Search
Items tagged with: AuthorizedFetch
A controversial developer circumvented one of Mastodon’s primary tools for blocking bad actors, all so that his servers could connect to Threads.
Authorized Fetch Circumvented by Alt-Right Developers
We’ve criticized the security and privacy mechanisms of Mastodon in the past, but this new development should be eye-opening. Alex Gleason, the former Truth Social developer behind Soapbox and Rebased, has come up with a sneaky workaround to how Authorized Fetch functions: if your domain is blocked for a fetch, just sign it with a different domain name instead.
How did this happen?
Gleason was originally investigating Threads federation to determine whether or not a failure to fetch posts indicated a software compatibility issue, or if Threads had blocked his server. After checking some logs and experimenting, he came to a conclusion.
“Fellas,” Gleason writes, “I think threads.net might be blocking some servers already.”
What Alex found was that Threads attempts to verify domain names before allowing access to a resource, a very similar approach to what Authorized Fetch does in Mastodon.
You can see Threads fetching your own server by looking at the `facebookexternalua` user agent. Try this command on your server:`grep facebookexternalua /var/log/nginx/access.log`
If you see logs there, that means Threads is attempting to verify your signatures and allow you to access their data.
This one weird trick allowed him to verify that, while his personal instance wasn’t blocked, more than a few of his communities were: Spinster, Neenster, Poast, and the Mostr Bridge are all reportedly blocked domains. While Alex isn’t directly involved in all of these projects, they have benefited from his development and support, providing spaces for bigoted speech to grow and spread.
What’s interesting is that Threads itself has been reportedly lax on policies pertaining to transphobia and hate speech, so the blocks are something of a surprise. Accounts such as Libs of Tiktok remain active, widely followed, and unbanned on Threads.
Block Evasion
To get around the block, Alex found that it’s possible to sign fetch requests with a different domain name entirely, using an A record that points back to the receiving instance.
Meta seems to be betting on the fact that people have played nicely in the past, but I for one am not going to let them have their way. I am going to ensure the data they publish remains free and open to all…Tools to work around Authenticated fetch are being shipped with new versions of Fediverse software. Censorship by Meta will create a continued need for this industry to grow.
While this is being framed as a freedom of access / freedom of speech issue, in an almost David vs Goliath kind of fight, the real problem here is that there’s now an established way to circumvent the flimsy user protection that Mastodon popularized, which is really bad for the vulnerable communities using it.
What Now?
Look, Mastodon has been providing a half-measure to its users for years. Now it’s the time to make things right: going into 2024, I think it’s going to absolutely be a requirement to develop more robust forms of privacy options and access controls to empower users.
Bonfire is doing an incredible amount of research focused on this very problem, and Spritely has put forward some groundbreaking work on Object Capabilities in the recent past.
#AlexGleason #AuthorizedFetch #Security
https://wedistribute.org/2023/12/authorized-fetch-circumvented/
A lot of people make up all kinds of wild assumptions Mastodon, how it works, and what it is. We’re here to help clear up some of the biggest ones.Debunking the Top 10 Myths About Mastodon
We have to give credit where credit is due: Mastodon brought life to the Fediverse and opened up the space for many people. As a platform, it’s been transformative for federated social networking, bringing millions of active users, hundreds of apps, and many new platforms to the network. The network couldn’t have grown without it.
Here’s the thing, though: there are a lot of myths and rumors swirling around within the Mastodon userbase that either misunderstand or greatly fabricate information about the platform. In the interest of correcting the record on a large number of things, we’ve come up with a list of the most pervasive Mastodon Myths.
Table of Contents
- Myth #10: Mastodon doesn’t have algorithms, because algorithms are bad
- Myth #9: Mastodon is the same thing as the Fediverse
- Myth #8: There are no Nazis on Mastodon
- Myth #7: Mastodon should avoid features of popular social networks, because they’re abuse vectors.
- Myth #6: Mastodon respects your privacy, and is ideal for secure communication
- Myth #5: If you’re on a bad server, you can easily move to a good one
- Myth #4: Mastodon Federation basically works like email.
