The problem is also that federated doesn't really solve the problem of decentralization and that's the problem we ought to be solving. I don't want to create an account on the X instance of the fediverse, I want to create an account on the fediverse. It should be one big fediverse, which instance I use should be completely transparent and irrelevant. Coupling accounts to instances of the federation might be the easy solution, but it doesn't solve the problem we actually should be solving. This was already something I disliked about Jabber/XMPP and this was 20 years ago, we ought to have solved this by now.
Yeah, I agree it all feels very disconnected. I think this problem extends to the communities on federated platforms too. Taking a look at the Reddit like federated alternative (lemmy), there's multiple instances of the same 'subreddit' on different servers. Makes it hard for everyone to gather.
I think federated projects really look at federation as an add on to their platform, not a core feature. E-Mail did this well where everything was automatically federated by default (I.e you can send email from anywhere to anywhere for the most part) whereas some fediverse software, specifically lemmy, require that federation be enabled (and I believe you choose to federate with servers on a per-server basis).
Where I work we're working on a solution to this where your identity remains sovereign between servers [1]. We currently have a Twitter-esque microblogging demo setup [2].
The big problem with federation-by-default in the current incarnation of federated software (at least Lemmy, I'm less familiar with Mastodon) is that you will likely end up publicly hosting any content from instances that you choose to federate with.
With email, it doesn't really matter if someone is using your email platform to spread controversial political ideas or using it to share pirated media or whatever, because you're not hosting it for the general public to consume.
With the fediverse it's different. If I own fedifoo.app and allow my app to federate with neonazis.app or tankies.app, then eventually neonazi or tankie content will be accessible at fedifoo.app/c/unpleasantcommunity. I don't want that, so I defederate, but now the fediverse is fractured and "it doesn't really matter which instance you choose" is no longer true.
Disabling federation by default helps protect new hosters from the unintended consequences of federation, which is good, but it leaves us starting out on a fractured footing.
The solution to this is to have a unified namespace which is distinct from hosting. So then /c/unpleasantcommunity is only hosted by instances that choose to mirror it, but if anybody goes to /c/unpleasantcommunity and their default instance doesn't mirror it, it redirects to an instance that does.
Then you don't have to host anything you don't want to but you still have a unified network.
Yeah, I also think having the option to censor communities in specific is a good way to do it. So you could just choose not to host /c/hatefulcommunity. I'd imagine blocklists and community reputation systems would be created much like what exists with e-mail.
The generally right way to do this is to put actual censorship on the far side of impossible but give individuals good filtering tools. So then maybe your instance provides a default blocklist, but if something gets blocked, it isn't just silently invisible, it shows up as a collapsed comment that you can unfurl or a warning page that you can click through if you really want to. And if you don't agree with an entry your instance added by default, you can strike that one out and choose to always see it.
The key is to never let anything like a central party impose censorship that can't be overruled by the user, but still allow them to filter out 99% of the crap by default.
Yeah, Polycentric lets server operators choose to censor individual posts or entire users. Your client can query anything that's censored from one server by querying it from another where the content was published. It's fairly easy to tell when a post is censored since each post has a logical clock per user that is incremented per post, so you can pick out any missing logical clock entries.
i quite like how censoring is done in the fediverse. there is no censoring but each user can chose to block content from showing up in the client. i don't like the idea of censoring. some authority decides what other people are allowed to see.
Sadly Lemmy’s implementation is quite poor. The owner of each instance can choose which other instances to federate with. So shortly after the Reddit exodus, many are already forming tight ideological bubbles. For example, Beehaw defederated with almost every other instance because they want an ideological safe space. This despite the fact that the protocol already gives individuals plenty of tools to block and avoid users and communities they don’t like. So there is a strong push to control the experience for all users in an instance, instead of allowing individuals that control. And I see a lot of support for this model in other, “less” authoritarian instances like lemmy.world.
I think many people are just very authoritarian today, and don’t appreciate the internet as we knew it 20 years ago. They’re not content to control how they interact with the internet. They want to control how everyone interacts.
I'm unconvinced the majority of people are like this, but the type of person who becomes a moderator will be, it's self selection. This happens in every community on any subject matter, I've seen moderators on power trips in phpBB forums 20 years ago, it's nothing new.
The type of person who we want as moderator don't want to be moderators. A real decentral solution needs to give power and sovereignty to the users and take it away from admins and moderators. Some group of elite privileged few federated servers with all the power, demonstrates how worthless Lemmy and fediverse are.
Not a fan of ideological censorship myself, but deferderating from instances such as pedo.school, cum.camp, various kiwifarms instances and hentai.baby, seem reasonable to me.
