Somehow found myself arguing with someone who talks about "the fediverse" like it is a) a singular thing and b) a separate thing from bluesky. It helped remind me of a fundamental truth about talking to people who are mad on the internet. What they're mad about is entirely uncorrelated with how well they understand the issues. Anger is an *emotion*. So is fear.
In my commentary about mastodon and bluesky today, I didn't say all that much about my thoughts on the core issues of privacy and consent. That's what most people actually want to fight about. For people who are worried about that, anybody who isn't immediately on their side is the enemy. I'm used to that specific internet dynamic, so I'm not that bothered by it.
What I'm realizing is that I don't wanna talk about that though. Not because I don't care. I do. But there are much smarter people who have spent way more time on those issues. It's a deep and gnarly topic. So I don't have anything to say about it that is smarter than what is already being said by people who are actually *working* on the issues.
Instead, my musings from the peanut gallery are driven by something else that is bothering me as I observe people's evolving relationship with The Fediverse™.
To me, one of the fundamental things to understand about the concept of decentralization and federation is that nobody is "in charge". There's no central authority to appeal to.
In short, who are you yelling at? Who do you expect to "fix" things for you? Right now people are coming down on the guy who is building the bridge to bluesky. That specific guy. They're yelling at him and telling him to make different decisions to protect their personal privacy. Is that what people think they signed up for with the fediverse? Fighting with other individual humans and trying to force them to do what you want?
I keep feeling like I'm missing something. But it seems clear to me that fighting with every other individual in the whole world until you carve out the specific level of visibility that you are comfortable with is a solution that doesn't scale very well.
More importantly though. I thought the whole point of the fediverse as a concept was that each of us can chose a platform that gives us the tools we want so that we're *not* beholden to the choices that other people make.
What's wild about the bluesky bridge thing is that it seems to be trying to follow all of the rules. It's using the same ActivityPub protocol as everyone else. It has a name and the author is trying to make sure it respects everybody else's moderation settings. You can block it or defederate from it. But very few people who I've seen talking about it seem to be placated by that. They're still mad for some reason.
As I was puzzling through that, I landed on what I think is a core issue. People do not feel that the tools necessary to protect themselves *are in their hands*. They're still operating as if they have to ask other people to do the right thing. (Or yell at them as the case may be). Is that a failure of the way mastodon is set up? Have we not gone far enough with "you get to decide how your presence on the internet works"?
If you don't want your content to be bridged to bluesky without your consent, you shouldn't have to fight with anybody except the admin on your local mastodon instance. You can yell at them all you want. I have fewer judgments about that.
Many people have yelled at the bridge guy telling him to make his tool opt-in by default. He shouldn't have to do that. You can make your own instance opt-out by default. Why is that not a preferable solution?
That's not rhetorical. I'm really open to the possibility that I'm missing something. It seems like people who have more concerns about privacy and safety have the ability to organize their mastodon instance so it is locked down by default. And they can open up selectively. Yes, it puts more onus on you to make decisions rather than depending on other people to do the right thing. But again, I guess I thought that was the tradeoff people were making intentionally.
@polotek amazing thread. I really appreciate your thoughts and viewpoint. Given me lots to think about.
Thanks!
@polotek brilliant thread, thank you. I’ve been thinking similar things but in a vague and inarticulate way, I haven’t been able to put words to it.
@polotek how much time is each of us supposed to spend keeping track of what tools and domains we should opt out of, just to maintain the existing state of our networks? How much room in our bio is for us, and how much is for randos to dictate by making us opt out of their crap? What about users who don't speak English or don't happen to see the announcement of these opt-out services as they pop up? If we're not supposed to raise a stink about it, missing announcements is much more likely.
@redoak I'm not telling you what to do about it. Raise as much stink as you want. But I'm not sure why that feels like less work than just turning off open federation.
@polotek sure, better tools is the best long term answer to a lot of the issues being raised by the bluesky bridge. But it's not unreasonable to respond unkindly to someone you've never met showing up and announcing they're going to violate your community norms and expectations just because technically they can.
I didn't say i meant the whole fedi - there are communities here for whom it's true. I don't think there is one Fediverse Community and i don't see any logic to minimizing various parts of the fedi as "only a subgroup" except to justify ignoring their wishes and boundaries.
Me, i do think it should be shut down. If you want to feed Dorsey's Data Mill you are free to register there. We can't take that away from you. But the question at hand for the bridge is opt-in vs opt-out.
@polotek This is the unity of means and ends in action. People are shaped by how they have had to act in the past.
We’ve never had a social network that works this way before. It’s profoundly different, and it’s going to take time to learn and adapt to—in part because people have to exercise those new possibilities to internalize them.
@thedansimonson yeah that's right.
