this post was submitted on 29 Mar 2025
212 points (89.0% liked)

Fediverse

32556 readers
341 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
212
The fediverse has a bullying problem (ponder.cat)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
126 comments fedilink hide all child comments
 

So check it out: Mastodon decided to implement follower-only posts for their users. All good. They did it in a way where they were still broadcasting those posts (described as "private") in a format that other servers could easily wind up erroneously showing them to random people. That's not ideal.

Probably the clearest explanation of the root of the problem is this:

Something you may not know about Mastodon's privacy settings is that they are recommendations, not demands. This means that it is up to each individual server whether or not it chooses to enforce them. For example, you may mark your post with unlisted, which indicates that servers shouldn't display the post on their global timelines, but servers which don't implement the unlisted privacy setting still can (and do).

Servers don't necessarily disregard Mastodon's privacy settings for malicious reasons. Mastodon's privacy settings aren't a part of the original OStatus protocol, and servers which don't run a recent version of the Mastodon software simply aren't configured to recognize them. This means that unlisted, private, or even direct posts may end up in places you didn't expect on one of these servers—like in the public timeline, or a user's reblogs.

That is super relevant for "private" posts by Mastodon. They fall into the same category as how you've been voting on Lemmy posts and comments: This stuff seems private, because it's being hidden in your UI, but it's actually being broadcasted out to random untrusted servers behind the scenes, and some server software is going to expose it. It's simply going to happen. You need to be aware of that. Even if it's not shown in your UI, it is available.

Anyway, Pixelfed had a bug in its handling of those types of posts, which meant that in some circumstances it would show them to everyone. Somebody wrote on her blog about how her partner has been posting sensitive information as "private," and Pixelfed was exposing it, and how it's a massive problem. For some reason, Dansup (Pixelfed author) taking it seriously and fixing the problem and pushing out a new version within a few days only made this person more upset, because in her (IMO incorrect) opinion, the way Dansup had done it was wrong.

I think the blog-writer is just mistaken about some of the technical issues involved. It sounds like she's planning on telling her partner that it's still okay to be posting her private stuff on Mastodon, marked "private," now that Pixelfed and only Pixelfed has fixed the issue. I think that's a huge mistake for reasons that should be obvious. It sounds like she's very upset that Dansup made it explicit that he was fixing this issue, thinking that even exposing it in commit comments (which as we know get way more readership than blog posts) would mean people knew about it, and the less people that knew about it, the safer her partner's information would be since she is continuing to do this apparently. You will not be surprised to discover that I think that type of thinking is also a mistake.

That's not even what I want to talk about, though. I have done security-related work professionally before, so maybe I look at this stuff from a different perspective than this lady does. What I want to talk about is this type of comments on Lemmy, when this situation got posted here under the title "Pixelfed leaks private posts from other Fediverse instances":

Non-malicious servers aren’t supposed to do what Pixelfed did.

Pixelfed got caught with its pants down

rtfm and do NOT give a rest to bad behaving software

dansup remains either incompetent for implementing badly something easy or toxic for federating ignoring what the federation requires

i completely blame pixelfed here: it breaks trust in transit and that’s unacceptable because it makes the system untrustworthy

periodic reminder to not touch dansup software and to move away from pixelfed and loops

dansup is not competent and quite problematic and it’s not even over

developers with less funding (even 0) contributed way more to fedi, they’re just less vocal

dansup is all bark no bite, stop falling for it

dansup showed quite some incompetence in handling security, delivering features, communicating clearly and honestly and treating properly third party devs

I sort of started out in the ensuing conversation just explaining the issues involved, because they are subtle, but there are people who are still sending me messages a day later insisting that Dansup is a big piece of shit and he broke the internet on purpose. They're also consistently upset, among other reasons, that he's getting paid because people like the stuff he made and gave away, and chose to back his Kickstarter. Very upset. I keep hearing about it.

This is not the first time, or even the first time with Dansup. From time to time, I see this with some kind of person on the Fediverse who's doing something. Usually someone who's giving away their time to do something for everyone else. Then there's some giant outcry that they are "problematic" or awful on purpose in some way. With Dansup at least, every time I've looked at it, it's mostly been trumped-up nonsense. The worst it ever is, in actuality, is "he got mad and posted an angry status HOW DARE HE." Usually it is based more or less on nothing.

Dansup isn't just a person making free software, who sometimes posts angry unreasonable statuses or gets embroiled in drama for some reason because he is human and has human emotions. He's the worst. He is toxic and unhinged. He is keeping his Loops code secret and breaking his promises. He makes money. He broke privacy for everyone (no don't tell me any details about the protocol or why he didn't he broke it for everyone) (and don't tell me he fixed it in a few days and pushed out a new version that just makes it worse because he put it in the notes and it'll be hard for people to upgrade anyway so it doesn't count)

And so on.

