February 2, 2024

s17e07: The Great Social Network Heist

0.0 Context Setting

It’s Friday, 2 February 2024 in Portland, Oregon. It’s not raining, and I’ve just finished today’s Hallway Track.

Of which...

0.1 Hallway Track News

Hallway Track 008: Infrastructure and Systems is on Thursday, 8 February, at 11am Pacific, 2pm Eastern, and 7pm London.

Our guests will be:

• Deb Chachra, engineering professor and the author of How Infrastructure Works [US/UK]. She speaks, writes, and consults widely at the intersections of design, technology, culture and education; and

• Georgina Voss, artist, writer, and educator, author of Systems Ultra: Making Sense of Technology in a Complex World; and co-founder of studios including Strange Telemetry and Supra Systems Studio.

Here’s the blurb:

While Twitter continues to implode, Bluesky and Mastodon are busy carving out their niches and Meta storms ahead with Threads, let’s talk about ways people might improve their experience on social networks, starting with blocking. We’ll talk about things like:

• what we can learn from fantastic products like Block Party (RIP);
• how blocking is or isn’t used as a content moderation signal in various social platforms’ recommendation algorithms;
• where blocking should be used as a content moderation signal to prevent post or account recommendation;
• are people actually using the block function? How much? And how or why might they use it more?
• reasons why platforms might have to hide or de-emphasise blocking;
• exactly how bad would it be (very bad) to gamify and incentivize blocking?
• how these topics might tie into the idea of a marketplace of content moderation providers.

What’s Hallway Track, if you’ve forgotten or I never told you?

Hallway Track is a series of free, ad-hoc gatherings, where we pretend to be in the hallway chatting with each other after a great conference session. It’s for small groups of only 25 people so it’s not too big people can’t talk and not too small there’s dead air; they run for 90 minutes; they’re not recorded, to encourage free conversation.

Register for Hallway Track 008: Infrastructure and Systems and find out more.

---

1.0 Some Things That Caught My Attention

1.1 The Great Social Network Heist

Let’s go steal an open social network¹.

Smash cut to flashback

I’ve been wrong a lot.

I’ve written before about Mastodon and why news organizations should have their own Mastodon instances².

Or rather, in a more self-serving way, I think I’ve been wrong-but-inaccurate before, and that there’s importance in details. What I actually said was:

The first news organization to stand up a Mastodon / activitypub server at, for example, follow.washingtonpost.com gets a medal

I’ve been thinking a lot about Mastodon over the last year-and-a-bit, which is to say, less than other people have been thinking about it. But, predictably, I have opinions, and if you’re reading this newsletter, you have, for some reason, decided that you would like to know what they are.

Mastodon isn’t great, actually

No, really, it’s not. But hear me out, before you well-actually me to death.

ActivityPub is the thing that’s great.

Yes, I am now one of those people who’s all in on actually, it’s ActivityPub/Mastodon.

Mastodon, which is a sort of agglomeration of protocols, extensions, applications, APIs, and clients, is the least-bad, most-successful application running on the ActivityPub platform. Mastodon is an application-that’s-a-social-network.

This is probably going to sound like I’m shitting on Mastodon, but... I am not? Because I want to emphasize that it’s ActivityPub’s killer app.

I just think Mastodon-as-the-killer-app is showing signs of finding a niche and filling it, and not particularly growing.

Some problems with Mastodon:

If I want to offer a managed, hosted Mastodon service, phooey is it difficult. Mastodon doesn’t support multi-homing, so you can’t use one instance of the application to serve multiple domains.

It is... a wildly successful hobby project for hobbyists. Imagine you’re (horrors) a Brand, or you’re an Institution and you want to be “on Mastodon”. It isn’t that customizable without hacking deep into it. By customizable, I mean “recognizably branded”, beyond “here, go nuts with the CSS”. A comparison here would be “what would Mastodon need to be like to be like Wordpress, and support a Wordpress-like stupendous ecosystem”.

The pace of change is... well, change is happening. Search exists now! But I’d argue (and others have) that Mastodon hasn’t appreciably changed in the last 12 months, whereas the company that’s stupendously resourced and famous for moving fast and breaking things has, undeniably, moved fast with Threads.

(Instead, there’s been quite a bit of innovation [sic] on the client side.)

One last thing: people have issues with its architecture and performance.

Well if you’re such a fan of ActivityPub then name five ActivityPub applications!

