe they make it as simple as adding some script to the software which enables remote control over content.

This would be a very low investment strategy which still brings in similar levels of advertising revenue. Why fight the opposition when you can just coopt them?

The only down side here would be lack of "real names", but perhaps enforcing that would be part of the sponsorship deal.

If you can't beat 'em, join 'em

This would be similar to what Pixiv did with Mastodon, and would be the best case scenario. Maybe some new features are added, but they're under AGPL and federation continues.

However, this would mean that they won't have exclusive control over timelines and delivery of ads. If it's the best deal they can manage though then they might do this.

There are signs indicating that centralized silos are socially unsustainable in the long run and so the incumbents could just realize that the game is over and try to salvage as much of their position as is possible instead of trying to maintain a failing monopoly.

Diversity of tactics

Most likely they would do a combination of all of the above, hoping that at least one of them succeeds.

Design for self-governance

I think this is something which ought to be obvious but hasn't become fully so to a lot of "people in tech". We ought to be designing systems which make it easy for online communities to manage themselves, with a minimum of algorithmic follies.

For silo systems like Twitter and Facebook there are two modes of governance being followed:

The old way: centralized moderation You hire some censors, put them in an office and get them to spend all of their time going through flagged content and removing things. It's a high stress job with a rapid staff turnover, and the censorship policies are all made by a central committee. A central committee which governs for the whole planet. This is obviously unworkable because it can never understand local context, but it has been the Facebook way for at least a decade. In the last few years the limitations of this have become clearer and the cracks in the edifice are now showing.

The new way: algorithmic governance This is what Facebook is now pursuing. They know that they can't hire enough censors to implement more comprehensive human content moderation and so AI is their go-to solution. There's a magical belief that AI is going to solve the governance problem. But of course it isn't, and it may make matters worse, because ultimately algorithms don't understand the context of social situations. Without wisdom it's extremely hard to screen out algorithmic bias, and no ethics committee or big data mining solution is going to be able to make appropriate decisions on behalf of all the world's communities.

The future of the internet isn't going to be either of these things. It's going to be human community governance at a human scale. Not one committee per planet. One committee per community. Systems need to facilitate assignment of roles, setting of governance rules and ways to enforce the rules. They may also need to allow for ways to transact between communities. This is what self-governance means.

XMPP Notifications

Another of the features I'd wanted to add to Freedombone for a long time was server notifications via XMPP, and now that has been added. This is for things like notification that an upgrade or security test has failed or that the tripwire has been triggered. Previously those notifications were only via email, but I'm not very obsessive about email and rarely check it, whereas instant messages are much more likely to get my attention.

The security policy for XMPP chat was previously set such that end-to-end security was required, but it was difficult to automatically send out an OMEMO encrypted message from the server and so I've had to downgrade end-to-end security to being optional. This is not ideal, but the tradeoff between having to deal with folks trying to send me plaintext messages and being promptly alerted if something has failed on the server is probably worth it. Longer term I'd like to figure out if I can automatically generate OMEMO messages and then I can return to a better security policy.

The main factor which delayed the implementation of this was the question of needing to generate a separate XMPP account on the server to push out notifications. I didn't really want there to be a permanent separate account with a password lingering around somewhere which could become a possible security vulnerability. The solution to this was to generate an ephemeral account purely for the purpose of sending a single message. A new notification XMPP account gets created with a random password, sends the message and then about one second later the account is deleted. Even if the account credentials were to leak during the sending of a plaintext message they can't subsequently be useful to a potential adversary.

Another addition to the notifications system is being able to send a webcam photo if the USB canary is triggered. The purpose of that is to answer the paranoid question "Is anyone trying to mess with the server while I'm not at home?" if you're out shopping or at work. The particular threat model is known as evil maid. If you're running Freedombone on an old laptop and have a secondary webcam plugged it it will preferentially use that, so that you can set up the field of view appropriately. Not many people will need this level of physical device security, but it's nice to have the option. Also if you have the Syncthing app installed then any USB canary photo will be synced to the admin account.

