@Stefan Bohacek Another thing where Hubzilla, (streams) and Forte truly shine, by the way.

First of all, Hubzilla distinguishes between a "contact" (someone has sent you a connection request) and an "approved contact" (either you've confirmed the connection request, thus creating what's a mutual follower/followed connection on Mastodon, or you've requested a connection request, and it has been confirmed). It's much like on Facebook. This distinction also exists in permissions: You can give certain permissions to contacts or only to approved contacts.

On (streams) and Forte, the concept of a non-approved contact doesn't exist; unless the connection request is confirmed, it doesn't count as a contact, and it doesn't have the privileges of a contact. This means that nobody can acquire certain permissions simply by following you.

Next, even if someone is a contact of yours, doesn't mean that they're always permitted to send you their posts. You can configure your channel in such a way that you can only allow certain contacts of yours to send you posts. I've actually done that.

Also, on all three, being notified when someone who isn't a contact mentions you is off by default and has to be activated manually. Even then, it only works if their post that mentions you makes it onto the server that you're on. This isn't even a case of "they mention you, your channel receives the message, but you aren't notified". This is a case of "they mention you, but your channel outright rejects the message, and if no other channel on your server accepts it, the whole server rejects it".

This means the whole attack vector does not work, especially not against neatly configured channels. By default, you won't see any non-contact mention you out of the blue. And even if someone requests a connection, and you approve it and thereby establish a full, mutual connection, that doesn't mean that you have to endure what they post.

Oh, by the way: Hubzilla, (streams) and Forte understand Mastodon's "followers only" as "public" because it doesn't come with limited permissions, because Mastodon doesn't have a permissions system. And al three have had quote-posts since their inception. This gives you the power to fight back by quote-posting the offending post in a DM to the admin of the offender's home instance. And on Hubzilla, (streams) and Forte, the quote in a quote-post is not a reference by link; it's a dumb copy of the original, inserted into the quoting post with a link to the original post and to the original poster, that cannot be altered by the original poster after the fact in any way.

Lastly, you can raise the shields even further, namely against harassment by DM. You don't have to accept DMs from non-contacts. You don't even have to accept DMs from all your contacts. You can literally cherry-pick those contacts from whom you want to receive DMs.

CC: @Mastodon Migration

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Mastodon #Hubzilla #Streams #(streams) #Forte #QuotePost #QuotePosts #QuoteTweet #QuoteTweets #QuoteToot #QuoteToots #QuoteBoost #QuoteBoosts #QuotedShares #Harassment #Permissions #FediverseSafety #FediverseSecurity

Decentralization empowers users — but it also demands vigilance. #ScamAlert #MastodonSecurity #FediverseSafety #PhishingWarning

@The Nexus of Privacy

About point 4

No can do, at least not support for Black instances. That's because all Black instances are Mastodon instances.

I do not support Mastodon. I hate Mastodon with a burning passion, and I hate the wide-spread notion that Mastodon is absolutely the bee's knees even more. My support for Mastodon is limited to filing bugs on its GitHub repository when it misbehaves in interaction with Hubzilla or (streams).

I will so much not support anyone's stay on this utter piece of crud.

Don't get me wrong. The reason why I won't support them is not because they're Black. It's because they're Mastodon.

And besides, you've written yourself that a Black instance is a ghetto. The kind of ghetto that Black people don't want anyone to tell them to move to. Even if they've chosen themselves to have their Fediverse homes there, it's a ghetto all right.

This is also one of the reasons I will no longer suggest (streams) to the Black community, regardless of whether it might actually be a solution for parts of their imminent problems. I'm not going to tell anyone where to move. Even an unsolicited suggestion, even as little as mentioning the existence of a potential Mastodon alternative and its advantages over Mastodon is passive-aggressive.

Even if someone wished "the Fediverse", read, Mastodon to have a certain feature that'd greatly improve safety and privacy, and Hubzilla and (streams) had this feature readily available right now (and this has happened in this very thread), I would no longer mention them unless maybe in a purely white cis-het discussion. Mentioning them to Black people would be like trying to nudge them into a ghetto. And supporting ghettos in any way or other is racist.