- Myth #3: Mastodon is so much nicer than other places!
- Myth #2: Mastodon is ActivityPub-Compliant
- Myth #1: Mastodon is Easy to Use!
Myth #10: Mastodon doesn’t have algorithms, because algorithms are bad
Myth: Mastodon’s timelines are better, because they don’t have algorithms influencing what you see. Instead, you just see posts in chronological order, as your account becomes aware of new posts.Fact: This myth is complicated because it conflates several different things together. When people talk about social algorithms, they’re typically referring to the black boxes that Facebook and Twitter use to drive engagement. There’s a negative emphasis because it’s a practice done by “bad” networks to:
- keep people on their platforms for longer and longer
- push users further into bubbles that reinforce their own views
- provide malleable content streams that can control social narratives.
The thing is, none of these things describe what an algorithm even is. Worse, this lack of understanding leads people to assume that Mastodon has no algorithms at all.
What is an algorithm?
The Geeks for Geeks blog has a great tidbit from their article Introduction to Algorithms:The word Algorithm means ” A set of finite rules or instructions to be followed in calculations or other problem-solving operations ”
Or
” A procedure for solving a mathematical problem in a finite number of steps that frequently involves recursive operations”.What Is An Algorithm?
In a nutshell, it’s a process that follows some steps to produce an output, most often with data. It is not a mysterious black-box procedure.How does Mastodon use algorithms?
Believe it or not, the chronological feed Mastodon provides uses a very simple algorithm: sort posts in this timeline based on the timestamp indicating when a post was written.ALGORITHMS!!!
These days, Mastodon actually has more algorithms, such as the one that powers Trending Posts and Mastodon’s feed of trending News Articles. All they’re really doing is running stats on how much a thing gets likes or activity, then showing what’s popular within a window of time.
Believe it or not, algorithms.
The thing is, blaming algorithms for the sins of large corporate platforms ignores the fact that the tool itself was harmless. Algorithms aren’t any more evil than an abacus or a typewriter is. When people are given power over their own platforms, they can even leverage these tools to their own advantage.Verdict: Algorithms are neither good nor bad, they’re just tools for sorting data. Regardless, Mastodon actually makes use of algorithms a lot more often than you might think, and these things could actually be really helpful in assisting user discovery in the Fediverse.
Myth #9: Mastodon is the same thing as the Fediverse
Myth: It’s okay to just refer to the Fediverse as “Mastodon”, because it makes up the biggest part of the network, and most of the people I follow just use that.Fact: The Fediverse is bigger than just Mastodon, and it’s much older, too. Mastodon is just one platform in a network consisting of over 80 different platforms in various states of development.
While Mastodon is still the most popular, there are a number of alternatives that are catching up in terms of adoption. Misskey and Lemmy take up the second and third spot, respectively, and neither PeerTube nor Pixelfed are slouches in their positions, either.
Source: FediDB
Some people will ridicule this correction as being like the “GNU/Linux Copypasta“, in the sense that some other party is whining about not getting credit. But the fact of the matter is, the network is being built by more people than just Eugen Rochko. It’s a collective effort of thousands of people.
How is the Fediverse defined?
There’s been some discussions over the years as to what things are considered “part of the Fediverse”. My favorite explanation comes from Wikipedia:The fediverse (a portmanteau of “federation” and “universe”) is an ensemble of social networks, which, while independently hosted, can communicate with each other. ActivityPub, a W3C standard, is the most widely used protocol that powers the fediverse. Users on different websites can send and receive updates from others across the network.Wikipedia, Entry for the Fediverse
That being said, there are three distinct positions that can be taken on what things constitute as being “Part of the Fediverse”:
- Functional Fundamentalism: “The Fediverse is comprised of federated social platforms that use common protocols to communicate! Doesn’t matter which protocol, as long as it’s social.”
- Protocol Fundamentalism: “The Fediverse is comprised of federated social platforms that specifically use ActivityPub! If you don’t interoperate, you’re not part of it!”
