Rob RicciApr 25, 2025

With bluesky (mostly) going down for a few hours today, I got to wondering about how decentralized the fediverse really is in terms of where its servers are hosted. I grabbed a server list from fedidb, with network information coming from ipinfo.io .

[EDIT: I did a better analysis on a dataset of 10x as many servers, see https://discuss.systems/@ricci/114400324446169152 ]

These stats are by the number of *servers* not the number of *users* (maybe I'll run those stats later).

fedidb currently tracks 2,650 servers of various types (Mastodon, pixelfed, lemmy, misskey, peertube, etc)

The fediverse is most vulnerable to disruptions at CloudFlare: 24% of Fediverse servers are behind it. Also note that this means that I don't have real data on where this 24% are located or hosted, since CloudFlare obscures this by design.

Beyond CloudFlare, the fediverse is not too concentrated on any one network. The most popular host, Hertzner, only hosts 14% of fediverse servers, and it falls off fast from there.

Here are the top networks where fediverse servers are hosted:

504 Cloudflare, Inc.
356 Hetzner Online GmbH
130 DigitalOcean, LLC
114 OVH SAS
56 netcup GmbH
55 Amazon.com, Inc.
55 Akamai Connected Cloud
36 Contabo GmbH
33 SAKURA Internet Inc.
32 The Constant Company, LLC
31 Xserver Inc.
28 SCALEWAY S.A.S.
24 Google LLC
23 Oracle Corporation
16 GMO Internet Group, Inc.
14 IONOS SE
14 FranTech Solutions
11 Hostinger International Limited
10 Nubes, LLC

Half of fediverse servers are on networks that host 50 or fewer servers - that's pretty good for resiliency.

There is even more diversity when it comes to BGP prefixes, which is good for resiliency: for example, the cloud providers that have multiple availability zones will generally have them on different prefixes, so this gets closer to giving us a picture of the specific bits of infrastructure the fediverse relies on.

The top BGP prefixes:

55 104.21.48.0/20
50 104.21.16.0/20
48 104.21.64.0/20
41 104.21.32.0/20
41 104.21.0.0/20
38 104.21.80.0/20
32 172.67.128.0/20
31 172.67.144.0/20
28 172.67.208.0/20
28 162.43.0.0/17
27 104.26.0.0/20
26 172.67.192.0/20
26 172.67.176.0/20
23 172.67.160.0/20
19 116.203.0.0/16
17 172.67.64.0/20
17 159.69.0.0/16
16 65.109.0.0/16
14 88.99.0.0/16
14 49.13.0.0/16
13 78.46.0.0/15
13 167.235.0.0/16
13 138.201.0.0/16
11 95.217.0.0/16
11 95.216.0.0/16
11 49.12.0.0/16
11 135.181.0.0/16
10 37.27.0.0/16
10 157.90.0.0/16

75% of fediverse servers are behind BGP prefixes that host 10 or fewer servers, meaning that the fediverse is *very* resilient to large network outages.

Top countries where fediverse servers are hosted:

871 United States
439 Germany
156 France
148 Japan
75 Finland
57 Canada
49 Netherlands
38 United Kingdom
26 Switzerland
26 South Korea
21 Spain
19 Sweden
18 Austria
17 Australia
15 Russia
12 Czech Republic
10 Singapore
10 Italy

And finally, a map of the locations of fediverse servers:
https://ipinfo.io/tools/map/91960023-e8c6-4bee-9b07-721f2c8febab

Show threadRob Ricci
One thing that's interesting to me in this data is that there is actually *much* more consolidation on a few cloud providers in Europe than there is in the US. This is actually somewhat concerning. 81% of fediverse servers in Germany are at Hetzner, 73% of the servers in France are on OVH. By comparison, the most popular American provider, Digital Ocean, hosts only 14% of servers in the US. I don't know how representative this is of cloud usage overall (eg. Digital Ocean is definitely not the top cloud in the US) but it does certainly suggest much more centralization in Europe as compared to the US.
Apr 25, 2025 at 3:02amWeb
Show threadGarrett WollmanApr 25, 2025
@ricci "National champions"
Show threadDaniel GibsonApr 25, 2025
@ricci Hetzner probably is the cheapest provider for real dedicated servers - the regular ones start at $42/month and they even offer older ones (that aren't used in their regular products anymore) starting at $35/month
Show threadRob RicciApr 25, 2025
@Doomed_Daniel whoa that's expensive!
Show threadDaniel GibsonApr 25, 2025
@ricci
Expensive for a dedicated server?
Those are not VPS, you get the whole machine for yourself, bare metal
Show threadRob RicciApr 25, 2025
@Doomed_Daniel Ah, I see, yeah, pretty good price for that!
Show threadDaniel GibsonApr 25, 2025