Sure, but they defederated from a lot more than those four instances. They also defederated from 400 others, including lemmy.world, which is about as milquetoast as it gets.
That was the claim, but it’s clearly a lie. First, they’ve defederated with and blocked hundreds of instances, not two. It looks like close to 1,000. You can review yourself here: https://beehaw.org/instances
Second, it appears they have even more moderators than the instances with which they defederated. More than enough to keep illegal content off the instance. But that’s not the intended goal. They want content off the instance which is ideologically opposed to the owner. They make that clear in the instance description. They want more moderation than Reddit, which is already filled with insular ideological spaces.
The users are all very much on board with this ideological purity. They freely admit it, so I’m not sure why you would contend it.
It’s 400. Versus over 3000 linked instances. That does not sound like an insanely long list, considering how many spam instances there are and those with questionable content.
A big problem with this is that certain kinds of content are illegal both to host but also to link to, in many parts of the world (including the USA). Your solution works well for legal-but-reprehensible-to-the-admin content such as nazi or tankie content (or porn or [...]). But if you end up linking to illegal pornography, or to drug selling, or even to gambling etc, then you're likely still liable and the fact that you're not directly hosting the content is not going to protect you that much (look at torrent trackers to see how well that defense worked).
But email is the same as xmpp or DMs on "social media" - you can comunícate with various instances. the problem arise with groups (so mailing list, multi user chat or "communities") - in case of email you have mailing list which is not federated and is tied to particular server / address... same issue so it wasn't exactly solved. it's just it's used slightly differently.
All I get from polycentric.io is "Please add Polycentric to your home screen" (Android browsers call it installing) - even after I added it to my home screen (Firefox on Android). Works on Chrome though.
Both current Firefox for Android and Safari 17 (Beta) have a bug where display-mode: standalone doesn’t return true when running standalone, that’s probably what’s broken.
I think you might be missing that federated systems are not supposed to be fully decentralized. Federated is a pit stop along the spectrum between centralized and fully decentralized that makes trade-offs in order to reap some benefit of decentralization (no single owner of the entire network, allows some measure of user choice), while not having to deal with the problems of a fully decentralized model (no central authority brings moderation challenges, how to handle spam when each account is fully independent and not tied to a blockable instance that likely has no account verification enabled, there's nobody to appeal to if you lost account access / password reset challenges, among other things)
Being federated doesn't solve the problem of decentralization because it's specifically a middle-ground. It's supposed to be a compromise with some benefits of both centralization and decentralization - and I think a lot of people are happy with that compromise.
Sure, but if you don't have instance reputation as a stand-in for user reputation, then you are back to ground zero on the spam problem and sybil problem. This is not solved anymore than Bitcoin or Hashcash (anti-spam tool) it was based upon, or any more than email spam was in the 90s, or usenet spam in the 80s.
Every time I've brought up that content federation and identity federation aren't the same thing and that having centralized IDPs handle the burden of keeping spammers out of the network, people chime in with "yeah, and don't limit me to google and facebook!" and kind of miss the whole point. Centralized is one of the few solutions to the spam problem, it's worked with email for example. The other ways are some kind of a reputation web (finicky and gameable) or to force people to put down cold hard cash (proof of stake/proof of work).
This is all intimately tied up with crypto and spam because this same problem hasn't been solved for 30+ years and keeps popping up over and over again. Reputation networks are hard.
(and, you can do identity federation without actually melding your content with theirs, and that in fact melding content into a global namespace isn't inherently desirable. There there may be cases where you want to do something different with the "domain"/"subreddit" than another instance, or what most other people are doing with that domain/subreddit - reddit "technology" is not the same thing as 4chan "technology" even though these boards share a discriminator, it's not even the same culture or style of discussion even if they shared a mechanical format.)
But yes generally speaking the real problem here is there's like 10 different factions that all want to solve slightly different use-cases. Some people want self-hosted reddit, some people want self-hosted reddit with global boards, some people want explicit networking to specific instances, some people want something much closer to the decentralized/single-person instance with individual custom IDPs, etc. Nobody even agrees what they want to build.
> There there may be cases where you want to do something different with the "domain"/"subreddit" than another instance [...] reddit "technology" is not the same thing as 4chan "technology"
Or "china" (porcelain) versus "china" (a band) versus "china" (one, possibly two countries) etc.
One option would be an explicit mapping step:
1. Communities are only able to stake out boring UUIDs, those are the only official ID and are used in any invites, links, etc.
