Mastodon and today's fediverse are unsafe by design and unsafe by default

rob299 , 7 months ago

wait what??~~ what??!! the fediverse has been nothing less than supportive of a lot of these marginalised groups. as soon as I saw the headline my jaw dropped. where.is.your.evidence.?

thenexusofprivacy OP , 7 months ago

If you read the article and follow the links you’ll find plenty of evidence. The Whiteness of Mastodon, A breaking point for the queer community, and Dogpiling, weaponized content warning discourse, and a fig leaf for mundane white supremacy are three places to start.

rob299 , 7 months ago

ok, but what about the fact that most of the instances have policies meant to protect these groups, which happens to be most of them if not all of them? Since it is a federated service alot of the instance most users use, will usually defederate from other instances not moderating to their standards once they are aware, but sadly not all of them. That’s the point of federation so that one person can’t control every single detail of what happens for their own gains. That’s why the users on Mastodon broke away from Youtube, Twitter and Facebook.

Sure there are going to be instances that just so happen to exist that might not moderate for or even, appreciate these groups as much, at that point if you were to sign up to such an instance, you might want to switch instances to avoid such content.

Would I go as far as to say, that it is unsafe by design? No i’d say that the fediverse is meant to be safer by design for all people from all sorts of backgrounds with different viewpoints. and depending on where you join, then that will determine how safe the fediverse is for you as a person.

Did you know that if you find an instance that’s not within your local instance while prowsing and searching say Mastodon, that you can block that instance from showing up entirely?

also that marginalized groups of people had even had better experiences on the fediverse than on Twitter and other places as some seem to even claimed on your own post here.

dameoutlaw , 7 months ago

What marginalised groups? I can assure you Black people wee not included in that group

glacier , 7 months ago

As a trans person, I feel far safer on Lemmy and mastodon than I ever did on any other social media.

thenexusofprivacy OP , 7 months ago

That’s great! And a lot of trans people I’ve talked with on Mastodon say similar things, which is also great. But a lot don’t. It depends a lot on the instance you wind up choosing. So the people who stay wind up as a self-selecting sample.

cerevant , 7 months ago

Say you don’t understand the fediverse without saying you don’t understand the fediverse.

By these standards:

• The web is unsafe by default
• Email is unsafe by default

In all three cases, your safety is determined by the home you choose, and who/what you choose to interact with.

scrubbles , 7 months ago

I really don’t know where this notion of the Internet is safe and you get privacy came from. I was taught 25 years ago that neither of those were true.

sagrotan , 7 months ago

Nothing is ultimately safe, life is uncertainty. That doesn’t mean one should not care about privacy, but it’s apparently very difficult to tell people to use human sense and that pink mass between their ears. If I wanna use a wood planer, I should first learn at least the basics. They all want something “that just works”. Newsflash, nothing “just works”, paleolithic people knew that already.

nicetriangle , 7 months ago

Welcome to the fuckin internet and humanity in general, for that matter.

Dioxide3667 , 7 months ago

deleted_by_author

Neato , 7 months ago

It's in the article.

Jaysyn , 7 months ago

For that I guess you have to click on their website, which I have 0 interest in doing.

1984 , 7 months ago

Total bullshit article.

If anything, I’ve seen more LGBT people here and on Mastadon than anywhere else on the entire internet.

I think the community doesn’t particularly care if you are LGBT or whatever else you are. Does not matter.

thenexusofprivacy OP , 7 months ago

Total bullshit response. Yes, there are a lot of LGBT people on the fediverse. There’s also a lot of homophobia and transphobia on the fediverse. And the instances run by nazis and terfs very much care if you’re trans and will harass you just as much on the fediverse as anywhere else.

1984 , 7 months ago

Yes the fediverse is like society in general since it’s people here. That doesn’t mean it’s unsafe any more then real life is unsafe if you do stupid things, like go into unsafe areas of the city at night.

You need to find an instance that is friendly, which is not hard to do.

SuperSleuth , 7 months ago

Firstly, WTF is LGBTAIQ2S+?. Secondly, I haven’t experienced any more bigotry here than I would on any other social media platform.

