Hacker News new | comments | ask | show | jobs | submit login
How Does Mastodon Work? (kevq.uk)
389 points by codesections 6 months ago | hide | past | web | favorite | 175 comments



> Well, finding the right one is very difficult

That sounds like a rather critical UX bug.

Just give me the instance I should sign up on in the "sign up" area of mastodon.social. Use what you think is the most suitable algorithm to cycle through a list of "appropriate" instances, where you-- the people with domain experience-- define "appropriate" for the potential user.

Otherwise you end up with this passive-aggressive situation where everybody does the obvious thing of signing up on mastodon.social, but your devs and fans take it on themselves to "teach" people not to do that because federation.

Case in point: the very first step of signing up is described as "very difficult" in this newbie guide.


there's two solutions to this already,

the official one: https://joinmastodon.org/ and the alternative: https://instances.social/


Neither of these do what I want. Preferably I'd like to see something like a Wirecutter review.


Would you say the same thing about e-mail and SMTP?


There has historically always only been one sensible email provider. It was your ISP, and then it was gmail.


I've never used my ISP provided email. Even before gmail, I used other gmail-ish ones (hotmail, yahoo &c.)


Just as I've tried to do with my email for a long time now, I decided to have my own Mastodon instance on a domain I control.

Email does show us a greater need in Mastodon to emphasize trust-relationships over ill-defined "social groups" as better ways to form relationships. In the early days of email, the ISP was an easily formed trust relationship, and in today's arena a lot of people have preferred trust relationships to hosts like Google (Gmail) or Microsoft (Hotmail/Outlook), etc. The "people interested in Topic X" that most of the instance lists are focused on doesn't give you any information towards trust relationships, and is possibly in the way of forming them.

The immediate problem is that those large companies like Google or Microsoft with lots established trust relationships aren't expected to play in Mastodon/ActivityPub, so you need to bootstrap new ones. Luckily, there's a lot of room for trying to bootstrap new trust relationships. Some instances have already been playing with ownership models, and companies are easy enough to form if people want to place those ownership models into transparently accountable units/liability-protected units that are recognized by larger governing bodies than just themselves.

A friend I follow, Darius (@darius@tinysubversions.com), has also been ruminating on this quirk in Mastodon adoption lately and trying to find ways to establish trust relationships with instances, though so far his solution is to stick to a smaller scope and start with the idea of "you trust me, so let me host your instance" among friends. That idea might scale if there were enough folks like Darius doing that, and I've sent very simple invites to possibly add friends to my instance that I control, and have been looking to come up with governance documents based on that idea, but haven't yet had anyone take me up on that invite, so I keep procrastinating it.


Broadly speaking, is Mastodon a healthy, non-addictive, non-abusive Twitter alternative that happens to leverage federation to achieve its aims? Or is Mastodon a FLOSS celebration of federation applied to the domain of social networking?

If it's the former, then I don't understand the problem you're describing. Why can't trust simply be a hierarchy from the Mastodon devs-- who you have to trust anyway-- down to a small, diverse set of the largest and most performant instances (as defined by those devs themselves)? That would cover the vast majority of users and still obviously leave room for anyone who wants to run their own instance.

Even if the vast majority of users/devs think it's unethical to have a hierarchy/centralization, as you point out there isn't any known alternative at present. So the only practical alternative is to punt, which inhibits adoption and hardens the implicit social group hierarchies which you point out are problematic.


The Mastodon devs don't seem interested in blessing particular instances, and even if they did, that doesn't necessarily solve trust relationship dynamics.

Most instances today advertise an interest in a topic, which is fine, but it doesn't answer a lot of questions. When the average person is looking for a trust relationship, they often aren't topic oriented, but reliability/stability-oriented. They want indicators of reliability: what's the governance model? How long is this instance expected to last/be stable? Etc.

Businesses in the real world already have a lot of that bootstrapping accomplished (because they are required so by governments, tax bodies, trading platforms, etc), so I made the suggestion that that's one way to make instance declarations towards governance models/stability/etc.

In that way, too, businesses as a model are still mostly decentralized in the way that users expect ("can take their business elsewhere"). Even if they are prone to monopolistic intents (when a profit model) and tend to accidentally centralize things.

A business model isn't the only approach of course, just one easy answer to how do you square the circle and solve the "which instance do I choose?" bootstrapping problem for a larger number of people more quickly. Even if formal businesses aren't the preferred option (though maybe they should be), the means of business government should still apply: what is the instance's constitution/bylaws/governing documents? Who holds the instance responsible in disputes? What is the cash flow and who holds that accountable?

A lot of these same business rules apply to so many organizations in one's life (your home owners' association, for one example) for good reasons of responsibility/accountability/stability.

Yes, almost all of these concerns are entirely orthogonal to the software itself and can't just be solved in software, as much as we might wish that to be the case as software developers. Running a community of almost any sort has these same needs. Brokering those community trust relationships is tough, but a deeper focus on that for Mastodon would help with adoption problems.


That's a good example. In a way, e-mail was the first federated social network, and nowadays there's no critical UX issue with "there's too many e-mail providers to choose from, there should be only one GMail for people to sign up to".

The only difference is that e-mail is "obvious" and Mastodon is new.


this. It doesn't matter one whit about the instance, except perhaps initially. Maybe. You choose who to read and follow and the instance doesn't matter. I already 'follow' about 80 like-minded geeks I'm interested to read each day and that's all I can keep up with. I never look at either the local timeline or the federated timeline: they are too much information; firehose. edit: and those 80-odd ppl are all over the planet on various instances in various languages.


> It doesn't matter one whit about the instance, except perhaps initially. Maybe. You choose who to read and follow and the instance doesn't matter.

Not in my experience. Mastodon doesn't really have any (good) cross-instance discovery mechanisms aside from just watching the global fire-hose, so your initial experience is formed by the other users on your instance. And the experience varies wildly from "This instance is very quiet" to "This instance is full of furries".


sound just like email or twitter or facebook before everyone's parents were on it.


Is it not like an email server then? What happens when they decide shut down their mastodon server without warning?


People can learn about service providers after they've been using the service for a while, when they understand how it works and what value it provides; it is then a good time to decide whether they want to migrate to a more stable or close provider.

The sign-up form during the first experience with the service is not the point to educate the newcomer about those issues, beyond maybe a friendly reminder of who is the one providing service to them at that point.

The sign-up process should be streamlined to make sure users arrive to a server that provides a good experience based on their interest; not on educating them about the technicalities of the service.


That's because you don't really join "Mastodon" like you don't really join "XMPP". You pick an instance that has people that you want to talk to and that lets you federate usefully with other servers. You can join multiple instances for different uses if you want, although they do mostly federate with others.


Yeah that's already happened and it's discoverable enough that I wandered onto one of those pages by accident when signing up.


I wrote a companion piece that explains what makes Mastodon better than Twitter. It starts like this:

> Mastodon is a newcomer social media platform that is a lot like Twitter—short messages, followers, hashtags, all that. But Mastodon is much better than Twitter, and not just because being totally ad-free and keeping chronological timelines make it far more enjoyable to use (though that certainly helps!).

All that is nice, but the real advantage Mastodon has over Twitter is that Mastodon is not an outrage machine that's corroding our ability to view our politic opponents as real humans, deserving of sympathy and understanding.

To explain how much better Mastodon is, I'm going to give you three examples of how Mastodon is better, and then I'll step back and talk about why Mastodon is better.

https://www.codesections.com/blog/mastodon-elevator-pitch/


I wonder if in the long run Mastodon will still not be an "outrage machine". Twitter also didn't start out as a vent for political outrage, but as a platform grows it gets more bad apples. In the case of Mastodon it's decentralized nature actually provides them more security. It will be interesting to see it play out.


I have a feeling it already is one. In my timeline there are a lot of LGBQT activists (which I think is the case for much of Mastodon at the moment?), and since I generally agree with how they'd like to see the world and am otherwise not really involved with that movement, I don't really interact with those posts. However, I see a lot of "I simply blocked this hateful person lalalalalala" which makes me, as an outsider, feel uncomfortable, and I feel hesitant even to try to respond with even a slightly different view.


If you look at the adoption pattern and growth rate of Mastodon, it has around 1.5M users, the majority of which have arrived via three big waves.

The first wave was people with left wing identities who were tired of being harassed on mainstream platforms like Twitter.

The second wave was Japanese lolicon enthusiasts (without diving too deep down this rabbit hole, lolicon is a popular but weird and nerdy thing to be into in Japan).

The third wave was sex workers in response to SESTA/FOSTA eliminating platforms they used in the past.

All these waves set up their own instances, and they don't communicate much with the other waves.

If you look at what these waves all have in common (aside from using the software), there's just one thing. They were all posting stuff that didn't fit in on a mainstream platform. In the first case it was due to harassment, in the second it was embarrassment, in the third it was legality.

The users are already bifurcating the network, admins routinely share blocklists of sites that they don't want included in their version of the fediverse. Being able to block instances and people you don't like is one of Mastodon's killer features.

I don't think it will become the next outrage machine, people will just block and bifurcate. I do think users will keep setting up Mastodon instances in waves similar to the first three. I'd be surprised if Mastodon ever powered a better version of the commons we currently have on FB, Twitter etc. [1] The feature Mastodon added to federation (and that made it more popular than similar software) is the ability to not federate with people who are different from you.

[1] The "fediverse" at large has some potential to do this if it receives mass adoption. Think of a scenario like WordPress integrating federation features into the Core. This would bring federation to the mainstream.


Yeah that first wave are huge with using content warnings for the silliest of things.

[cw: food] I ate a burrito

I've since disabled content warnings, because I think it gets in the way.. But then it fails the second and third waves, because they post childporn and sex ads..

So I've ended up blocking pawoo.net and switter.at

Which is kinda the problem on mastodon, there's nothing in between silly content warnings written by people that are offended by the slightest thing, and content warnings for childporn drawings


I think the Content Warning thing is a different "problem". People in my timeline say they're using it in order to not clutter your timeline, i.e. you can quickly scan the headline ("I ate a burrito") to determine whether you want to read the rest. Ironically, that might be because Mastodon allows longer posts :P

Perhaps they'd need to implement a summary tag or something, so that people can configure their clients to only show the summaries for those who want to, and allows you to always expand them and still hide everything behind a CW.


Then it sounds like an option that should exist when reading your feed rather than something that requires the action of each individual person per tweet.


Yes there needs to be a global "disable all CW/Spoilers/ETC"


I don't see how the story about the waves and about users not fitting in would lead to less outrage. Sure, by being able to block (groups of) people, they might not come in contact with the people they are outraged about as much. However, the main thing that seems to turn Twitter/Facebook and now Mastodon into an outrage machine is exactly only seeing their own circles. That's what I'm currently observing at Mastodon: there's a lot of outrage in its LGBQT communities over things that I perceive as small, and the outrage is such that I wouldn't even dare to get involved in the things they are discussing, even though that is the only way to get closer together.


Don't forget the French wave.


It will be easier for governments to shut down small instances and smear the owners. I don't think decentralisation has much security value.



This always ignores the fact that several things like networks and server hosts are still fairly centralized.

Unless everyone is running instances on their mobile phones using a giant global mesh, it is perfectly within the capabilities of modern nation states to shutdown these networks.


It's the people that bring the outrage, not the platform itself. Anything that reaches a certain scale will start to become it, it's part of human nature and something we haven't had sufficient time to learn and evolve past.


Wouldn’t a decentralized social network be more prone to delvelop more extremist groups? I mean if anyone can create an instance, then extremists from all the political spectrum will be able to moderate their own instances, in other words they will censor those who think differently and encourage their own views creating a loop that could potentially create more myopic-extremist views, or is there something I’m missing?