- Functional-Protocol Nihilism: “The Fediverse is anything that federates! XMPP is part of the Fediverse! Email is part of the Fediverse! Fidonet is part of the Fediverse. It doesn’t matter if any of it operates, or is even social, it’s all part of the Fediverse.”
The debates rage on, but one thing is for certain: whatever this thing is, it isn’t just one microblogging platform made by a dude in Germany.
Verdict: Refering to “the Fediverse” as Mastodon is like calling the ocean a fish. Just as a fish might be one part of the ocean, Mastodon is just one part of the network.
Myth #8: There are no Nazis on Mastodon
Myth: Mastodon was intended to be “Twitter without the Nazis”, and there definitely aren’t any Nazis now.Fact: Being part of a federated, decentralized network where server operators can set whatever rules they want, it’s no surprise that part of the network hosts white supremacists, Neo-Nazis, and far right dissidents producing disgusting amounts of hate speech and racist propaganda. Some of these communities existed on the network way before Mastodon was even a thing.
The easiest way to find actual bonafide nazis on the fediverse is to look at Pieville. Pieville is an instance operated by people associated with StormFront, a self-described “White Nationalist Community.” Users openly share videos and messages from key people in the white nationalist movement, such as Billy Roper and William Pierce. Other neo-nazi figures like Alex Linder have an account there. Oh, and Pieville runs Mastodon v2.7.4 at present time of writing.Ariadne Connill, The Fediverse, or Shitpost Ergo Sum Ego Sum
Several sites notoriously ran their own Mastodon forks: Gab and Truth Social adopted it at one point, and Spinster, Poast, and Kiwifarms technically still use frontend software that was forked from Mastodon’s UI. Sure, that’s the nature of open source software. If an extremist installs WordPress and uses it to post hate speech, it’s not WordPress’s fault specifically. But, it does mean that we have to take into account that some parts of the network are like this, and act accordingly.Wait, how do I avoid the Nazis?
While a big part of the network blocks those servers to limit their reach, it doesn’t mean that those communities don’t exist. If your instance doesn’t proactively take a stance to filter them out, there’s a sizeable chance you may just run across them.There’s some really interesting initiatives out there trying to develop solutions. Oliphant has a tiered system of site listings, ranging from “just a bit too edgy” to “these people post gore and send death threats.” The Bad Space is trying to collect and evaluate listings shared within a ring of trusted servers, with Composable Moderation being the ultimate goal. Fedifence and IFTAS are trying to offer comprehensive resources to moderators and admins to make the process easier to deal with.
Verdict: there are actually a lot of Nazis on the Fediverse, some of which even use Mastodon. Several pieces of Mastodon’s own code (server backend, client frontend) have been adopted by these communities.
Myth #7: Mastodon should avoid features of popular social networks, because they’re abuse vectors.
Myth: Some people want to see Mastodon adopt things like Quote Tweets and Full-Text Search, but they shouldn’t because those are used to harass people on the network.Fact: Around this time last year, Twitter users migrated to Mastodon en masse in response to Elon Musk’s acquisition of the platform. As a side effect, many of these new Mastodon users asked: why is search so broken? Why don’t we have quote toots? Why do I have to CW everything?
How did people respond?
The response to this from some long-time Mastodon users was overwhelmingly negative. A lot of people made statements like the following:
- Full-Text Search: Mastodon doesn’t offer full-text search, because it could be a vector for abuse! A harasser could just look up whatever public statuses their victims post. Removing this protects users.
- Quote Toots: Quoting other users on Twitter is often done in a very passive-aggressive manner, and can be incredibly toxic for user interactions. We don’t want to be like Twitter in this regard.
- Not Using Content Warnings: you should be mindful of how many people live vastly different lifestyles than you do. It’s disrespectful to make assumptions that your posts won’t be triggering for someone. The responsibility for Content Warnings should always be on the poster, not the reader.
A lot of new users read this, tried their best to deal with it, and eventually decided that Mastodon wasn’t for them. Many people were tone-policed for describing their own lived experiences with racism, queerphobia, and abuse.