@ricci Yeah, so I guess if you got a slightly bigger instance that needs more power than a cheapo VPS offers that's quite attractive.

Less attractive is that they sometimes terminate contracts without notice or giving a reason, see https://ursal.zone/@Ursalzona/112259839960115911

or https://woem.men/notes/9ragjwecxwul3nis

Ursalzona :ursa: :v_cadeira: (@[email protected])

Aviso de conteúdo: :alerta: About Hetzner :alerta:

Ursalzona
Show threadKuba Suder • @mackuba.eu on 🦋Apr 27, 2025
@Doomed_Daniel @ricci oof, not nice…
Show threadlesbian propaganda (211695-343)Apr 25, 2025
@Doomed_Daniel @ricci Scaleway is cheaper ^^;
Show threadlesbian propaganda (211695-343)Apr 25, 2025
@Doomed_Daniel @ricci the "Aluminium" classification of servers
Show threadRob RicciApr 25, 2025
@echedellelr @Doomed_Daniel yeah if I was going to host something in Europe, I'd likely go with Scaleway
Show threadwyattApr 25, 2025
@ricci should also be noted that my instance at least is hosted on-premises and just uses a VPS to bounce traffic through.
Show threadRob RicciApr 25, 2025

@wyatt It also appears that a significant number of servers use VPNs

According to ipinfo, here's how many are behind proxies/VPNs:

Top Privacy Services
- Troywell VPN 196 (7.4%)
- TunnelBear 38 (1.4%)
- VPNSecure 8 (0.3%)
- ProtonVPN 7 (0.3%)
- ZoogVPN 5 (0.2%)

... though I never know how much to actually trust what ipinfo thinks is a VPN

Show threadwyattApr 25, 2025
@ricci i'm running an openVPN server on my VPS to tunnel the traffic actually
Show threadRob RicciApr 25, 2025
@wyatt yeah, I do this for my own mailserver too
Show threadAlex NedelcuApr 25, 2025

@ricci That's b/c Hetzner is significantly cheaper than Digital Ocean, you can afford more RAM with it, which is sorely needed for hosting Mastodon.

It's also a mistake to attribute nationality to these servers. I'm not a German citizen and my instance is hosted at Hetzner. I was initially on Digital Ocean, but gave up due to pricing. I have acquaintances from the US hosting at Hetzner as well.

And US shouldn't be compared w/ Germany or France individually, it should be compared w/ whole EU.

Show thread13reak Apr 25, 2025

@ricci

You have to factor in the size. Entire Europe is smaller than the US.

Comparing Germany to Montana would be closest in size.

So how distributed is Fedi in Montana?

Show threadombremadApr 25, 2025

@ricci @13reak hm. No. Absolutely not.

The EU alone (only member states, so not even accounting for the UK) is around 449 million people. The US is around 341 million people.

Show thread13reak Apr 25, 2025

@ombremad @ricci

 

Whaaaaat? The entire country is empty!