@polotek only thing I'd say in response is, it's not so easy to make your own instance. It requires some time, learning, and money. Not everybody has those resources to spend on social media.
And if your admin has to block an instance to opt out all of their users, it's not a default.
Now, was every bit of this dogpile on the guy necessary? Probably not. But was it necessary to force everyone to yell at their admin/move instances and therefore risk losing connections/make their own server just so the bridge would have more users by default? Definitely not.
@tillshadeisgone I'm not sure you have this right. What you're choosing is a world where you have to yell at every individual who ever tries to federate from outside of mastodon. There's nothing special about this one guy. Somebody else could try the same thing tomorrow. And the day after that. And you don't have control over any of them.
@polotek @tillshadeisgone You're right about that. The ideal solution would be if instance API users had to do delegated authentication via OAuth2. Then anyone could build whatever they wanted, but data would only move around with consent. From there you could elaborate to blocklists, sensible defaults, etc.
@polotek The thing is, with Mastodon software, tools for controlling federation choices (both individually and at the instance level) are very limited in Mastodon. Allow-list federation at the instance level is strongly discouraged by Mastodon and cumbersome to manage; it doesn't exist at the individual level. Anything policy based, which is what you really need to make it scalable, isn't even a concept.
Which is a problem! But it's hard to resolve at the individual level ...
Other fediverse microblogging platforms all have blockers to broader adoption -- functionality isn't fully there yet, horrible UI, not a lot of support from hosting companies, etc. And with most of them, support for controlling federation choices isn't much better. So things are trapped in this weird suboptimal state; and most microblogging resources go to Mastodon, so it's been hard to break out of the cycle.
And there's historically a LOT of resistance in the fediverse to consent-based federation. @anildash talks about how consent's a key often-unstated value in the fediverse, and that's true, but in practice it's also very intermittent. And many (most?) high-profile fediverse "influencers" are in the camp that's actively hostile to consent. So incremental change is hard.
All that being said, great thread, your observations are very on-target!
@jdp23 @anildash @polotek @tillshadeisgone I think (and we have already stated that in other conversations), that at least part of the resistance is the idea that small instance would suffer from consent-based federation. And I know that there are some ideas to overcome that, but it’s not an easy one to solve.
Good point, that's a valid concern and one more reason why opt-in isn't currently seen as practical.
But there's also a philosophical hostility. Mastodon's documentation talks about allow-list federation being contrary to its vision. In a github discussion of bridgy fed, Evan described the suggestion that it should be opt-in as saying that "the fediverse is a place to hide from others" (which of course it isn't but that's how he sees it).
@jdp23 @tillshadeisgone @anildash @polotek Yes, there is this tension between being massively adopted (and promoted) and improving the tool to generate safe spaces.
I don’t think that in the long run they are exclusive, but focus are put on one or the other depending of this views you were commenting.
@polotek @tillshadeisgone An angle I'd like you to think about is how you should respond when someone tells you they're hurting. You could tell them they aren't really & that they need to toughen up, or you could tell them that it's for their own good, or any number of responses. Even if you don't personally understand or relate to someone's situation, I think it's best to say 'I hear you' or show some empathy. People are really afraid of brigading from this.
@sbszine @tillshadeisgone how do you think the bridge guy is doing today? You think he might be hurting at all? I mean people are equating him with Richard Spencer today.
@polotek @sbszine @tillshadeisgone
There's one of him, but he wants to take the content of millions of us.
@polotek @tillshadeisgone I'm not a moral relativist. I'm fine with the one bad guy having a worse time than the many victims. Keep dodging the issue though.
@sbszine @tillshadeisgone I'm not dodging anything. It's you that is pretending that this one guy is your only problem. Or that your strategy for privacy is going around making strident moral arguments to every other human in the entire world to get them to do what is best for you personally. Rather than availing yourself of the tools at your disposal. Good luck with that I guess.
@sbszine @tillshadeisgone "if he's not doing what I want then fuck that guy. But yeah I totally care about protecting other people from harassment. Just not him. Cause fuck that guy."
@polotek @tillshadeisgone Correct. Likewise Donald Trump, Netanyahu et al.
@sbszine @tillshadeisgone trump, netanyahu and some random guy with a laptop. The new axis of evil. This gave me a good laugh. Thanks for that. Sincerely.
@polotek An ad absurdum obviously but you get the idea! Not everyone has equal power and privilege. Bridge guy is nowhere near the Trump level but initially he was oblivious to any ethical or privacy concerns. (His years at Google probably didn't help there either!) This is a common thing I see in tech classrooms, where the people with the privilege to be in tech see end users as a faceless resource or a means to an end.
@sbszine this post is rife with a ton of your own simplistic and presumptuous notions about other people. It's super weird. For the record, I do not "get the idea". Bringing trump and netanyahu into this context was incredibly jarring and did nothing to help you seem more reasonable. And this post only makes it worse. It feels clear to me that you're not a person I want to be talking to. I'm gonna move on. Take care.
