greg 🌲🌲 is a user on social.coop. You can follow them or interact with them if you have an account anywhere in the fediverse.
greg 🌲🌲 @gc

I dread the day that silicon valley 'discovers' the fediverse and it starts getting popular in a Big way.

the day that happens is the day that VC money starts pouring into startups that will try to 'develop' (ie systematically colonize, commercialize, and exploit) the fediverse, which is, as of today, one of the few non-capitalist (as in non-commercialized) spaces left on the internet.

how do we prevent this from happening? how do we make it impossible for this to happen in the first place?

@gc Keep them busy with Blockchain as long as possible :P
Better yet, let them overinvest in blockchain so heavily that they risk getting pulled down with it when it collapses.

@gc I thought it happened once already, a few months ago. They got called out on some GPL thing and were made fun of relentlessly and disappeared. In the short run it seems to work but in the long run..

@gc (More seriously, AGPL all major implementations)

@cathal @gc this is why i didnt like the pixelhub or whatever, its MIT licensed. I dont trust like that

@oct2pus @gc Relatedly, there's a Rust microkernel project called Redox: redox-os.org/ - That looks amazing, but he decided to license it "permissively" because that's the culture of Rustaceans. So, he thinks it'll be all about freedom, but really it'll be embedded and locked down into a new form of OS-level oppression. :(

@cathal @gc I'd like a minimal activitypub implementation for pushing status updates that is permissively-licensed so I can embed it in IoT devices.

@gc @cathal no front-end (except for the raw HTML of posts I guess), very little API, simplified back-end.

@SoniEx2 @gc Why would it need to be "permissively" licensed to enable that use case?

@cathal @gc because it wouldn't have an (HTTP) API, so you would have to use it directly. i.e. link to it.

@SoniEx2 @gc The GPL does not accidentally enforce freedom, it's designed to. This reads a little bit like "I'd love to use this but then I'd have to make it free also" which is exactly the point of the GPL, and why it's relevant to preventing finance-backed enclosures and destruction of the commons we all value.

@cathal @gc how's having IoT in AP gonna harm public instances? as long as no public instances are directly built on something with very limited AP support and no multi-user support, you're gonna be fine.

but routers should still be able to use proprietary AP.

@SoniEx2 @gc So, are you suggesting that you, as the user and designer, will be the only person to use the software? The AGPL does not apply to personal use like this. It does apply as soon as you give or make available the software to others. As soon as you do that, without giving them access to the source code, you make them depend on you to use, modify, improve, or inspect their software/device. And that's not freedom, so the AGPL is there to enforce freedom.

@cathal @gc omfg let robots use AP without having their personal boundaries violated by ppl like you.

@gc @cathal I'm sorry. I'm not really in the mood to argue about free software.

@gc Ze Frank used to host a thing he called The Show. He'd start every episode with a bizarre intro to scare away those looking to jump on the bandwagon. About 90 seconds in the intro would abruptly stop and Ze would ask "Are the new viewers gone yet?" Those that persisted were rewarded with a fabulous experience.

Perhaps there can be some collective, baked in deterrent like cold winters in Minnesota keeping out the "riff raff" as my former girlfriend's grandma used to say.

@awedjob @gc All the pointless infighting and arbitrary communication barriers enforced by some immature instance admins would fill that role?

@awedjob @gc AFAIK this is what #9front does. Just look at fqa.9front.org. It's a meme dump.

@gc @awedjob I'm not saying that it's good that they do that, but it's a relevant data point.

@gc don't think you do - just when it happens other "fediverse" equivalents will appear, or continue to run in the background/alongside, as they always have.

those who are aware of them will continue.

and one day if we are lucky, people will simply ignore attempts at commercialisation and they will die of starvation

@gc

Grow the alternative enterprise community faster. Develop financing for enterprises that wish to exit as worker cooperatives, and financing for enterprises that start as worker cooperatives.

