Mastodawn

Ezekiel Nov 20, 2022

All of this has happened before, and it will all happen again.

Back in The Day, there was only one Internet Relay Chat (IRC) network. We referred to it as "IRC" because beyond a few small independent servers there was only one network, run by volunteers. Wikipedia says it was called Anarchy Net by some people. To join a server to the IRC network, one convinced the admin of an existing server to allow connection.

Daniel Lowe Nov 20, 2022

This worked for years, until eris.berkeley.edu altered their server's configuration to allow *anyone* to hook up a server. No restrictions, no passwords, and no limit on the number of connections. This attracted a huge-for-the-time number of bad actors, filling the network with spam and hackery. Eventually, Eris was silenced/quarantined by most hub servers. These formed Eris-Free Net, or EFnet. A-Net whithered away into irrelevance, and EFnet became the primary IRC network.

Daniel Lowe Nov 20, 2022

IRC networks are now typically structured as collectives that carefully manage who is allowed to be a server on their network. Each network has a governing body, agreement on rules, and cooperative participation.

Daniel Lowe Nov 20, 2022

Today, the larger Mastodon instances are all Eris. Their moderation teams are much smaller than their userbase. Perhaps there should have been user limits from the start - a minimum ratio of moderators to users - but that didn't happen and now they are overwhelmed. People are already talking about defederating from the larger instances.

Daniel Lowe Nov 20, 2022

The Fediverse's safety has revolved around its unprofitability, but that is changing fast. The rapid collapse of Twitter continues to flood the Fediverse with new users, and extractive forces are going to see new opportunities. As soon as the prospect of automated money gets involved, the stakes become huge. The Fediverse is going to see attacks like it has never seen.

Daniel Lowe Nov 20, 2022

Hundreds of bad-actor instances, followed by thousands of users on your server, solely for the purpose of provoking federation. Millions of automated account reports. The troll machine has barely gotten started, and while Fedi successfully repelled the amateurs, I don't think it can withstand professional attack. Anyone with sufficient money can easily overwhelm the whole thing due to its openness.

Daniel Lowe Nov 20, 2022

Eventually, soon, the Fediverse will need to become default-closed, electing to only federate with vetted instances. We should prepare. It should be possible to pull an allow-list from a centralized point, forming a cluster of broad agreement. I think it will still be different from the IRC networks - instances could be part of more than one cluster, for instance - but our days of trusting all comers are limited. We should imagine what we want before we're forced to respond.

fa'o

Michał "phoe" Herda Nov 20, 2022

@dl It'll end up being the #WebOfTrust all over again - admins who trust other admins and base their federation on this. (Except this time the Web of Trust will have another chance at trying to work at scale.)

Blocklists will also likely become automated and synchronized, and modifying them will become based on trust as well.

Daniel Lowe Nov 20, 2022

@phoe Blocklists are going to be insufficient when their resources of buying servers and setting them up outstrip your capacity to block them. #WebOfTrust has far too much per-admin toil to work.

Multiple distributed allowlists, each with their own governance, are the way to go. It would be the same abstract structure that allowed Fedi to fight the trolls previously, just at a higher level.

Woozle Hypertwin Nov 20, 2022

@phoe @dl
I keep hearing that "web of trust failed" -- but I never actually saw it in use, anywhere. How was it used, and how did it fail?

Daniel Lowe Nov 20, 2022

@woozle @phoe I think the fact that you haven't heard of it is indicative of its failure.

It was a PGP thing - you sign people's certs confirming their identity, but also indicating how much you trust their verification. So if you see a new cert, a friend of a friend may vouch for it, depending on the relative levels of trust.

Daniel Lowe Nov 20, 2022

@woozle @phoe It was trying to get away from the need for a certificate authority but was so cumbersome and unreliable in practice that it never got the mass adoption it needed to be practical.

Michał "phoe" Herda Nov 20, 2022

@dl @woozle You mention the formal part, whereas WoT is more of a concept than this one concrete implementation of it. The Linux kernel development is more or less equivalent in concept: you need someone to vouch for you (or, in git terms, sign off on a commit) before your code is actually merged into the kernel.

Daniel Lowe Nov 20, 2022

@phoe @woozle That's more of an authority situation, though. Linus is the CA and the other commiters are his intermediate certs

Woozle Hypertwin Nov 20, 2022

@dl @phoe
That description kind of sounds like it was set up to fail. A bad UI does not mean the underlying idea is bad.

...but in any case, yes, I'd very much like to see more WoT ideas tried within the realm of fedi-moderation.

Lightning Bjornsson*

evdonia_corner_emblem

@dl this is scary ._.

Tim W Nov 20, 2022

@dl I dunno, I think you make a lot of interesting points and comparisons, but I also feel like the current mechanisms have a decent shot of scaling. We shall see!

Dark Sage Torunka

@dl tbh part of the reason why I jumped on the Fediverse was specifically to get ahead of the #twittermigration and get my instance Known before self-hosting Mastodon becomes as viable as self-hosting e-mail.

I got about a week's head start. 😅

At least having to register a domain name and set up a server keeps out the skiddies. But I definitely feel like we're just continuing the Cycle of Internet (De)Centralization.

Erica "digifox" Kovac 🌐⚛️⚡Nov 20, 2022

@dl I think comparisons to IRC are generally inaccurate; it's much closer to email or XMPP, with similar failure modes and probably similar mechanisms for moderation.

Erica "digifox" Kovac 🌐⚛️⚡Nov 20, 2022

@dl When it comes to actual spam management we could definitely approach things much like email has, though when it comes to harassment/content management... I think mostly we might see instances defaulting to not relaying media to avoid CSAM risks and legal culpability. I'm not sure that separate connected-components of the system are really a likely outcome.

Daniel Lowe Nov 21, 2022

@digifox I'm using the IRC story here as an example and maybe the IRCness was too distracting.

Fedi isn't like email or XMPP because it's at least initially pull-based. Your instances have to at least be somewhat introduced, and you kind of expect the federated timeline to be unfiltered.

I'm more concerned about targeted scams, abuse, and misinformation.

Daniel Lowe Nov 21, 2022

@digifox The thing you say won't happen though has already happened once. The Fediverse is already bifurcated along political lines, but unevenly and ad hoc. The fediblock hashtag idea was the first incarnation of a larger cluster of shared threat info.

Coral (bleached era)Nov 20, 2022

@dl I may be wrong, as I was never highly active in IRC, but I don’t expect .social et al to be totally defederated, but I do expect them to be widely silenced.

We’ve done that, for sure, and that’s basically broken the chain for abuse/techbros to get to us

gosha Nov 20, 2022

@dl I had no idea this is how EFNet got its name! Fascinating story.

@dl Huh, TIL. I spent so much of my childhood on IRC and had no idea that EFnet actually stood for something or even that IRC was made up of networks of servers and not just individual isolated servers each with their own separate channel lists.

Although tbf I joined IRC probably around 1998/1999 which was a while after all this went down.

vga256 Nov 20, 2022

@dl this is great history that i was unaware of. joined EFnet in 94, and it was already a zoo at that point.