2. Instances may choose to suggest a "foo"->UUID link for users on that instance
3. Users may choose to override that "foo"->UUID link within their own settings if they disagree
4. When a user references community "foo", what actually gets shared is a link based on their current mapping settings.
5. If someone else sees that link and their settings designate a different "foo", the link should render in a way that makes it obvious that it refers to something contradictory.
Yeah, it's complicated UX-wise, but the thing is it's actually closer to the underlying reality of how humans use names: There is no single global and timeless "Bob Smith", there's just one in a given context between me and whomever I'm talking to.
Nostr solves this. You don't need to "create an account", you just generate a key pair. That is your account. On what relays you store your data is orthogonal to this. As long as an event is signed by your private key, it is your event.
I think DIDs[0] are an interesting idea for dealing with the problem of centralized registration in federated systems.
It would be great to be able to create one identity that if I want to leave an instance and bring all my data with me to a new instance I can do so without friction. That's currently a big issue I have with Matrix for example -- there's no way for me to go from @user:matrix.org to @user:myowndomain.com and have that be the same identity with the same friends list, etc.
True, but you might be able to store it/hide it away in some DHT behind a username and passphrase, even that might not be necessary. You can solve a lot of complexity in the protocol by good frontend people who understand UX.
Even Whatsapp is using PKI, its just all hidden away from the user.
They managed to sell cryptocurrencies by proxy; maybe somebody else holds your keys, and you log in using a traditional method to have that provider use the keys where they are needed or rotate and update them when you want them rotated and need to broadcast that fact. And people who can handle it themselves, handle it themselves.
Holding a private key in a way that is both usable and secure is not easy, for fundamental reasons. As such, it is impossible for this to catch on with the general public, ever.
A far mor likely outcome is for government-managed identities to become the only way to access certain kinds of services, for better and for worse. Governments already have the identity management part handled, with the legal system acting as the ultimate fall-back for any corner case. The integration is already widely used for certain services (the entire financial system relies on government-managed identities already, all around the world), so it's just a matter of extending this. It also helps solve certain less talked about problems of identity systems, such as preventing children from accessing certain kinds of content.
Ideally, instead of the current solution of every institution having access to all of your personal details so they can check your identity with the government, governments could start working for the opposite model - a government-issued and managed IdP, where only the government knows your personal details, and where enterprises get an opaque token they can use to ask the government about a set of details they need to operate their business.
> Remember, your private key is your identity in Nostr, so if it is compromised you'll lose your followers and will have to start from scratch rebuilding your identity.
This is the same gripe I have with home servers on the fediverse: home servers come and go, and private keys sometimes need rotating. Making you lose all your friends and content when that happens is not an acceptable tradeoff.
I think the solution is entirely separating "identity" from every single other concern such as security (private keys), hosting (home servers), and public identity ("display name").
>I think the solution is entirely separating "identity" from every single other concern such as security (private keys), hosting (home servers), and public identity ("display name").
I'm not sure you can separate it from security (private keys). If there's nothing stopping others from using the same identity then it's not _your_ identity.
Nostr does not solve this. There is not "one big Nostr" network because there is no consensus across the network. Your view of Nostr is whatever the peers that you connect with say it is, and they have little reason at the limit to share with each other or to be honest with you.
Nostr is just going in circles with federated networks all over again.
Yeah Nostr is cool but like others have pointed out, there's an even steeper learning curve. And besides that, Nostr claims to be censorship proof, which sounds cool on the surface but will inevitably lead to a cesspool of hate and personal attacks.
This misses two important points about moderation/censorship:
1. I don't want to trawl through garbage to reach posts I like. Even a single gore video or such is enough to ruin most people's day.
2. It's not enough for me to block content I don't like - in certain situations, I have a legitimate need to block others from seeing content I don't like. Specifically, if someone is spreading lies about me, or pornography of me, the fact that I can block that person is not going to help me, I need a way for the platform to stop showing those lies/pornography to others, or at least to automatically attach my own version of the story to those lies (of course, I should first have to somehow prove those are lies).
In a properly decentralised model you’ll be free to subscribe to privately created block lists, which include users and instances considered “unsafe.” You’d subscribe to that and go about your day.
The authoritarian approach is that you want to ensure no one else sees what you don’t like. You don’t want to give them the choice.
Ok, say I win an injunction in court against this image/movie being shared. How is the court system going to enforce this injunction on the Fediverse or Nostr or Blusky?
You don’t need to win any injunctions if the activity is illegal. It will be a criminal case, not civil. The police will handle all prosecution. They’ll go ahead and shut down any suspected illegal activity by order and/or seizure, provided they have jurisdiction. You might just be asked to testify.