Some particular moderator isn't just a person who sometimes makes poor moderation decisions and then doubles down on them. No, he is:

a racist and a zionist and will do whatever he can to delete pro-Palestinian posts, or posts that criticize Israel.

a vile, racist, zionist piece of shit, and anyone who defends or supports him is sitting at the table with him and accepts those labels for themselves.

And so on. The exact same pattern happened with a different lemmy.world mod who was extensively harassed for months for various made-up bullshit, all the way up until the time where he (related or not) decided to stop modding altogether.

It's weird. Why are people so vindictive and personal, and why do they double down so enthusiastically about taking it to this personal place where this person involved is being bad on purpose and needs to be attacked for being horrible, instead of just being a normal person with a variety of normal human failings as we all have? Why are people so un-amenable to someone trying to say "actually it's not that simple", to the point that a day later my inbox is still getting peppered with insistences that Dansup is the worst on this private-posts issue, and I'm completely wrong and incompetent for thinking otherwise and all the references I've been digging up and sending to try to illustrate the point are just more proof that I'm horrible?

Guys: Chill out.

I would just recommend, if you are one of these people that likes to double down on all this stuff and get all amped-up about how some particular fediverse person is "problematic" or "toxic" or various other vague insinuations, or you feel the need to bring up all kinds of past drama any time anything at all happens with the person, that you not.

I am probably guilty of this sometimes. I definitely like to give people hell sometimes, if in my opinion they are doing something that's causing a problem. But the extent to which the fediverse seems to like to do this stuff just seems really extreme to me, and a lot of times what it's based on is just weird petty bullying nonsense.

Just take it it with a grain of salt, too, if you see it, is also what I'm saying. Whether it comes from me or whoever. A lot of times, the issue doesn't look like such a huge deal once you strip away the histrionics and the assumption that everyone's being malicious on purpose. Doubly so if the emotion and the innuendo is running way ahead of what the actual facts are.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 182 points 1 month ago (10 children)

Some people have privacy expectations that are not realistic in an unencrypted, federated, heterogeneous environment run by hobbyist volunteers in their spare time.

It you have something private and sensitive to share with a small audience, make a group chat on Signal. Don't invite any reporters.

[–] [email protected] 61 points 1 month ago (1 children)

Nothing is private on the fediverse, and Mastodon's bodge only gives the illusion of privacy. There should be zero expectation that any fediverse software will follow their non-standard extensions.

load more comments (1 replies)
[–] [email protected] 45 points 1 month ago (2 children)

This is my thought on it, too. I don't disagree with any of the point OP is making, but I think a larger issue is people misusing ActivityPub platforms and trying to make them into something they're not. It's not meant to be a messenger, it's not meant for privacy. Everything being public and transparent is part of the core design of the Fediverse. The idea of private groups/posts on the Fediverse seems counterintuitive to me.

[–] [email protected] 21 points 1 month ago (3 children)

Completely agree.

It is fine if you want to add privacy to a federated platform. If you wanted to, you would need to think through how to do it (probably it would involve either adding something specific and very carefully laid-out to the ActivityPub spec, or just doing like Lemmy does and switching to a whole other protocol like Matrix and warning the users that anything over ActivityPub is not private). Neither of those is what Mastodon did, but now they’re going around telling users they can have private posts, which is why I think they’re ultimately at fault in the situation that kicked off this whole shebang.

[–] [email protected] 7 points 1 month ago* (last edited 1 month ago) (6 children)

Just a random thought, if there is a need for privacy wouldn't it be possible to create public / private encryption key for users so messages can be encrypted and exchanged.

This way what would be public is that there's an exchange but nobody would be able to know what was said. It would make it at least message content private.

To make it a step further could exchange between servers also use it to encrypt which users exchange private message. I am thinking it could make it fully private then. Only sender and receiver servers could know which users were private messaging.

[–] [email protected] 8 points 1 month ago* (last edited 1 month ago)

To keep it secure from the servers themself would require users to handle the encryption. See PGP for an idea of how much uptake that's likely to get. If you mean for the servers to handle the encryption, that's already the case, and the issue right now is that servers are privy to what users do, and by nature are a 3rd party in the convo.

