Freedombone Blog

Freedom in the Cloud

Messing with ActivityPub

Recently I've been trying to implement the ActivityPub protocol. I wanted to get more of an understanding of what the issues are with it, and see if I could implement a server from scratch. Mastodon is ok, but too resource intensive for my use cases. The filtering system of Pleroma generally works well, but I was still struggling to keep bandits out of my inbox and it was becoming too much of a chore. Self-hosting is supposed to require little to no maintenance if it's done right.

If I'm to remain in the fediverse at all then what I'm looking for is something which requires minimum RAM and storage space. Where the database size has a strict maximum upper bound. And where I can be confident about what (or who) is or isn't getting onto my server. I searched around for existing projects which might fit the bill, other than Mastodon or Pleroma. GNU Social and PostActiv are still around and they were a good solution a few years ago. But I think the state of the art has moved on and something like GNU Social isn't geared up to handle the adversarial situations which now exist. It was designed for a gentler world of Free Software developers exchanging cycling trip photos and commandline tips. Now that there are a million or more fediverse users it's a different game entirely and the blooming buzzing confusion of the crowd requires some taming to be humanly interpretable.

So I may spend the next period of time developing a minimal fediverse server, equivalent to an email MTA. Maybe it won't work out and there will be some show-stopping reason why this is a bad idea, but in principle it seems like a tractable piece of work. On top of all the usual features it would also be interesting to experiment with adding organizing features and also something comparable to the old GNU Social Sharings plugin for bartering and freecycling.

I have some initial code here. Of course, it had to be named after a species of extinct megafauna. It's highly experimental and mostly just a bunch of unit tests, so I don't recommend that anyone use this for any practical purpose right now.

In case you were wondering, the next version of Freedombone will be out soon although I don't expect it will have any fediverse servers. In my estimation the existing software is too unsafe and too high maintenance for an install-and-forget type of system.

Fediverse debrief

I'm going to take time out from the fediverse for a while. It's not that I've been "cancelled", although the level of hostility recently has been exceeding my personal comfort zone and becoming comparable to Twitter.

A critical design problem of this type of system based upon the ActivityPub protocol seems to be that there isn't any granular control over who you associate with or on what terms. It means that adversaries have unlimited potential to reply on your posts or send menacing DMs. Of course it's easily possible to block them, but the sheer volume of this problem recently means that it becomes like a cat and mouse game, or a game of whack-a-mole.

So it's time for me to step back and think about whether ActivityPub is useful as a method of public communications, and whether I ought to be recommending systems in which the user doesn't have much control over who they associate with other than follow or block. Maintaining an increasingly large blocklist and the amount of research which that requires seems unrealistic.

As an analogy from the past, I abandoned trying to support blog comments for similar reasons. The amount of spam became too much to manage, and automated methods such as CAPTCHAs or cryptic questions failed to prevent it.

For now I think the Zap or Hubzilla approach is better, although there are far fewer users of those systems. With something like Zap it is reasonable to expect that the first time self-hoster could have a good experience on the system, rather than immediately being bombarded by communications which they havn't chosen to opt into.

Common misunderstandings of the fediverse

I don't ordinarily read the Hacker News site but Mastodon is trending on it again so I thought I'd read the comments and see if anything can be learned from them. The TL;DR is that there isn't really anything new here. It's the same misunderstandings as existed a year ago.

The top comment, that is, the one with the most votes, provides a good indication of the most common misconceptions.

you want me to get excited about Mastodon? Show me something exciting I can do with it that I can't do with twitter, instagram, or Snapchat

This assumes that there is some set of technical features which are better. There are a few, but to focus on those misses the point. The main point of the fediverse is that it's not centralized. It's has federated governance rather than being a dictatorship by some deluded CEO. Fediverse systems are also Free Software, so you have the advantages of the freedom which that provides. I can't fork Snapchat and make a customized version of it.

Alternatively, is there some new and novel porn that Mastodon will allow me to access?

I don't know of any porn instances as such, but in principle there's nothing to prevent that happening.