Many of these hostilities led users to equate Mastodon with a Homeowners Association, in which rude and nosy neighbors freely critiqued even the most minor behaviors as faux pas. It’s not an entirely unfair statement, given that people were described as being affected by “Twitter Influencer Mind Rot” for simply asking about these things.
What does it look like in practice?
If we actually look at Full-Text Search, Quote Toots, and Mastodon critically, a different picture emerges: Mastodon’s privacy and consent mechanisms absolutely suck, and the platform has relied on user features being broken for years as a way to gloss over it. What’s also particularly telling is that quite a few platforms had both of these features for years: Friendica, Pleroma, and Misskey have all largely benefited from it.Ironically, one of the biggest actual attack vectors of abuse has been Private Mentions. Death threats, sexual advances, and other “fun” kinds of interactions are often done privately, in a way that maintains deniability between victim and harasser.
Verdict: People are generally resistant to change, and apprehensive towards things that might fundamentally shift social dynamics for the worse. Most of what people were afraid of with Full-Text Search and Quote Tweets were already present with Private Mentions, and largely boil down to Mastodon’s limitations in how user consent is factored in.
Myth #6: Mastodon respects your privacy, and is ideal for secure communication
Myth: Mastodon is a privacy-first platform. You can be confident that nobody can access your private messages or posts.Fact: This idea is, unfortunately, completely out of touch with reality. While Mastodon offers some privacy options for statuses and messages, those provisions are paper-thin at best.
Let’s talk about privacy scopes. Mastodon has four of them:
- Public – anybody can see your post, boost it, or respond to it.
- Unlisted – Same as above, but it doesn’t show up in timelines.
- Followers Only – Only your followers can see your status or respond to it. Nobody can boost your post.
- Private Mention – Only you and the people you mention can see the post.
There are some significant problems with the above options. I’m going to break them down into two buckets: problems where the scope is too broadly defined, and problems where access levels are confusing.
Scoping Problems
The first issue here is that the privacy scopes, if you can even call them that, are all over the place:
- Two of the scopes, Public and Unlisted, basically lets anybody do whatever they want with your statuses. These actually have nothing to do with privacy, and everything to do with which timelines a post shows up in.
- Followers Only basically addresses everyone that follows you, with no granularity whatsoever. I can’t just pick out a collection of my mutuals and talk with them privately about something, without it being a long Private Mention with a lot of names in the message body somewhere.
- Private Mentions are their own strange beast, as it’s sometimes unclear who is actually privy to the conversation. More than a few times, I’ve seen people get accidentally mentioned in private gossip that was about them, because people thought Private Mentions worked like Twitter DMs. They don’t. It’s horribly awkward. Don’t do that.
Access Problems
There’s also some really weird caveats over who has access to something. Again, Public and Unlisted are basically the same levels of user access, just with different visibility rules. If you post a private status with Followers Only, anybody that follows you after the fact can see it, effectively circumventing the privacy. If you do some personal correspondence with Private Mention, there’s nothing stopping your admin from reading it in the database.Verdict: Mastodon is great as a public forum, and decent for semi-private posts. However, Mastodon isn’t very good when it comes to privacy provisions, and should never be used to exchange truly sensitive information.
Myth #5: If you’re on a bad server, you can easily move to a good one
Myth: Because Mastodon allows you to move accounts, you can always migrate to a different server. If you’re having a bad time, you can take your data somewhere else!Fact: In theory, this is a great idea. In practice, it’s a hot mess. There are two problems here:
1. Server Availability – The #1 Achilles Heel in this situation is that account migration doesn’t work if your server is down. Either you can’t get to the export screen to download your data, or your original server isn’t around to import data from.
2. Connection Availability – The second significant issue is this: users can’t cross connection boundaries, which often happens when one server defederates from another. If Server A and Server B get into a dispute and block each other, users on one of those servers won’t be able to directly migrate to the other place.