The globally distributed nature of the internet complicates jurisdiction, but this has always been true of the internet. If someone uploads porn of you to 300 porn sites and 10,000 tor sites, it’s very difficult to get it all taken down. That doesn’t mean there’s something wrong with the internet. It’s accomplishing its original intent.
Edit: but perhaps that is your complaint? You believe the internet is fundamentally flawed in that there is no central authority which has the power to control all information? I understand the allure of this, but I believe this wound be ruinous for the internet and human progress.
My point is only that some amount of censorship and control of information is necessary. The particular example I gave is actually quite realistic, and happens to many people each day. While getting it off of the whole Internet is hard, getting it off Twitter/Facebook/Google/Reddit/PornHub is, thankfully, quite easy. The fact that it may linger on Tor and some less reputable porn sites or other places for a longer time is not as problematic, since few people access those.
Overall, what I'm saying is that many people who espouse the virtues of decentralized or federated social media forget or minimize some of the actual benefits of centralized social media with strong moderation [0].
While I think it's great that the internet as a whole is uncontrollable, I don't think "living" in the less controlled parts of the internet for most of your online life would be a pleasant or healthy experience.
[0] I should note that I have some serious qualms about the harm some of this content does to the moderators themselves, but I'm not sure how to grapple with that particular issue.
I don't think there is a simple answer to this. I agree that we cannot wish for a world in which nothing can ever be taken down. I guess we're just going to have to find the right balance.
But right now something very conerning is happening in western democracies that threatens to shift the balance very far in an authoritarian direction. And leaning on centralised platforms is at the centre of it.
Platforms are no longer just told "here's this revenge porn video, it's illegal, take it down!". If proposed laws are actually passed it will be more like "if people are discussing stuff on your platform, you better make sure no one comes to harm or else!"
In my view this is a sea change. Pretty soon we may no longer be able to discuss a wide range of subjects on mainstream platforms (such as psychological or health issues for instance). Kids in particular will be severely restricted in who they can talk to about what. In some cases it may prevent harm. In other cases it could be catastrophic.
If the balance moves so dramatically in one direction, I think it is ony reasonable to think about how to mitigate the effects of this to preserve some freedoms and escape hatches. The efforts I see are very very feeble anyway compared to the full force of what we are facing politically.
In my view, no control should ever be total, even if on the whole we cannot wish for a total loss of control.
Not if a decentralized platform claims to be censorship resistant, as Nostr does. But yeah I assume you could just block keys, or IP-addresses at some point.
Yeah, as far as I can tell, nostr does indeed solve the issues discussed ITT. I think it stems from the fact that nostr is a protocol, just like HTTP. So instead of federating or decentralizing on top of http, we needed a different protocol all-together
>. I don't want to create an account on the X instance of the fediverse, I want to create an account on the fediverse. It should be one big fediverse, which instance I use should be completely transparent and irrelevant
Sounds like centralization. Now if Activity Pub goes rouge ALL instances are affected.
Making accounts on your favorite instance and communicating with other instances prevents this, in theory. You may need to make a new account if Lemmy dies but you should (again in theory) be able to move your content seemlessly to a new instance. Becsuse Lemmy isn't facilitating the content, simply providing a view for itz based on its usage of ActivityPub's API
No, in the same sense as creating a Bitcoin wallet "sounds like centralization". "True" decentralization does not give any power at all to instances, the same way a Bitcoin node has no power at all over the Blockchain and it would be a bug if they did.
It's not centralization if you can set up an account tied to your own domain name (similar to an email address for your own domain) without needing to self-host an instance.
I agree. I was interested in using Mastodon, but found the necessity to choose a server off-putting. Why? Because they mostly seem to have "themes." Why would a person joining a general-purpose communications platform want to pigeonhole himself into a special-interest group? And subject himself to banning and censorship at the caprice of the moderators of THAT instance? I've had enough bullshit from lowlife Reddit moderators; I'm not signing up for more.
A lot of instances have "themes" because they are a way to gather likeminded users. There are also general instances without as all-encompassing themes, and of course you can use say a tech-oriented instance to post your own art if that is permitted by it's rules.
You sign up for the moderation you want, and if it or you changes you can jump ship while being able to retain connections (trust me, I've seen several users having migrated instances).
What's great about the Fediverse is that you not only sign up for the network, but the point you start from inside it, and the moderation you want. On a fully decentralized platform you'd either be subject to some form of easily gameable group-moderation or be left to the task of filtering content all by yourself.
I don't care that I might be missing out on some maybe nice person on a instance defederated on my home instance. I care that I feel that I belong on my home instance and my feeds are full of people whose community I can feel like I belong to as well. One that has been very easy to grow organically without an algorithm telling me what I want.