Or is there a new generation of FIFA stars on Mastodon? Or new generation of NBA stars?

This assumes that celebrities are what social life should be about, and there is no point in joining a system which doesn't have them. Not having celebrities is really a feature not a bug. Celebrities only provide the illusion of community. They're not actually a substitute for developing real relationships, and are a distraction from that. Celebrity culture is broadcast culture. It's not about participation or reciprocity.

There's nothing to stop celebrities from creating their own fediverse accounts. In the past some did that. But they always quickly leave once they realize that they're not going to get millions of adoring fans, and are not immune from criticism or from being kicked off if they abuse their welcome. This is in contrast to Twitter, where celebrities can break the rules but receive special treatment because of their status.

I mean, it might work? But I think Las Vegas hit on a much better method...

The fediverse isn't about stars, or creating stars. Nor should it be. The fediverse is more about friends.

Counter-strategies to the fediverse

If the fediverse gets large enough then what are the strategies which the incumbents will use against it? We can have a pretty good idea of what this might look like, because similar things have happened in the past.

Fear, Uncertainty and Doubt (FUD)

They'll claim that the fediverse is an evil place packed with evildoers, deviants, crooks, baby-killing terrorists and other Bad Cybers. Generating fear as a method of deterring people from even trying to use the system. Microsoft used this strategy in the 2000s against GNU/Linux. It was also used by various governments against TOR project. The music industry used the same methods against "home taping" in the 1980s and later against peer-to-peer file sharing systems after Napster.

Embrace, Extend, Extinguish

A method used by both Microsoft and Google. They would be enthusiastic about the fediverse and make a closed source ActivityPub server. It would be hyped as much as possible to attract the maximum number of users and create a single giant instance. A few fediverse stallwarts would probably be hired as a way of gaining community confidence. Once they had enough users they'd then begin going beyond ActivityPub by adding new features "for greater convenience" or "better integrated with proprietary system XYZ". These new features would begin breaking federation with other instances. After a while you're back to one big silo which is closed and incompatible with anything else.

Google did this with Gmail, and to some extent XMPP (they abandoned it and transitioned users to a system which they fully control). Microsoft did it with their non-standard C++ extensions and have been trying to do it with GNU/Linux more generally.

Legal challenges

They might try to take legal actions against developers or instance admins. Companies which have monopoly status can afford to buy legislation, so they might try to get something onto the books which criminalizes running a fediverse instance.

Perhaps they would say that running social networks "must be regulated to prevent abuse or ensure cooperation with authorities".

Maybe "running an unregulated social network" becomes a crime.

Perhaps they might try to introduce a licensing scheme with prohibitively high costs such that only large companies can afford them.

Net non-neutrality would also be a possible counter-strategy if they can ensure that ISPs block fediverse traffic.

Sponsor instance admins

It's generally true that instance admins are not rich. By the standards of large tech companies tiny amounts of money could be used to bribe them. This strategy would be like that weird fungus which takes over the brain of its host and makes it do something against its usual behavior pattern.

The deal would be like this: if we sponsor you then you have to meet our targets for ads inserted into the local timeline and agree to allow us to algorithmically adjust the local timeline. Maybe they make it as simple as adding some script to the software which enables remote control over content.

This would be a very low investment strategy which still brings in similar levels of advertising revenue. Why fight the opposition when you can just coopt them?

The only down side here would be lack of "real names", but perhaps enforcing that would be part of the sponsorship deal.

If you can't beat 'em, join 'em

This would be similar to what Pixiv did with Mastodon, and would be the best case scenario. Maybe some new features are added, but they're under AGPL and federation continues.

However, this would mean that they won't have exclusive control over timelines and delivery of ads. If it's the best deal they can manage though then they might do this.

There are signs indicating that centralized silos are socially unsustainable in the long run and so the incumbents could just realize that the game is over and try to salvage as much of their position as is possible instead of trying to maintain a failing monopoly.

Diversity of tactics

Most likely they would do a combination of all of the above, hoping that at least one of them succeeds.