I’m a reddit transplant and I’m excited about what I’m seeing so far in Lemmy and the Fediverse, but my brain keeps bugging me with concerns:
Maintainability and Scalability - There are a ton of instances now. Lemmy had made it easy to spin up and host your own instance. In some cases, this means people with little/no infrastructure experience are spinning things up and are unprepared for scalability challenges and costs. This post by the maintainer of a kbin instance highlighted this challenge quite well ( https://lemmy.one/post/302078 ). How do we know if an instance is properly maintained, backed up, and is able to scale? Or should we just be prepared to start over on another instance if ours fails?
Monetization - The above cost challenges bring up monetization issues. What mechanisms will instance maintainers have to help with maintenance/hosting costs? As the Fediverse grows, how do we prevent against ads and coordinated upvoting from taking over and pushing ad content?
Legal/Privacy - Privacy regulations are becoming a mine field… GDPR, CCPA, and other privacy frameworks are making it tougher to handle privacy properly. Is there a coordinated Lemmy legal defense or are instance maintainers on their own? How would you even approach a GDPR user delete request across the fediverse?
To address each of your points:
Maintainability and Scalability: This is a big concern, especially with users being drawn to large instances. In the beginning there will be pains, even the “flagship” lemmy.ml had issues maintaining this as this wasn’t their primary concern until recently. It is up to each instance owner to maintain their instance, and if it grows to large for them to handle to direct users to another instance. If an instance owner decides to abandon their instance, this will currently result in that instance being lost. I do think some protocol of preserving content (with the mechanisms for users to control the content) is needed but will need to be worked on in future versions. This could be done by users getting a key for example, and making requests via another instance to transfer their public user data over and they can control their content again from the new instance. This is just a thought though, and I am unsure how well this would work in practice. This will most likely become a topic of discussion among developers working on lemmy, so I have faith a good solution will be reached.
Monetization: The usual for this kind of stuff, donations using whatever service they prefer. I think some ads are ok, as long as they don’t siphon data and use advance techniques. Something such as as “sponsors” could work, it’s an ad but it’s not trying to steal your data. I think most instances would be abandoned if they implemented standard “google” ads.
Legal/Privacy - I am not a lawyer and this isn’t legal advice. Each of these laws have pretty clear details of implementations, and iirc they also only cover corporations and institutions. Users running instances themselves do not apply, but overall GDPR and CCPA compliance would be required as users won’t want the liability of running large instances. In my opinion, all that can be done is to have a delete request that propagates as any other content does. It’s up to the instance operator to fulfill the request.
Deletion is already a feature of ActivityPub, with the limitation that it will only work with your content on instances that are still online and federated with yours.
Good to know, but if that meets the legal requirements I cannot say. Really a lawyer that practices GDPR/CCPA would need to chime in if that is enough for either.
As far as I know, for publicly posted things, GDPR only requires an entity you’ve given this content to, to on demand, tell you how much they still have, and/or delete what they have.
Other instances, owe you nothing, as they would be more like third parties scraping the data, legally speaking.
Matrix is also federated, and can in fact perform GDPR compliant deletions, despite it being impossible to ensure that any of your data on other instances, be deleted, too. This may be due to how matrix encrypts data, as when your account goes, the keys to access your data, even if stored somewhere else, goes with it. So even if not the data, the ability to access it is gone. (Though I’m unsure how this could work as the accounts you spoke to could still read your messages, with their keys)
Mastodon faces all the same challenges, and has been dealing with them for 7 years.
Unfortunately, lemmy comes with some bad default settings for when you set it up, which is the cause of the current bots inflating the user-count.
As for how to tell if an instance is trustworthy… That’d be time. I picked mine because it’s local and has had years of uptime already. lemmy.world is new, but run by people who’ve maintained a mastodon instance before. Basically, do your research, and wish for the best. Eventually, some day, we’ll have established no-brainer options like gmail and proton are for email.
Monetization, that’s up to each instance admin. Mine is straight up donating the instance to the world, and not asking for donations due to its near-nothing running costs. My instance is quite small, but active. But really, a given instance could go with whatever funding model they want, provided its users are on board with it. Some have already told our admin to speak up the moment he’d like some funds.
Where malicious activity is concerned, the fediverse may have to eventually switch to using whitelists, instead of blacklists, for who they federate with. Aside from that, there are already some tools for automatically detecting instances that are not populated by real users.
On privacy, ActivityPub has none. For that, you should look to matrix. ActivityPub is for public-only interactions and has no guarantees of security. Your posts or comments are not DMs, and if you reveal personal information, you may as well have published it in a newspaper. There are no real take-backs in that kind of forum. You can have facebook or reddit delete your stuff under GDPR requirements, but your content was out there, and any saved copies are out of reach.
The same goes for deleting things on the fediverse. ActivityPub does have the featureset for it, but it can only reach server’s that are still online and federated. That’s little different from how other public social media works.
@MentalEdge @homesnatch Therein lies the inherent risk of using social media. You must assume that once the genie is out of the bottle, there’s no stuffing it back in there and corking it. I’m probably on some watch list by a few 3 letter agencies because I am pretty outspoken about my views and they run very contrary to the accepted establishment ones. I don’t drink the capitalist lemonade, I don’t support cops, and I criticize government.