Thanks for the reply. I respect that, but I'm not interested in a particular community. I'm interested in a variety of topics and subject categories, on a global level.
Honestly, we need a physical product that's like 30 bucks and the size of a USB stick (or Ras Pi for the MVP).
It includes 3 years of free hosting for your domain name, a small web server, and a sync service that copies your files to a central server so they can be made available at that domain name. The default server would be the company that made the product, but you would own the domain, and you'd be able to change where you're syncing to with two clicks. And the canonical version of your files would always live locally (one-way sync).
Could be used for email, website hosting, and local media server capabilities. Throw some solar panels on it, and boom, you have my dream device.
This problem of decentralization was already solved by Usenet decades ago: your user ID is your email address and the various servers (Usenet instances) all mirror each other's posts.
The problem with that was that email addresses are easily forged and Usenet lacked adequate spam filtering and content moderation tools because of its decentralized nature and the general lack of effective spam filtering in the late 90s/early 00s. So it was replaced by forums which were in turn replaced by social media.
But email is a federated system itself. Complaining about having to sign up for a particular instance is like complaining you have to sign up to a particular email provider and not all of email.
IMO the difference is not really about federation, but about the degree of context and trust the user has--or can have--when it comes to choosing servers.
There's no guarantee that name@majorisp.com is going to stick around forever, but there was a contract relationship plus a certain degree of too-big-to-fail-ness.
Either you control what is being relayed or you don't.
The latter was not very successful (zeronet was a CSAM cesspit).
If you choose control then you end up with the fediverse, because
there is no such thing as the "one big fediverse" if every moderator makes different decisions.
You're absolutely right and the attitude from many users and admins is extremely blind to the problem because they WANT a very close an narrow minded system that follows the admin authority and follows a "love it or leave it pattern".
It's the opposite of user choice/power and, ironically, less flexible than reddit in some respects.
Comment, follow, reply anyone on mastodon, pixelfed
I can reply to anyone on Lemmy or kbin
You will only need an account if you want to post original content on a particular instance, like if you want to upload a video on peertube or pixelfed or Lemmy. For the most part, users are consumers so they WILL only need just a single account
Though cross-software usage of different formats of (social) media is unintuitive. Browsing Peertube or Lemmy you'd probably be better off with an account on such an instance.
If you are already following a thread, then its transparent but yes, it does take a bit of time getting used to. You have to search for a username and then use that to follow or interact with it.
It could be better but its not like something doesn't exist
> I don't want to create an account on the X instance of the fediverse, I want to create an account on the fediverse. It should be one big fediverse, which instance I use should be completely transparent and irrelevant.
This is the fundamental tradeoff. What you are asking for cannot be done and still be federated. Sorry.
The problem is that "federation" has only a small technical component; the majority of the "federation" problem is social not technical.
The social problem is "Bad actors exist. 1) How do I identify them? and 2) How do I extend or revoke trust?"
Even email, which everybody holds up as "federated", hits this problem and defers to centralization. For email, we anoint the DNS records as the primary repository of "identity" and are what are used to extend "trust" via DKIM, DMARC, and SPF.
You might be interested in the p2p design of Peergos. You sign up to Peergos[0]. Your initial server is just responsible for storing your data (although you can run as many live mirrors as you like), and clients verify all updates. You can automatically move server (by running a command) and all your data is moved, and old links continue to work, and you keep your social graph and identity.
You can also log in through any instance, including localhost. Links also work on any server because they include a capability to the content in the link.
This is the beauty of content addressing plus public key based addressing.
That'll never happen for two reasons, decentralization means a user-driven internet. It has to, even if corporations have the freedom to join, decentralization by default means any private person can host a part of it.
And when users host things they give of their own resources to other users, which means there is trust involved. And whenever trust is involved we need a better insight into who signs up. For example; request access with a bio, or a donation.
The other reason is that what you describe is centralized authentication, to a decentralized backend, so it defeats the purpose. Who owns the authentication?
If we want freedom from a corporate internet, we'll just have to bite the bullet and accept a certain learning curve.
Which is also why the centralized corporate services will never go away, and most likely remain a majority.
Nah, you want an account which you have full control over and is the bearer of your generated content, rather than your content spread across thousands of independent servers which you have zero control over.
People are fundamentally misunderstanding thier needs and how they can be properly implemented.
> I don't want to create an account on the X instance of the fediverse, I want to create an account on the fediverse. It should be one big fediverse
You keep using the word 'fediverse'. I do not think it means what you think it means.
The whole point of a 'fediverse' is that there isn't a central authority for accounts. That an account on any of the federated systems is an equal participant in the system. That spinning up your own federated host to issue accounts is allowed.