@polotek Likewise on all counts.
@polotek @tillshadeisgone As I've said to you elsewhere, I agree this one guy isn't the only problem and my preferred answer to this is delegated authorisation as used by LTIs and the like. Putting pressure on bad actors is the tool at my disposal so I'm doing that. So far it's working, but as I said above it's not my preferred solution.
@sbszine @tillshadeisgone "so far it's working". I think this is the specific part that I disagree with. And I keep asking why people think it's sufficient.
But I get it. That's all people feel empowered to do. So we're gonna just wait around until the bad thing happens. And then be mad about that to anybody who will listen. Being mad in public is the security blanket. I think we understand each other better. Thanks for hanging in there.
@polotek It's a question of how you see protesting and social pressure. Sometimes, yep, it's just people getting mad & nothing is achieved. Sometimes it's effective or maybe just lets you know you're not alone. It's a case by case thing. For me the Iraq invasion protests were unsuccessful but it was good to see the huge worldwide turnout. The pressure has been successful with this bridge thing & I think it's a good result where you can still use the bridge if you want.
@polotek And again, I agree it's not sufficient or sustainable -- the protest has to work every time -- but it's what we have absent a technical solution to our data being flowed to an advertising server like the bsky indexer. If the next bridge or whatever ignores the social pressure then you might see legal action or some sort of technical response. Anyway I'm satisfied with the outcome here where bridge fans can opt in & privacy is the default.
@polotek Hmm, a right to what? A right to have some say in how my data is spread? I don't think that's unfair.
It's already been said down thread, but I don't think the issue is federation itself. The fedi isn't just Mastodon, and most users are aware of that. But Bluesky, like Meta, is very different from an Akkoma or a Misskey. The venture capitalists behind both Meta and Bluesky build wealth over data mining. I can see why that would upset some people, especially because it's not clear that blocking the domains would fully stop data from getting vacuumed up. Many folks came here to stop giving their data wholesale to corporate hell social media companies. I think that makes sense.
Furthermore, I have yet to understand why this guy couldn't have made it opt-in. Why would centering consent have been so impossible, especially given the position he has placed everyone in? I, like many others, just don't think it's fair that folks should have to potentially take major actions like moving instances, starting an instance, etc just because of something they never agreed to.
@tillshadeisgone you do have some say. With your admin and your local insurance. I'm not sure how many ways I have to try to explain this. Your controls over how your data spreads are in your hands. It doesn't require going around the entire world trying to prevent every other human from making decisions you don't agree with. I promise you will fail at that.
@polotek the reason you feel like nobody is hearing what you are saying and that you keep repeating yourself is that you aren't engaging the points being raised.
You're saying there are tools available, we're saying those tools aren't readily available or equally accessible to all users. You don't seem to believe that, but it is the case.
You're saying we're trying to control everyone's behavior, we're saying we're trying to preserve privacy and safety and consent. Opt-in has been suggested and I still don't see why that would have been so terrible or unimaginable. All I've heard you say against it is that he shouldn't have had to do it that way. Why shouldn't he? What is so important about opt out? What right does he have to forcing everyone else to respond to his actions? Why is our concern for privacy less important than his desire for participants?
Finally, I've heard you say a few times that it's unrealistic to try and control how other people behave. Obviously we cannot control other people's decisions. But what, are you arguing we're not supposed to have any reactions to what other people do, ever? Especially when it impacts us? What kind of sense does that make?
@tillshadeisgone I did address the points. Very directly. I understand people have decided to yell at this one guy and try to force him to make his tool opt-in. I don't agree with that strategy, but whatever. My point is what happens when the next guy doesn't even ask you before he does it? Do you expect everyone who tries this to announce it?
@tillshadeisgone my actually point that very few people want to address is if you care about privacy, why aren't you doing anything about your actual privacy? Why are you waiting until somebody announces that they're gonna do something you're uncomfortable with? Why aren't you rethinking the decisions about what instance you joined and what controls you have?
"I'm concerned about harassment on the internet. I guess I have no choice but to join the dogpile on this one guy".
@polotek I mean, my personal answer is that I have done something about it. I've moved servers multiple times and currently I am primarily using an instance that I own.
But as I mentioned earlier, the things I have that allowed me to make those decisions and follow through with those actions are not available to everybody in equal measures. Furthermore, migrating servers is considerably easier than it used to be, as I understand it. But it's an imperfect process that can still sever connections even if you're very careful about how you do it.
When we're talking about an important project like the bridge, all I am saying is that it would be nice if the person doing it would consider those who are not as replete in the technical know how, time, and determination that makes all of these features easier to navigate. They deserve to be considered too. Their consent should have been sought through an opt-in mechanism.
