The Fediverse, or Shitpost Ergo Sum Ego Sum

(I Shitpost Therefore I Am)

This blog has been a long time coming, because we have a lot we need to talk about. Every day, too many people try to claim tutelage over a perpetually growing dung heap. I've written before about the flawed security model that was adopted in the ensuing rush to get real-world ActivityPub implementations out the door. This is not one of those posts.

In the interests of avoiding outright cancellation (which will happen anyway), I will just note that the next sections should be taken with an extreme content warning: many of the sections dissect and examine various incidents that intersect outright harassment or direct examples of white nationalism that have gone entirely unnoticed by the “cancel crew.”

Arguably, I think it's time to cancel the “cancel crew” because they're not protecting us as promised, and in the absence of funding to purchase security services from Prolexic, they will be completely unequipped for the future that they've largely created for us all.

What is the Fediverse anyway?

It's 2019, we're in Web 5.0 or whatever the current buzzword is, Social was dead, Facebook stock was in freefall and, for the last few years, the idea of an independent, federated social network has been growing a new life, largely catalyzed by the launch of the Mastodon platform in late 2016.

It has been said that the Internet is a series of tubes, and that services like Netflix are clogging them up. I have a different perspective: I argue that the collective Sidekiq and Oban instances of Mastodon and Pleroma nodes are the slow-moving garbage-laden trucks shipping around untold terabytes per day of trash. And that trash? That trash is what we lovingly call the fediverse.

If you want to get technical, the fediverse is the federation of servers running OStatus and ActivityPub protocols. Numerous software implement these protocols: Mastodon, Pleroma, Hubzilla, Friendica, GNU Social and PixelFed are good examples. They serve various niches, but have some level of interoperability.

Defenders of the fediverse say that the growth of the fediverse is the fruit of cooperation and collaboration. However, they rarely mention how this cooperation is achieved: name-calling, mischaracterization, disinformation and “cancellation”.

Death By Shitposting

How does an open-world network based on anarchy police itself? Cancellation and tribalism of course, but at least there's the ACAB emoji. Like in proprietary social media, clout on the fediverse is derived from elevating one's reputation at the expense of others. Sometimes this happens for good reason, but usually nobody actually knows the reason it is happening. Like the AMBER alerts you receive on your phone, you just know it's time to get your shotgun and join the mob!

Whenever there's a design flaw with the protocol, it's best to blame the software implementations for disagreeing to the level at which they will cover up the design flaw, instead of the actual design flaw. As is frequently observed, software other than the software of the user's choice is seen as problematic because their software created a flawed security model in the first place.

A Social Network Free Of Nazis

Content warning: We're going to talk about actual nazis. If this bothers you, you may want to skip this section.

One of the main advertising points of the Mastodon software is that the Mastodon Network is free of nazis. Of course, the Mastodon Network is the fediverse, an open-world federated network, and Mastodon itself is free software licensed under AGPL, all of which means that this claim is technically infeasible to enforce. So, how have they been doing with this?

Well, if you use Pleroma or other software that is not Mastodon and doesn't completely buy into the (broken) Mastodon security model, you're a nazi according to many Mastodon users. So, that's part of the point, but not really, and it's not even what I am getting at.

The real question is how is Mastodon doing with having a nazi-free network? Well, Gab and KiwiFarms joined the fediverse lately, and much of the fediverse as a whole are completely anxious about these developments. There's certainly arguments for blocking both of those instances, but that's still not what I'm talking about. This is, however, the ball the Mastodon people have been keeping their eyes on.

Nazis? In the fediverse? It's more likely than you think.

The easiest way to find actual bonafide nazis on the fediverse is to look at Pieville. Pieville is an instance operated by people associated with StormFront, a self-described “White Nationalist Community.” Users openly share videos and messages from key people in the white nationalist movement, such as Billy Roper and William Pierce. Other neo-nazi figures like Alex Linder have an account there. Oh, and Pieville runs Mastodon v2.7.4 at present time of writing.

Whatever you think of Gab or KiwiFarms, Pieville is on a completely different level, and it's surprising to see nobody discussing them as a threat, while cooking up all sorts of threat scenarios about Gab and KiwiFarms. This is not a defense of either of those instances, but it makes me wonder why our eyes aren't on the real ball.

Pieville isn't the only one. There are others, but Pieville has recently blocked from crawling their instance.

The Scriptkiddie-ification Of The Fediverse

Nazis aren't the only problem. The security model where data is distributed to as many nodes as humanly possible and security is not properly enforced to ensure relationships exist with nodes prior to sharing data with them is a problem.

This leads to numerous incidents where instances you don't expect to have copies of your data have copies of your data.

But even that is not the real problem. The real problem is the script kiddies abusing these implementation flaws, and the lack of audience restriction capabilities in the software, which lead people to post things publicly when they probably shouldn't.

Oh, and by the way, there is already a fediverse-wide search engine, which was built in public view while everyone was fighting in order to gain clout.

So, how do we fix the fediverse?

We need to transition the security model away from one that is cooperative, to one that has border-oriented security. The Internet itself, is a federated network, but BGP defines clear boundaries and policy. OCAP or other capability-based systems will do the same for the fediverse. Instead of cancelling each other, we should concentrate on building real security tools and deploying a real security model.

The good news is that progress is being made on this front. Hopefully by 2020, we will have some real solutions widely deployed and people can go back to taking it easy.