@lauren Im still trying to confirm if this is their actual policy. That no user or server admin in bluesky can actually ban or delete content, but only end users can choose to see, or not see it.
So far, from what I see, it might be that later scenario.
@lauren I was kinda amazed that any social network would launch with what in essence was a "Show bloody gore, spam and hate, and fake account content" toggle, too.
I was HOPING that like the Fediverse that each admin of a BlueSky service can mute or block or ban such content for all. But not sure that is so, yet.
@tchambers @lauren I don't believe "instance" admins have any say over what content federates and what doesn't.
As in, instances (or "nodes" in BS parlance, I think?) are just account/data storage. Admins, as far as I know, have no agency and barely any power in the system.
@lauren @tchambers I am too lazy to dig for it right now but I remember reading in their docs pretty explicit mentions that whole point is that from the user's perspective it should not matter which instance they are on.
I mean, even here:
https://atproto.com/guides/faq
> Account portability is the major reason why we chose to build a separate protocol. We consider portability to be crucial because it protects users from sudden bans, server shutdowns, and policy disagreements.
@lauren @tchambers also this:
https://atproto.com/guides/overview#speech-reach-and-moderation
> ATP's model is that speech and reach should be two separate layers, built to work with each other. The “speech” layer should remain neutral, distributing authority and designed to ensure everyone has a voice. The “reach” layer lives on top, built for flexibility and designed to scale.
"Speech" is what nodes do, "reach" is what (winner-takes-all bigger-is-better) recommendation algorithms do.
Node admins have no say over recco algos.
I read the same, but interpreted it differently. It's bad, but different bad?
I read it as:
* User data is stored in Merkle trees. Basically github repos where each post, like, comment etc, is like a commit.
* Each commit author is a DID, which is stable.
* You can host your GitHub repo of activity on any host. That's the "speech" part. You can set up your own lil nazi repo if you want.
* But search indexes across hosts. That's the "reach" part. Host admins filter
I see confusion/possible jeopardy in that today, because there's no distinction between the AT protocol (git in this analogy) and Bluesky (GitHub in this analogy). Because BlueSky is the only instance of the AT protocol.
The maintainers of git can say, "Hey, Nazis might use this! We have no control! Don't blame us!" but GitHub can't say the same if they host illegal/harmful content.
I do see the devs talking about actively building in the ability to block and ban users. I think block is coming this or next week.
And I think AT Protocol host admins can build their own pluggable indexers, and feed algorithms. So no one can make you host CSAM, or any content you don't want. At least, that's my understanding? I could be wrong.
Their "what's hot" feed is a placeholder implementation that just filters on likeCount > 8. But admins can roll their own
Thus far, I've only seen personal blocking, and not banning. And not clear to me yet the role and power admins have in moderation for all, other than setting labels for all, who can choose to use or ignore. Still looking.
@lauren Those concerns are orthogonal from a technological perspective.
e.g. SILC (Secure Internet Live Conferencing) is end-to-end encrypted with Perfect Forward Secrecy & has mitigations to defend against malicious server operators from eavesdropping, yet it does not prohibit server operators or channel operators from kicking/banning abuse.
The falsehood that end-to-end encrypted messaging facilitates CSAM is a canard.
Also see: @alexwinter's TEDx Talk.
@lauren Push back may still be necessary. SILC (and SSH for that matter) were both developed at a time when even exporting so-called "strong cryptography" from the USA was considered illegal.
In other words: the world has gotten friendlier to cryptography, not the other way around.
Also see: https://en.wikipedia.org/wiki/Bernstein_v._United_States
@alexwinter @mekkaokereke @rysiek @tchambers
@lauren I know Moxie personally, and do not consider Signal to be a protocol of merit. I have written about this publicly, repeatedly, for years. I know some of their other devs and even offered to work for them to fix their problems, but there are court transcripts with Signal logs entered as evidence, I consider them non trustworthy, to understate it.
@alexwinter @mekkaokereke @rysiek @tchambers
@lauren I am also not alone in shunning Signal.