Heck, we’re just talking about moving from one server to another at this point. If you get banned from an instance, there’s a big chance that you can’t even download your own data or perform a migration. Some variations of banning allow a user to log in, access their own things, and maybe make an appeal to the moderators. More often than not, though, it’s easier to just delete the account entirely.
Even when everything works, the experience can be really flaky. Erin Kissane has this to say about her migration experience:
If it weren’t so difficult to understand how to choose a server to begin with, the downsides of migration would sting less, but it is so hard to know if you’ve found the right (for many varied values of right) server until you’re already settled in—by which time you’ve built up posts and conversations you may not be delighted to lose.Erin Kissane, Notes From a Mastodon Migration
Verdict: User migration is a really good idea. When it works well, people are happy. The problem is that it’s not actually usable in a number of circumstances. I’m actually writing an article on my personal blog about what could be done to actually make this experience better, because there’s a lot we could do.Myth #4: Mastodon Federation basically works like email.
Myth: ActivityPub federation, which Mastodon uses, is email-like. Therefore, email is a useful metaphor for understanding the Fediverse.Fact: If you squint, it kind of makes sense. ActivityPub stipulates that users have an inbox and an outbox, which send and receive things. However, the similarities end there.
I mean, it sounds like email?
Technical Differences
Mastodon servers use a push-pull mechanism for dispatching posts and bringing in interactions. Everything you do in Mastodon is handled through this mechanism. Instead of an email message, though, what’s actually being sent are JSON payloads, which are sent to a server’s MultiInbox, then disseminated to a user’sInbox
.The best way to understand anything in ActivityPub-land is that users are performing activities on objects:
[Actor] + [Activity] +
[Object]This gets interpreted as things like:
- [Jim] [Checked In] at [McDonalds]
- [Frank] [Watched] [Terminator 2]
- [Fred] [favorited] [“I Want it That Way” by The Backstreet Boys]
All of this gets interpreted through the ActivityStreams 2.0 Vocabulary, which is a whole other document that needs to be known about prior to implementing ActivityPub. Actor verbs an object, then sends it via their Outbox to a collection of people.
Let’s say that I created this status, represented in JSON:
{"@context": "https://www.w3.org/ns/activitystreams", "type": "Create", "id": "https://firefish.tech/sean/posts/9282e9cc-14d0-42b3-a758-d6aeca6c876b", "to": ["https://firefish.tech/sean/followers/", "https://www.w3.org/ns/activitystreams#Public"], "actor": "https://firefish.tech/sean", "object": {"type": "Note", "id": "https://firefish.tech/sean/posts/d18c55d4-8a63-4181-9745-4e6cf7938fa1", "attributedTo": "https://firefish.tech/sean/", "to": ["https://firefish.tech/sean/followers/", "https://www.w3.org/ns/activitystreams#Public"], "content": "Oh man, One Punch Man is such a great anime!"}}
It’s just a note that I posted to myFollowers
collection, as well as aPublic
collection to define the privacy scope. Then,@[url=https://mastodon.social/users/bob]bob@mastodon.social[/url]
sends me a reply:
{"@context": "https://www.w3.org/ns/activitystreams", "type": "Create", "id": "https://mastodon.social/bob/d74d44q5-2p34-6431-8421-3s9ed1623brd", "to": ["https://firefish.tech/sean/", "https://www.w3.org/ns/activitystreams#Public"], "actor": "https://mastodon.social/bob", "object": {"type": "Note", "id": "https://mastodon.social/bob/posts/f25j22f3-5h13-3422-5632-8m7dp4530pej", "attributedTo": "https://mastodon.social/bob/", "to": ["https://firefish.tech/sean/"], "inReplyTo": "https://firefish.tech/sean/posts/49e2d03d-b53a-4c4c-a95c-94a6abf45a19", "content": "Dude, you have no idea what you're talking about."}}
Here’s what you’re actually looking at: user Sean created an object called aNote
. Bob created a status that’s also aNote
, containing aninReplyTo
pointer that references the original post and its ID. It’s also aPublic
status shared with hisFollowers
collection.Social Differences
There are also some significant social differences to take into account. The biggest thing to understand is that different Mastodon instances have different rules. Software other than Mastodon is capable of sending more than just microblogging statuses and likes.Regardless of semantics, what’s being constructed is actually a public or private conversation that can be fetched from a URL as a resource. Email focuses more on the exchange of messages (text or HTML) between servers in a manner where the resource generally can’t exist publicly. You can’t use webfinger to pull in an external email conversation to your Thunderbird client. In fact, if you’re not using a mainstream email platform like Gmail or Outlook, the manner in which messages in conversations get threaded together can vary on a server-by-server or client-by-client basis.
