Notices by The Nexus of Privacy (thenexusofprivacy@infosec.exchange)

@cheeaun just wanted to say how impressed I am with what you've done with Phanpy! It's a great example of what @mekkaokereke said in the first post in the thread about how great UX is possible without VC money. I really hope that you're getting the compensation (in whatever form you're looking for) that you deserve -- and if not yet, I hope that happens in 2025!

The official Mastodon web user interface and mobile apps aren't great from an accessibility perspective. Fortunately there are some better alternatives – and many of them also work with Mastodon-compatible software like Glitch, Hometown, GoToSocial, Akkoma, and Friendica.

https://privacy.thenexus.today/mastodon-accessibility-resources/

This is a draft, and I'm sure I missed a lot. Feedback welcome!

#mastodon #fediverse #accessibility

@dansup starter packs are certainly useful functionality. A couple questions, based on problems I've seen with Bluesky:

• are they opt-in?
  
• if not, do people get notified when they're added to a starter pack?
• how do people remove themselves?

EDIT: also, will they pay attention to existing opt-out / opt-in signals? @julian had some thoughts on that at
https://fietkau.social/@julian/113469285233683859

Recommendations for accessible fediverse software?

I'm working on a blog post for people thinking of joining the fediverse and want to include this information!

Here's what I think I know so far (although might be wrong) ... other suggestions welcome

Mastodon's web UI is pretty good from accessibility perspective, but has some issues.

Pinafore used to be the most accessible web UI but isn't maintained anymore. Semaphpore is a fork doesn't seem to have had any updates in the last year, so I'm not sure of its status. Enafore is another fork but it's described as "somewhat unstable".

I haven't seen anything about what Mastodon mobile apps are better or worse from an accessibility perspective.

For Lemmy, OurBlind says that moderators have and continue to work with the developers to improve accessibility; Thunder, a Lemmy app for iOS and Android, performs well; and Mlem developers are implementing native accessibiity.

#accessibility #a11y #fediverse

@everton137 No, there wasn't a lot of discussion at #FediForum of the implications of and reasons for Brazilians signing up for #Bluesky instead of the ActivityPub based #fediverse.

I agree that it's not the similarities to Orkut aren't the main reason. Lula's tweet was certainly a big factor but it had already started before that. In https://privacy.thenexus.today/bluesky-atmosphere-fediverse/ I wrote

"Bluesky addresses many (although certainly not all) of the issues newcomers to the Mastodon faced in 2022, and has paid a lot of attention to onboarding and usability. So today's Bluesky is a much better Twitter alternative for most people than Mastodon of 2022 – or today's Mastodon."

and I'm planning on going in to detail on that in a follow-up post ... but, one simple example: there are no Braziliian instances listed on joinmastodon.org. https://mastodon.br-linux.org/instancias/ is useful but how is anybody supposed to find it?

Instances in the free fediverses should consider "transitive defederation" from instances that federate with Meta

https://privacy.thenexus.today/consider-transitively-defederatiion/

Part 7 of Strategies for the free fediverses

Transitive defederation -- defederating from instances that federate with Threads as well as defederating from Threads -- isn't likely to be an all-or-nothing thing in the free fediverses. Tradeoffs are different for different people and instances. This is one of the strengths of the fediverse, so however much transitive defederation there winds up being, I see it as overall as a positive thing -- although also messy and complicated.

So the recommendation here is for instances to *consider* #TransitiveDefederation: discuss, and decide what to do. I've also got some thoughts on how to have the discussion -- and the strategic aspects.

https://privacy.thenexus.today/consider-transitively-defederatiion/

@fediversenews @fediverse #fediverse #fedipact #threads

The free fediverses should work together with people and instances in Meta's fediverses and on Bluesky whose goals and values align with the free fediverse

https://privacy.thenexus.today/work-together-with-metas-fediverses-and-bluesky/

Part 6 of Strategies for the free fediverses

Many of the Meta advocates I've talked to share the free fediverses' long-term goal of building a sustainable alternative to surveillance capitalism -- and the same is true for people on Bluesky. So there are likely to be situations where some of the people and instances in Meta's fediverses and Bluesky wind up as situational allies to the free fediverses.

A few areas where collaboration could be very useful:

- A key principle of organizing is meeting people where they are.

- Moderation on decentralized networks is a shared challenge.