At the same time, you can keep your online account separate from your real identity, if you are thorough. I don’t even bother anymore (not on this account), but I’m not open about who I am, either.
Not like on matrix where I just straight up use my real name.
It makes sense to me. There’s a place for public forums, and one for private communication. They are mutually exclusive and should not be served by the same systems, they should be entirely separate for anyone who wants them to be.
Not like Meta, with their main public platforms of facebook and instagram, while at the same time sticking their filthy fingers into the private communication pie that is messenger and whatsapp.
Eventually, some day, we’ll have established no-brainer options like gmail and proton are for email.
Thanks but having yet another “too big to fail/block” mastodon.social/online or matrix.org should not be our goal. dot ML and dot world are already “dangerously large” with beehaw and shit just works being close contenders (if not already up there with those two).
Right now it might make sense to centralize just so we can accomodate Reddit folk who don’t want to choose, but too much centrailzation is already starting to show it’s cracks with e.g. the whole Beehaw situation.
IMO most instances should have a soft-cap of about 5k people or so, after which an invite system (should one be developed at some point) can still bring a manageable amount of people over every so often. Most Masto servers right now that don’t suck seem to be running on a similar premise, otherwise it would be hell to moderate, especially with the immaturity/nonexistence of moderation tools.
Oh, I don’t think it should be our goal. I just think it’s what we’ll most likely to end up with.
But 5k is FAR too low.
Instances and the fediverse as a whole function more efficiently, the more users they have, up to the limits of what a single instance can handle. 5k would be at the lower end of whats useful.
The thing with Lemmy in particular is that unlike Mastodon, communities need one instance. dot ML’s and dot world’s potential future “untouchability” is, in part, because communities will also centralize there. Spreading users very “thin” among the network should also indirectly spread new communities off the big several instances.
And of course. the 5k number I mentioned is both
- out of my ass with no real proof, but also
- a soft cap with a theoratical invitation system (or other way to not lock registrations completely) complementing it
While the numbers themselves likely need adjustment, it definitely should be “lower than you expect”
Let’s take lemmynsfw as a rather difficult example. Nobody wants to moderate porn which makes it even harder to decentralize it, but even at 6k users should something happen to it, all the porn in the entire network bar effectively private communities on the few instances that allow it (or the l*licon filled and hopefully defederated burggit) goes away. Not because of its users but because of its communities.
With most instances being general purpose, this will be less of a problem, as for nearly all other communities, there is 0 incentive to centralize in this way beyond “the initial creator had their account here”
As with all things non-corporate, you determine if the instance you want to use is run by a reliable person by uh, vetting the person. This is absolutely impractical and absolutely not something you can ask an average person to do in order to post cat memes on the internet, so long-term the right call would probably be to move the “big instances” into a foundation/corporation model (think OSI or Apache or Gnome or…) to provide proper shared ownership of resources, continuity planning, and better handling and monitoring of donated funds as well as better opportunities for outside funding - it’s actively easier to get funding or support for actual foundations/non-profits than some dude running a thing in his basement.
You then have a very public entity that’s much simpler for any random person to decide if they’re reasonable - the fact they exist AT ALL is a huge indicator of legitimacy because the work required to even get that far is not entirely trivial.
Monetization is… problematic. It’s probably going to HAVE to be donation-based because I don’t think ads or data mining or segues to our sponsor are acceptable on federated platforms and won’t result in you getting anything but tossed out.
I’d also say that there are fundraising options for larger instances that offer valuable communities: you can get a LOT of donations out of corporate America (this is US-centric, of course) if you’re a registered non-profit they can donate a tax write-offable donation to, and something like a Lemmy instance is just a rounding error in donations, if you can get in the door.
I’m also not a lawyer, but have worked with lawyers on a GDPR compliant policy, and boy, is it an absolute mess. The larger instances are absolutely going to have to comply, and there absolutely has to be a way to export and delete your data, and federation is absolutely going to run into the data processor vs data controller dual-responsibility pile and it’s absolutely going to be a mess… maybe, at some point, or not. For the MOST part, it’s a policy where as long as you’re being reasonably compliant and nobody is complaining or suing you, it’s not quite as horrifying as it is on paper.
The deletion stuff absolutely needs to be done sooner rather than later, and there needs to be a way to export all the data an instance has on a given user, but those two things will probably cover the worst risks any particular instance has.
So I agree 100% with this concern (and I think that in the long term a lot of this has the potential to be a bigger issue than is really being realized). At the time when reddit was imploding and people there were talking about getting together to build something better, I put together a pretty detailed proposal for software that I think can help to mitigate this issue. Basically, shift a lot of the load on an individual instance to be carried by simple proxies that can be run by the users of that instance. A bunch of people told me they were interested in this idea, and I was just now putting up an update after doing a bit of work on some actual code. If you’re interested in helping or taking a look, here are:
- The original proposal and details
- Today’s status update with some implementation details + link to the not-very-far-along code
And: