Mississippi, Bluesky, Blacksky, the ATmosphere, Mastodon, and the Fediverse
-
And a companion piece: Can we please stop arguing about whether Bluesky is decentralized?
https://privacy.thenexus.today/can-we-please-stop-arguing-about-whether-bluesky-is-decentralized/
"People who saw Bluesky as centralized nine months ago still see Bluesky as centralized. People who saw Bluesky as decentralized (or decentralizing) nine months ago still see Bluesky as decentralized (or decentralizing). Nobody's changing their minds in response to new information. It's basically the same discussions rehashed again and again.
One thing that's been really striking to me in this latest iteration of this interminable discourse is that so many people in the Fediverse present the fact that 99.99% of Bluesky users are still using infrastructrure run by Bluesky PBC as if it's a gotcha that people advocating for Bluesky and the ATmosphere aren't aware of.
No, actually, ATmosphere developers I talk to are very very aware of these limitations. They just prefer to invest their time and energy in working to improve the situation rather than arguing about the semantics of "decentralization."
That sure seems like a good approach to me.
So can we please stop arguing about this already?"
"They just prefer to invest their time and energy in working to improve the situation..."
OK @thenexusofprivacy working from the assumption that this post isn't some public form of rhetorical self gratification, the obvious question arises:
Since 9 months was not sufficient to "fix" the "situation", why not?
Is the "situation" synonymous with relinquishing corporate control over the central choke-point in the social network's implementation?
There are other places people go to hear "2 weeks bruah... I promise"
-
Mississippi, Bluesky, Blacksky, the ATmosphere, Mastodon, and the Fediverse
New on The Nexus of Privacy!
As well as a summary of the situation (both in the ATmosphere and the Fediverse) and links to a bunch of interesting discussions, there's also a discussion of just why age verification laws are so bad.
@thenexusofprivacy @fediversenews How would the laws apply if individuals setup their own server for just themselves? I assume it would be the same for those utilizing VPNs.
I vaguely remember some fediverse folks discussing the potential of peer-to-peer architecture for next gen decentralized social media.
-
@thenexusofprivacy @fediversenews How would the laws apply if individuals setup their own server for just themselves? I assume it would be the same for those utilizing VPNs.
I vaguely remember some fediverse folks discussing the potential of peer-to-peer architecture for next gen decentralized social media.
It's a very good question. I'm not a lawyer and haven't seen any legal analysis yet. The law is written in terms of users registering accounts, so (as a non-lawyer) it's possible that it might not apply to a single-user instance.
-
And a companion piece: Can we please stop arguing about whether Bluesky is decentralized?
https://privacy.thenexus.today/can-we-please-stop-arguing-about-whether-bluesky-is-decentralized/
"People who saw Bluesky as centralized nine months ago still see Bluesky as centralized. People who saw Bluesky as decentralized (or decentralizing) nine months ago still see Bluesky as decentralized (or decentralizing). Nobody's changing their minds in response to new information. It's basically the same discussions rehashed again and again.
One thing that's been really striking to me in this latest iteration of this interminable discourse is that so many people in the Fediverse present the fact that 99.99% of Bluesky users are still using infrastructrure run by Bluesky PBC as if it's a gotcha that people advocating for Bluesky and the ATmosphere aren't aware of.
No, actually, ATmosphere developers I talk to are very very aware of these limitations. They just prefer to invest their time and energy in working to improve the situation rather than arguing about the semantics of "decentralization."
That sure seems like a good approach to me.
So can we please stop arguing about this already?"
-
@thenexusofprivacy It seems Bluesky is centralized; the ATmosphere is not. <ducks>
@zillion no need to duck, I really don't have any problem with people saying they think Bluesky is centralized -- like I say it comes down to how people define centralized. I just don't want to argue about it!
-
"They just prefer to invest their time and energy in working to improve the situation..."
OK @thenexusofprivacy working from the assumption that this post isn't some public form of rhetorical self gratification, the obvious question arises:
Since 9 months was not sufficient to "fix" the "situation", why not?
Is the "situation" synonymous with relinquishing corporate control over the central choke-point in the social network's implementation?
There are other places people go to hear "2 weeks bruah... I promise"
Since 9 months was not sufficient to "fix" the "situation", why not?
Because it's hard! Nobody's saying "2 weeks", they're (correctly) saying "wow there's a lot to do here, here's a next step."
-
Since 9 months was not sufficient to "fix" the "situation", why not?
Because it's hard! Nobody's saying "2 weeks", they're (correctly) saying "wow there's a lot to do here, here's a next step."
Bullshit @thenexusofprivacy
It's impossible, a manager woln't fix that which his livelyhood depends upon remaining broken. Go blow smoke up someone else's ass you pearl clutching PR douchbag.
-
T thenexusofprivacy@infosec.exchange shared this topic
-
Mississippi, Bluesky, Blacksky, the ATmosphere, Mastodon, and the Fediverse
New on The Nexus of Privacy!
