Yesterday, Mastodon was abuzz regarding a strange new scraper that seemed to be pulling people’s profiles and content streams into a platform designed around monetization. Dubbed Content Nation, the site’s combination of strange design, stock images, and focus on getting paid for posts raised more than a few eyebrows. Indeed, the site visually resembles something akin to a domain parking page, with an eye-watering visual layout and strange mix of posts that don’t seem to fit anywhere.
- Holy stock art, Batman!
- This post looks strange, but in fact was written by a blind author who had help adding images. To the untrained eye, it looks spammy.
Some long-standing admins poked and prodded at it, before declaring that Content Nation was, indeed, an effort to scrape Fediverse content for profit. It shared Unlisted posts in search results, seemingly rejected blocks, and deleted materials seemed to reappear on the website nearly instantly. All a person needed to do to verify it was put in their own user handle, and see their posts and profile get scraped out of nowhere.
A lot of people were angry, and readily pulled out the torches and pitchforks. The sad truth, though, was that this wasn’t a malicious scraper trying to crawl the network and make money off of people’s posts. It was some guy’s hobby project to build a service similar to micro.blog.
What is Content Nation?
Content Nation is, essentially, a publishing platform for a small writing community that just happened to be experimenting with ActivityPub. It’s a project developed by Sascha Nitsch, a backend developer and management consultant from Germany. Sascha is a relative outsider to the Fediverse that heard about the network, loved the idea behind it, and tried to integrate his site into the network.
The site is, understandably, somewhat jarring in its appearance, because Sascha is primarily a backend developer, not a frontend designer. He was more interested in building out a robust list of features prior to doing any visual design work, because the platform was still taking shape. As a one-man operation, this kind of approach made the most sense to him. Additionally, some of the frontend’s features are include assistive tools for blind and nearsighted readers.
“The site was and is free,” Sascha wrote, “no ads, no cookies nor tracking. I did not make any money with the federation; it’s a service for users on the platform. And it was never intended to be to make money with those content.”
Sascha explained that the monetization aspects of the platform weren’t designed to make money off of remote content, but instead to provide means to help writers in the European Union support one another.
“It’s a nightmare to handle the tax part with money from outside the EU to EU. Especially if the documentation isn’t EU-conformant. I had endless discussions with my tax department because my 20€ google ad revenue on another, older platform.”
How did the Fediverse React?
Several people came forward to point out to Sascha that his platform interoperates very, very poorly with Mastodon, and that Sascha did not do sufficient research prior to launching his service. Until recently, Content Nation had issues rendering its User Agent in requests, so it was easy to mistake for a scraper.
Compounding things further, people didn’t realize that the site implemented Webfinger in its search function, allowing people to load remote content by putting in an address into a search field. People would go to Content Nation, search for themselves, and inadvertently kick off a fetch request, leading them to believe they had just been scraped. In reality, this is how 99% of Fediverse servers operate by default.
When users sent GDPR takedowns, Sascha would comply, but the system had nothing in place to block anything. Those same users were distraught to once again search for themselves, only to find their own data all over again.
The High Barrier of Entry for Fediverse Development
The shortcomings described above paint a picture: Sascha was building a free ActivityPub library for his project While he managed to get the basic concepts down, there were still a lot of missing pieces that are essential for participating in the modern Fediverse. Unfortunately, a lot of those resources are not readily available to anyone.
Here’s the thing: if you were to take the ActivityPub specification from the W3C, and implement it as specified, you’d end up with something that wouldn’t correctly talk to any service in use today. Mastodon, and platforms designed to talk to it, have a dozen or so behaviors that are not actually in the spec at all: Webfinger, SharedInbox, Privacy Scopes, and Opt-Out for Search are just a few of them.
Many of these things are almost completely undocumented, and can only be developed by lengthy conversations with people who already built those things. Even Mastodon’s own specs say very little. The majority of people dismissed Content Nation as simply being a malicious attempt to slurp up their public and private content for profit. Even when Sascha tried to defend himself, he was ridiculed and mocked.
From Bad to Worse
Aside from simply blocking the domain and moving on, community members decided to have a little bit of extra fun, attempting to “make the crawler crash“, send angry emails to the service operator, and more. After some study of how the site worked, one person had the malicious idea to send a remote post containing child pornography to the site, before getting someone else to report Content Nation for Child Sexual Abuse Material.