@gc
The Multifed? The capability to have a fediverse isolated from the general fediverse solves that problem. Strong protections on a user and instance level mean we can block compromised users and instances from invading a particular fediverse in the Multifed.

(I now dedicate myself to making "Multifed" a real word people use)

@gc

federation helps- a "toxic" instance can be isolated.

we need to evolve as humans for it to be impossible to happen. i don't think it's a matter of either legislation or technology (besides, both are owned by captialists/authoritarians)- it's a matter of prioritizing human relationships and liberation above hoarding.

don't know how to get there either: maybe one (small) step at a time.

@gc

1) Ensuring that the fediverse remains decentralised is a big part of it. Vigiliantly preventing singularities of accumulation actively discourages capital.

2) If you develop applications, make sure they're released under the AGPL 3.0 or GPL 3.0

In my case, I released a little library for IPFS recently, but made the licensing optional (AGPL3, GPL3, or MIT) because it can only be used to build decentralised things. It would make no sense to build barriers to prevent that from happening.

@gc you can't stop it from happening anymore than you could prevent people from commercializing email or the web. It's an open standard. Let them use it if they like. That's the beauty of it.
@hector @gc you saw what happened with hiveway though right? people on the fedi decided it was offensively stupid, and bullied it off the map.

@gc I've prepared by preemptively instance-blocking capitalist.party

@gc as a Fediverse developer, focus on user experience. Open source implementations are often colonized or replaced by startups who can attract users through superior user experience, even if their code is primitive.

Also, AGPL license everything.

@sixohsix @gc Forget code quality, just make it work.

@gc If this happens I think they will try to buy the biggest instances, pour money and developers into making the user experience - particularly on mobile - as slick as possible and then add ActivityPub extensions which make it incompatible with other instances. After enough time had passed they would then drop support for ActivityPub and OStatus.

That's pretty much how web 2.0 pushed out the earlier federated groupware systems.

Ways to work against this are:
* Make it easy to block bad instances
* Discourage very large instances with thousands of users, which will be the most attractive for colonization.
* Promote general awareness of the kinds of tactics which have been used in the past against federated systems
* Encourage users to value community above convenience. Colonizers will try to dazzle users with convenience and shiny/trendy features.
* Create a lot of noise if there is any company trying to subvert open protocols with their own extensions.
* Make it easy for users to switch instances, aka "nomadic identity" so that they can "vote with their feet" if an instance starts adopting bad policies. The difficulty of moving from one instance to another is definitely something which colonizers will try to exploit.
@gc Another way they might do this is with content exclusive to an instance (non-federating posts). They could then hire some celebrities or use an adsense-like system to attract users onto their instance. Once enough users were on their one giant instance they could then defederate entirely.

@bob @gc Other than awareness, I think encouraging a relatively low user to instance ratio is the single best longterm tactic. The bigger the diverse ecosystem of small instances is when money bags get involved, the harder it will be to control. I seem to read conflicting stuff on whether mastodon itself plays nicely with the rest of the fediverse as it is already though.

@bob @gc Agreed overall. On the bright side the Mastodon ecosystem has been doing an unusually good job (by free software standards) of making the slick & shiny things. Turns out that a lot of ordinary users want nice phone apps with push notifications and this requires development work that "pure" FS people don't want to do. Those who produced those apps have seriously helped to immunise the community against much more aggressive commercial interests.

@bob @gc Worth noting that there is already a major corporate instance - Pawoo. The trick is that it's exclusively Japanese, so most people don't pay attention to it in the English-speaking Fediverse (other than to block its media, due to certain content posted there that's considered OK in Japan, and taboo at best, illegal at worst in the west).

They've done some pretty extensive modifications to the front end, AFAIK, too.

@bob @gc Another thing that's just *started* to become a problem is spam on the Fediverse.

E-mail as a federated protocol is under massive attack under the guise of anti-spam measures, after all, and I don't see anything inherent to ActivityPub or to Mastodon or Pleroma that improves the anti-spam situation relative to e-mail.

@bhtooefr @gc I havn't seen any spam here so far, but there was talk of closing spam accounts recently, so the spammers must be trying.

Unlike email the fediverse is authenticated and that will make life a lot harder for spammers.

@bob @gc Easy to spin up a new instance, though...

@bob @bhtooefr @gc wait, what, you need to authenticate with your email provider in the same way you authenticate with your instance?

@charlag @bob @gc E-mail is... complicated.

So, you have a legacy of open SMTP relays - send whatever you want, claiming to be from wherever, and it'll transmit the message. SPF is designed to fight this, by only allowing certain servers to originate SMTP mail for a domain (if the domain's SPF record doesn't match, then something illegitimate is going on, and the message should be blocked).

@charlag @bob @gc You also have some SMTP servers without authentication - if you send a message claiming to be from the domain that the SMTP server handles, they'll accept it and send it out without authentication.

These bad practices are ending, at least - servers that do these things tend to be put on blocklists, and then nobody gets any of their e-mail - but then once you get on a blocklist, it's almost impossible to get off.

@bhtooefr @gc @bob Doesn't every major ActivityPub implementation authenticate POSTs to actors' inboxes in some way?

@bob @gc "Discourage very large instances with thousands of users, which will be the most attractive for colonization."

This is more important than people realize.

@mdm @gc @bob At the same time, how do we share the infrastructure we need? I am thinking we need more hosting cooperatives...

@mdm @bob I feel like we're generally safe. Even Ello has an order of magnitude more active users than the largest instances. Just in case, though, it should be a whole lot easier to migrate to a new server, automatically transferring all data and followers.

@bob @gc what are some warning signs that stuff like this could be happening already?

@levlaz @gc @bob I would say that spam is an early warning sign of network relevance.

@cathal @gc @levlaz With spam it's all about the numbers, so they must think there are enough users here to justify the effort of trying to create and maintain accounts.

@bob @levlaz @gc Pretty much. And the jump from "marginal value is enough for spam" to "marginal value is enough to underwrite loss-leading companies to enclose the commons and squeeze it for surveillance value" is pretty small. Mastodon is not designed to account for or prevent mass surveillance by outsiders, either. Not even a tiny bit, it's far more vulnerable than Twitter or Facebook.

facebook Show more

@cathal @bob @gc @levlaz I am getting flashbacks to nntpchan's spam days where someone decided to spam the moderation newsgroup with viagra links

@jeff @levlaz @gc @bob I'm remembering when I wrote and released TinyStatus, with the claim that it was "spam resistant", the only person to join the testnet was a dude who set up a spambot just to prove that, if the spammer cares enough and doesn't need throughput, they can always spam. :) github.com/cathalgarvey/tinyst

@cathal @bob @gc @levlaz if someone claims something is spam resistant the spammers always line up to to remind what the term "spam resistant" actually means.

@jeff @levlaz @gc @bob Well, TBF proof-of-work is probably the only thing that would actually work at scale to make spam unprofitable. But it works by making it impractical to send arbitrarily large amounts of spam; it won't stop "spear-spamming" because the volumes are very low. However, there are other, better strategies for dealing with spear-spamming, so I think proof of work is still the best first-line strategy. And, it can also be used to limit API requests or page-loads, vs. surveillance

@cathal @bob @gc @levlaz i am convinced BTC was made just to make PoW unusable for anything but as a money machine. sha256 ASICs and the many GPU farms make PoW for rate limiting easier for spammers with a GPU than a normal user.

@jeff @levlaz @gc @bob Well, when the sha256 based currencies eventually die out, we'd better hope those ASICs can't be repurposed for password cracking. :) For Proof of Work, I'd suggest a configurable memory-hard algorithm anyways, not a straight hash.

@cathal @gc @levlaz @jeff I did some amount of development on Bitmessage years ago and it eventually became obvious that proof of work wasn't a viable anti-flooding mechanism, since it created other collateral problems and made the system unusable on mobile.

@bob @jeff @levlaz @gc I'd be interested to see a discussion on that! But I do think that proof of work needs to be coupled to a trust waiver system, and it should be deployed so as to allow a baseline read throughput without needing POW. e.g. you shouldn't need JS to read Mastodon; so 60 requests per hour might be free of POW, and logged in users might get 1,200 free read requests, instead. Post messages might be limited to 10 free per hour, etcetera.

@gc aggressively federate. fragment enough to make assimilation across instances harder than communication across instances. proliferate implementations and clients and governance models. ground funding in co-ops, nonprofits, academic institutions, small business, and local governments. grapple sooner rather than later with the hazards of data-mining and marketing.

in other words: learn both the positive and negative lessons of e-mail, irc, usenet the pre-megacorp web, etc.

@gc Figure out with whom you want to federate, basically.

This is (and has been) one of IRC's greatest, most enduring strengths: you can set up your own, any time, and relay with the like-minded. Or just break links and tell them to talk to the hand.

@gc That already happened once though? I've already forgotten what the instance was called that had some weird blockchain tie-in but it didn't really disrupt the fediverse beyond lots of people talking about it. I guess I'm not too worried about corporations trying to take this from us; it seems fairly clear how to handle them in this setting.

@gc Say hello today! Sequoia has lead the first round of funding for @pixelfed! /s

@gc wonder if this is the actual issue - commercialization and the capital coming in?

It’s never really been about the money its self but more about who majority owns the platforms/ecosystem. Which in the past has been a small number of founders and investors.

NOW the users need to be the majority owners.

Coopertizing the Fediverse is the best possible to staving off a β€œcolonization” while not impeding the relevancy and growth of the Fediverse as whole which is equally important.

@gc Having read lots of responses to your post, there's some great ideas in there. Two stick our for me: capital likes scale, and on the interwebs isn't concerned with profit, merely the potential for profit, so keeping the size of instances down is a great way to keep the whole thing looking less attractive. Couple this with real baked in user ownership and control as we have with .

Avoiding privatisation-friendly licensing of code (e.g. Apache, MIT) is also a good thing.

@Graham_Mitchell @gc Totally agree. In addition, integrate with other cooperative platforms and organizations to help build the networks that will keep us all honest.

@Matt_Noyes @gc Interesting. I hadn't considered that. I guess that suggests a couple of options in its own right - the potential for integration of Mastodon software with other tools, and the integration of Mastodon communities as part of the fabric of a new cooperative digital mesh.

@gc we need to spread the cooperative model as much as possible, as fast as possible. Cooperatives are extremely resistant to buy-outs, both for practical and emotional reasons

@gc It's currently impossible to search statuses. KEEP THAT. That's a big stumbling block to monetization.

@bvtsang
That looks like a method for searching your own instance, not a remote one via client or api.
@gc

@snoot @gc Ah, when you said "impossible to search statuses" you meant searching statuses from remote instances (as opposed to search limited to just your instance). Thanks for clarifying.

@gc one of the things I've done is at least keep tabs on the known corporate spaces that currently exist and added them as a special category on my blocklist so we can keep an eye on them and potentially remove some of their social power by defederating from them

@gc People with backing have tried to do this a couple times. They've failed by overestimating the degree to which it's commercialization-friendly. Also, they've used mastodon, which is AGPL. Also, generally speaking, they've broken federation in order to prevent their users from realizing they can switch to a less-shitty instance. It could be done more competently & I'm not sure how it would be best prevented

@gc We've gotten lucky in that j3st3r & John MacAffee are idiots & no non-idiots have tried it yet.

@gc Alternatively, how did we help to shut down Hiveway?

getting pretty frustrated with all the responses that essentially boil down to 'but what if we just like, didnt let capital accumulate, man?'

...that's not how any of this works. one does not simply wish away the inexorable logic of capitalism.