SmashingSquid , 7 months ago

This is the first time I’ve seen this one. Best result I saw from 30 seconds of googling:

In 2020, the National Runaway Safeline (NRS) began using LGBTQIA2S+ to recognize those who identify as “Two-Spirit.” This phrase refers to people who identify as having both a masculine and feminine spirit, and is used by some Indigenous and Native communities.

“Two-Spirit” describes the cultural-specific understanding for the diverse gender traditions of Indigenous and Native people. Historically, Two-Spirit people were among the most respected in their communities, often serving as community healers, ceremonial leaders or caregivers to the elderly or orphaned children. This is consistent across many cultures who experienced extreme oppression and intergenerational trauma through periods of colonization. Today, young people who identify as Two-Spirit may suffer from inequalities perpetuated by a legacy of discriminatory laws and policies.
Source: National Runaway Safeline

p03locke , 7 months ago

A terrible idea by the LGBT community to expand the definition, when they thought they already “won” the battle and wanted to expand their scope, completely ignoring how marginalized the trans community was at that point, and how much was still left to fight for LGB rights. People quickly objected and most threw away the dumb acronym.

be_excellent_to_each_other , 7 months ago

I kinda thought the ever-expanding acronym problem was being informally solved by a gradual transition to just saying "Queer."

I am not a member of any of the groups that would fall under that categorization though, so I may be wrong.

thenexusofprivacy OP , 7 months ago

It’s tricky … many people do use “queer” as an umbrella term, but a lot of trans people don’t like being lumped under that, and some lesbian, gay, bi, and agender people don’t consider themselves queer. There aren’t great answers.

thenexusofprivacy OP , 7 months ago

From the article:

I’m using LGBTQIA2S+ as a shorthand for lesbian, gay, gender non-conforming, genderqueer, bi, trans, queer, intersex, asexual, agender, two-sprit, and others (including non-binary people) who are not straight, cis, and heteronormative. Julia Serrano’s trans, gender, sexuality, and activism glossary has definitions for most of terms, and discusses the tensions between ever-growing and always incomplete acronyms and more abstract terms like “gender and sexual minorities”. OACAS Library Guides’ Two-spirit identities page goes into more detail on this often-overlooked intersectional aspect of non-cis identity.

SuperSleuth , 7 months ago

Crap, we’re actually supposed to read the article?

TheBeege , 7 months ago

Maybe I’m part of the problem, and if so, please educate me, but I’m not understanding why blocking is ineffective…?

And block lists seem like an effective method to me.

The security improvements described seem reasonable, so it would be nice to get those merged.

I understand that curation and block lists require effort, but that’s the nature of an open platform. If you don’t want an open platform, that’s cool, too. Just create an instance that’s defederated by default and whitelist, then create a sectioned-off Fediverse of instances that align with your moderation principles.

I feel like I’ve gotta be missing something here. These solutions seem painfully obvious, but that usually means I’m missing some key caveat. Can someone fill me in?

MHLoppy , 7 months ago

I’m not understanding why blocking is ineffective…?

As I understand it, because it requires harm to be experienced before the negating action is taken.

A parallel might be having malware infect a system before it can be identified and removed (harm experienced -> future harm negated), vs proactively preventing malware from infecting the system in the first place (no harm experienced before negation).

Haui , 7 months ago

Which is exactly how the real world works. Harm has to be identified to suggest solutions. Otherwise you‘re becoming the helicopter parent that denies their kid every opportunity to learn and cause allergies and other bad outcomes. Translated back to the fediverse: it is great the way it is and improvements are always encouraged. We have much bigger and more pressing issues. This is not it.

MHLoppy , 7 months ago (edited 7 months ago)

Which is exactly how the real world works. Harm has to be identified to suggest solutions.

According to the submission, some harms have been identified, and some solutions have been suggested [that could reduce the same and similar harms from occurring to new and existing users] (but mostly it sounds like a "more work needs to be done" thing).

I imagine your perspective on the issues being discussed are different from those of the author. The helicopter parent analogy makes sense in a low-danger environment; I think what the author has suggested is that some people don't feel like it's a low-danger environment for them to be in (though I of course -- not being the author or one such person -- may be mistaken).

Edit: [clarified] because I realised it might seem contradictory if read literally.