As well as a summary of the situation (both in the ATmosphere and the Fediverse) and links to a bunch of interesting discussions, there's also a discussion of just why age verification laws are so bad.
Mastodon says it doesn’t ‘have the means’ to comply with age verification laws
Oh dear. In my article I had mentioned that the Fediverse's strategy of flying under the raadar has mostly worked out so far, but going forward it'll depend on how aggressive the regulators get. Saying "we can't comply with your laws" is a good way to get regulators to be more aggressive!
More positively, though, great reporting from @Sarahp on TechCrunch.
-
Mastodon says it doesn’t ‘have the means’ to comply with age verification laws
Oh dear. In my article I had mentioned that the Fediverse's strategy of flying under the raadar has mostly worked out so far, but going forward it'll depend on how aggressive the regulators get. Saying "we can't comply with your laws" is a good way to get regulators to be more aggressive!
More positively, though, great reporting from @Sarahp on TechCrunch.
@thenexusofprivacy @Sarahp @fediversenews the techcrunch article is framed so poorly. "Mastodon" isn't a single entity, nor is the fediverse. Each server operator has "The Means" to comply or not comply, but the developer of the open source software does not have "The Means" to make all instances that run its software comply with this.
-
@thenexusofprivacy @Sarahp @fediversenews the techcrunch article is framed so poorly. "Mastodon" isn't a single entity, nor is the fediverse. Each server operator has "The Means" to comply or not comply, but the developer of the open source software does not have "The Means" to make all instances that run its software comply with this.
@thenexusofprivacy @Sarahp @fediversenews
This article makes as much sense as claiming that IRC, XMPP, or Matrix "cant comply because it doesn't have the means to."
-
@thenexusofprivacy @Sarahp @fediversenews the techcrunch article is framed so poorly. "Mastodon" isn't a single entity, nor is the fediverse. Each server operator has "The Means" to comply or not comply, but the developer of the open source software does not have "The Means" to make all instances that run its software comply with this.
Agreed that the fediverse isn't a single entity, I thought @laurenshof's discussion in https://connectedplaces.online/reports/fediverse-report-131/ was quite good at that. And "Mastodon" isn't a single entity either, but in this case it's a statement about every server running Mastodon software:
"the Mastodon software doesn’t support it"
In other words, the developer of the Mastodon open source software has chosen not to give server operators the means to comply.
-
Agreed that the fediverse isn't a single entity, I thought @laurenshof's discussion in https://connectedplaces.online/reports/fediverse-report-131/ was quite good at that. And "Mastodon" isn't a single entity either, but in this case it's a statement about every server running Mastodon software:
"the Mastodon software doesn’t support it"
In other words, the developer of the Mastodon open source software has chosen not to give server operators the means to comply.
@thenexusofprivacy @laurenshof @Sarahp comply in which way? geo blocking or built in age verification?
-
@thenexusofprivacy @Sarahp @fediversenews
This article makes as much sense as claiming that IRC, XMPP, or Matrix "cant comply because it doesn't have the means to."
To be clear I'm not objecting to Mastodon gGmbH's policies here, or even the choice not to provide the functionality, my concern is really with the framing. It's making it very easy for regulators to go after Mastodon instances they don't like and press the app stores to drop the Mastodon app.
-
@thenexusofprivacy @laurenshof @Sarahp comply in which way? geo blocking or built in age verification?
@erin ask Eugen, he said it not me lolsob. it seems like he might have been talking specifically about age verification but not sure. it doesn't have to be built in, it could be an approach like "if server operators choose to use age verification software we provide the means to store the information" (or whatever)
-
@erin ask Eugen, he said it not me lolsob. it seems like he might have been talking specifically about age verification but not sure. it doesn't have to be built in, it could be an approach like "if server operators choose to use age verification software we provide the means to store the information" (or whatever)
@thenexusofprivacy IMO that can be handled pretty well. I make registration approval required, and require the person who applies go through some verification process. Then, in the admin panel, I can set admin only notes about that user, like a unique ID for the entry in some other software that stores their verified ID.
Yes, an external tool would be required to store that information, but it seems like everything you need on the Mastodon side exists for it.
Is this great? not at all, but its a process problem not a technical one IMO.
-
@thenexusofprivacy IMO that can be handled pretty well. I make registration approval required, and require the person who applies go through some verification process. Then, in the admin panel, I can set admin only notes about that user, like a unique ID for the entry in some other software that stores their verified ID.
Yes, an external tool would be required to store that information, but it seems like everything you need on the Mastodon side exists for it.
Is this great? not at all, but its a process problem not a technical one IMO.
@erin i agree -- it's not clear whether that would be enough to satisfy the Online Safety Act, but the Mississippi law just requires "commerically reasonable efforts" which that probably is for a small site so it might well be okay.
So it's a great example of where Mastodon gGmbH could have said "server operators can apply the mthods of age verification that are right for their situation, we' provide the means for them to record information in the system if they choose to do so, the sites our org runs don't do that." But they didn't!