> I mean if anyone can create an instance, then extremists from all the political spectrum will be able to moderate their own instances, in other words they will censor those who think differently and encourage their own views creating a loop that could potentially create more myopic-extremist views, or is there something I’m missing?

Does this even matter? I mean, if you really wanted to stop people with weird views from grouping and then getting extremist through evaporative cooling[0], you'd have to roll the world back to preindustrial times (and even then you wouldn't stop it completely). Mastodon is but one platform; fringe groups will happily keep relocating when their old meeting places want them no longer, or they'll even set up their own platforms. Now that physical proximity is no longer a limiting factor, people of like beliefs will always find each other (if they bother to look).

(I think a good analogy is this: a Mastodon community is in the same relation to the Internet as Facebook Groups are to Facebook, or subreddits are to Reddit - a federated system inside a larger whole. The way fringe groups use subreddits/Facebook groups is analogous to how they will use Mastodon.)

If you're worried about extremists getting endangering public safety, I feel it's the job of the police to infiltrate such groups and stop individuals as they cross from talking to doing. If you're worried about large chunk of population catching some insane beliefs; I offer no remedy for that.

--

[0] - https://www.lesswrong.com/posts/ZQG9cwKbct2LtmL3p/evaporativ...


I'm not really sure what your point is. With or without Mastodon people have already created forums/social media groups/online communities for like-minded people and will censor or not censor it to their liking. That's the freedom of the internet.

And honestly I'd rather have that than the current state of social media where everyone is on the same platform and yelling at each other and using retweets to shame one another. My experience is anecdotal of course but whenever I see people trying to engage in discourse with the other side, everyone just doubles down on their opinion and the conversation goes nowhere.


Compared to the current mode of a few centralized services, a federated social networking landscape will be harder for companies or institutions to control and contain, yes.

Depending on the world view that can be perceived as a bug or a feature.


And won’t the proponents say this is a feature as it keeps them off other instances?


And won't detractors say that this is how the mainstream media got the 2016 US presidential election predictions so wrong? https://www.theatlantic.com/technology/archive/2017/10/what-...


Then perhaps people/corporations will learn that farming social networks to predict IRL intentions may not be the best use of their time and energy.

As far as I'm aware, "being an accurate source of voting intention" is not a prime requirement for social networks, nor is "making life easier for lazy journalists/pollsters". At least, not for any where the users are the customers. For those, where the users are the product, requirements might be different. Personally, I view this is a positive for Mastodon.


"outrage machine". What a perfectly succinct description. That said, Mastodon would likely turn into an outrage machine if it ever reached critical mass.

I suppose you could stay in your own mastodon instance to avoid it.


The potential for division in the fediverse as a whole is worse. On twitter, there were McCarthyesque, opaquely curated user blacklists to worry about. A conglomerated instance could enforce this kind of arbitrary censorship across entire communities by imposing rules on who their federation partners can federate with, and control network disruption by refusing to federate with new, <100 user instances under the excuse of "preventing spam". Centralized social networks have already isolated people into information bubbles bad enough as it is.


The blocklists are equally as McCarthyesque..

I remember being on mastodon when the second wave of users hit (pawoo.net). Suddenly overnight we had to worry about what was on our servers cache.. suddenly there was lolicon porn, which might be legal in japan, but outside it could be illegal.

So naturally blocklist's appeared, blocking all the new wave of Japanese servers.

I remember there was a disagreement between those in favor of block list's and the creator of Mastodon. Who didn't want any form of blocking, back at that time the tools to do any form of blocking was either non-existent or very raw. I had an instance at this stage, and the thought about having some kind of childporn drawings in my servers cache scared the living shit out of me. Enough to shut it down.

But the blocklists weren't vetted back then, and I don't think there was a central list that I can remember.


I think this is what led to instance muting. Now admins can mute an instance, but people can still opt in to following someone there, probably without caching.


The thing I never really see from these is about setting up on an existing instance vs running my own. And if I set up my own, does it need to be a community? Am I shutting myself out of an experience by creating, say, a Mastodon instance for my family?

I'm bought in to the idea of Mastodon, but getting started is like being handed an atlas of the US and being told, "Please pick a neighborhood to live in."


1. And if I set up my own, does it need to be a community?

No. Mastadon and other compatible servers like GNUSocial do have single-user environments. [0]

2. Am I shutting myself out of an experience by creating, say, a Mastodon instance for my family?

No. The entire thing is federated, users from all servers can speak to each other.

[0] https://github.com/ummjackson/mastodon-guide/blob/master/sin...


> 1. No. Mastadon and other compatible servers like...

Well that's the easy answer.

I run my own instance and it's near impossible to find interesting people to follow. I started making alternate accounts on various other servers and it was immediately much better.

Also, (from my experience) people actually do pay attention to the local feed. People are more likely to find about (and talk to) you when they see you on their local feed. It's very hard for people to find you when you have your own instance.

So for Mastodon, at least, you most likely will want a community server - not a single user one.


I don't think any of the 20 odd people I find interesting enough to follow belong to my instance. Nor was I aware of a 'local feed'. I see all instances that interact with mine, and their feeds.

It may be harder to find you on your own, unless you're reaching out to others... And frankly that just sounds like network effects.

People are more likely to 'discover' you if you interact with celebrities on other social sites.


I'm pretty sure the fediverse feed just shows all people from all instances who are followed by someone on your instance.


> The thing I never really see from these is about setting up on an existing instance vs running my own.

Mastodon instance admin have the power to block entire other instances. So if you care deeply about who is blocked or whether other instances are blocked at all, that might help to guide your decision.


It’s exactly like email. You can have an email server @yourdomain that just has the one account, and interact with the rest of the email “network” just fine, right? Same with Mastodon.


People discovery isn't necessary with email, but it is for a social networking system.

I want to be able to find other people in the fediverse, and I also want people to find me. Having your own server excludes you from other people's local timelines (and vice versa), making discovery in both directions very challenging.