TheBeege , 7 months ago

This makes sense, especially considering the features the author cited. The by design parts may just be for clickbait purposes

thenexusofprivacy OP , 7 months ago

At some level you’re not missing anything: there are obvious solutions, and they’re largely ignored. Blocking is effective, and it’s a key part of why some instances actually do provide good experiences; and an allow-list approach works well. But, those aren’t the default; so new instances don’t start out blocking anybody. And, most instances only block the worst-of-the-worst; there’s a lot of stuff that comes from large open-registration instances like .social and .world that relatively few instances block or even limit.

Dirk , 7 months ago

I was hoping for an article about the various massive technical and legal issues it has, but oh well.

thenexusofprivacy OP , 7 months ago

If you’re looking for more of a technical deep dive, check out Threat modeling Meta, the fediverse, and privacy

wiase , 7 months ago

Thanks, enlightening text. I think, the biggest problems w/ blocklists are “guilt by association” (you lose all your connections because someone on your server was being problematic - I feel oftentimes account-based blocking should be the first choice) and these lists being created and maintained by a small group of people who are all more or less friends. On the other hand - as you pointed out - for now, they seem the most feasible option to provide at least some kind of protection. Not sure, if there will ever be a solution that fits all. Probably not.

thenexusofprivacy OP , 7 months ago

Thanks, glad you liked it. Agreed that blocklists (while currently necessary) have big problems, it would really be great if we had other good tools and they were much more of a last resort … I’ll talk more about that in a later installment.

Killing_Spark , 7 months ago

I mean, I guess the point they are making: “Keeping the fediverse an enjoyable experience is hard work by design” is kind of true.

But I would be very interested in how you can exclude hate speech “by design”

TheInsane42 , 7 months ago

Make it impossible for people to use it?

Wherever there are people, there will be nastiness. No matter the reason, some are jerks just because they can.

Killing_Spark , 7 months ago

Yeah that was kinda my point. There isn’t a “by design” solution to people being people

TheInsane42 , 7 months ago

You could build something that prevents people from being offended. Let them answer simple questions like are you offenden by . If they answer yes, no allowed to join.

I get the feeling that more and more snowflakes are easily offended and the nastiness is partly trolling as they like to offend. (and sometimes the offended like to be offended)

Maybe the only solution is sulfuric acid. (or alcohol)

Killing_Spark , 7 months ago

You could build something that prevents people from being offended. Let them answer simple questions like are you offenden by . If they answer yes, no allowed to join.

That would still require posts or communities to reliably label their contents correctly right?

Maybe the only solution is sulfuric acid. (or alcohol)

I strongly belief that if we all strived to get the maximum amount of alcohol into our bellies instead of the maximum amount of money into our accounts society would be much nicer.

TheInsane42 , 6 months ago

I’m not sure about the latter. I get drowsy when drunk and fall asleep. Others have a ‘bad drunk’ and get violent.

nicetriangle , 7 months ago

Keeping society enjoyable/safe/functional/etc is hard work by design. That's just the way humanity is. Sucks it has to be this way, but we're fundamentally flawed.

You patch one hole in your defenses against destabilization and another one will spring up eventually. It's always a work in progress.

thenexusofprivacy OP , 7 months ago

I’ll get to that in a followon post, but one straightforward way to make progress is to change some of the defaults

haui_lemmy , 7 months ago

The exact opposite is true. I am part of a very small minority and I made my own fediverse instances. Everyone who tries to go ableist/racist/misogynist or whathaveyou gets the boot. Very easy solution indeed.

The issue right now is how hard it is to set up an instance. In my opinion, every router on the world should have instances running (and tunneled to not dox themselves) so people are not dependent on big instances.

I would downvote this since it’s misleading af but it also sparks debate so I‘ll refrain.

p03locke , 7 months ago

In my opinion, every router on the world should have instances running (and tunneled to not dox themselves) so people are not dependent on big instances.

That would be a security and moderation nightmare. Moderating an instance is a tough job, and not everybody wants to take on that job.

haui_lemmy , 7 months ago

That could be a moderation and security nightmare. But so could everything else you do.

Running a demilitarized zone to host lemmy for example does nothing for your home network since it is cut off from it. The important part is having automatic updates and smart interface to make configuration easy. I‘m not saying everyone should be doing it, I‘m saying everyone should be able to.