With email, you just don’t have a situation where your entire domain is cut off because a few bad actors are on it sending bad messages (unless you’re on a spam server). Imagine if Hotmail and Gmail defederated because they just had irreconcilable differences in policies. Imagine if part of Yahoo’s community spent time making receipts of the worst Outlook users’ outbound messages. It just doesn’t work the same way.
Verdict: The Fediverse has some email-like mechanisms, but the metaphor is closer to Usenet groups than it is to the kind of email communication most people are familiar with. Even then, it doesn’t really describe dispatching social interactions back and forth, and doesn’t begin to describe the user experience.
Myth #3: Mastodon is so much nicer than other places!
Myth: Ever since I switched to Mastodon, I’ve had such a great time! People are friendly, more personable, and more thoughtful. It’s so much nicer than the other place I came from!Fact: On the surface, this sounds positively lovely. It’s a feel-good statement reflecting that someone is enjoying a new place and happy to be a part of it. What’s wrong with that?
The problem is a confusion of cause and effect. You may personally have a great time – I certainly have, and it’s kept me on the network for 15 years. However, a positive personal experience can be attributed to a handful of factors:
- Joining the right server at the right time, and matching the vibes.
- Moving to a smaller pond where individuals stand out way more, and engage with each other more frequently.
- Engaging on niche topics that people in that space want to talk about.
- Using a new network differently than you used your old one.
Look, I’m not trying to rain on anyone’s parade. Loads of people have a great time being part of the Fediverse, but that doesn’t mean that the network is inherently nicer than anywhere else. People can bond pretty much anywhere, whether it’s Reddit, Discord, Facebook Groups, or even a public bus station.
Vitriol, bigotry, and other forms of nastiness exist on Mastodon, too. The really confounding part for new users is that they don’t really know if they’re walking into a really great community or a really toxic one, until they’re already part of it. Being on the wrong instance can absolutely ruin a person’s impression of the rest of the network. Why would they even want to come back?
Verdict: Mastodon (and the Fediverse in general) can be really, really great. However, a big part of your experience hinges on who you connect with at the time of signing up, what communities you take part in, and how well your admin responsibly runs a community server. If anything, the “it’s so much friendlier here!” thing is like comparing a really big party to having tea with a few friends, and saying that tea drinkers are much more inviting than party-goers.
Myth #2: Mastodon is ActivityPub-Compliant
Myth: Mastodon’s federation protocol is compliant to the ActivityPub spec, which is why so many different platforms can talk to Mastodon.Fact: Mastodon benefits from being the first major platform to implement the ActivityPub protocol. Rather than conform its platform to the protocol’s specifications, Mastodon made a series of compromises in implementation details. The project did this in a way where its implementation is mostly compliant, but various pieces were adjusted or changed for Mastodon’s needs.
One catastrophic side effect of this is that Mastodon’s implementation became the de-facto standard. Ideally, ActivityPub would benefit from a neutral testing suite that implements the full protocol spec, so that developers could test against it.
That didn’t end up happening. All of the platforms that can talk to Mastodon are only able to do so because they were tested against Mastodon and consequently, one another.
What kind of ways is Mastodon not compliant?
