Quite a dramatic week in the fediverse; with a lot of discussion about a potential bridge between Bluesky and the fediverse, some security issues, and spam overrunning the network. Good news as well, in the form of the BBC extending their Mastodon trial and Flipboard expanding their fediverse integration.
Bluesky Bridge announcement drama
Ryan Barrett, who is behind the bridgy.fed project, announced the opt-out policy for his upcoming bridge between the fediverse and Bluesky. Barrett had earlier posted about his considerations on opt-in versus opt-out, and with this post decided to go for an opt-out policy. This led to a major backlash across the fediverse, as people felt that this is not appropriate and should have been opt-in to properly account for people giving consent to having their post appear on the Bluesky network. In a follow-up post, Barrett says that he is working on a proposal to make it appeal to the opt-in demand by sending a DM asking for a confirmation the first time a fediverse account is followed by a Bluesky account.
This lead to some news covering it as a fight between the Mastodon and Bluesky, but the attitude of Bluesky seems to be mainly one of confused on-looking as Mastodon is fighting with itself. Beyond that, the article in TechCrunch does provide a good overview of the debate. I agree with the framing that the debates about the bridge between Bluesky and the fediverse are as much a debate about the Bluesky network itself as it is a debate about the specific implementation of the bridge as worked on by Barrett.
The blowback also is a debate about the nature of the fediverse, and what it is, exactly. People have been debating what they have consented to, when they joined a Mastodon server, and what they have opted into. This is illustrated with the Privacy Policy for mastodon.social, which says “Your public content may be downloaded by other servers in the network.” What exactly is ‘the network’? Is Bluesky part of ‘the network’? Is a bridge to bluesky part of ‘the network’? It is unclear, and people have different definitions and expectations about what they have consented to.
There is a significant group of people for whom the answer is a clear ‘no, I do not view Bluesky and bridges to Bluesky as part of the network’. Bluesky represents ideals about corporate ownership and data indexing that they do not want to be a part of. This viewpoint clashes with Mastodon’s CEO Eugen Rochko, who gave an interview with Platformer this week. In this, Rochko says that he still hopes that Bluesky will switch to using ActivityPub someday, so that there is a native integration between the networks.
The News
The BBC is extending their Mastodon social media trial for another 6 months, after finishing their first 6-month trial run. The BBC states that it has been a valuable learning experiment, and it has been effective in the technical, financial and cultural needs of running a presence in a decentralised space. The BBC also says that they are exploring to publish BBC content more widely using ActivityPub directly, and not just hosting a Mastodon presence, but not much more is known beyond that. They also find that Mastodon has a relatively large engagement numbers, taken the smaller user base into account, and that they find they have had to do very little moderation so far.
Flipboard has extended their ActivityPub integration, and is bringing in even more curated feeds into the fediverse. Flipboard describes it as another step towards fully federating Flipboard, a process that started in December 2023 when a small number of accounts where brought to the fediverse. With this week’s update, over 1000 magazines now have native ActivityPub feeds, which allow them to be followed from fediverse apps.
Mozilla is scaling back their investments into various products, including their social fediverse platform mozilla.social. Mozilla.social got announced in Spring 2023, with a focus on content moderation that makes it a nice platform to use. Over the year, the product stayed in invite-only beta, and has slowly grown. In an internal memo (courtesy of TechCrunch), Mozilla says “Our initial approach was based on a belief that Mozilla needed to quickly reach large scale in order to effectively shape the future of social media.” Mozilla says that with a much smaller team they will focus on more launching smaller experiments more rapidly.
Ivory is adding some basic support for quote posting in their Mastodon app in their upcoming release. What this means in practice is that if a link to a Mastodon post is part of the body of a post, it will get rendered as if it is a quote post. Other apps like Ice Cubes and Phanpy also have this feature.
The announcement prompted Mastodon CTO Renaud Chaput to post a thread to reiterate that Mastodon is working on a full implementation of quote posting. The goal of Mastodon’s implementation is to give people granular control, allowing them to determine on per-post basis whether they want the post to be quote posted or not. Mastodon’s approach to implementing quote posting means that it’ll be incompatible with the current implementations of Threads, all the forkeys, and the Hubzilla-lineage. Chaput says that they will be publishing Fediverse Enhancement Proposals (FEP) to document their implementation, hoping that the publication ensures that Mastodon’s implementation becomes the standard in the fediverse. However, with the imminent arrival of Threads (who already have decided on implementing quote posting with ActivityPub), Mastodon’s ability to set standards for the fediverse might just be significantly more difficult.
Forgejo is a self-hosted git forge for software (git forges are online platforms for managing and collaboration on repositories, of which GitHub is the most well-known), and up until now it has been a soft fork of Gitea. Forgejo now has become a hard fork, meaning that they are no longer bound to Gitea. Forgejo says that they have now enough people contributing to it’s main mission to be an independent project.
Two weeks ago Mastodon had a major security vulnerability. The details of the vulnerability have now been disclosed. The author who found the vulnerability has an extensive write-up of the proces, timeline and impact of the vulnerability. The impact of unpatched servers is major, as it allows attackers to impersonate posts and accounts on the vulnerable servers. Meanwhile, Mastodon has disclosed another vulnerability, bringing the total to 3 vulnerabilities in two weeks.
The entire fediverse is also dealing with a major spam wave attack. The source seems to be from a Japanese Discord server which seems to have misgivings with Misskey. I could not verify this allegation due to cultural and language barrier, but Misskey.io admins indicated this weekend that they are talking to the police about it, as their server seems to suffer the brunt of it. The attack also showcases the vulnerability of the fediverse to spam attacks.
The links
‘Can we improve the Fediverse Allow-List Model?‘ by @db0, who also is behind the FediSeer initiative, a project that helps deal fediverse server admins with spam.
A video that explains in detail the history of Misskey fork Sharkey, and reviews the features.
WeDistribute takes a look at upcoming project Bonfire.
Major tech sites cannot resist a good headline, to write about the shutdown of the queer.af mastodon server.
FediTest has a blog post on some of the design considerations for writing a testing suite for the fediverse.
Micro.blog adds private notes.
A call to internationalise the fediverse, meaning in this case that Mastodon will support Unicode usernames.
Terence Eden has written an ActivityPub ‘which can be deployed as a *single* PHP file. No databases, no libraries, no dependencies, no frameworks. Also, no advanced features!’ M
An experiment in using the private notes on your own Mastodon profile as a storage place for settings data.
Self-updating lists of official & verified media accounts on Mastodon.
A blog post by Funkwhale explaining their own on a new API.
Lemmy is working on implementing Private Communities, and is looking for comments on the proposal.
Nootti is a new cross-posting app for Mastodon, Bluesky and Nostr, and got a closer look in TechCrunch.
SoraSNS, the iOS app for Forkeys, Mastodon and Bluesky, is adding AI detection to the app. OpenAI and Adobe add a tag to the metadata of images that are generated using their software. SoraSNS checks for these tags, and displays that the image is generated with AI tools.
That’s all for this week. If you want more, you can subscribe to my fediverse account or to the mailing list below:
Leave a Reply
Only people in my network can comment.