To be clear: someone searched a list of known illegal material, loaded that remote content onto Content Nation locally, and then put up a red flag for someone to file a report. Given the server’s jurisdiction being in Germany, this could have been catastrophic: Germany’s laws regarding CSAM stipulate a one-year prison term minimum for possession of this kind of material. Just look at the recent case of a teacher who found out that a pornographic video was circulating about one of her students. When she tried to turn in evidence to the police, she was arrested.
It’s a case that causes people to shake their heads: A teacher wanted to help a student whose intimate video was circulating at school and now has to answer in court for, among other things, distributing child pornography.Following a complaint from the public prosecutor’s office, the Koblenz regional court overturned the decision of the Montabaur district court not to open main proceedings in this case. “The regional court, like the public prosecutor, considers the behavior of the accused to be criminal in principle,” said senior public prosecutor Thomas Büttinghaus. The educator is currently facing at least a year in prison – and with it the loss of her civil servant status.
Sascha’s life could have been turned upside down for absolutely nothing. Say what you will about how his website looked, or how his platform functioned: none of these things warranted such a disgusting level of abuse. Somebody basically tried to send a fledgling platform developer to prison, because they didn’t like what he was doing. A series of assumptions and misunderstandings escalated to this point.
Why is this Important?
Over the years, Mastodon’s user culture has become incredibly insular and hostile towards outsiders. Despite repeated claims of “People are just nicer here!” and “Everyone is just so welcoming!”, often those preaching about privacy and consent are the first to harass anyone doing something they don’t like. Reactions have extended to doxxing, death threats, DDoS attacks, and apparently, distribution of CSAM. Just the other week, Mastodon users were harassing a guy who built a protocol bridge that hadn’t even been enabled yet.
Neither of these things are first occurrences, either. People in the past have tried to build tooling for the Fediverse, from search engines to disposable account services for testing to indexes of verified accounts. People like Wil Wheaton were harassed off the network for their ignorance of nuances about who was on a given blocklist that they shared. Some Lemmy instsances have been flooded with CSAM as part of a community retaliation effort from other instances.
Mastodon’s user community have also long looked down their noses at other platforms such as Pleroma, due to a combination of platform rivalry, cultural clashes, personal squabbles, and an “us vs them” mentality. It wasn’t so long ago that simply using Pleroma was considered a valid reason for blocking someone on sight, because good people only used Mastodon.
Source: FediDB.org
Mastodon still makes up the majority of the Fediverse at this point, and acts as a defacto standard for ActivityPub. Many parts of the Mastodon community still threaten to block, doxx, or harass people simply because they expressed a thought or opinion that stands in contrast to what the hive mind demands.
Even Damon, at one point, has received death threats from total strangers for his perspective on FediPact and Threads that other people didn’t agree with. He’s told me on several occasions that the Fediverse doesn’t feel like it was made for people like him, and a good portion of it is due to Mastodon’s user culture.
Whatever this thing is, it’s not sustainable. A big aspect of Mastodon’s norms center around a type of Puritanical culture that half the time, isn’t even consistent with itself. We can’t advocate for a space and say that it’s so much better than everywhere else, when so many people are subjected to this.
The Aftermath
A report was filed with Content Nation’s host, Hetzner, due to the presence of CSAM being detected. However, Sascha’s platform was only set up to cache remote content for an hour prior to purging it. The best conclusion we can draw from this, at the moment, is that someone willingly set Content Nation up.
“I’m not sure it even was CSAM,” Sascha writes in a private chat, “I never saw the pictures, as they had already been deleted. The data was already removed from the cache, and the original server was down, so it wasn’t refreshed [on Content Nation].”
“My flat could have been raided, and I would not have an electronic device left to write this,” he added.
As of this writing, Content Nation has turned off all Fediverse integrations, and Sascha has been turned off of having anything to do with the network after having this experience. He has been effectively bullied off the network.
How can we avoid this happening again?
Throughout researching this article and situation, I think there are several things that really, really need to change for the better. The modern Fediverse operates involves a long list of internal knowledge that’s not really written down anywhere. No part of the ActivityPub spec or Mastodon talks about how to implement their special pieces, so that people writing new servers can be good actors.
As it stands today, no singular piece of Fediverse software includes instructions to load a “worst of the worst” blocklist when setting up an instance, or to put a Webfinger search form behind a login page. What seems like common sense to some people is literally a new concept to others.