One of the most notable examples involve ActivityPub’s Client-to-Server API, which is meant as a way for clients to talk to a server. C2S was intended to provide consistency for users between platforms, while also allowing many different kinds of clients with distinct activity types to tie into the main platform. This isn’t just one little footnote that was glossed over: ActivityPub C2S comprises literally half of the standard. Granted, C2S was described by more than a few people as cumbersome and vague, whereas Mastodon’s approach was simple and opinionated.Due to Mastodon’s popularity and the rise of clients, the platform’s own client API became the dominant standard. As a result, a large body of fediverse clients and platforms took on Mastodon’s form, since its API dictated how they should work. Had something more like C2S been the dominant standard instead, we may have ended up with a situation where things like Pixelfed or Bookwyrm would have been ActivityPub clients, instead of servers running their own bespoke ActivityPub federation variants.
It’s not all bad, though. The ActivityPub spec is actually pretty vague in some cases, and Mastodon did bring in some useful innovations: Webfinger, HTTP Signatures, and federated user reports are all fairly standard things thanks to Mastodon.
Verdict: Mastodon is compatible with an incomplete subset of ActivityPub that suits Mastodon’s specific needs, making it a de-facto standard. Everybody else achieves interoperability by striving to be compatible with Mastodon, not ActivityPub itself. For the long term, this is actually bad for the protocol.
Myth #1: Mastodon is Easy to Use!
Myth: Mastodon is so easy to use, literally anybody can use it! In fact, everyone should use it!Fact: For a time, a lot of people in the Fediverse did find Mastodon to be more polished, with a better design, and a greater focus on ease of use.
However, that perspective is relative to the audience: compared to Diaspora, Friendica, and Hubzilla at the time, Mastodon felt relatively streamlined. It was comparatively easier to use than those other systems, and it brought in a ton of pretty microblogging clients to enhance the experience further.
Usability from an outside perspective
Unfortunately, it’s a whole other ball game for people coming from other networks. Newcomers are often perplexed by how the system is intended to work:
- Using the search form to grab remote accounts and contents is extremely useful, but not at all obvious.
- Prior to full-text search, discovery was a joke. There were just hashtags, and you’d better hope that people used it when posting about stuff you were interested in.
- Trying to interact with remote content on another server is still kind of confusing, if you’re not interacting with it from your own server. Yes, the popup for interaction and following got a lot better, and you don’t have to copy and paste things anymore. The flow is still bewildering to people who don’t yet understand it.
- Sometimes, just to trying to follow or respond to a remote account just fails, because the user had no idea their servers blocked each other.
- Privacy scopes have a bunch of exceptions to their expected behavior.
The problem is that these people will often complain about clearly broken UX, and then proponents of the network will basically tell those people that they’re stupid for “not getting it.”
Some of the shade that gets thrown around involves how those new users were groomed by the network they’re fleeing to have an “influencer mindset”, or that they’re “mad that our thing isn’t exactly like Twitter.” A lot of these new people end up feeling alienated by this treatment, and either check out Bluesky, or go back to Twitter.
Verdict: Mastodon is vastly easier to use than a lot of the Fediverse platforms that came before it, and gradually improving. It’s still full of unfamiliar concepts and rough edges to newcomers. We should also remember that things which seem ordinary to us might be wildly different to someone new, and try to help them, rather than shame them.
Thanks for taking the time to read all of this. I didn’t write this article with the intention of hating on Mastodon. It’s just that the network has been going through a rapid state of expansion and growth. As new users come in, we need to pick up the events of the past, examine them critically, and try not to repeat some of our worst mistakes. Misinformation and knee-jerk reactions are a big part of that.
Despite all of these myths and misconceptions, Mastodon is still a valuable and important platform, and still plays a large part in the Fediverse’s growth today. There are tons of amazing people on it, willing to share their life stories, hobbies, perspectives, and passions.
If you’re interested in giving Mastodon a try, we wrote a super-comprehensive guide that can help you every step of the way.
https://wedistribute.org/2023/11/debunking-the-top-10-myths-about-mastodon/
Erin Kissane's small internet website
The latest entries posted on Erin Kissane's small internet websiteerinkissane.com
Configuring the Service Actor domain on Rebased ($3634512) · Snippets · Soapbox / Rebased · GitLab
Fediverse backend written in Elixir. The recommended backend for Soapbox. https://soapbox.pubGitLab