Moderation is no problem either. If only people in your home network are allowed to register, you have only them to police. And stuff from outside gets reported to one or multiple mods and deleted/blocked/defederated. Problem solved.

I don’t see a problem at all. Its still ways off atm but I can see it working.

p03locke , 7 months ago

If only people in your home network are allowed to register

Well, that’s one critical detail you didn’t specify. But, that still doesn’t account for the need for software updates, and hacking attempts. Also, why would anybody subscribe a community on a Lemmy instance with almost nobody on it?

haui_lemmy , 7 months ago

Yes, i didn’t specify that because for me, it was obvious, sorry.

I‘m not sure you know how federation works. If one person subscribes to a one person instances community, that community gets federated. It is suddenly visible like it is on the big instance the one user came from.

It’s not important that your instance is small. You need good content.

originalucifer , 7 months ago

i think this will happen. the fediverse software field is literally in its infancy. i cant believe people are complaining rigfht now when so many products havent even reached 1.0, but are getting close.

and seeing these products from the inside, these are not products that are impossible to one-click install for non-tech folks.. its going to happen.

you will absolutely see 3rd parties spin up services to auto-deploy a functioning fediverse server much the way a wordpress site is created. but its not now... maybe soon.

haui_lemmy , 7 months ago

Thank you. This is essentially what I thought but couldn’t phrase like you did. There are already companies who spin up and host on demand like a wordpress site. We‘re most of the way there. We just need peeps to refrain from spinning the story the opposite way. People will read it and some will believe it, losing out on the opportunity. The author of the article tried to explain to me that they did mention that the fediverse has come a long way (which is far short from what you and I are trying to say). This shows me that some people just cant judge the huge potential and the fact that human discipline or lack thereof is more of a problem than software atm.

thenexusofprivacy OP , 7 months ago

I didn’t say the fediverse has come a long way. I said that many people on well-moderated instances have good experiences – which has been true since 2017. In general though I’d say there was a brief period of rapid progress on this front in the early days of Mastodon in 2016/2017, and since then progress has been minimal. Lemmy for example has much weak moderation functionality than Mastodon. Akkoma, Bonfire, Hubzilla etc are better but have minimal adoption.

And @originallucifer Ipeople have been complaining about this for years – it was an issue in 2011 with Diaspora, 2016 with Gnu social, 2017 with Mastodon, etc etc etc – so it’s not a matter of fediverse software as a whole being in its infancy. Even Lemmy’s been around for almost four years at this point. It’s just that the developers haven’t prioritized this.

haui_lemmy , 7 months ago

Okay, since you make me search for it, here:

As I say in the article: Despite these problems, many people on well-moderated instances have very positive experiences in today’s fediverse. Especially for small-to-medium-size instances, for experienced moderators even Mastodon’s tools can be good enough. However, many instances aren’t well-moderated. So many people have very negative experiences in today’s fediverse.

This is what I interpreted as „come a long way“. Make of it what you will.

And to your other claims: start asking yourself why the others are „better“ in your opninion but don’t have high adoption. The answer is pretty straight forward as you have been told by everyone else in this thread:

Mastodon and the fediverse works like a charm. People love it. But we need to stay focused to improve and steel against human nature.

Have a good one.

thenexusofprivacy OP , 7 months ago

As I say in the article:

Despite these problems, many people on well-moderated instances have very positive experiences in today’s fediverse. Especially for small-to-medium-size instances, for experienced moderators even Mastodon’s tools can be good enough.

However, many instances aren’t well-moderated. So many people have very negative experiences in today’s fediverse.

haui_lemmy , 7 months ago

Thats part of a fair assessment. As I said, the issue is people flocking to one place. It is human nature, not the fediverse that is fallible. We need better routines, not changes in the (particular) code.

n3cr0 , 7 months ago

This place only unsafe for trolls. And that’s a good thing.

jeffhykin , 7 months ago

Not even just trolls, I have yet to come across a clearly-bad post that wasn’t already downvoted to oblivion, or a clearly-good post that had a negative total. And the csam response? Straight up world-class defense system faster than any megacorp could’ve scrambled together.

Lemmy users are anything but passive when it comes to trash showing up in the feed.