Culturally, we need to accept that most people coming into the community for the first time are operating with a lack of prior knowledge. We can’t simply cross our arms and say “You should have known better”, and socially punish people, when in fact there was no way for them to learn about it.
https://wedistribute.org/2024/03/contentnation-mastodons-toxicity/
#CSAM #Harassment #TrustSafety
Content Nation Backlash Highlights Mastodon’s Toxicity
Yesterday, Mastodon was abuzz regarding a strange new scraper that seemed to be pulling people's profiles and content streams into a platform designed around monetization. Dubbed Content Nation, the sSean Tilley (We Distribute)
Tear Down Walls, and Build Bridges
Recently, Ryan Barrett re-announced his Bridgy Fed project to the Fediverse. As a service, it’s designed wih one specific goal in mind: to make parts of the decenralized social web that speak different protocols capable of talking to each other natively.For the last few years, Ryan has been hard at work building a sytem that can natively speak IndieWeb, ActivityPub, atproto, and Nostr, and translate interactions back and forth in a manner as close to natural as possible.
Who is Ryan Barrett?
Ryan Barrett is a software engineer with a long track record. He co-founded Google App Engine, worked at an early cancer-detection company called Color, then as an engineer for a Climate Tech startup called NCX.https://spectra.video/videos/embed/ab74b490-775c-42ec-8c0b-c2b653b80189#?secret=769ekepg03
Ryan Barrett on Decentered
We actually interviewed Ryan recently for our Decentered podcast, and we think that it’s the best summary we can provide on what he’s working on, what his thoughts are, and the effort he takes to get the details right.Overall, he has a deep understanding of the space, and wants to provide a tool for anyone to use. He’s also someone who has thought at length about community moderation, and wrote an excellent piece called Moderate People, Not Code.
What is Bridgy Fed?
Bridgy Fed is an effort to create a multi-protocol communication server that can translate people, content, and interactions back and forth between networks that speak different protocols.For now, it only speaks IndieWeb and ActivityPub, but Ryan has put in a lot of effort into making it speak the AT Protocol (Bluesky) and Nostr as well. Those are due to come in the following weeks, and were a central focus in Ryan’s announcement.
How Did the Community Respond?
To be fair, a sizeable amount of people had good things to say about the new development, and many IndieWeb and Bluesky users were supportive and even excited.Unfortunately, an extremely vocal part of Mastodon expressed a range of negative reactions, going from critiques to insults to vitriol, demanding everything from the developer deleting his project to Ryan leaving the network permanently.
Looking through the comments, most negative feedback touches on the following:
- This tool violates user consent by being opt-out, rather than opt-in.
- I don’t want my profile and content showing up on Jack Dosey’s corporate social network.
So, let’s take a moment to unpack this, because it’s not as cut and dry as it appears.
User Consent and the Fediverse
The main controversy people seem to have in the Fediverse boils down to the fact that users have to Opt-Out of the service, rather than Opt-In. But, there’s a few fundamental misunderstandings here:Federation itself is Opt-Out
A lot of people responded to Ryan with statements about how Bridgy Fed’s Opt-out nature violated their consent. In some cases, it got really nasty.Here’s the thing: everyone wants to bang on this idea that the Fediverse is based on consent, that users are the ones at the forefront of who they get to connect to, that those decisions are inherently opt-in, and users get to decide everything.
But, that’s a myth: the very nature of how federation works in this space is “Open By Default”.
To prevent messages and interactions from flowing in and out of a place, users or admins have to activately block a server. What this fundamentally means is that the Fediverse is opt-out by design; connections flow until they don’t.
Evan Prodromou, of OStatus and ActivityPub fame, even weighed in on the topic:
The point of the fediverse is to connect with others, with full control and safety. It’s for making connections between networks of different sizes and implementations.We have ample tools to control who can connect with us on the fediverse — the visibility of our posts, deciding who can and can’t follow us, personal blocks, domain blocks, and filters. Extra opt-out features like a profile hashtag, searchability flags, or indexibility flags give even more control.
With any other network on the fediverse, we allow connections to get started first, and then use these control mechanisms to shape our experience as individuals and as instance communities. I think it’s perfectly reasonable to do that with this bridge, too.
Evan Prodromou
That isn’t some random dude, that’s the guy who started the Fediverse, stating that the network being open by default is how things ought to be.If any connections on the Fediverse were opt-in, people would have to opt in to federation on a case-by-case basis. This would seriously hamper the growth of Mastodon, and clashes with its own “open by default” philosophy. Bridgy’s own design values are more in line with what Mastodon does than against it.
Bridgy Fed isn’t a Crawler
A big part of the drama stems from the fact that people have assumptions about how Bridgy Fed works. Turns out, it’s not a bot that crawls the Fediverse and harvests user data! In fact, it doesn’t index anything, or offer search functionality of any kind. The dude isn’t building a data farm!So then, what is Bridgy Fed doing, exactly?