Also see:
https://www.jwz.org/blog/2018/08/signal/
https://www.jwz.org/blog/2017/03/signal-leaks-your-phone-number-to-everyone-in-your-contacts/
https://www.jwz.org/blog/2021/04/signal-hops-on-the-dunning-krugerrand-bandwagon/
etc. @alexwinter @mekkaokereke @rysiek @tchambers
Drew DeVault: I don't trust Signal: I expect a tool which claims to be secure to actually be secure. I don't view "but that makes it harder for the average person" as an acceptable excuse. If Edward Snowden and Bruce Schneier are going to spout the virtues of the app, I expect it to actually be secure when it matters - when vulnerable people using it to encrypt sensitive communications are ...
@lauren The US is of course not immune, it's one of the worst places on Earth for human rights abuses and privacy violations. But two decades ago there were not the preponderance of multiple (some interoperable) encryption tools that exist now. I had Cisco VPN concentrator CD-ROMs which said: "Not for export outside of the USA" and "Made in Mexico" on the same friggin label two decades ago.
@alexwinter @mekkaokereke @rysiek @tchambers
@lauren " pulling out of countries where end-to-end crypto is made illegal" seems to be rather different than, e.g. (now PhD) Niels Provos' efforts to work on OpenSSH by DRIVING ACROSS THE USA BORDER so he was not in violation of international laws while he was a grad student at UMich. Niels Provos did self sacrifice to help all, Signal has not demonstrated anything approaching that, anywhere, ever.
@alexwinter @mekkaokereke @rysiek @tchambers
@lauren So I guess people should contact their legislatures?
As it stands: FreeS/WAN, OpenIKED, Vula, Wireguard, OpenVPN and more exist, with complete source code, accessible internationally. So, legislatures will be hard pressed to put that genie back into a bottle; particularly since USG and .mil utilize much of that already, as do Fortune 500 companies. You can't just legislate away functioning infrastructure via magic, it doesn't work that way. @alexwinter @mekkaokereke @rysiek @tchambers
@lauren Well, in my experience: all governments fall. Some sooner than later. The USA is in a Roman decline stage from my vantage.
Cuneiform, outlived Sumeria.
Hieroglyphs outlived Egypt.
Latin persists despite the fall of Rome.
I think code will be much the same.
The Great Firewall of China? Was supplied by Cisco last I checked.
DNS: open source.
So uhhh, you think open source doesn't help? I think you're off your rocker if so.
@alexwinter @mekkaokereke @rysiek @tchambers
@lauren I have been incarcerated.
I have been to China.
Stop putting words into my mouth.
Stop spreading FUD.
@alexwinter @mekkaokereke @rysiek @tchambers
@lauren You aren't welcome.
Your tone was excruciating and uncalled for with me.
@lauren LOL, you think I am an OPTIMIST?
*sigh* you don't follow me, & after this I have an incentive to stay t.f. away from anything that you write ever again.
I sleep in a car.
Thousands in debt.
I have not spoken with my own son in over a decade.
I still actively contribute to libre/free open source software months if not years ahead of commercial downstream projects.
It's been like that for MOST of my existence in this hellish world full of people with too much power & $ punching down.
@lauren I was born in Menlo Park.
*sigh*
My family's church, TO THIS FRIGGIN DAY "news flash: it's 2023!" (so rude! why do you write like that?) shares a parking lot with SRI.
SRI had a cross licensing agreement with PARC and SAIL.
@lauren You absolutely do not understand my point of view whatsoever.
That you would write as much, seems terribly presumptuous to me.
Moreover, I am not your teacher and I don't want to share my life story with you, especially given how you are treating me.
Consider my take on libre/free open source fatalistic, post apocalyptic and you'll get closer to my lived experience.
@lauren And I was personal friends with Doug Engelbart.
Do you always write others with this much vitriol?
It seems awfully rude.
We would not even be communicating right now in this modality without:
TCP (BSD)
DNS (ISC)
ActivityPub (multiple open source implementations).
Windows, Mac, ChromeOS, IOS, Android: all downstream of open source projects.