[–] [email protected] 7 points 1 month ago

The furry engineer who writes cryptography posts is working on this. Turns out it is not so simple in practice.

https://soatok.blog/category/technology/open-source/fediverse-e2ee-project/

load more comments (4 replies)
load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 19 points 1 month ago (1 children)

I definitely think it's important to make people aware of the difference in the fedeiverse. Especially since that is not how it worked in non-federated social media

[–] [email protected] 20 points 1 month ago (2 children)

Well, where are you all when the Fedi cheerleading squad keeps posting about how bad it is that this or that competitor stores this or that information and how secure and private and great it is in Fedi servers because they don't store anything?

Because I've spent years chiming in to explain these things in those and it normally just gets people angry and complaining that you're shilling for corporate social media or whatever. The image being projected, both accidentally and on purpose is that no centralized data collection means your data on Fedi is private when it is extremely not.

load more comments (2 replies)
[–] [email protected] 8 points 1 month ago (2 children)

This is exactly why ActivityPub makes for such a mediocre replacement for the big social media apps. You have to let go of any assumptions that at least some of your data remains exclusive to the ad algorithm and accept that everything you post or look at or scroll past is being recorded by malicious servers. Which, in turn, kind of makes it a failure, as replacing traditional social media is exactly what it's supposed to do.

The Fediverse also lacks tooling to filter out the idiots and assholes. That kind of moderation is a lot easier when you have a centralised database and moderation staff on board, but the network of tiny servers with each their own moderation capabilities will promote the worst behaviour as much as the best behaviour.

But really, the worst part is the UX for apps. Fediverse apps suck at setting expectations. Of course Lemmy publishes when you've upvoted what posts, that's essential for how the protocol works, but what other Reddit clone has a public voting history? Same with anyone using any form of the word "private" or even "unlisted", as those only apply in a perfect world where servers have no bugs and where there are no malicious servers.

load more comments (2 replies)
[–] [email protected] 7 points 1 month ago (1 children)

It’s perhaps a communication problem, where the privacy settings should clearly state this. Or these settings shouldn’t be offered. But maybe this current structure is fine for most people?

Regardless, it’s how existing social media used to work. In that sense, federated social media can’t offer an alternative and that could be a problem for some.

[–] [email protected] 16 points 1 month ago

Yeah, but offering something that claims to be private, but isn’t, is actually much worse than refusing to offer something that’s private. Even if people want the private feature.

Truly private posts just are going to require something that isn’t ActivityPub, because ActivityPub just isn’t designed to give assurances about what’s going to happen to an activity that you are sending off to some other server. Or, the other option would be to go through the whole process of adding it into the spec in a thought through fashion instead of just hacking it in and moving on. Although, I do kind of get why Mastodon doesn’t want to go through that snail’s pace process for every single protocol change they would need to be able to make things work.

load more comments (5 replies)
[–] [email protected] 41 points 1 month ago (2 children)

But the extent to which the fediverse seems to like to do this stuff just seems really extreme to me, and a lot of times what it’s based on is just weird petty bullying nonsense.

Not saying that it isn't a problem, but as someone who's been Around(tm) online, this is pretty par-for-the-course stuff.

Ah, to remember the glory days of Livejournal and Tumblr... and don't get me started back in the days when every fandom had a dozen sites which all hated each other for vague and extremely personal reasons.

[–] [email protected] 18 points 1 month ago* (last edited 1 month ago) (1 children)

and don’t get me started back in the days when every fandom had a dozen sites which all hated each other for vague and extremely personal reasons.

Oh man, this brings me back.

Remember the time in the late 90s and early 2000s when even a niche topics had like 3-4 large community sites with active forums. More popular topics could easily have like 10-20 communities.

And there was a lot of drama both within and between communities.

It's kind sad that we lost this, although lemmy is a solid modern alternative, just needs much more users. Enough users for even niche topics to have multiple active communities with their own spin/focus on a given topics.

On the plus side, I am glad I got to experience the early pre-corporate internet. It was good times.

load more comments (1 replies)
[–] [email protected] 10 points 1 month ago (2 children)

Yeah, you're not wrong. I definitely don't think it is a fediverse-only problem. Something changed culturally between Usenet and the things that came after.

I was thinking about this earlier today: There was a wonderful little renaissance that happened around the time of the Napster / Slashdot / flash game era, when "it's the internet so of course it is awful" was in abeyance for a little bit of time and things were cool (as well as being pretty creative, and generally sensible.) I think a lot of what I'm upset about here is not so much that people are being catty (as you said, that's just kind of the nature of the beast), but that it's so disconnected from reality. People will say wild made-up nonsense and then other people will take it seriously. Of course, yes, that's not exactly new or a fedi specific problem...

[–] [email protected] 9 points 1 month ago (1 children)

Something changed culturally between Usenet and the things that came after.

