Many things are fundamentally feasible. I see 2 things you argue for.

One is changing the caching strategy. I don’t think that’s wise in terms of load sharing, but certainly feasible on a small scale. In certain circumstances, it may be preferred.

The other thing is using older protocols and standards. The practical reason to do this would be to use existing tooling, libraries, code. I’m not seeing such opportunities. I’m not that familiar with these, but it seems like they would have to be extended anyway. So I don’t really see the point.

At a minimum this is adding the number of instances that federate a given content streams to the multiple of storage needed to host the content, even if that storage is ephemeral. Not so big a problem at 100,000 users, but at 100,000,000 users this is a lot of storage cost we are talking about. Unless somehow the user/client doesnt cache the content they pull from an instance locally on their device when they view it?

Worry more about the bandwidth. Your instance would have to serve your content to all these 100M users. The way it is, much of the load goes to the instance where a user is registered. That means that an instance can control hosting costs by closing registrations.

My point was this isn’t an issue when all content is self-hosted, because the author as the host can edit, delete, or migrate all they want and maintain full direct control over the source of that content the client interacts with whenever a pull request comes in. Yes the user Caches the content when they read it, but there is no intermediary copy.

There’s the fundamental problem. What you think of as “your” data, other people think of as “their” data. That can’t be resolved. What’s worse is that controlling “your” data requires controlling other people’s computers and devices, as with DRM.

Toronto cash seems to avoid the “not incentivice illegal usage”, and after a quick check it seems to be almost it’s sole reason to be, please correct me if I’m mistaken here.

I’m not familiar with the details. The point is simply, don’t expect to get away with playing games.

Seems like the EU Safe Harbor Provisions, you basically must not incentivice illegal hosting, accept takedown requests, but also have some sort of procedure for the takedown requests. Which all seem quite easy to follow and adhere to and would function perfectly for Tenfingers IMO.

Yes, but there is more. The DSA is written in a very convoluted way, with the exceptions for smaller platforms scattered here and there. I don’t remember what exactly applies here. You may also have obligations under the DMA, CRA, and quite probably the GDPR.

Depends on the jurisdiction. This is a conflict between freedom of speech and the reputation of the brand (which has financial value). Countries with a more recent monarchical past tend to value reputation over free speech, eg Japan but also Europe. The US has been a republic for a quarter millennium. Since MS is a US company, I think they wouldn’t even pursue this in the first place.

Generally, service providers are exempt for liability for such things if they follow certain rules of conduct. EG the US DMCA says that you are not liable for copyright infringement, if you comply with takedown notices. I’m not sure how that works for trademarks in the US.

Generally, though, you should expect to be held responsible for any infringing content on your service, once you learn/are notified about it. You will be treated as if you had created the content yourself. That means that you will have to make the argument in court that the use of the trademark was legal. And if you lose, you will pay the damages.

Questions?

Maybe look up the story behind Tornado Cash.

EU law has liability exemption for hosters if they remove illegal content once notified (DSA Article 6). I think we still have to wait for more case law to know how that works with encryption. National law may still cause problems.

You have full control over a server on which you chose to run certain Software. But you feel you don’t have to comply with takedown requests because that’s just how the software works? That may work on indulgent parents but not in court. If you’re too technically inept to know how to comply, then you’re just not complying. End of story.

Holy shit. I can’t believe that 65 people upvoted this. Do you really believe that’s how the world works? Are you actually adults?

It was signed by a number of people, including OG ActivityPub contributors. I guess you’d have to know what goes on in the mailing list.

Looking around here, there’s a lot of ignorant hostility. I am always surprised by how tech-illiterate fediverse fans are. People who feel that that’s their peer group probably have a hard time ignoring that background toxicity.

The statement has been… uh… updated. The URL now reads:

A statement was originally published here, however, we have since received an objections to its publication citing that proper processes were not followed, and therefore it has been taken down and republished on Emelia’s website instead, whilst we seek community group consensus. When Emelia merged the pull request, she had been granted permission to do so by the co-chair of the Social Web CG, and given the number of signatories with various significant contributions to ActivityPub and ActivityStreams, Emelia believed that there was enough agreement to publish.

I assume it proves that there is a public key associated with each vote.

It doesn’t sound like cryptography is able to add anything worthwhile. You have to trust the instance to police itself. Self-hosted instances still don’t vote anonymously.

A group of users has to cooperate to hide their votes from others and each other. Only the tally is known, but you have to trust the group. On the Fediverse, such a group will be the users of an instance. The more users the instance has, the more anonymous the individual becomes.

You have to trust the instance admins to weed out bots and sock puppets, which is extra hard when they don’t see the votes either. Presumably, compensating by collecting and keeping other data, such as IPs, for longer is undesirable. You have to believe that admins, volunteers all, are willing to do the extra work and that they don’t actually favor manipulation for ideological reasons.