@alexwinter @mekkaokereke @rysiek @tchambers
@lauren ARPANet site 1 at UCLA, was still after Engelbart's group at SRI.
Also, after SAGE.
I think you think too highly of yourself and are resting on your laurels and it looks disgusting from here.
@lauren Change your diet.
No more Big Macs.
No more Coca colas.
Maybe you'll stop caring so much about failed governments and start treating life on Earth with more compassion and respect.
@lauren
"I don't mention anything about UCLA"
Sure seems to contradict:
"And by the way, I've been working on the Internet since before there was an Internet (ARPANET site 1 at UCLA), and on Open Source long, long, long before the term was coined." (https://mastodon.social/@lauren@mastodon.laurenweinstein.org/110268796785422058)
JFC, writing with you is exasperating.
Do you realize what this looks like to anyone else?
@lauren Yes, Please. LEAVE ME ALONE FOREVER.
Horrid person.
@lauren From my vantage:
all governments fall.
Cuneiform: outlasted Sumeria.
Hieroglyphs: outlasted Egypt.
Latin: outlasted the Roman empire.
I am pretty confident that code will be similar.
I have NEVER had success as an individual with any governance structure. What is going to make a difference for me now that never worked in the past?
I think that risk exists today for Mastodon too? And most of the web?
If I share a link to my blog here, every Masto instance of my followers goes to that blog to generate a preview. That preview image could be a PNG that contains secrets through steganography. No one would know!
The only recourse is if I act out too much and get caught, I can be banned, or my instance can be defederated.
It's the warez problem all over again, 20 years later, with fewer rar files🤷🏿♂️
If admins in BlueSky can act like admins on Mastodon, I'd feel assured that they were on the better track, banning users and removing content on their own servers, and the equivalent of "#fediblocking" or "blueskyblocking" remote individuals, remote servers, etc, from their own servers.
RIght now worried all they can do is label and hope.
Will keep digging.
It looks like the plan is that admins can effectively "defederate."
https://blueskyweb.xyz/blog/3-2-2023-bluesky-beta-app
And glancing at the repo, it looks like even if they didn't plan for this, a fork could make those changes here:
https://github.com/bluesky-social/indigo
I peeked at the api and the indexer. It looks like you could make instances that you don't like, invisible to you and your users. Or require that content go through your moderator plugin first. Etc.
Thanks, do you mean this language?
" if you decide you want to host your own server...you can also switch over to doing that. If you don’t like the way we show you posts or moderate your experience, you can switch services without losing your friends or data, or swap out your feed or moderators though a plugin ecosystem."
I just wish that were clearer on moderation details: Seems all user-based not on admin/server based.
@lauren @mekkaokereke @tchambers @rysiek
It's still unclear to me who sets those tags and whether this mechanism can be abused to censor content “uncomfortable to power”. Let's say that some of the large-ish instances start blocking specific content tags (e.g. racism or self-harm) altogether. Could this be used by bot networks to tag unrelated content this way to prevent it from federating?
@mekkaokereke @tchambers @lauren @rysiek
Looks like the #bluesky crew are going to build a commercial friendly version of the #OMN project. We can learn from this to build the #openweb version... they are actually doing, where we are at the sqobaling stage. So we might need some focus ;)
Yeah, I made this sequence of faces 🤨😮😫 when I realized that we were all rushing to bind our DIDs to DNS entries that we registered for and paid for with credit cards.
@mekkaokereke I think the steganographic risk, is also a canard, but I would defer to @jnazario's expertise in such realms (I seem to recall he gave a presentation at CanSecWest maybe prior to 2005 on such subjects in real world data and also collaborated with Niels Provos on prior research and is cited in Provos' 2001 paper).
p.s.
Warez is a solution. The problem was commercializing software. You've got that world view completely backwards.
Lauren Weinstein
Tim Chambers
Michał "rysiek" Woźniak · 🇺🇦
mekka okereke 
Irene Cassidy
グレェ「grey」
Allan Chow
Oblomov
αxel simon ↙︎↙︎↙︎
Admin