Open social operates somewhat like email, where you don't need to be on the same server as someone else, but it can make things easier.

For the most part, if you are running your own email server for you family, it might make sense to run your own mastodon server. You can have control over your file storage, etc.


Different servers are linked to with the system of federation. If you set up your own, you also choose to what other servers you connect to. So, no, you are not shutting yourself out. But you have to manage your federalization.


I wish the author had expanded on migration from one instance to another and what it entails (similar to the questions and responses here).

Another point I would've liked to see is on encryption and privacy — who, other than the people I choose as an audience, can see my Toots (the admins of the instances, someone sniffing the network, etc.).

If these platforms are being sold as "awesome", there need to be more reasons than just "no adverts and no tracking" (the latter claim is not provable without talking about encryption in a little more detail). No ads doesn't mean someone can't sell your information to someone else outside this platform. It's one thing that the owners/maintainers of many instances wouldn't sell information because of their own moral convictions that led them to get out of centralized, single company social networks. But asking to trust on that basis alone is not enough.

I checked out Mastodon quite sometime ago, but stopped using it after one or two Toots. Network effect — not knowing anyone else is a big barrier. On chat platforms, I could at least persuade one or two people I know to use them for direct chats, but these ar harder to deal with when you're looking for people who are not only local but also are working on similar causes as oneself. Like the author says, finding some interesting people on Mastodon and creating new connections could work, but it also depends on one's areas of interest. I personally also find Twitter very noisy (not in the sense of signal to noise ratio, but the amount of content). At least on Facebook I can join certain groups, avoid the news feed, etc. Somehow the topic wise discussion format seems suitable to me than a chat format (without some amount of conversation threading) with many users.


> I wish the author had expanded on migration from one instance to another and what it entails (similar to the questions and responses here).

Account migration is not a thing yet, and conceptually requires a new namespace for referencing accounts (such as public keys). There is a multi-year-long actively-discussed open issue thread about this problem.

https://github.com/tootsuite/mastodon/issues/177


This should work like Domain <-> web Hosting type. So you can register your id at one place (similar to domain with any tld registrar) and change to another instance (web hosting). So you do not lose the need to change the id when changing instance.


This would lead to IDs being globally unique, which means if you have a common name you are unlikely to get a handle that you want. Secure scuttlebutt has a method to allow multiple people to share the same "public id" (multiple people may be named "Jill" for example) but preserves uniqueness by addressing individuals by a public key associated with their public name. I'm not sure how the mapping from public key to handle is done though.


You can do that today in the same way that email allows it: register your own domain and you can find a Mastodon host to service it and even CNAME it to a different Mastodon host if your needs change or a hosting provider becomes broken. It is part of why it was important to me to use an instance on a domain I control.


What is the migrate account thing at the bottom of edit profile then?

  Move to a different account
  If you wish to redirect this account to a different one, you can configure it here.


There are multiple account migration issues, the hardest is what happens when the hobbyist/volunteer instance you use inevitably goes down for good - you lose your address, your social network connections, your posts/history etc. That's unlikely to happen if you use the main Mastodon instance, but an aim of Mastodon is that you don't.

In that situation you can't log into the old site to edit your profile to have it redirect people to a new account, and even if you could the redirect will still go down with the server.

Mastodon can't fix these problems alone because the whole fediverse protocol needs to be rethought. Hubzilla saw this as the fundamental issue facing federated social media and so it was designed around a solution they call "nomadic identity" - you can shift your Hubzilla identity across many servers, keeping all your posts and subscriptions, and all the Hubzilla stuff updates and points to the new place, but subscriptions to you from Mastodon/fediverse will still break.

Perhaps Mastodon can lead the work on a newer protocol for the fediverse.


This sounds kind of like OPML export, and taking your RSS feeds with you when you go to another feed reader.

Is that a meaningful analogy?


A (distributed?) search that crawls the federated network and indexes toots could be the killer feature that grows adoption. The search API could be seemlessly integrated into any mastodon client. Or does such a thing already exist? My short experience with it made it seem hard to find anything.


The developers have avoided implementing full text searching to reduce the risk of harassment


There's no reason a third party couldn't do it.


Finally, a cogent explanation.

Edit: But missing a key issue, perhaps.

> Because Mastodon uses a collection of Instances, you’re not at the beck and call of one site owner. If you don’t like the direction an Instance is taking, you can pack your virtual bags and go. Mastodon even has an import/export tool that allows you to migrate the people you follow from one account/instance to another.

That sounds great. But if you do "pack your virtual bags and go", is there any way to map foo@bar.net to foo@baz.net? In the email analogy, there's clearly not. You need to tell all correspondents.


With e-mail there is a way to migrate without losing your identity, if you own your own domain, and point its MX records at your provider (who is a real e-mail provider and not a "free" walled garden like GMail or AOL). Unfortunately owning a domain is not as accessible for 95% of the population as it ought to be.

This concept of digital identity mobility is important to ensure that one's digital life is not tied to a single service provider. XMPP provides this capability as well, through SRV records. Bizarrely, given its aim to free users from walled gardens, Mastodon does not support SRV records [1]. The developers give some excuses about the WebFinger protocol, which basically means that if I want to own my own Mastodon identity, I must run my own server (either Mastodon or a WebFinger redirect).

Apparently Diaspora made the same shortsighted decision [2]. I'm surprised and saddened that the concept of identity mobility is seemingly not well understood by those developing decentralized social platforms.

[1] https://github.com/tootsuite/mastodon/issues/1931

[2] https://github.com/diaspora/diaspora/issues/1109


Yes, I know that. But email was just the analogy ;) For Mastodon, that would be running your own instance, I guess.


Which is unfortunate. I consider myself a highly skilled technical user, and the burden of running and maintaining my own Mastodon server, or even my own Nginx server to redirect WebFinger requests somewhere else, exceeds the free time I have to devote to the problem. (Keeping another VM alive, updated, and configured through the years costs mental energy, time, and money.)