Me, who only started into online communities in the early 2000s:

[–] [email protected] 7 points 1 month ago (2 children)

See, but as I was saying above about the privacy stuff, the perception is supposed to be that this is somehow "the alogrithm's fault" or caused on purpose by corporate media to boost engagement.

Even your take is letting Fedi design off the hook, IMO. The answer here isn't "oh, well, what can you do?" it's designing proper moderation tools.

I know people get mad when you praise Bluesky around these parts, but they have an actually good block system, compared to Masto, Lemmy and Fedi in general. It really helps cut this crap short.

load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 36 points 1 month ago (2 children)

This guy is being reasonable, get the pitchforks!

load more comments (2 replies)
[–] [email protected] 32 points 1 month ago (1 children)

Why are people so vindictive and personal, and why do they double down so enthusiastically about taking it to this personal place where this person involved is being bad on purpose and needs to be attacked for being horrible, instead of just being a normal person with a variety of normal human failings as we all have?

First time on the internet? This happens everywhere, more so when you're anonymous or pseudonymous, but whenever you're behind a screen and everyone on the other side is just a username being controlled by an idiot or a troll.

[–] [email protected] 10 points 1 month ago (3 children)

Agreed. Reddit and Twitter were bad for bullying, doxxing, or just general nastiness, I’m not saying that it doesn’t happen on Mastodon, or the Fediverse in general, but it’s nothing like as bad.

[–] [email protected] 12 points 1 month ago (1 children)

Until someone does something not FOSS'y or anti-linux.

[–] [email protected] 7 points 1 month ago

If Mastodon/Fedi was at the scale those platforms are we would see more harassment, absolutely. It remains to be proven but I think federation enables a lot more eyes on content which implies harassing material can be removed more quickly.

Federation/decentralization solves a lot of problems over centralized social media, but ultimatley you can't engineer human nature.

load more comments (1 replies)
[–] [email protected] 23 points 1 month ago (2 children)

People get so weird about Dansup.

load more comments (2 replies)
[–] [email protected] 17 points 1 month ago (13 children)

I'm gonna go out on a limb here and say you're both wrong. Here me out.

As other commenters have said, there should never be any expectation of privacy on the fediverse. DMs here and private items are not actually private, they're quite literally blasted out to anyone who listens. I feel like I have to say that a lot. I actually like how Lemmy handles it, it warns you that it's unencrypted and that it recommends Matrix (and you can put your matrix handle on your profile).

However. I'm also disillusioned by Dansup. He made a great project with Pixelfed. It got off the ground and has a great following. However, I've read through the code, I've tried to spin it up, hell even tried to help contribute - but it's a spaghetti'd mess of unmaintainable code. What irks me is rather than dive in and fix the code, help those who honestly want to spin up his projects, he starts a completely separate project (off the same spaghetti'd base that barely scales), and goes on a whole PR junket talking about it. Then when I see people asking questions of his code or how to do things he usually jumps down their throats - or completely ignores them.

And honestly the biggest thing that irked me was that I didn't feel he gave credit to the hundreds - thousands of other people who work to make the fediverse work. Pixelfed is a great experience - but it's one of many all working together, and the developers are a huge chunk, but you have the infrastructure, us admins hosting, those out there vocalizing it, those trying to start communities, it's an ecosystem, and I just felt like he ignored the fediverse and instead pushed Pixelfed.

load more comments (13 replies)
[–] [email protected] 15 points 1 month ago (3 children)

Who would've thunk that misusing the same type for both public and private posts (with a sprinkle of weird mention rules to determine the visibility) could backfire?

Well, definitely not Mastodon devs. Lemmy's current approach of using an entirely different type is much better.

If you're interested in some details, I recently wrote a comment about it: https://lemmyverse.link/lemmings.world/comment/14476151

[–] [email protected] 7 points 1 month ago (1 children)

Yeah, the whole thing of "if #public is in to and the user is in cc, it means one thing, but if it's the other way around, it means something different" just reeks of "IDK I just wanted to hack it up and move on and IDGAF how platforms other than Mastodon are going to wind up handling it." Which is fine... as long as your users universally understand that that's your level of care towards honoring non-public visibility settings they're setting on their posts.

load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 14 points 1 month ago* (last edited 1 month ago) (2 children)

This kind of indirect bullying is kind of unavoidable online, because of the lack of direct contact, you don't empathize much with the other sensitive being. Until we get that perfect education to civility that may happen in 2000 years if we still exist. Maybe one solution is to have strong rules and moderation about personal attacks. But then it's the moderators that will get bullied for censorship and end up crucified on the power tripping bastard community.

[–] [email protected] 11 points 1 month ago* (last edited 1 month ago)

And you have summed up why I block those communities. There are surely cases of people abusing power, but a majority of it is just people wanting to stir up shit.

[–] [email protected] 7 points 1 month ago

Maybe one solution is to have strong rules and moderation about personal attacks. But then it’s the moderators that will get bullied for censorship and end up crucified on the power tripping bastard community.

When people try to call out power tripping against valid moderation, they get called out on [email protected]

[–] [email protected] 13 points 1 month ago (1 children)

I don't think that blog author is male, btw.

[–] [email protected] 15 points 1 month ago

Oop. She is not. Fixed.

[–] [email protected] 9 points 1 month ago (4 children)

When I first started the reading I figured the person being bullied was the woman who was upset with dan because her concern about disclosure wasn’t really reasonable. I don’t think the bullying problem is innate to the fediverse, and thankfully we have a lot of tools to safely navigate the fediverse and tune out the abuse.

But there is a not insignificant portion of folks on here that are here because they were banned or warned on mainstream platforms because they couldn’t regulate themselves and still aren’t regulating themselves.

The vast majority of people I’ve came across are genuinely kind. Dansup doesn’t exactly follow best practices in his development which I think causes a lot of strife in the segment of the fedi population who can’t regulate when someone does something they don’t agree with.

I don’t agree with how he has handled loops so I just don’t use it. I don’t think ill of Dan at all.

[–] [email protected] 7 points 1 month ago

I don't exactly think ill of him, but I'll stay away from any platform he creates. He shared one snippet of code where he disabled validating certificate validity and certificate names. When called out on it, he decided to delete the post.

Security and standards don't seem like the first things on his mind.

load more comments (3 replies)
[–] [email protected] 7 points 1 month ago* (last edited 1 month ago) (1 children)

Back when I was younger and naïve, I would Nicolas Cage OP.

I'm now more mature and open minded, and I can say I wholesomely agree with @[email protected]’s statement ITT.

Technologists have very little patience for people that are technologically illiterate. And when you're fighting to liberate people against corporations that send hitlists against you, patience runs faster. My hope is that people like OP can empathize that while yes, public technologies can be harmful and downright hostile, they can take their time to comprehend concepts technologist took their time to write down and document for.

If you want private conversations with peers, it must be encrypted, it must be forward secret, and it must be authenticatable.

XMPP, SimpleXchat, & Signal are the only three that fit these specifications.

I have the first two (check my bio👈😎👈), the latter I do not trust.

[–] [email protected] 13 points 1 month ago (8 children)

the latter I do not trust.

Am I reading the article wrong? Is it not a good thing that they refused to comply with the hostile anti-encryption law?

load more comments (8 replies)
[–] [email protected] 7 points 1 month ago (2 children)

It sounds like she's very upset that Dansup made it explicit that he was fixing this issue, thinking that even exposing it in commit comments (which as we know get way more readership than blog posts) would mean people knew about it, and the less people that knew about it, the safer her partner's information would be since she is continuing to do this apparently. You will not be surprised to discover that I think that type of thinking is also a mistake.

I agreed with you at first because from your description it sounded like she was saying security through obscurity was a good thing. But that’s not the case.

What she’s saying in the blog post is that this a 0-day and should be handled according to the best practices for 0-day disclosure.

You have to decide if you want to

  • publish the findings before the fix -> more people will know and exploit the vulnerability but users might be aware and may or may not be able to mitigate sharing even more
  • publish the findings after the fix -> the opposite

I don’t pretend to know enough to judge which option is the best. But I can’t fault the blog author for pointing out that Dansup didn’t follow best practices.

[–] [email protected] 14 points 1 month ago (7 children)

more people will know and exploit the vulnerability

It's not even a vulnerability, it's how AP works by design, is the issue at hand here. Mastodon decided they wanted to implement something not supported by AP, and everybody else had to take the heat for not 'doing it right'.

load more comments (7 replies)
[–] [email protected] 10 points 1 month ago (2 children)

I don't think dansup was in the wrong here. Yes, it's a security issue I suppose, but the problem lies within the underlying protocol. Any server you interact with can ignore any privacy markers you add to posts, you're just not supposed to do that.

Whether this is a 0day depends on what you expect out of the Fediverse. If you treat it like a medium where every user or server has the potential to be hostile, like you probably should, this is a mere validation logic bug. If you treat it like the social media many of its servers are trying to be, it's a gross violation of your basic privacy expectations.

load more comments (2 replies)
load more comments
view more: next ›