The only way to uncover untrustworthy instances is to look at aggregated data. I guess you’d have to get/scrape data for some community and then analyze by instance if the number of posters is out of whack with the number of voters. I wonder if anyone’s ever done such a thing. It’s certainly more challenging than looking at oddities among voters who brigade some topic.

Admins of large instances could get away with having many sock voters among the real users, if they wanted to manipulate discussions for, say, ideological reasons.

You could also make it prove each vote comes from one real account and that no account voted twice.

How would it prove that the account is real? I suspect that the meaning of “real account” is not the opposite of bot or sockpuppet.

But accounts are already pseudonymous?

Here’s where I am at:

I can check if my votes are federated correctly by checking if any of my votes are suppressed or votes in my name are made up. If my instance sends a different random token with each vote, I can still do that, as long as I know which tokens are assigned to my votes.

But vote tallies can also be manipulated by making up new votes through fake/bot accounts. If a vote can be connected to posts, this can be checked to some degree. Say, if an instance has a lot of voters that never post, that indicates a problem.

I don’t see how the second thing with E2EE.

Wait. What is the relation to vote federation?

It’s doable with E2E encryption,

How?

Federation requires openness and that goes badly with secrecy. You can argue that one has to trust instance owners anyway, but knowing the users and not just the tallies makes uncovering manipulation easier.

That’s not how it works.

How do you algorithmically manipulate those 12M people with Mastodon?

The usual way, whatever that is. What would Mastodon do about it? How do you manipulate Bluesky?

BTW, Bluesky has almost 40M users.

It’s the number in OP, so I ran with that. The fediverse number apparently excludes Gab and Truth Social. Makes sense, since those aren’t federated with the rest, but that also shows an issue.

Alternate history: Bluesky never happens. Instead, some company opens up a Mastodon instance as a Twitter replacement. So instead of Bluesky with 12M+ users, there’s a Mastodon instance with 12M+ users. Now what?

[Edit: I see the problem, even with a self-hosted instance of 1, when you comment on posts in other instances that data is no longer held on your server, so you don’t own it and can’t control it directly, is that right?]

Not quite. It’s more like Bluesky works, but also not quite.

First, a note on the idea of “your” data. The law gives people rights over certain data. For example, copyright gives people rights over certain content, which translates to rights over data encoding that content. You may think of a movie as being yours because you have the file on your device. The copyright holder still considers it their data and will therefore demand control over your device through DRM.

Rights over data always means rights over what other people do with their computers and devices. Unfortunately, Fediverse users are not very tech-savvy. They demand more rights and regulations and then condemn Big Tech for the predictable consequences. They pull on one end of the string and blame dark powers when the other end moves.

The European GDPR also creates rights over certain data. You have GDPR rights over all data that is directly or indirectly related to you. For example, if I write about the current French President, then Emmanuel Macron has GDPR rights over that data, even if I don’t mention him by name. Of course, his rights will be limited by freedom of information. Also, these rights are rarely recognized outside of Europe.

What legal rights you have over data depends on your location. Copyright is internationally recognized, but its precise reach depends on location; eg the US has Fair Use. Even at a specific location, those rights depend on context, with a lot of gray area. This cannot be implemented technically.

With Lemmy it’s like this: When a user on an instance subscribes to a community, all (recent-ish) posts and comments in that community are downloaded to that instance. Users on that instance are served from their own instance.

Generally, a Fediverse instance keeps a copy of whatever data its local users might need. If your instance was the only source for some data, then every user in the whole world needing it would have to access your server every time they want it. Every user whether registered or unregistered would hit your server every time they reload. If a server buckles under the strain, you just get missing data. It just wouldn’t scale.

Bluesky has Personal Data Servers (PDSs) for that role. Those are the definitive store of some user’s data. This can be self-hosted easily. The data from all users is aggregated by a “relay”, If a PDS is like a personal web server, then a relay is like a search engine. That’s the one that you can’t self-host; takes big time capital expenditure.

I don’t think the Fediverse has a solution for this. Imagine Mastodon or Lemmy with 100M+ users. How do you find stuff? Well, making a crawler and search engine for the Fediverse would be simple. But that would also take major capital expenditure.

The Bluesky relay combines all activity into the “firehose”. Anyone can write apps that get data from the firehose and present them to users. When Bluesky blocked Mississippi, that meant that the official Bluesky App did that. Other Apps still work in that state.

Final bit: When you self-host, you need to be your own legal department. When you use a service, you are shielded to some degree. Eg when you infringe copyright, a social media service will usually just take it down. If you infringe copyright on your web server, or even via torrent, you may get a pretty hefty bill.

Fedi-users cheer when Meta gets sued or settled with a huge fine. Well, good luck running your own Facebook server. Fedi-users mostly aren’t very tech-savvy but when it gets to law, they are positively delusional.

Be strong now. Mastodon is a gGmbH. That’s the German version and translates to public benefit limited liability corporation.