Whereas, adding an SRV record to my existing DNS server? That's trivial, comes at no marginal cost to me, and doesn't leave me with the constant mental burden of worrying whether my Mastodon or WebFinger server is available, secure, etc.

Owning my own digital identity should be easy. Simplicity encourages adoption, and widespread self-ownership of one's digital identity is key to hindering the growth of walled gardens. Mastodon does not make ownership of one's digital identity simple.


I totally agree. And it seems like Mastodon devs are starting to take the issue seriously. So perhaps there's hope.


To the best of my knowledge they have always taken account migration seriously. But it's a hard problem, and there are many, many issues to be sorted. As a result it has been and is being discussed in detail in the background while other features have been implemented and rolled out.

Some of those other issues were contentious exactly because there was insufficient prior discussion, so the question of account migration is taking its time. As I say, it's hard, so it won't be happening in the immediate future.

But it is happening.


Thanks, that's good to know.

I interpreted some comments on that ticket as dismissing account migration as almost frivolous. But maybe that's because it's an old and difficult challenge, and I didn't have the context to understand the comments.


Hm, I had a dream last night and the wild idea that the URI application of DDDS [1] could be used to replace or augment WebFinger for the process of associating Mastodon IDs with URLs. DDDS is already used for telephone number portability for both ENUM and SIP, so it would be an appropriate use case.

Of course, this (and SRV records, for that matter) would preclude pure web clients from being able to look up IDs, but that's not a problem an HTTP DNS proxy couldn't solve.

[1] https://www.ietf.org/rfc/rfc3404.txt


I don't understand why these federated social networks don't use standard email addresses for identity.


It's easy from the one direction: There's nothing stopping instance hosts from also hosting email addresses that match user account names. It might even be a good idea for some instances, in keeping a trust relationship, if your Mastodon instance was also your email provider of choice.

From the other direction is tougher, because you have a many-to-many relationship to try to consider. It's a variation of the problems of OG OpenID and/or Mozilla Persona (RIP to both). If I want to use example.account@gmail.com, how do you map that to a "main" instance if you can't ask gmail.com because Google doesn't currently care about WebFinger or ActivityPub? Do you use a central database somewhere? Does that defeat the goals of decentralization you were going for in the first place?


Well first and foremost, people usually don't want their email published everywhere. Especially in this decentralized context, that'd be a gold mine for spammers.


Why couldn't you create an email identity specifically for social networking.


Right. I probably have at least 100 email addresses. Most of them I've abandoned, however.


Some interesting discussion here:

https://github.com/tootsuite/mastodon/issues/177

It seems possible!


Yes, it seems that every user already has a private|public key pair. It's just that instances are apparently storing users' private keys. And that, for what it's worth, seems like a horrible idea.

But whatever, if users had control of their private keys, they could easily move. As long as routing depended on public key hash (as with Tor .onion sites) instead of user@instance. More of a web model, instead of an email model ;)


That seems like an overly complex scheme to solve a problem that XMPP solved years ago with SRV records.


I think this is a good use case for keybase.io

It aggregates known (proven) identities, allows all currently verified identities to prove ownership of your next new one.


I thought of that too. But just keybase.io wouldn't be acceptable, because it's centralized. However, I vaguely remember language about Keybase being a protocol, and not just a site. But I've never used anything but keybase.io and indeed haven't heard about federation.

But then there's https://keybase.io/kbpgp/ so ???


The Keybase verifications (sigchain) are also encoded into the Bitcoin blockchain in addition to stored on their servers if you wanted a more distributed way to check them. https://keybase.io/docs/server_security/merkle_root_in_bitco...


Keybase


Apologies for the vulgarity, but I am presuming someone has informed the initial design team that toot is slang for a fart (at least in England) - which leads to the phrase "a mastadon toot" being quite a double entendre.

How well ingrained is the name? Is it as commonly used in the community as a tweet in twitter? As in do the users identify the messages they send as toots, and are likely to say as such?

https://www.urbandictionary.com/define.php?term=toots


FWIW I've lived in England my whole life and never heard a fart referred to as a "toot". The only meaning I'm aware of is "toot[ing] a horn", meaning sounding the horn on a car ("honk" in US English). That seems appropriate in the context of Mastodon.


Is someone who uses Twitter a twit?

Silly names that mean things in different places don't seem to deter Americans (I'm a Brit but I've never heard the slang "toot" before; I guess it might be very regional)


I rather delicately confirmed with a few co-workers and they are aware of the usage, so it could be regional? They're rather reserved PHD kind of people (I'm not), but seemed to find it hysterical.

With regards to Twit, that's a great point - although in that instance it seemed like a more intentional slur, as I think I'd normally default to "tweeter".

Because it is a verb substitution it has this kind of wordbomb effect of corrupting every sentence it could be used in. Some examples!

-the latest release by the Jonas brothers made me so happy i just had to toot.

-these toots are a breath of fresh air.

-Welcome! Let's get you tooting!

For when Mastodon social gets it's first celebrity president:

-President Trump released another obnoxious toot in his seemingly never-ending tirade

and finally,

-I toot, therefore I am.


Growing up in the USA, my parents called farts "toots" just because they thought the more popular term was too vulgar. I don't think it's that rare, honestly.

I can't take the platform seriously if I have to be talking about toots all the time. Sorry. I doubt I'll ever get used to that one.


This was apparently unintentional—the founder wasn't aware of the slang term when they decided on the terminology.

That said, I view it as a happy accident, since it keeps the tone a bit silly/irreverent and reminds users that their thoughts aren't that valuable.


I am really impressed by Mastodon all the efforts that the community is doing to explain the project and the decentralization to the "common people".

It's something that I'm doing for years now when trying to show how Movim works (it's a federated social platform based on XMPP, https://movim.eu). I always have difficulties when showing how a social platform can work in a decentralized (or in those two cases federated) way.