Seeing as how much damage any attempt by a non-Mastodon user at helping can deal, it's safer for all involved to not do anything and let people continue believing the Fediverse is only Mastodon.

(5/7)

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Mastodon #NotOnlyMastodon #FediverseIsNotMastodon #MastodonIsNotTheFediverse #Hubzilla #Streams #(streams) #Safety #FediSafety #FediverseSafety #Privacy #FediPrivacy #FediversePrivacy #BlackFedi #BlackFediverse #Racist #Racism

@Paul Cantrell So you've asked for solutions. Hope you don't want Mastodon-only solutions.

- Reply controls already, like yesterday
How about being able to give general permission to reply to your posts?

How about being able to disable replies to any one of your posts?

How about being able to allow specific followers to reply to your posts?

How about being able to separately allow people to send you posts and to send you DMs?

Science-fiction? Wishful thinking? No, reality. Right now.

Available in the Fediverse (just not Mastodon and not via ActivityPub) for over a decade. Not just yesterday. Since 2012. Invented by @Mike Macgirvin ?️, creator of three federated protocols as well as several Fediverse server apps including but not limited to Friendica, Hubzilla and (streams) and inventor of nomadic identity and the most advanced permissions systems in the Fediverse.

Available on Hubzilla since its inception in 2015.

Available in the streams repository (which he is working on now) since its inception in 2021.

AFAIK, ActivityPub implementation being worked on right now. This means that any ActivityPub project can introduce (streams)' powerful permission settings. These permissions would be understood all over the Fediverse, even between different projects. And they'll go well beyond the above.

Inb4 "The Mastodon devs will be quicker if they whip up something proprietary": No, they won't. Mike is blazing fast, and he has a head-start.

Once he's done, and I hope it's this year, the Mastodon devs must be pressured into implementing it. Even though they didn't invent it.

A Mastodon-exclusive, non-standard, proprietary solution (like quote-toot opt-in) can and will be ignored by the majority of the Fediverse projects because the majority of the Fediverse projects won't implement it, especially if the Mastodon devs can't be bothered to document it for others to implement. Wouldn't be the first time that other Fediverse devs have to reverse-engineer a Mastodon feature.

- Default to allowlisting for new/unknown instances instead of denylisting
Good idea only if the Fediverse was only Mastodon.

Very bad for new or small and obscure projects that won't have a chance to get a foothold in the Fediverse if just about all of Mastodon blocks them by default.

(Okay peeps, now go block me for suggesting something not-Mastodon-exclusive.)

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Mastodon #Hubzilla #Streams #(streams) #ActivityPub #Permissions #FediverseSafety

@mav :happy_blob: Allow me to answer with another question for clarification:

What kinds of counter-measures would be acceptable?

If you asked me, which no-one has yet and probably no-one ever will, I'd say, "Forget Mastodon and look at other places in the Fediverse. The Fediverse is more than Mastodon."

I tend to get a whole lot of backlash for this alone. If people don't want to ditch the Fediverse altogether, they tend to cling to Mastodon for their dear lives. No matter how racist Mastodon itself turns out to be, no matter how much racist harassment comes from within Mastodon, the typical assumption is that everything else out there in the Fediverse is even worse.

It's next to impossible to argue against the existence of Nazi instances on Pleroma. Even though Pleroma isn't even that big in the Fediverse. And even though not everyone on Pleroma is a Nazi.

Also, whatever I'd suggest doesn't do what I guess many see as the minimum feasible solution: purge any and all racism from the Fediverse for all time. I'm being realistic here: That won't happen. Not until racism is purged from this entire ball of rock once and for all.

So anything I could possibly suggest is something that helps shield members of marginalised groups from hate-speech against them. Or rather helps them shield themselves. That doesn't coddle them, but that empowers them. And that does so a lot better than Mastodon.

Still, this is difficult because what I'd suggest is very obscure. And again, what marginalised people don't know, they don't trust.

It's hard enough already to put trust in help offered by a middle-aged white cis-het male, especially when you're under attack so much that you've come to the conclusion that the concept of allies doesn't exist.

In fact, I expect this post to drive a few more Mastodon users to block me or even the entire instance that I'm on.

CC: @Jon @Timnit Gebru (she/her) @Johannes Ernst @Jack Yan (甄爵恩) @Kim Crayton ~ Her/She @Ericka Simone @Stefan Bohacek @Ra'il IK

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #FediverseSafety

@Stefan Bohacek @Jon Such safety improvements cannot and must not come from within Mastodon.

For if they did, it would be non-standard, proprietary, undocumented, Mastodon-exclusive solutions that anything that isn't vanilla Mastodon or a soft fork would hardly be able to adopt themselves and oftentimes not willing either. Fediverse devs are turning away from allowing Mastodon to take control over the development of the Fediverse by introducing more and more non-standard, Mastodon-exclusive stuff.

Even worse: If these were Mastodon-only solutions, they might lead to two possible outcomes. One, since the rest of the Fediverse won't support them, the rest of the Fediverse would easily be able to circumvent them. Routinely even. See "quote-toot opt-in". Remember that almost everything in the Fediverse that's an alternative to Twitter and/or Facebook has quote-posts readily available and can quote-post any Mastodon toot right now.

Two, an unbridgeable rift through the Fediverse as Mastodon splits everything that isn't Mastodon itself off. This could be because Mastodon makes itself incompatible with everything else in the Fediverse by introducing new mandatory features that everything else doesn't support. Or it could be because new rules come with new features that demand the use of these features at instance level, and instances that don't use these features will be Fediblocked. Only that nothing that isn't vanilla Mastodon is even able to use these features.

For these reasons, such safety advancements must never be Mastodon developments.

Instead, they must come from the ActivityPub side. And there are things in development right now which, if actually implemented, will increase security in the Fediverse tremendously.

Specifically, what I mean is what @Mike Macgirvin 🖥️ is working on right now, the guy who invented Friendica, nomadic identity and Hubzilla, and who has created and is maintaining [#^https://codeberg.org/streams/streams]the streams repository[/url] which contains the probably most advanced Fediverse server application of all.

He wants to bring not only nomadic identity to native ActivityPub, but also (streams)' extensive, fine-grained, powerful system of permissions which would then be understood not only amongst (streams) and Hubzilla, but all across the Fediverse amongst those projects that implement them.

Imagine being able to post only to the members of a specific list. Imagine these posts being unable to ever leave the list, save for copy-pasting or screenshots.

Imagine being able to choose which ones of your connections shall be allowed to see your posts. Or send you posts. Or reply to your posts. Or send you DMs. Or see your followers and followeds.

Imagine being able to define permission roles, pre-configured sets of permissions, and assign one of these to each one of your connections.

Imagine being able to set your entire account to post only to your followers by default.

Imagine being able to deny everyone the permission to reply to a certain post of yours. Imagine being able to only allow your connections to reply to a certain post of yours. Imagine being able to limit the timespan within which a post of yours can be replied to. Only if that post isn't a reply itself, but still.

Imagine being able to wall up your account, but without walling it up against everyone by only walling it up against certain people.

Sounds like utter science-fiction. But all this is available on (streams) right now.

Granted, it does not provide absolute, 100% water-tight safety against everything. Like comparable with a shielding that wouldn't even let one neutrino through in ten billion years. But as much such perfect security is desired, as impossible it is. Not unless e.g. the Black community creates an exclusive, walled-garden safe space whose aspiring members must be validated by meeting an admin or moderator in real life, eye to eye, to prove that they're actually Black. Sorry, but everything else can and will be circumvented to attack and harass them.

Also, yes, this permission system is not as easy-peasy to handle as the official Twitter mobile app. And it currently comes with a fairly cumbersome UI. That's because, as of now, it only works with (streams)' Nomad protocol and, within certain limitations, the Zot6 protocol used by Hubzilla which has a similar set of permission controls.

I mean, I'd love to see a "Black (streams)" come into existence with a bunch of instances of its own and flourish. For one, (streams) has better chances to be a (fairly) safe haven than Mastodon. Besides, this would give (streams) the publicity it so much needs, especially if Black (streams) started thriving after Black Mastodon has failed so spectacularly.

