Salta al contenuto principale


Fediverse Report – #120

Fediforum happened this week, porting your social graph cross-protocol with Bounce, Bonfire gets closer to release, a prominent Lemmy server shuts down, and much more.

I also run a weekly newsletter, where you get all the articles I published this week directly in your inbox, as well as additional analysis. You can sign up right here, and get the next edition this Friday!

FediForum and related announcements


The FediForum unconference was this week, with three days of sessions, keynotes and demos. The event was originally scheduled for April, but got cancelled at the last minute due to drama around transphobic statements made by one of the co-organisers. The individual in question left FediForum, and instead FediForum set up an advisory board with a number of community members. This edition of FediForum had keynotes for the first time, by ActivityPub co-creator Christine Lemmer-Webber, author Cory Doctorow, and Ian Forrester, who lead a Mastodon instance at the BBC. There were also a large number of demos (list here) and unconference sessions about a wide variety of subjects. I’ll write more about both the demos and the keynotes once the videos of them will become available online, likely next week.

Bounce is a newly-announced tool that allows people to migrate their social graph across protocols. It is made by A New Social, the organisation behind Bridgy Fed. The ability to port a social graph from AT Protocol to ActivityPub reshapes what is possible within the Open Social Web. For that reason, I think Bounce is a meaningful release, with its power mainly being in altering the shape of these networks. I wrote an essay on that this week that goes into the philosophical side of Bounce. For more practical information I can recommend this coverage by TechCrunch and The Verge. Meanwhile, A New Social’s CTO Ryan Barrett has shared all the updates and new features that have happened to Bridgy Fed over the recent months.

Music sharing platform Bandwagon shared more information during Fediforum on their development work, and how they are working on integrating album sales. A dev blog by Bandwagon recently shared their plans on adding a premium subscription, and how album sales work. During a Fediforum session, developer Ben Pate shared some screenshots on what this looks like. WeDistribute has a deep dive into Bandwagon and the current state of development based on the latest FediForum session.

Bonfire is an upcoming fediverse platform that has slowly been reaching the end of the line for development, and they announced the release candidate version of Bonfire 1.0. It is a framework and platform for building communities on the fediverse, and has a large variety of features and extensibility. One of the standout features is circles and boundaries. Circles allow users to define lists of accounts, and boundaries allows users to determine on a per-post basis to what circles each post gets shared. This creates a significant amount of flexibility on how to handle private posts, something which is in huge demand within the open social web. Bonfire also gives users a large amount of control over how they see and filter their feed. For more of a philosophical take on that, I recently wrote about how Bonfire’s approach on custom feeds compares to Bluesky’s approach. The developers are inviting people to install their own instance and experiment with the new features. It is unknown when Bonfire will be ready for a full 1.0 release. For another look at Bonfire, TechCrunch also covered the story.

Filmmaker and fediverse evangelist Elena Rossini has released her fediverse promotion video, which was highly anticipated by the community. The video can be viewed here, and tells the story of why the fediverse matters for a lay audience. The video is worth paying attention to for two reasons: first of all, it is a well-produced promo video for the fediverse that explains some of the core ideas in an accessible manner. Secondly, the video has gotten a huge amount of support from within the fediverse community, with a large number of prominent people within the community supporting Rossini’s work. One of the challenges of analysing a decentralised community is that there is no singular decentralised community, there are a wide variety of different groups and cultures. However, by seeing how and who responded positively to the video, it becomes clear that Rossini’s video does represent a dominant and popular understanding of what the fediverse is, and why it matters. In that way, analysing the video does provide good insight into the one of the more dominant and popular cultures of the fediverse.

Shutdown of Lemmy and opportunity for PieFed


Lemm.ee, one of the biggest Lemmy servers, is shutting down at the end of June. The team says: “The key reason is that we just don’t have enough people on the admin team to keep the place running. Most of the admin team has stepped down, mostly due to burnout, and finding replacements hasn’t worked out.” This has some significant impact on the wider Threadiverse community, as the lemm.ee hosted a significant number of popular communities. This makes server shutdowns on Threadiverse platforms signficantly more impactful, as they also impact people who do not have an account on the platform. Community migration is challenging, and there are no specific tools to help with a community with migrating to a different server.

The shutdown of the Lemm.ee server provides an opportunity for PieFed, a link-aggregator platform similar to Lemmy. PieFed is over a year old, that has seen significant development and new features beyond Lemmy, but has not managed to gain traction yet, with growth of users being slow. However, now that communities on the lemm.ee. server need to find a new place, PieFed is emerging as one of the main destinations. In turn, this is giving PieFed some much need promotion and awareness within the Threadiverse community, with PieFed doubling the number of accounts within a week. Lemmy clients are also starting to add support for PieFed, with the Lemmy client Interstellar already supporting PieFed. PieFed also uploaded two PeerTube video walking through all the moderation and administration features the platform has.

Platform updates


Ghost’s work on implementing ActivityPub is getting close to an official release. In their latest update, Ghost said that their ActivityPub integration will be part of the Ghost 6.0 release, which will come in ‘a few weeks’. The team has been working on ActivityPub for over a year, and have grown from 3 people to 8 people now working on their social web integration. For Ghost, the ActivityPub integration is more than just another connector, describing it as ‘a statement that the open web still matters’.

Mastodon is planning to release a new update, version 4.4, with the first beta now available. Some of the new features include the ability to set more feature content on user profiles, more list and follow management tools. For admins, there are better tools for setting legal frameworks, moderation tweaks and more. The biggest feature of the patch is that it will display quoted posts. The highly requested feature will only be fully available in version 4.5, which will include the ability for users to create quoted posts. Mastodon CTO Renaud Chaput says that he expects version 4.4 to be released at the end of June, with version 4.5 scheduled a few months later in September of October. The organisation also shared their monthly engineering update for May.

PeerTube released their latest version, 7.2, with a new design for video management and publication pages. PeerTube also now has more features for handling sensitive content. Creators can now add an explanation of why the content is marked as sensitive. Users also have more flexibility with how they want sensitive content to be handled, with various different configurations between hiding, blurring or warning about a video with sensitive content. PeerTube is also running a crowdfunding campaign for the mobile app, which has now crossed the halfway mark at 35k EUR. This milestone is for video management from the mobile app, with the next milestone being for livestream support in-app. The PeerTube app developer also shared a blog post with his thoughts on the technical framework considerations for building the app.

Hollo is a single-user microblogging platform, and their latest release has a significant number of new features, including better OAuth and various upgrades to the UX. Developer Hong Minhee also announced that independent fediverse developer Emelia Smith will join as a co-maintainer for Hollo.

The Links


That’s all for this week, thanks for reading! You can subscribe to my newsletter to get all my weekly updates via email, which gets you some interesting extra analysis as a bonus, that is not posted here on the website. You can subscribe below:

#fediverse

fediversereport.com/fediverse-…


Fediverse Report – #110

A vulnerability in Pixelfed caused private posts from other platforms to leak, a post-mortem on the CSAM scanner from IFTAS, and Fediforum has been cancelled.

Pixelfed vulnerability impacts private posts across most of the fediverse


The fediverse suffered from a significant breach for private accounts, that affects the large majority of fediverse servers, due to a vulnerability in the Pixelfed software. What is notable about the situation is that the software vulnerability is in Pixelfed, but the affected accounts are not exclusive to Pixelfed: accounts on Mastodon and other fediverse software with a form of private accounts are also vulnerable. The vulnerability was found by the independent developer Fiona, who wrote a blog post about the vulnerability and the disclosure process.

To understand the situation, a short explanation of two features of Mastodon and some other fediverse microblogging software, locked accounts, and follower-only posts. Together these two features make it possible to have a form of private accounts. Locked accounts means that you cannot automatically follow that account, it has to be approved instead. Follower-only posts means that the post will only be displayed to your followers.

When a locked account approves a follower, follower-only posts now get send to the server that this follower is on. Because the receiving server now has this follower-only post in their database, they need to correctly handle whom they show this post to and whom they do not. If another account on the other server also tries to follow the locked account, but the locked account does not approve, this third account should not be able to see the messages. This is where Pixelfed’s vulnerability comes in: Pixelfed was not waiting for a confirmation if a follow request was approved, it assumed that it was automatically approved. That is how any private posts made on (almost) any fediverse server could be leaked: if a Pixelfed server already had the private post (because of someone of Pixelfed followed the locked account with approval), it would show it to anyone else who also tried to follow the locked account, even if the locked account rejected the follow request.

Pixelfed’s vulnerability points to deeper issues with the fediverse, activitypub and private posts. If all it takes to leak private messages is another server to be misconfigured, than it indicates the huge security risk inherent in private posts via ActivityPub. Even more so considering that the network incentivises and encourages people to build their own software implementations, which increases the risk of security vulnerability and other misconfigurations significantly. For simplicity I’ll focus here on Mastodon, although it also goes for other microblogging fediverse software that offers a combination of follower-only posts and locked accounts. At its core, private posts via ActivityPub requires to trust other servers. This is how ActivityPub works: your server sends posts to another server. There is no way to enforce that this other server respects your preference on how they should handle this post. If you do not trust another server to handle your data properly, the only way to deal with that is by not sending your post to that server.

When you make a follower-only post on Mastodon, the UI prompt warns you that followers-only posts without setting your account to locked allows anyone to view your posts by simply following you. The documentation for Mastodon also reinforces this, saying: “To effectively publish private (followers-only) posts, you must lock your account–otherwise, anyone could follow you to view older posts.” The documentation makes it clear that Mastodon views the combination of follower-only posts with a locked account as private posts. But nowhere is it made clear that these posts being private depends on other servers being good actors and not having an error in their code. So using private posts on Mastodon comes with the risk of the private posts being leaked due to flaws in other software, without people being aware of this risk.

Once a leak like this one happens, it is unclear who is responsible for communications with affected users. It was a flaw in Pixelfed that caused the vulnerability, but it is other people on other fediverse servers that are affected. Pixelfed developer Daniel Supernault has only made minimal announcements, urging Pixelfed admins to upgrade, without further explanation to the people who are actually affected by the vulnerability. Personally I think Supernault should have handled communications significantly better. But it is the thousands of fediverse server admins who provide the actual social networking to people on their server. They are the ones who are offering a social networking site with a variety of features, including the ability to make private posts (as advertised by the Mastodon software), and are the ones who are responsible for handling the data of their users. I could only find one example of a server admin that has informed their users of the situation, even though it is the data of their users that is affected. I’m unclear if this is because the admins are not aware of what’s going on, or the admins view it as the responsibility of someone else to inform people that data they thought was private might potentially have been leaked.

Overall, it means that there actually three separate problems going on at the same time:

  • The first problem is that Pixelfed had a vulnerability which leaked private data from people on other platforms.
  • The second problem is that software like Mastodon and others promise private posts, without explaining what the risks are of using private posts, and that this depends on other servers behaving correctly. The Pixelfed vulnerability shows that these concerns are not theoretical or minor, but can happen to one of the biggest fediverse software/server.
  • The third problem is that when private data gets leaked, most fediverse server admins do not inform the people on their platform that they might have been affected by this.

It is still unclear to what the direct impact is of the Pixelfed vulnerability, and how many people’s private post have been accessed by others, and it’s unsure if that will ever be answered. But it is the indirect impact of the situation that I’m most interested in: will this change how people perceive private posts, and will it fediverse server admins take a clear position on when they should inform their users, and when the should not?

IFTAS’s post-mortem on their Content Classification System


IFTAS, the Independent Federated Trust And Safety organisation, has released a post mortem on their content classification system (CCS). The CCS project was a pilot project to detect and report CSAM for a small group of Mastodon servers, and lasted for half a year. The pilot was shut down after IFTAS did not manage to find the funding they were looking for, and the organisation had to shut down most of their projects this month.

CCS operated on 8 servers, which combined have around 30k monthly active users, and IFTAS found a total of 80 matches, averaging 4.29 matches per 100,000 media files. IFTAS writes:

“4.29 matches per 100,000 may not sound like a large number. However, to be clear, this is a higher number than many services would expect to see, and it includes a broad range of media, from “barely legal” minors posted publicly, to intimate imagery shared without consent, to the very, very worst media imaginable. In some cases, it was apparent that users were creating accounts on host services to transact or pre-sale media before moving to an encrypted platform, under the belief that Mastodon would not be able to detect the activity.”

The results show that there is a clear need for proper CSAM scanning and reporting services for the fediverse, and that IFTAS does not have the funding to provide such a service is a significant loss to the network.

On a note related to IFTAS’s funding: Erin Kissane gave a talk at the AT Protocol conference recently, in which she talked about ‘vernacular institutions’. She described vernacular institutions as emergent and local organisations, which solve practical needs on the ground. Kissane describes vernacular institutions as ‘more useful than legible’. She then mentions IFTAS as a clear example; it provides a need for local communities (as illustrated by the CCS project), but its illegibility made it hard for funding organisations to understand what IFTAS was doing and provide them with the funding they need.

Fediforum has been cancelled


Fediforum has been cancelled, to be rescheduled at a later date. The unconference about the fediverse and the open social web was scheduled for today and tomorrow, April 1-2. This was supposed to be the 5th edition of Fediforum, which consists of speed demos and sessions that anyone can run on any topic. Fediforum is organised by Johannes Erst, with Kaliya ‘IdentityWoman’ Young as the co-organiser. Transphobic tweets by Young had surfaced in the days leading up to the event, and various prominent community members announced that they were either withdrawing themselves from the event, or said that they personally would not want to go to the event. Ernst then announced on his personal account that Young would be “transitioning out of Fediforum”. A day later (March 31), the official Fediforum account confirmed that Young would no longer be involved. At this point, community trust in Ernst was damaged and the discourse had reached a harmful stage, and Ernst decided to cancel the unconference and reschedule it to a later date. WeDistribute has a more extensive writeup of the situation here.

An unconference like Fediforum depends to a large extent on community trust and good intentions, and it was clear that the vibe was not great for constructive conversation at the point that Ernst decided to postpone the event altogether. Still, Fediforum provided a great place for fediverse projects to do some promotion with the speed demos, and Fediforum said that they even had a waiting list for this edition. There is a clear demand for an (un)conference like Fediforum, but the fediverse has not managed to create other community events that allow people to showcase their fediverse project in the last few years, besides Fediforum itself.

At the time of publishing, Fediforum held a 90minute long townhall/roundtable discussion on the future of Fediforum and the broader issues. I’ll write more about this next week.

The Links


That’s all for this week, thanks for reading! You can subscribe to my newsletter to get all my weekly updates via email, which gets you some interesting extra analysis as a bonus, that is not posted here on the website. You can subscribe below:

#fediverse

fediversereport.com/fediverse-…


reshared this