Mastodon—and the pros and cons of moving beyond Big Tech gatekeepers
robi last edited by robi
Good references to many Masto projects, including RSS to A/P integrations.
Article Full text:
NOT EXTINCT —
Standards-based interoperability makes a comeback, sort of.
Aurich Lawson | Getty Images
As Elon Musk's Category 5 tweetstorm continues, the once-obscure Mastodon social network has been gaining over 1,000 new refugees per hour, every hour, bringing its user count to about eight million.
Joining as a user is pretty easy. More than enough ex-Twitterers are happy finding a Mastodon instance via joinmastodon.org, getting a list of handles for their Twitter friends via Movetodon, and carrying on as before.
But what new converts may not realize is that Mastodon is just the most prominent node in a much broader movement to change the nature of the web.
With a core goal of decentralization, Mastodon and its kin are "federated," meaning you are welcome to put up a server as a home base for friends and colleagues (an "instance"), and users on all instances can communicate with users on yours. The most common metaphor is email, where yahoo.com, uchicago.edu, and condenast.com all host a local collection of users, but anybody can send messages to anybody else via standard messaging protocols. With cosmic ambitions, the new federation of freely communicating instances is called "the Fediverse."
I started using Mastodon in mid-2017 when I faintly heard the initial buzz. I found that the people who inhabited a world whose first major selling point was its decentralized network topology were geeky and countercultural. There were no #brands. Servers were (and are) operated by academic institutions, journalists, hobbyists, and activists in the LGBTQ+ community. The organizers of one instance, scholar.social, run an annual seminar series, where I have presented.
The decentralization aspect that was such a selling point for me was also a core design goal for Mastodon and the predecessors it built upon, such as GNU Social. In an interview with Time, lead developer Eugen Rochko said that he began development of Mastodon in 2016 because Twitter was becoming too centralized and too important to discourse. "Maybe it should not be in the hands of a single corporation,” he said. His desire to build a new system “was generally related to a feeling of distrust of the top-down control that Twitter exercised."
As with many a web app, Mastodon is a duct taping together of components and standards; hosting or interacting with a Mastodon instance requires some familiarity with all of these. Among them, and the headliner at the heart of The Fediverse, is the ActivityPub standard of the World Wide Web Consortium (W3C), which specifies how actors on the network are defined and interact.
Mastodon and ActivityPub evolved at about the same time, with Mastodon's first major release in early 2017 and ActivityPub finalized as a standard by the W3C in January 2018. Mastodon quickly adopted ActivityPub, and it has become such a focus of use that many forget that ActivityPub is usable in many contexts beyond reporting what users had for lunch.
Like Mastodon, ActivityPub represents a rebellion against an increasingly centralized web. Christine Lemmer-Webber is the lead author of the 2018 ActivityPub standard, based on prior work led by Evan Prodromou on another service called pump.io. Lemmer-Webber tells Ars that, when developing the ActivityPub standard, "We were like the only standards group at the W3C that didn't have corporate involvement... None of the big players wanted to do it."
She felt that ActivityPub was a success for the idea of decentralization even before its multi-million user bump over the last few months. "The assumptions that you might have, that only the big players can play, turned out to be false. And I think that that should be really inspiring to everybody," she said. "It's inspiring to me."
The idea of an open web where actors use common standards to communicate is as old as, well, the web. "The dreams of the 90s are alive in the Fediverse," Lemmer-Webber told me.
In the late '00s, there were more than enough siloed, incompatible networking and sharing systems like Boxee, Flickr, Brightkite, Last.fm, Flux, Ma.gnolia, Windows Live, Foursquare, Facebook, and many others we loved, hated, forgot about, or wish we could forget about. Various independent efforts to standardize interoperation across silos generally coalesced into the Activity Streams v1 standard.
Both the original Activity Streams standard, and the current W3C Activity Streams 2.0 standard used by Mastodon and friends, offer a grammar for expressing things a user might do, like "create a post" or "like a post with a given ID" or "request to befriend a certain user." The vocabulary one would use with this grammar is split into its own sub-standard, the Activity Vocabulary.
Now that we have a way to express a person's stream of thought and action in JSON blobs, where do all these streams go? The ActivityPub standard is an actor-based model which specifies that servers should have a profile for each actor providing a universal resource indicator (URI) for each actor's inbox and outbox. Actors can send a GET request to their own inbox to see what the actors they follow have been posting, or they can GET another actor's outbox to see what that specific actor has been posting. A POST request to a friend's inbox places a message there; a POST request to the user's own outbox posts messages for all (with the right permissions). The standard specifies that these various in- and outboxes hold activities in sequential order, much like our familiar social media timelines.
(PS: If you want to see what an activity stream looks like, and your browser renders JSON nicely, just grab a random outbox and have a look.)
Here we have the vision of the Fediverse: a set of ActivityPub nodes, scattered across the globe, all speaking a common language. Mastodon is one of many efforts to implement the inboxes and outboxes of the ActivityPub standard. There are dozens of others, ranging from other microblogging platforms ("It's like Mastodon, but...") to an ActivityPub server that runs a chess club.
In theory, they all intercommunicate; in practice, not so much. The sources of incompatibility stem from several issues, from imperfections in the standard to questions of how online communities should form to efforts to reach beyond the standard post/comment/follow format of typical social networks.
Different instances for different goals
The differences among ActivityPub-based social networks often reflect different visions of what socialization online can look like.