An easy way to grasp this is to look at how interacting with remote stuff works in Mastodon. Let’s say you look up a remote user handle, or a URL to a post, using Mastodon’s search interface. Your server looks up that resource, fetches the data, and renders it locally for you to interact with.
Bridgy Fed and User Privacy
Bridgy Fed is basically doing exactly that, with just one extra step: it’s translating data on another network to something your own system can read, and it can work in two directions. That’s basically it.There are also a couple of aspects of how Bridgy Fed works with user privacy settings and actions:
- Bridgy accepts user blocks from ActivityPub, and also federates out edits and deletes. Actor blocks, reports, and domain blocks are recognized, and Bridgy respects Authorized Fetch.
- Private statuses are not ingested by the bridge, because the other protocols don’t have an equivalent for private conversations.
- If a user has
#NoBridge
on their profile or requests exclusion ahead of time, a cross-network lookup will fail for that user automatically, from every network, every time the lookup is attempted.
Bridgy and Multiprotocol Servers
Bridging across networks is something of a time-honored tradition in the decentralized social space. In more recent years, the Friendica family tree has acted as a glue between vast parts of the network, getting its hooks into OStatus, Diaspora, and ActivityPub in addition to their own native protocols.While there has been hiccups, dissonance, and occasionally frustration, these kinds of efforts have helped expand the network while keeping it from being a total monoculture. Many projects within the early Fediverse were able to find inspiration from one another, despite taking different approaches to solving various problems.
The idea of a public post being translated into another protocol being considered a violation of consent is, frankly, unprecedented. But, this was never about converting a post schema from one JSON form to another, was it? In its basic form, who could possibly care about that?
No, this is about your post showing up on *that other network*.
Misunderstanding Bluesky
Maybe none of the above details matter to you. Maybe you’ve decided, screw this guy for connecting my posts to Jack Dorsey’s fake decentralized network!If this is your position, I have a few notes for you!
- Jack Dorsey doesn’t own Bluesky! Aside from a position as a sitting board member in an advisory role, he’s actually not involved. In fact, he deleted his Bluesky account some months ago, and spends almost all of his time hyping Nostr and Bitcoin.
- Bluesky is a Public Benefit Corporation – while it’s true that they’re still a corporation, and still have some kind of profit motive, this immediately changes the dynamic from “a platform owned by some rich guy” to “a platform owned by a company”.
- Federation is coming soon – the Bluesky team has been actively testing federation and building for it. A lot of people claim that Bluesky doesn’t care about federation, and isn’t going to do it…but, it’s happening soon. If a network can federate, and other people can run their own nodes and services, the network itself isn’t Jack Dorsey’s, or even one entity’s.
We have an upcoming article that’s going to dig deeper into some of the myths about Bluesky. But the main point here is, Bluesky isn’t the Anti-Christ to the Fediverse that people claim that it is. It’s a different approach, by different people. That’s it.
In Conclusion
I chose to write this as an Opinion piece, because I don’t expect my point of view to be The Only View That Matters. I think Bridgy Fed is a cool project, and that Ryan doesn’t deserve the hate for building something he’s passionate about in his spare time.I was struck by a really remarkable thread by Marco Rogers, who sorted through his feelings on the situation and identified the “ick” factor in this whole situation.
In short, who are you yelling at? Who do you expect to "fix" things for you? Right now people are coming down on the guy who is building the bridge to bluesky. That specific guy. They're yelling at him and telling him to make different decisions to protect their personal privacy. Is that what people think they signed up for with the fediverse? Fighting with other individual humans and trying to force them to do what you want?— Marco Rogers (@polotek) 2024-02-14T02:21:27.923Z
This is a decentralized network! Despite efforts to work together, optimize for user safety, and identify actively hostile communities, none of us are in charge. We can bring great initiatives, collaborations, tooling, you name it, but nobody is actually in charge here.I want to be clear about my stance on user consent: I think it’s a good thing, and worth building for, even in a network where openness is the default. I think serious work needs to be done to better empower end users over privacy, access, and permissions. We can do better, in so many ways, and that future is coming.
But throwing a fit over your public data federating to some other network because someone on the other side decided to follow you from there? That’s some peak NIMBY Mastodon HOA bullshit. I would forgive them for unfollowing you.
The Decentered Podcast - We Distribute
"Decentered" by We Distribute is a podcast dedicated to decentralized communication technologies, user empowerment, and the future of the Internet.We Distribute
like this
Gidi Kroon and Cătă like this.