The path that I'm taking for Movim at the moment is to start from the emails (in Movim the accounts and platforms are decoupled, you can connect using the same account on different instances and clients) and apply it to a social network and chat service (Movim is mixing social network and chat platform in the same UI) but I see often that it's not "easy" when people are used to centralized solutions.


Something unclear from the article

>You can also Favourite a Toot. Which basically means that you support or agree with a Toot.

Are favourites toots private? Can someone else view them? Are they automatically shown up in timelines (as liked tweets do).

Also, does favourite really imply agreement? To me atleast, I favourited tweets that I didn’t agree with just because they pointed to a well constructed argument, or for future reference.

Since twitter changed terminology to like I’ve stopped doing that.


Favorites don't show up in any timeline other than your own favorite list. To my knowledge, others cannot see favorites but I might be wrong, I can't access my own instance atm due to a network filter.

The canonical way is to retweet (boost) a toot which shows up in the timeline of your followers and your profile (the boosted tweet will also show up on the federated timeline but not associated with you).


You can see the list of favourites just like you can on twitter


Ah yes then I remembered that wrong. Might be worth an issue opening on github :)

edit: Found this one: https://github.com/tootsuite/mastodon/pull/7107


With the death of certain Twitter APIs coming up soon, I wonder if many Twitter client developers will start to make Mastodon apps. I would love to see "Tootbot" by the Tweetbot developers.


What Mastodon badly needs is a client that can crosspost to both Twitter and a Mastodon instance to lower the barrier to slowly switching.


There already is one on mobile: https://github.com/TwidereProject/


You can use Mastodon cross-poster[0] like Cory Doctorow[1] does.

[0] https://crossposter.masto.donte.com.br/

[1] https://mamot.fr/@doctorow/100397875390621221


This never works, it just means people don't actually switch at all because in the end they only engage with one place properly. This was one of the things that went wrong with app.net.


A ton of people _hate_ crossposting accounts.


correct me if I'm wrong but i don't think there is one single place developers can create APIs for. if anything, developers will be picking and choosing which "instance" they want to write for if willing. this is like having thousands of "twitter" clones all acting as their own environment. kind of like how we have thousands of wordpress sites out there.


That doesn't seem right. The API for an instance is going to be the Mastodon API, which will be the same for all instances. Each instance isn't going to be creating their own API - really, all Mastodon is is an API spec.


yes what i was saying is, i doubt you will be able to hit one mastodon API and get the tweets across all the federated instances. you will only retrieve the data of that single instance you are hitting. if that instance only has 1 user, then that will be all you are getting.

but please correct me if im wrong. i havent really dived too much into it.


essentially the api will return all toots from whatever timeline you're asking it for, e.g. if your instance is federated with 5 servers, you'll get your timeline from people tooting from these servers, I think the "public" timeline (can't remember the exact name) is all the toots from all federated instances you federate with. So it would be the same data as the browser has.

I think the biggest problem for the app developers is an interface that lists a lot of instances that you can search for which you identify most with (I think some use a centralised list someone has created somewhere). But that's a bad UX to jump into as a new user.


Browsing the global timeline of the main and pixiv instances could probably let you see most of the network.


Besides a few neckbeard types, does any significant number of people actually care about Mastadoon? I remember App.net got all buzzy several years ago. Whatever happened to that? Facebook got big because college students wanted to get laid and that’s where their friends were. Twitter got big because it captured the Zeitgiest and had a FOMO aspect. I am not sure what Mastadoon has going for it to convince normal people to care.

How is a Twitter client developer going to actually make any money on this? How is anyone going to make money on this?


> Besides a few neckbeard types, does any significant number of people actually care about Mastadoon?

The problem with this kind of argument is that it also explains why nobody uses that neckbeard internet thing and everyone still uses telephones and TV.

And, in a way, that is true. But the internet still exists.


Yes, to flesh that out, the Internet has morphed into "telephones and TV" :( For all too many, at least.


I do, though I haven't adopted it yet. At some point, a new protocol will get social media right, and free itself from walled gardens.

I don't know if it will be Mastodon, but I'll keep looking with interest until it happens. Mastodon seems to get a bunch of things right, and it may evolve into a more-open (and messier) Face-gram-ter-+ that gets enough traction to thrive.

People derive a lot of value from email. A protocol like this should be viewed as something like email.


mastodon is used by pixiv here in Japan, which is essentially what deviantart used to be -- a sprawling, incredibly active community of artists (amateur, semi-professional, and professional alike).


How are email and ActivityPub different in spirit? If they are so similar, and often compared, then why not use the well-known email stack to build "federated" social/messaging apps? I think "not being gmail-compatible" was the core flaws of Google Wave.


When you first start out someone gives you an email address. Your ISP, Your employer, Microsoft, Google (push)

When you first start out with Mastodon, you have to find a server on your own and hope it's not going to disappear on you in the distant future (pull)

The mainstream doesn't do pull. I haven't verified but I imagine sites such as Twitter didn't take off until they started pushing accounts through advertising and word of mouth suggestion (upload your contacts, invite your friends!). Facebook pushed accounts on people in by limiting who could sign up until a certain demand threshold was reached so that when the next wave of potential users look at it, they have an account pushed on them by peer pressure as their friends were already there

Leave the decentralised aspects to us nerds. To get it properly going you're gonna need a way to push accounts on people


Is there a straightforward way to change Instances without losing connections with other users?

Does it make more sense to host your own, so that you'll always be @isl@isl.tld ?


You can export/import the list of users you follow, but the people who follow you will have to re-follow you manually


That's what I'm thinking.


From the article: "To my surprise, I couldn’t find a decent guide anywhere"

How often open source projects shoot themselves in the foot this way. They come up with something marvelous that many ordinary users would love to use. But then they fail to make a friendly UI and write good user docs, so few people adopt it.

One example I struggled with is gpg. I wanted to use it, but found the user docs confusing. So I thought of helping improve them so it would be more widely adopted. So I dug into how it works, but I discovered it was so inherently hard to use that few would ever adopt it, no matter how good the user docs were, and so I just gave up.