Darius Kazemi, now a senior engineer at fact-checking and content-moderation nonprofit Meedan, spent a year as a Mozilla Open Web Fellow developing a guide to the many decisions that must be made for an online community to fully function. He told me about the "global governance problem, which is that it's impossible to make a set of governance rules that a billion people can agree to. But it is possible to make a set of governance rules that 50 or 100 people mostly agree to. And so I like this as a chance for people with aligned values to get together and decide on what their own governance and guidelines look like."
Twitter’s global guidelines lean toward Silicon Valley-style free speech absolutism, in which everybody has the right to speak and be heard (and never shadow-banned). Vulnerable users increasingly felt the effects of Karl Popper's Paradox of Tolerance, that if we include in a more tolerant discussion those who are less tolerant, they will prevent the discussion from being fully open. (Thus, in Popper's view, some level of "intolerance towards intolerance" must be exercised even by the tolerant.) In a 2021 report, the Gay & Lesbian Alliance Against Defamation (GLAAD) bluntly stated that, "Surveying the current landscape of leading social media platforms, the entire sector is effectively unsafe for LGBTQ users."
Lemmer-Webber drew a direct line from problems on other social networks to the development of a network where local controls are built in. "Queer people built the Fediverse," she said, adding that four of the five authors of the ActivityPub standard identify as queer. As a result, protections against undesired interaction are built into ActivityPub and the various front ends. Systems for blocking entire instances with a culture of trolling can save users the exhausting process of blocking one troll at a time. If a post includes a “summary” field, Mastodon uses that summary as a content warning.
Other governance questions are more subtle, because features for greater privacy, almost by definition, limit the discovery and exploration we also look for in a social network. For example, the question of whether Mastodon should allow instance-only posts that do not go out to the Fediverse at large has been especially contentious. The final decision leaned toward discoverability, so Kazemi forked Mastodon to create Hometown, which includes this more-limited sharing option and various improvements.
If you want to run an instance to bring local friends onto the Fediverse, the first question is which platform to base it on. Lemmer-Webber recommends that those who want a single- or few-user instance try Misskey. Pleorama, with a less discovery-focused project governance group, has its own how-to for installing it onto various flavors of Linux. Mastodon, as the incumbent, has some pre-built packages that offer a relatively turnkey setup, or follow the full step-by-step procedure.
Building your own ActivityPub server (or trying to)
ActivityPub is not perfect. Tom MacWright, a software developer in Brooklyn, has firsthand experience with the pitfalls of ActivityPub. As an experiment, he tried to turn his photo blog into an actor that could be followed by users via their Mastodon accounts. It worked in the end—and you can search for @firstname.lastname@example.org from your Mastodon instance to follow his photography—but it wasn't easy.
"I initially came at it from the perspective that I could just read the specifications and follow those, which is an approach that works for some specifications, but it definitely did not in this case," he said.
For example, Mastodon demands that ActivityPub actors interacting with a Mastodon instance be discoverable via the WebFinger standard, which in practice means a GET request to /.well-known/webfinger?resource=acct:email@example.com will return sampleactor's ActivityPub-formatted information. Not complicated, but it's not in the ActivityPub standard, and it's one more moving part to think about.
Activities also have to be signed by the sender via HTTP signatures. MacWright's approach to reading the spec failed here, too. "There's a specification (for signatures) that somebody tried to write and never got approved," he said. "The ActivityPub spec is like, 'You can use encryption or you can not use encryption.'" Meanwhile, Rochko explained in this blog about faking an ActivityPub server to post a reply to a Mastodon post, HTTP signatures are mandatory when corresponding with Mastodon—and because Mastodon is the metaphorical 800-pound gorilla of ActivityPub applications, that means HTTP signatures are mandatory. (MacWright eventually based his final photo blog actor on a barebones ActivityPub server by Kazemi.)
Fediverse.party lists around a hundred ActivityPub-based systems, many going well beyond the traditional social network. There's Pixelfed, which provides a Fediverse instance with an images-forward front end ("It's like Instagram, but..."). You can share video with PeerTube or federate your music via a Funkwhale instance, write collaboratively on Write freely or dokieli, review books and form your book club on BookWyrm, or plan events using Kazemi's gath.io.
Kazemi is optimistic about coming full circle and using ActivityPub as the next RSS. "I hope it's even better. I hope it's even more widely adopted than RSS was back in its heyday," he said. While we chatted, he set up @firstname.lastname@example.org, an ActivityPub actor republishing everything on Ars' main RSS feed; search for it from your Mastodon, Pleroma, or Misskey instance, follow it, and you can retire that RSS reader you keep only to check for Ars articles.
But almost all of these new applications beyond social posting have to extend—i.e., deviate from—the standard. On its front page, Pixelfed describes itself as fully Mastodon compliant, but MacWright found that the fine print added requirements regarding Pixelfed's Activity Vocabulary dialect but not many details about how those work. Such diverse uses could enrich the Fediverse—or spin it apart.
Is this time different?
What's next? The Fediverse may remain a host of small hosts. But there are economies of scale. In the federation model, a small, ragtag community sharing an instance is now stuck paying the server bill.
In terms of skill and time costs, the preparation for many of the systems on the Fediverse is as easy as "just spin up a Docker container on a Raspberry Pi." Of course, most people cannot understand and execute that (relatively) simple instruction.
Or the Fediverse may centralize. Large instances can be bought. The CEO of Tumblr has promised to implement ActivityPub ASAP, and with 135 million monthly active users, that could make Tumblr the bright giant around which the rest of the Fediverse revolves. MacWright speculates that in such a case, “Inevitably everyone's gonna get grumpy that they're dominating the standard and it's no longer an Indieweb thing, and the cycle starts over.”