Show threadD2Apr 25, 2025
@ricci European # concentration seem less distressing if we think of them as a consolidation like in the us, or look at how concentrated (by state or metro area) the seemingly-diverse US companies are? E.g., 20% overall for hertzner, 16% overall for OVh, etc. the one way, or that NYC/SF (the two digital ocean towns) likely are DCs of several hosting providers?
Show threadStephenApr 25, 2025
@ricci I see this little server isn't mapped (I'm in New Zealand so it's easy to tell) so I would suspect small instances are undercounted...
Show threadRob RicciApr 25, 2025
@stephen yeah I don't know much about how fedidb sources its data but I'm sure that 2.7k seriously undercounts the true number of fediverse servers - but probably tends to miss the smaller ones
Show threadSnep Apr 25, 2025
@ricci My guess is that this is just an issue of availability, both in cheap VPS providers that aren't just using Hetzner or OVH in the background /and/ fast, reliable internet at home someone might want to host behind. Then again, I can imagine many just use a low tier VPS as a reverse proxy or to route IPs from, as that's the cheapest way to just get a public, static IPv4 and offer services behind, eben if they're not running on the same VPS.
Show threadPiko Starsider Apr 25, 2025

@ricci Also keep in mind there's people that host their fedi instances at home but proxy them through a cheap VPS just to avoid exposing their home IP and location. I know of VPSs as cheap as $1/mo.

How many people? That I don't know.

Show threadRob RicciApr 25, 2025
@starsider yeah this would be really interesting to learn!
Show threadErin 💽✨Apr 25, 2025
@ricci if you look at who's behind cloudflare, the US providers score goes up:
https://blog.benjojo.co.uk/post/who-hosts-the-fediverse-instances
Where is all of the fediverse?

Show threadRob RicciApr 25, 2025
@erincandescent Ooh, that's an excellent analysis, very nice way to determine the actual hosting providers behind the CDNs!
Show threadDirk RitterApr 25, 2025

@ricci

Ain't that bad once you treat Germany like Texas and France like California, is it. 🥳

Show threadDragonApr 25, 2025
@ricci that’s likely because both OVH and Hetzner operate at the budget end of the market and are usually somewhat ok
Show threadthe magpieApr 25, 2025
@ricci not sure if this make sense, but I feel like the comparison between USA and Germany or France is not really meaningful or fair, as the latter are smaller countries (and, I assume, have a smaller user base). That would mean that 14% of US servers corresponds to more users than 14% in Germany. On the other hand the number is of course still a valid indicator for the vulnerability of the fediverse in that specific country, and for the vulnerability of that specific community.
Show threadAndré PolykanineApr 25, 2025
@ricci That is even more cocerning given the fact that Hetzner, for example, can block your account without any explanations (google for a Reddit thread about it, it's quite at the top of search results).
Show threadEli the BeardedApr 25, 2025

@ricci

1. How many of the EU ones are from masto-dot-host? I counted about 180 in 2022.

2. All those BGP prefixes are IPv4. I noted a significant number using IPv6 in 2022, but I don't know how many were dual stack.

Show threadRob RicciApr 25, 2025

@elithebearded

1. I didn't specifically capture this, and my 'data pipleine' of one-liner shell scripts doesn't make it easy to go back and check :) However anecdotally based on IP addresses that host many servers, I would guess that they are a substantial fraction of the ones on OVH

2. Yeah I just did A queries for the addresses, since I figured I was more likely to get reasonable geolocation data for those

Show thread🇨🇦Samuel Proulx🇨🇦Apr 25, 2025
@ricci @andrew I’m way more concerned that nearly a quarter of servers are at the well known nazi bar cloudflare.
Show threadIrenes (many)May 1, 2025
@ricci it's worth noting that the fedidb dataset categorically excludes gotosocial due to political differences
Show threadIrenes (many)May 1, 2025
@ricci since gotosocial is specifically designed for the needs of small and individual-user servers, that may skew the data
Show threadRob RicciMay 1, 2025
@ireneista yeah I think the other dataset ended up being better - though it seems not useful for things relating to user counts, as there are many instances listed there with user counts that seem highly improbable
Show threadIrenes (many)May 1, 2025
@ricci ah yep, makes sense
Show threadIrenes (many)May 1, 2025
@ricci there is not consensus that data collection of this kind is a good thing for society, and given that it relies in part on self-reporting by servers, it's not surprising that there are quality issues. still, the analysis is good!
Show threadRob RicciMay 1, 2025
@ireneista yeah and I have no problem with instances and users who don't wish to be analyzed, that's something we should all have a right to
Show threadIrenes (many)May 1, 2025
@ricci for sure