Repairing a Unicomp keyboard

Recently the keyboard I use most of the time, a full sized Unicomp, began developing dead keys. Sometimes they would contact and sometimes not. This rapidly became an untennable situation and so I pulled off the relevant keys to see if anything was obviously amiss. The springs themselves looked ok, so I assumed that the rocker which they're mounted on had broken. With the passage of enough time plastic becomes brittle and can break, especially when there's a lot of vibration going on as will happen during typing.

Opening up the casing with a 5.5mm socket I noticed a lot of small round bits of plastic falling out. At first I thought they might be some vital components, but on close inspection they were all irregularly shaped and didn't look like anything machine manufactured. I'd never deconstucted this type of keyboard previously, and searching for more information it turned out that these were the plastic heads of the rivets which hold the metal backplane on, many of which had fallen off. So what had happened was that the plastic had become old and brittle and the summer heat had probably caused the backplane to warp and break them off. With the backplane no longer properly held on there was nothing other than some plastic and rubber for the buckling springs to hit against, causing the keyboard to "go mushy".

So this was going to be a bigger job than I had thought. Fortunately there are quite detailed howtos online for how to remedy this type of calamity.

Being fairly expensive you might think that the manufacturing quality of the model M type keyboards is top of the line. But actually it's not. The Unicomp keyboards I use are closely based on the original IBM keyboards from the first generation of personal computers in the early 1980s. They were built to be mass market items, mostly sold to businesses. As such the build quality is not all that different from the Commodore Amiga which I was using at the end of that decade. Although it's quite thick the casing it's not all that solid and makes a lot of creaky noises if you carry the keyboard around (just like the Amiga did) and using plastic rivets is also decidedly cheapskate.

The way to fix my problem was to completely deconstruct the keyboard, drill out the plastic rivets and replace them with 8mm M2 bolts. Known in the trade as "a bolt job".

Content Warning: Explicit photos of keyboards follow.

With the casing removed the keyboard looked like this. I took photos at each stage mainly as a reference so that I could hopefully put things back together in the same order.

Pulling off the keys is straightforward and the metal backplane could then be removed by using a soldering iron to melt away the few remaining rivet heads. Also the USB cable was unplugged and its ground lead unsoldered. After that the small control board can be unscrewed and pulled out. The plastic matrix and its rubber covering can then be easily removed. I also carefully removed all the key springs. Those are ultra delicate.

So then you have the plastic key holder - for want of a better term - which is the thing which needs drilling. Ideally I would have used a small hand held drill but I didn't have one of those and instead used my usual large and heavy industrial grade one. This makes the drilling unweildy, but with some amount of patience it works.

Reassembling the Unicomp keyboard with 8mm bolts is a very fiddly operation at first. The key springs are exceptionally easy to disturb, and if any of them are missaligned then the corresponding key won't work and the repairs would have been in vain. For this you need a very steady hand, so avoid drinking a lot of coffee before you do it.

The result then looks like this. For reference there's another Unicomp below. It's the smaller "space saver" type.

And the nuts on the backplane look like this:

I didn't drill out the rivets on the bottom row, because the plastic lip along the bottom was no thicker than the 1.6mm drill bit, so it was pointless trying to drill into it. Hopefully there should be enough bolts to secure the keyboard though.

When adding bolts to the backplane I rocked it back and forth and if the key switches are working normally then the springs should also rock up and down. If there were any springs which weren't rockin' they could be twiddled (that's a technical term) with "the chopstick of death" (in my case the whittled end of a jostick) until they snapped into position.

Then it's a matter of laboriously pushing on the keys again, reconnecting the control board and resoldering the USB cable ground lead.

And amazingly it all worked. No more duff keys.

These days it's unusual for any consumer electronics to be repairable. This is one of those rare examples where it's still possible to mend it yourself in a quite straightforward way if you know how and are prepared to handle some fiddlyness.