This is one of my biggest issues with a tech heavy space like the fediverse. A lot of people seem to think everyone who doesn't know as much as they do about technology are fucking idiots. Not everyone who has trouble moving servers is unintelligent or reckless with their privacy. The condescension from people who work in the field about what every hypothetical user should be able to do easily is absurd and alienating. We should be making decisions with all of our users in mind, NOT JUST THE SAVVY ONES. It's not unreasonable and it's not unfair.
And in the category of questions not addressed, WHY is it so important that he gets to do this?! What's so hard about opt-in????
I've asked you multiple times, and despite you claiming to have addressed every point raised to you directly, you haven't said anything about it. So I'm not going to say anything else to you until you answer.
@tillshadeisgone I did address it. But sure. I'll do it yet again. I didn't say that I think he should be able to do this. I don't have an opinion either way. What I said was nobody can stop him. Nobody is in charge. You keep trying to have a moral argument with me and I'm politely declining. I don't have any power to dictate what that guy does and does not get to do. And I'm making decisions accordingly.
@tillshadeisgone is that clear? I know it's not the answer you were hoping for. But it is a direct answer. Is there a different way I can directly answer your question so that you don't have to keep repeating it? Let me know.
@polotek actually, that was helpful. My last response will be this:
Sometimes people get upset when other people do things that they don't like that affect them, even when they have no power to stop them from doing it.
And it's great for you and for me, who have our own instances, and who have taken whatever steps we felt were necessary in light of that. So I can understand why it's not important to you.
But there are other people, who don't have what we have, who get to have it be important to them. They get to be upset. Hell, I'm in community with some of these folks so I'm upset too.
I guess that's just going to be baffling to some people and I'll just make my peace with it
@tillshadeisgone none of this is "baffling" to me. I understand everything about why people are upset. You seem to confused because I'm still suggesting that being upset is not sufficient to solve the actual problem. People seem to think that having random strangers acknowledge that you're right to be upset will somehow make everything okay.
Is it like, you're looking at this bridge episode as indicative of the overall Fediverse structure being inadequate for privacy/safety, whereas most people (me too I admit) have had their focus on the shape of that one particular situation?
kind of like "don't get hung up on this one particular example with this one particular guy, there's a bigger picture which needs attention"?
@polotek @tillshadeisgone someone else always _does_ try. and we have to yell at them _too_, or our privacy goes out the fucking window. we're fucking tired of it!
@polotek
A bridge is not federation though. There are very real technical differences with unique concerns and vulnerabilities.
If / when BlueSky decides to enable federation on their AT protocol then Fediverse servers (that are capable of multiprotocol support) will be free to choose to add support for it on a per server basis and that will be actual federation.
@mnemonicoverload @tillshadeisgone *sigh* hi new person. Please go read more about how the bridge actually works. The author is designing it as actual federation. And instances can block it using their regular defederation controls.
And also be ready for other people to yell at you that "the technical details aren't the point!" Because they will.
@mnemonicoverload @tillshadeisgone that's not even how mastodon federation works as far as I understand it. But I don't really wanna argue about it. Let's leave it here. Thanks.
@polotek I largely agree with you (and some of the yelling is pretty appalling, especially where it ignores how the bridge functions).
That said, I think the bridge can offer better UX if it 'knocks', since it can then reasonably choose to bridge Unlisted/'Quiet Public' posts over to the often-algorithmic Bsky feeds to make them available to followers there, rather than just "loud" Public ones plus some mentions.
There are some minor protocol mismatches like that, as well as the general difference in how moderation is expected to work (there are built-in shared blocklists there now, which I'd definitely like as an option here), that imo make opt-in requests the smoother experience overall.
@polotek I think you are spot on. I don't understand how Bluesky would be different than any other Mastodon instance in this case. Must be up to each and every Mastodon admin to opt out, like they would from any other instance that they don't agree with.
@polotek
You can now virtually host a Minecraft server for about $2. We will get to the point where you will be get to host your own Mastodon instance for the same price, with the same option levels for filters and block lists and all the new stuff we are yet to invent.
@polotek I think a fundamental problem is that bluesky is "too big to fail". When problems happen you can't really defederate because it is too big. Same problem as mastodon.social except 40x bigger.
@polotek If I want to block a Mastodon instance, I can just search, find an account on that instance, and block. That is the social contract here.
Unless I’ve missed something, Brid.gy has no accounts I can find and block. This would be trivial for the developer to solve, but instead he demands that I either advertise his service with a hashtag in my bio or DM him to plead my case.
That isn’t how this works for other servers. Bridgy and Bluesky aren’t special.
@DinosaurRobo you've missed something. The bridge guy is telling anybody who will listen what the name of his bridge will be so you can block it. Did you actually ask?