- Bringing concepts similar to Bluesky's custom feeds to the fediverses, and more generally focusing on human-focused and liberatory (as opposed to oppressive) uses of algorithms in decentralized social networks designed from the margins.

- Meta's fediverses, Bluesky, and the free fediverses are all vulnerable to disinformation.

https://privacy.thenexus.today/work-together-with-metas-fediverses-and-bluesky/

#fediverse #threads #bluesky #organizing @fediversenews

The free fediverses should make it easier to move between (and create) instances

Part 5 of Strategies for the Free Fediverse

https://privacy.thenexus.today/make-it-easier-to-move-to-instances-in-the-free-fediverses/

There's likely to be a lot of moving between instances as people and instances sort themselves out into the free fediverses and Meta's fediverses -- and today, moving accounts on the fediverse today. There are lots of straightforward ways to improve it, many of which don't even require improvements to the software. And there are also opportunities to make creating, customizing, and connecting instances easier.

#fediverse #fedipact #threads @fediversenews

The free fediverses should support concentric federations of instances

Part 4 of Strategies for the Free Fediverses

https://privacy.thenexus.today/the-free-fediverses-should-support-concentric-federations-of-instances/

Here's how @zkat describes caracoles: "you essentially ask to join concentric federations of instances ... with smaller caracoles able to vote to federate with entire other caracoles."

And @ophiocephalic's "fedifams" are a similar idea: "Communities could align into fedifams based on whatever conditions of identity, philosophy or interest are relevant to them. Instances allied into fedifams could share resources and mutually support each other in many way"

The idea's a natural match for community-focused, anti-surveillance capitalism free fediverses, fits in well with the Networked Communities model discussed in part 3, and helps address scalability of consent-based federation discussed in Part 2.

https://privacy.thenexus.today/the-free-fediverses-should-support-concentric-federations-of-instances/

#fediverse #fedipact #threads @fediversenews @fediverse

The free fediverses should focus on consent (including consent-based federation), privacy, and safety

https://privacy.thenexus.today/free-fediverses-and-consent/

(Part 2 of "Strategies for the free fediverses")

#fediverse #mastodon #fedipact @fediversenews

Strategies for the free fediverses

https://privacy.thenexus.today/strategies-for-the-free-fediverses/

The fediverse is evolving into different regions

- "Meta's fediverses", federating with Meta to allow communications, potentially using services from Meta such as automated moderation or ad targeting, and potentially harvesting data on Meta's behalf.

- "free fediverses" that reject Meta – and surveillance capitalism more generally

The free fediverses have a lot of advantages over Meta and Meta's fediverses, some of which will be very hard to counter, and clearly have enough critical mass that they'll be just fine.

Here's a set of strategies for the free fediverses to provide a viable alternative to surveillance capitalism. They build on the strengths of today's fediverse at its best – including natural advantages the free fediverses have that Threads and Meta's fediverses will having a very hard time countering – but also are hopefully candid about weaknesses that need to be addressed. It's a long list, so I'll be spreading out over multiple posts; this post currently goes into detail on the first two.

- Opposition to Meta and surveillance capitalism is an appealing position. Highlight it!

- Focus on consent (including consent-based federation), privacy, and safety

- Emphasize "networked communities"

- Support concentric federations of instances and communities

- Consider "transitively defederating" Meta's fediverses (as well as defederating Threads)

- Consider working with people and instances in Meta's fediverses (and Bluesky, Dreamwidth, and other social networks) whose goals and values align with the free fediverses'

- Build a sustainable ecosystem

- Prepare for Meta's (and their allies') attempts to paint the free fediverses in a bad light

- Reduce the dependency on Mastodon

- Prioritize accessibility, which is a huge opportunity

- Commit to anti-fascist, anti-racist, anti-colonial, and pro-LGBTQIA2S+ principles, policies, practices, and norms for the free fediverses

- Organize!

#fediverse #freefediverse #threads @fediverse @fediversenews

The free fediverses should emphasize networked communities

https://privacy.thenexus.today/the-free-fediverses-should-emphasize-networked-communities/

Here's how @lrhodes describes the Networked Communities view:

"instances are valuable for the relations and interactions they facilitate locally AND for their ability to connect you to other parts of the network."

By contrast, @evanprodromou notes that "Big Fedi" advocates typically see instances as typically see the instance as "mostly a dumb pipe." But The Networked Communities view aligns much better with the free fediverses' values – as does the "Social Archipelago" view @noracodes sketches in The Fediverse is Already Dead. Not only that, it's good strategy!

@fediversenews #fediverse #threads #fedipact

@tokyo_0 that's certainly true: "we can't provide the basics of security because our implementation is too inefficient" is a very weak position.

It seems plausible to me that auth fetch would cause problems for a caching mechanism that was originally written without taking auth fetch into account. It could just be that nobody's looked (yet) at how to make it more efficient. But it could also be that each request from a different account really does require separate checking when auth fetch is turned on in ways that aren't the case when it's turned off. I haven't looked at the code let alone run a profiler so dunno. With Claire's PR turning it on, I guess we'll find out!

@Sibilant

@tokyo_0 Claire's comment on the PR btw mentions this still has downsides: "increased resources consumption because of systematic request caching and inability to have reverse proxy caching"

@Sibilant

Embrace, Extend, and Exploit: Meta's plan for ActivityPub, Mastodon and the fediverse

https://privacy.thenexus.today/embrace-extend-and-exploit/

1. Embrace #ActivityPub, , #Mastodon, and the #fediverse

2. Extend ActivityPub, Mastodon, and the fediverse with a very-usable app that provides additional functionality (initially the ability to follow everybody you're following on Instagram, and to communicate with all #Threads users) that isn't available to the rest of the fediverse – as well over time providing additional services and introducing incompatibilities and non-standard improvements to the protocol

3. Exploit ActivityPub, Mastodon, and the fediverse by utilizing them for profit – and also using them selfishly for Meta's own ends

I've heard that for large instances the performance hit can be significant -- it makes caching much harder (or maybe disables it completely). Also, it turns off "post forwarding" (whatever that is) which apparently makes the "missing replies" problem (where you only see part of a conversation due to federation weirdnesses) worse; Byron told me this was an issue on Univeseodon when he tried enabling auth-fetch. I'm not sure about the details of the incompatibiliies, I remember somebody (maybe @hrefna ?) metnioning that Mastodon uses an old draft version of the HTTP signature spec so maybe it has something to do with that.

@tokyo_0 @Sibilant

@anant I often use GoToSocial and Bonfire as examples of newer fediverse platforms that take privacy and other aspects of safety much more seriously. It's not the norm!

@tokyo_0

Compare and contrast: Fediseer, FIRES, and The Bad Space

https://privacy.thenexus.today/fediseer-fires-and-the-bad-space/

The Bad Space is only one of the projects exploring different ways of moving beyond the fediverse's current reliance on instance-level blocking and blocklists. It's especially interesting to compare and contrast The Bad Space with two somewhat-similar projects:

- Fediseer is another instance catalog, including endorsements as well as negative judgments about instances.

- FIRES (an acronym for Fediverse Intelligence Recommendations & Replication Endpoint Server) is infrastructure for moderation advisories and recommendations.

Many thanks to @thisismissem and @Db0 for feedback on earlier versions of this post!

(Part 4 of "Golden opportunities for the fediverse – and whatever comes next")

#TheBadSpace #Fediseer #FIRES #fediverse

Since there's so muich discussion of Meta in the fediverse, it's a good time to call attention to the Stop Silencing Palestine campaign from @7amleh @eff @fight @article19 and other digital rights and human rights groups.

"We renew our call to Meta to stop its systemic censorship of Palestinian voices by overhauling its content moderation practices and policies that continue to restrict content about Palestine. Two years after our initial campaign, our demands remain unmet. Given the ongoing conflict, the urgency for Meta to address our—now updated—recommendations is greater than ever."

https://stopsilencingpalestine.com/

#Meta #StopSilencingPalestine #palestine

@Jain Sorry I missed this comment earlier. Thanks for the feedback.

- agreed that Mastodon's current behavior of just silently ignoring DMs isn't great, I should have mentioned that -- next time I do an edit pass I'll put that in.

I certainly didn't mean to imply that authorized fetch is made to supress others talking about something. Authorized fetch makes blocking more effective. You're right that there are still holes, and I should probably be clearer about that. But, incremental progress is useful. And instances may well decide they need to lock down and only federate with other locked-down instances, different approaches to social networks work for different people.

- agreed that admins could change the settings on follow requests -- although I believe it requires customizing code, so not an option for people using hosted installations (and a hassle for everybody else).