One thing that is going to determine whether web decentralization succeeds and rescues us from Facebook et al is whether or not the developers can come up with user friendly software. One thing that means is that it is quite possible that a piece of decentralization software that is far from optimal will take over a segment simply because it is easier to use that others that are much superior.


I found a survey about Mastodon:

https://medium.com/@cassolotl/a-mastodon-survey-ac74948765c7

It says the main reason for not joining / abandoning is lack of friends. And also hard to use which doesn't help pulling in more people, so no friends, then a downward spiral.

Is there a way out?


I feel like a simple plugin that pulled in your public Twitter friends usernames and offered to follow anyone with the same username @mastodon.social would really help here.

Pretty hard for Twitter to stop it if it were a client that scraped the list too.



Thanks, I'll have a play with this.


It isn't clear from the article - does Mastodon have the equivalent of Twitter lists in which I can group sets of handles into separate timelines that I can follow independently/parallelly?

The one timeline thing doesn't work for me too well... I prefer a few separate parallel timelines and tweetdeck is great to organize and follow such parallel timelines.


You can create multiple named lists and you can add people you follow to them.

I mostly post publicly, but I used this feature to create a list of friends who live in Japan.


Looks like it has everything that I wanted. Thank you.


> If we use our email analogy; think of Mastodon as email as a whole.

Shouldn't that be ActivityPub instead of Mastodon?


> This is by design so that a person’s Toot is only Boosted in a way that gets the message they intended across.

Seems like a bad design decision trying to force people to use the platform in an unnatural way. They will just take screenshots and add their own comments instead, making the "retoots with comments" inferior to what it could be with native comments.


Whether it's bad design or not this is one of the aspects of Mastodon that appeals to me the most. The friction is just enough to stop the context collapse that plagues Twitter


Right. I'm also a fan of friction any time I hear an argument that "well, [bad behavior] is inevitable, so you may as well purposely include it and design it to be easy to do!"

We've seen that design can shape behavior in profound ways, and we have no obligation whatsoever to follow pressure toward a lowest common denominator if we think there are better designs that consciously resist that pressure.


Yep. I don't think it's coincidence that Twitter's slide started right around when they started giving you notifications for likes/retweets of retweets and replies when before it was only for your own posts. Then it got worse with quote tweeting.


I hope Mastodon will develop into a real twitter alternative one day. Currently it’s rather “empty”

If anyone is intersted in a German round-up of Mastodon: https://www.achtungtechnik.de/archives/2018/mastodon/


The idea seems very interesting to me, but I have to ask, people talk a lot about the social aspect and how I can follow people, this honestly doesn't interest me at all, what I'm interested at is aggregation, could I actually replace say twitter and my RSS reader with self-hosted Mastodon instance?


I'm not sure if this will be relevant to its longer-term success, but I notice that the word "Mastodon" seems to be very easy to misspell -- In the comments here alone I already find "Mastadon", "Mastadoon", etc.


I am curious why they have misspelled the Mastodon? In many languages it is written and spelled in the same way. I am not native speaker but I would pronounce mastadon and mastodon in the same way (ˈmæstədɑn), but hardly I can imagine to write down as mastadon.

> First attested 1813, from the New Latin genus name Mastodon (1806), coined by French naturalist Georges Cuvier, from Ancient Greek μαστός (mastós, “breast”) + ὀδούς (odoús, “tooth”), from the similarity of the mammilloid projections on the crowns of the extinct mammal's molars.

https://en.wiktionary.org/wiki/mastodon


In the US at least people spell based on how words sound in their head if they don't really remember the correct way to spell it.

No one is thinking about the history of the word, in fact I personally was wondering why they chose an elephant as their mascot until I remembered what a Mastodon was.


It doesn't have to be misspelling. More likely it's forgetting which word it's supposed to be. I've only seen the word written/used in museums, so I'm unlikely to remember whether it's a mastadon, mastodon, matadon, etc.


How does it deal with spam?


Spam is an issue, though not (yet) a huge one.

Mastodon has a couple of key advantages, though.

* First, if the spammer is coming from a "good" instance, the admin of that instance can ban them—and the number of instances means that there are more mods to go around. * Second, if the spammer is coming from a pure spam instance, other instances can ban/unfederate with the whole instance.

That said, it's an area that the community is focused on. Here's an issue discussing spam and additional tools that could help: https://github.com/tootsuite/mastodon/issues/8122


Yes, I was more wondering about the "spam instance" problem rather than the "spam user" problem (which that issue is discussing).

From the overview it seems like dedicated spam instances could be quickly spun up in the same way that email domains are?


That's the key question imo.

I run an instance and the last 2-3 days I've been flooded with spam bots. Reading github issues and toot threads I've noticed it's a big issue and has been coming in waves on other instances this summer.

I like to draw parallels to e-mail because Mastodon's issues are very similar to the issues we had with email in the 90s.

So I've seen mastodon instance admins mention things like maintaining centralized blacklists. I've even seen people mention using spamassassin to train on mastodon toots instead of mails.

Sign-ups of spambots are likely automated yet reCaptcha is out of the question because Mastodon users tend to dislike big corporations like Google.

I hope VisualCaptcha is a viable option but we'll see.

Some claim that captcha is a waste of time altogether because they can be defeated but my opinion is that it would still protect against most less sophisticated bot networks.

Short answer; right now there is no real solution other than manually banning and adding server IPs to a 800+ strong list of banned IP subnets maintained on github. There is also the option of banning MX servers because the last wave of bot signups all used the same backend MX server. Even though they used a ton of e-mail domains.

And of course requiring confirmation of new accounts by admins.

I predict spam is going to be a very hot topic in the fediverse for a while still.

Mastodon is community driven, not backed by any one big corporation. Anything driven by the internet community is going to be wilder than a centralized solution. It will be the wild wild west of social media. There is no denying or escaping that fact.


Nobody wants to use it, so the ROI for spam is very low. This keeps spam to a minimum.


Moral of the story: use Mastodon, but keep it unpopular?


Worked for Usenet from 1979 until 1993.


174,000 mostly-trendy tech people? Someone wants to market to them at low cost.

https://mastodon.social/@usercount


Is this counting registered users? Who cares? What's the RMAU?


There seems to be a lot of "city" spam. See https://mstdn.io/tags/sydney for example. Its about 80% escort ads.


That's not spam. That's from people on Switter. It's an instance for sex workers.


Hashtagging dozens of cities though? These look like spam ads for the pimps.


You can mute switter.at if it bothers you. Click the three dots on a user's profile and you'll see the option.


What about phishing? @isl@isl.tld and @is1@is1.tld look pretty similar.


Right. There really ought to be key-based authentication.


Key based authentication isn't really going to protect against a homograph attack.


I joined a server. It was alright. Then I looked at the federated timeline and decided I did not wish to be a part of Mastadon.

Too much hate and virtue signalling. It was like what Twitter already was.


I don't understand this. The Federated timeline is always going to be full of the same kind of crap that Twitter (and other social media) has. The whole point of Mastodon is that you can avoid that by joining an instance that matches your interests, and then only look at your notifications and the local timeline.

By doing that you can see only things said by, or boosted by, people who you have chosen to associate with. Then you get most of the benefits of social media without getting the crap from the uncontrolled firehose.

But sure, if you want it to be like Twitter, and then reject it because your experience is like Twitter, then by all means. I just don't understand your reaction.


Can you join multiple "local" timelines? Ie, lets say you join an OSS dev focused federation and you like it. Down the line, it grows and becomes less HN, more Reddit. Okay, you say to yourself, time to move to the next HN-like you find. So you do that, but it's small, and feels dead.

Seeing feeds from both the old, somewhat bad and the new, better but still too small would ease migration woes. Is that possible?


You can start a new account on a new instance, watch the old account on the old instance, see which people are still worth following, then follow them from the new instance account. I've done that and it worked a treat. You can also export the list of people you follow and import that into the new instance, then unfollow anyone who says stupid things.

My experience is that all platforms reward putting in a small amount of effort to curate those I follow and engage with. Unless you do that you end up with the shower of complete crap hiding the nuggets worth having. With a comparatively small amount of effort you can get a high-quality stream with very little crap, and then you can block or filter that.


isn't the point of twitter that you follow only who you want and other people's garbage doesn't show up if you don't want it? what makes mastodon different in that regard?


The idea that even Twitter itself has forgotten by insisting to show me garbage people I follow have liked with no option to disable it.


> Too much hate and virtue signalling. It was like what Twitter already was.

Thanks for virtue signalling. Ironic.


>> Too much hate and virtue signalling. It was like what Twitter already was.

> Thanks for virtue signalling. Ironic.

Thanks for virtue signalling. Ironic.


I really wish I could join several instances with the same account. This is a feature currently missing, but someone told me they're working on it.

Go mastodon, go !


You can just join the instances using the same handle. Then from each in turn export the people you follow and import that into each of the others. Now each of your accounts follows the same collection of people.

Then on each instance cull those you don't want to follow on this instance. Now each account has the flavour of the instance you're on.

You can do all that now, although it requires a little work.


Would Mastodon be a useful platform to, collaboratively, define the requirements of software?

Perhaps it could be used to define the next iteration of Mastodon, then.


I understand HOW mastodon works. I've got my account. But I still don't understand WHY.

I got into twitter and facebook when I was a university student who gave a crap about broadcasting myself to the world. Now I'm old and don't care anymore, and I'm not deluded enough to think that anyone else cares. Is there a use case that goes beyond teenagers chatting at the lockers?


You clearly see value in HackerNews—my use case for Mastodon isn't that different from my use case for HN.

My instance (https:/fosstodon.org) is mostly focused on free and open source software (hence the name). Conversations there tend to be a lot like conversations on HN, but with the benifit of a local community where you get to know the regulars.

(I'm not saying that there's no purely personal talk—but think "office water cooler" not "high school lockers")


Just a friendly heads up, I'm getting a certificate error on your site (cert expired 30 April).


Thanks! That was because I put the wrong link; fixed now.

(And it's my instance only in the "my country" sense—I'm a user there, but I don't run it or anything.)


You missed a slash, the link doesn't work.


so how do i ban russian trolls on a federated p2p social network...?


The same way you would ban Swedish trolls on Twitter.

Fun and russiophobia aside, there is an article by Eugen Rochko (maintainer of mastodon) somewhat covering that topic:

https://medium.com/tootsuite/learning-from-twitters-mistakes...

AFAIK they also utilize crowdsourced block lists to automate part of the sorting in the fediverse.


"badly"


>Being open source gives us the reassurance that our data is not being harvested, or that we’re not being spied on.

A false sense of reassurance.


I got banned from mastodon.social with no explanation or warning. Given that this is the "official" instance I remain sceptical to whether this is a project worth engaging in.


The failure to mention GNU Social, which Mastodon is almost completely based upon and which birthed the Fediverse, is just weird.


Mastodon is not based on GNU Social in any way other than they both used the OStatus protocol. Before ActivityPub became the norm.

GNU Social is made in PHP and Mastodon is made with Ruby and NodeJS. So two wildly different implementations.

Mastodon also looked more modern and followed more so called modern developing practices. Which is why I think it caught on more than GNU Social ever did.


The kindness, quality, and eagerness to help is a big part of what propelled Mastodon. You'd log in, make your first toot, and have a pile of people welcoming you from the federated or local timeline. Same with beginner questions.

I tried GNU Social a long time ago, but it was mostly technical people talking about technical stuff. Great if that's what you're into, but it's no basis for a general use social network. Niche networks are fine, but I don't get the impression that's what early federated social media proponents wanted.


Even so, it is still weird to pretend that everything in the Fediverse is Mastodon.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: