Social networks are normally very sticky—you want to be wherever the people you want to interact with are—so it's hard for alternatives to succeed. With the upheaval around Twitter, however, a lot of people are considering moving away from it, and rethinking social media choices in general, which makes this an unusual opportunity for community migration. I'm especially seeing a lot of suggestions that people move to Mastodon.

Instead of being run by a single company that builds the software and runs the servers (Facebook, Twitter, etc) Mastodon is more like email. You sign up for an account with some provider ("server"), but can talk to people regardless of which provider they're signed up with ("federation"). There's an open protocol (ActivityPub), open-source server software (Mastodon, Pleroma, etc), and many servers you could join.

Overall I'm pretty pessimistic about Mastodon, even if we only imagine futures in which lots of people move to it, because of spam. Handling spam on a centralized platform is hard but manageable; federation changes this dramatically for the worse. Imagine you're running a server, and you get an incoming message (comment, like, DM, etc) from an account on another server. Today the default is to let it through, but as Mastodon gets larger there will be more and more money to be made in spamming there, and the larger a fraction of those incoming messages would be spam. Many of the signals centralized platforms use to detect spammers (local activity, account age, IP addresses, etc) are not available in a federated context, leaving server admins (and the software they delegate to) very little information for identifying and blocking spam. It's at least as hard a problem as email spam filtering, probably harder because of shorter messages, and I expect this makes it very hard to run a server that doesn't drown its users in incoming spam and reliably gets its messages out to other servers. Maybe we get to the equivalent of everyone using Gmail/Hotmail/Yahoo and anyone with a different provider has a very frustrating time?

Still, I'm happy to give it a try, and if it does collapse in a pile of spam, oh well. Does anyone have a server they'd recommend? I'm not that excited about the idea of joining a server at random because I'm trusting the server admin not to impersonate me, and also because apparently being on a server with an interesting local timeline is fun.

(I considered self-hosting, but an email server is already more complex than I want to manage and a Mastodon server is much more so.)

Comment via: facebook

31

New Comment
19 comments, sorted by Click to highlight new comments since: Today at 2:33 AM

While selfhosting email in the low-level sense of your own VPS and installing your own mail server software is frustrating today, I find this is relatively rare. More common (besides personal Fastmail/Hotmail/Gmail) is to own your own domain but pay a webhost. E.g. Fastmail or Google Workspace with custom domain, or a webhost like Hover, Gandi, Squarespace, GoDaddy, etc.

This benefits from a larger-scale spam filter, whilst also having complete autonomy over who uses it and what they use it for, plus the ability to transparently move providers if you wish, plus the freedom to pick your email client (eg. Thunderbird with full and offline copy of your data), plus it has resulted in thousands of large domestic webhosts around the globe, not a handful of international ones only.

It's not as decentralised as everyone managing their own software packages on a Rasberry Pi buried in their backyard, but it certainly allows anyone to do that if they want...

To draw the analogy with Mastodon, I could see us avoiding having only a few big Mastodon sites plus some self-hosted ActivityPub sites if we lean into the web hosting model. There are already major players like Masto.host, who could eg. offer centralised anti-spam measures in the future.

Anti-spam could also be decoupled from hosting, such as the case with blogs. E.g. you can self-host WordPress, or choose a professional WordPress hoster. The later is still orders of magnitudes more decentralised than everyone on WordPress.com, and anti-spam can be offered by the hoster, or through a plugin like Akismet that contacts a differerent shared service for that of your choosing.

Mastodon already supports relays and webhooks that are being used to share block lists between like-minded instances, allowing you to be closely integrated with a community (including populating eachothers federated timeline) whilst still being hosted separately.

I dunno about the e-mail/web hosting analogy, at least for the purposes of thinking about possible anti-spam approaches.  As I understand it, the current state of Mastodon hosting is much more like the WordPress hosting example than the e-mail hosting example, in that each customer gets their own isolated instance of the software for their domain.  I think a lot of the ability to achieve larger scale spam filters and etc on email hosts comes from the fact that the actual infrastructure is shared.  E.g. my impression has generally been that separate Akismet-style anti-spam services has been more successful in the WordPress context than hosting-linked solutions, and that hosting-linked solutions are generally similarly implemented as plugins anyway rather than being built into the infrastructure in some deeper way.  (But it’s entirely possible that I’m behind the times on that front?)  In that case, there’s nothing special about the hosting provider being the same that enables anti-spam — it’s all about creating coordination systems that are trusted by many instances and thus re-create centralized decision-making for the spam-specific slice of the content moderation problem.

the entire spam problem comes from the underlying desire to see content you didn't have to explicitly find and request.  e-mail spam is because you WANT to receive e-mail from some strangers, and it's hard to distinguish that from strangers you'd rather not hear from.  Twitter/social spam is because you WANT to see some posts from people you didn't explicitly follow, by tags or by topic.

I think I mostly don't understand the lines of federation within Mastodon.  Is it intended that the server is the unit of community, with cross-server DMs and following, but only by individual, not by topic or thread?

It sure would be awesome if Lightcone Infrastructure spun up a Mastodon instance for the extended rationalist/EA/AI safety communities.

There is schelling.pt, which originated from the tpot/tcot on twitter, which I've used for the last year and a half.

I operate schelling.pt (to varying degrees of reliability) and highly encourage everyone here to try it out; here's an invite code good for a week: https://schelling.pt/invite/pa9WHTvX

I don't use twitter or mastodon, and have clearly misunderstood. I thought that the point was you only saw things from people you were following, or maybe things people you follow shared from other people they follow? Presumably this is not right, because if it was you would just not follow any spam-bots.

They're are a bunch of cases where you would see something from someone you didn't choose to interact with. Someone could tag you in a post, boost (retweet/share), favorite (like), or reply to (comment on) one of your posts, follow you, or send you a direct message.

One thing I have been giving thought as well is that at the end of the day there is a still a central point of authority in any given instance. Which brings with it other issues such as possible liability in regards to content moderation as well the financial commitment. I think Mastodon federation only solves half the problem and the second half could be solved with a DAO as its underlying governance structure where the users themselves vote to agree on moderation rules as well as funding the operations of the instance.

I considered self-hosting, but an email server is already more complex than I want to manage and a Mastodon server is much more so.

I have no affiliation here, but there's lots of places like masto.host where you can pay to host your own instance. Sure, someone running your VM might do something awful. But... that's cloud hosting. 

I will vouch for the admin of linuxrocks.online, been on their for years (and other than some unfortunate downtime), it's been solid (in the drama-free sense). 

Doesn't your problem apply to all small social media platforms, not just mastodon? Do you have any idea how such platforms handle spam?

Also, could mastodon servers share or trade spam filters? Be it account lists or even just heuristics learned.

Doesn't your problem apply to all small social media platforms, not just mastodon?

It's specifically about federated systems, since those mean the recipient's server has less information to make a spam decision because it isn't also the sender's server.

could mastodon servers share or trade spam filters?

Sure, and some admins do this. But this doesn't solve the problem in general because you need to figure out what to do with messages from servers you've never heard of.

Thanks this is fair!

I signed up for social.lol via omg.lol, because they charge a membership fee which gives some (perhaps misguided) assurance of longevity / effortful spam fighting vs a free-for-all server funded by someone's altruism.

Social networks are normally very sticky

I think this is selection bias.  SUCCESSFUL social networks are very sticky.  Startup or trial social networks, however, generally just fail.  I don't know that Twitter's recent changes will change very much about how people use existing social networks - it may shift some to whatsapp/tiktok/whatever, or even discord servers or the like for small-scale interactions.  I suspect Twitter usage will stay mostly in-place once things settle a bit.  I doubt a newcomer will move into that niche.

Does anyone have a good reason to see why mastodon or some subset of mastodon servers will actually work?  The distributed nature means it's nearly impossible to curate any part of it - I can't see how it implements any sort of equilibrium between spam-hell, forgery-hell, and cant-find-anything-good-hell.

Sorry, yes, that sentence was only trying to talk about successful social networks.

New to LessWrong?