But let's face it, it's more cumbersome to use in comparison with Mastodon than Mastodon is in comparison with Twitter, also because (streams) is the descendant of a Facebook alternative rather than a Twitter clone. And if you're on a phone, it's either a PWA or a Web browser because there's no (streams) app.

Good news, however: As far as I can see, Mike's goal is to implement all this in ActivityPub with FEPs so that any pure ActivityPub project can adopt it. Friendica can adopt it, fairly easily even because Friendica is (streams)' earliest predecessor. Misskey and its forks can adopt it, and these projects are chock-full of LGBTQIA+ people. Everything can adopt it.

Unfortunately, implementing it in ActivityPub so it works nearly the same as on (streams) will be easier than pressuring Mastodon into implementing that stuff.

Lastly, there's one feature of Hubzilla and (streams) that won't make it to ActivityPub because it can't. And that's the ability to turn ActivityPub support off altogether, both for users at channel level and for admins at instance level.

One flick of a switch, and the entirety of Mastodon is blocked. All of it. As is Threads. As are the various Mastodon forks, Pleroma, Akkoma, Misskey, the various Misskey forks, Mitra, micro.blog, Socialhome, Pixelfed, the entire Threadiverse etc. etc., and if you're on (streams), even Friendica and GoToSocial.

But if you are on ActivityPub, that wouldn't make any sense to be able to do.

CC, FYI because you've participated in the thread: @Ericka Simone @Stu @Leon Cowle

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Mastodon #Hubzilla #Streams #(streams) #ActivityPub #Permissions #FediverseSafety

@The Nexus of Privacy And why fork Mastodon, the most lack-lustre, underwhelming, underequipped and out-dated of all Fediverse projects, if the Fediverse already offers what you're looking for?

Because it does.

Imagine something that gives you the power to adjust things like

• who can see your posts
• who can send you their posts
• who can see your profile
• who can see your connections
• who can comment on or fave your posts
• who can send you DMs (yes, this is a separate setting)
• who can quote or boost your posts
• and many more

Now imagine these permissions can be given to, depending on the setting, seven or eight different subsets of users, including but not limited to:

• only yourself
• only your own confirmed connections (yes, their logins will be recognised)
• only those of your connections whom you explicitly grant that permission by adding them to a privacy group which grants that permission

It gets even better: If something is not allowed, it isn't just deleted from your timeline. It is rejected at server level.

Mind-blowing? Maybe.

Utter science-fiction? No. Fediverse reality since 2012, almost four years longer than Mastodon has existed.

Okay, let me add some more stuff on top.

How about a character limit of not 500, not a few thousand, but infinite?

How about the option of being safe from instance shutdowns because all your content, your posts, your contacts in both directions, your files, your settings, your everything simultaneously exists on multiple independent server instances?

Now this has to be a fever dream, right?

Nope. Reality since 2012 when @Mike Macgirvin 🖥️, already creator of the Facebook alternative Friendica, started developing more and more advanced and powerful Fediverse server applications, from 2013's Red Matrix to 2015's Hubzilla (which still exists, which I'm using) to 2018's Zap and finally to the most recent and most advanced incarnation, established in October, 2021 and still advancing ever since.

The streams repository.

Whatever you may want to add to Mastodon, (streams) very likely already has it implemented right now.

Whatever marginalised, harassed groups may wish the Fediverse to have, (streams) very likely already has it implemented right now. Plus stuff they wouldn't even dare to dream of.

It has been developed, improved and advanced for 14 years, longer than any other Fediverse project, by someone who, in these 16 years, created three Fediverse protocols and about a dozen Fediverse projects, every last one of them vastly more powerful than Mastodon or any of its forks would ever dare to be.

I'll let Mike speak for himself:

Mike Macgirvin 🖥️ wrote the following post Fri, 12 Jan 2024 23:38:02 +0100

A brief overview of the streams repository.

The streams repository is a fediverse server with a long history. It began in 2010 as a decentralised Facebook alternative called Mistpark. It has gone through a number of twists and turns in its long journey of providing federated communications. The fediverse servers Friendica and Hubzilla are early branches of this repository.

The first thing to be aware of when discussing the streams repository is that it has no brand or brand identity. None. The name is the name of a code repository. Hence "the streams repository". It isn't a product. It's just a collection of code which implements a fediverse server that does some really cool stuff. There is no flagship instance. There is no mascot. In fact all brand information has been removed. You are free to release it under your own brand. Whatever you decide to call your instance of the software is the only brand you'll see. The software is in the public domain to the extent permissable by law.  There is no license.

If you look for the streams repository in a list of popular fediverse servers, you won't find it. We're not big on tracking and other spyware. Nobody knows how many instances there are or how many Monthly Active Users there are. These things are probably important to corporations considering takeover targets. They aren't so important to people sharing things with friends and family.

Due to its origins as a Facebook alternative, the software has a completely different focus than those fediverse projects modelled after Twitter/X. Everything is built around the use of permissions and the resulting online safety that permissions-based systems provide. Comment controls are built-in. Uploaded media and document libraries are built-in and media access can be restricted with fine-grained permissions - as can your posts. Groups are built-in. "Circles" are built-in. Events are built-in. Search and search permissions? Yup. Built-in also. It's based on Opensearch. You can even search from your browser and find anything you have permission to search for.  Spam is practically non-existent. Online harrassment and abuse are likewise almost non-existent. Moderation is a built-in capability. If you're not sure about a new contact, set them to moderated, and you'll have a chance to approve all of their comments to your posts before those comments are shared with your true friends and family. For many fediverse projects, the only way to control this kind of abusive behaviour is through blocking individuals or entire websites. The streams repository offers this ability as well. You'll just find that you hardly ever need to use it.

Because federated social media is a different model of communications based on decentralisation, cross-domain single sign-on is also built-in. All of the streams instances interact cooperatively to provide what looks like one huge instance to anybody using it - even though it consists of hundreds of instances of all sizes.

Nomadic identity is built-in. You can clone your identity to another instance and we will keep them in sync to the best of our ability. If one server goes down, no big deal. Use the other. If it comes back up again, you can go back. If it stays down forever, no big deal. All of your friends and all your content are available on any of your cloned instances.  So are your photos and videos, and so are your permission settings. If you made a video of the kids to share with grandma (and nobody else), grandma can still see the video no matter what instance she accesses it from. Nobody else can.

Choose from our library of custom filters and algorithms if you need better control of the stuff that lands in your stream. By default, your conversations are restricted to your friends and are not public. You can change this if you want, but this is the most sensible default for a safe online experience.

There are no inherent limits to the length of posts or the number of photos/videos you can attach or really any limits at all. You can just share stuff without concerning yourself with any of these arbitrary limitations.

Need an app? Just visit a website running the streams repository code and and install it from your browser.  

Nobody is trying to sell you this software or aggressively convince you to use it. What we're trying to do is show you through our own actions and example that there are more sensible ways to create federated social networks than what you've probably experienced.

You can find us at https://codeberg.org/streams/streams

A support group is provided at @Streams

Have a wonderful day.

Mike Macgirvin 🖥️ wrote the following post Sun, 14 Apr 2024 23:13:02 +0200 Here is what we've created:

Conversations: communicate directly with the people in the conversation, not have completely isolated conversations with your followers and their followers shouting at each other -- and neither audience seeing the responses of the others.

Permissions: If you haven't been given permission to speak, you aren't part of the conversation.  If you have not been granted permission to view a photo or video, you won't see it.

Audience: Your choices go far beyond public and not public. Yes, we have groups. We also have circles. You can also just select a dozen people right now and have a conversation only with them.

Nomadic identity, amalgamated identities and single sign-on: Site and project/product boundaries don't exist. It's one big space and you are you - no matter what service or services you use.

Post limits, photo limits, poll limits: None.

Rich content: Use markdown, bbcode, or HTML. Any of them or all of them.

Rules: You make them.

Algorithms: You can install them if you want. You can remove them. You control them and can tweak them.

And much more.

We are the streams repository.

https://codeberg.org/streams/streams


So why does it absolutely have to be Mastodon if the Fediverse has something so much better to offer, readily available in a stable release right now?

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #FediverseSafety #Permission #Permissions #NomadicIdentity #Streams #(streams)