Okay, here you go. I won’t include Mastodon.

1. Bookwyrm, a not-goodreads;
2. Pixelfed, a not-Instagram;
3. Lemmy, a not-Reddit;
4. Otter, a not-Pinterest;
5. PeerTube, a not-YouTube

This is anecdata: I don’t use any of these apart from BookWyrm. I don’t use BookWyrm because of any of its federated-ness, I use it because it’s not goodreads.

I joined one Lemmy instance and you will not be surprised to find out what it is³.

The ActivityPub federated-ness of all of these applications doesn’t matter to me. Theoretically actions and posts can go from one place to another: I don’t see them. Nobody, I think, follows my BookWyrm account “from Mastodon”. Technically you can follow Mastodon bots in Lemmy but the one time I saw people tried to do that, it got super complicated.

What, I thought you said ActivityPub was good?

Hahahaha. ActivityPub is good because in principle an open protocol is better than a closed protocol.

Actually “ActivityPub” is a set of three specs: ActivityPub⁴, Activity Streams 2.0⁵, and Activity Vocabulary⁶. If you really want to understand the entire thing, you should read Darius Kazemi’s guide to reading the specs⁷, because Kazemi writes clearly, understands his audience, and is annoyingly prolific.

ActivityPub lets applications send messages to each other about things that happen, but no major applications or services are incentivized to use it, because it makes more sense (and economic sense, in the absence of regulation) for them to have lots of control.

You may wonder why this is a good thing and why you’d possibly care about things that happen in one place showing up in other places. That is a very good question.

One of the reasons this is a good thing is because it would let lots of people make even more things, things we haven’t even imagined yet. This is not, I appreciate, and one that depends on someone’s ability to inspire and persuade you through rhetoric.

OK, but if ActivityPub is good, how do we get from here to there?

Good question.

Also, you promised me a heist

Here’s the heist bit.

You want to steal an open social network?

To steal an open social network, at the very least, you’d need:

• reach: lots and lots of people using it
• a sustainable software ecosystem
• a way for people to make money
• applications that are better than alternatives
• trust and safety: verification, content moderation, and so on

Thing is, you can’t grab all of these at the same time. Or, you need to grab all of these, in different ways and stages, at the same time. It’s quite complicated!

You’d also need to be patient. This is something like a 10-year heist.

But hey, you met me here at this cafe and I’ve got this napkin and this pen. Or this iPad and Concepts.

Before we start on this job, you need to accept that open protocols, standards, and interoperability are good. There are lots of arguments for this. I am not going to persuade you about this here.

We’re going to need reach

Reach is, weirdly, potentially one of the easiest things to steal in this heist, if only because weirdly, for reasons, a super big social network with hundreds of millions of users decided to integrate with the network of ActivityPub protocol applications, irritatingly in my mind known as the Fediverse.

Or: Meta has a plan to integrate Threads, a social network platform with hundreds of millions of users, with, practically speaking, “Mastodon”⁸, a network with optimistically 2 million daily active users⁹.

So. You need to make sure Meta follows through on integrating with the Fediverse. You need to understand the incentives and disincentives and tweak them to get Meta to do what you want.

We need to steal some software

For us to pull this off at the “posting message social network” level, we’re going to need something better than Mastodon for a bunch of the reasons I outlined above. Just go with it, I could spend hours (and have) talking about this.

Even better, we’d want multiple things better than Mastodon.

Making (and sustaining) software costs money, though. You need someone or something to stump up that money. Facebook has a bunch of money, but they’re not ever going to open source any implementation because there’s no way that ever makes sense.

Going further, if you really believe open protocols are socially important in terms of assuring people the option of ownership and control, then you might end up thinking that perhaps the costs of developing and sustaining such software could be socialized.

Huh.

So you might think, okay, maybe you could persuade a bit of government to fund developing this software?

But you talk to a bunch of people in government and they’ll say “yes, it makes sense for us to have more control and ownership over social media accounts, and we have direct examples of why thanks to Twitter’s implosion, but what you’re saying costs money, and the software is terrible”.

No particular government department, office, or agency is going to do that, especially now that they can just get an account on Threads and start posting.

What does Threads get a government account? Reach and verification. Bluecheck and people to talk to and replies and all that good stuff. For free, too.

So you’d think okay fine at a high level, I need to solve for reach from an ActivityPub account, and also verification/trust, and also make it cost no money.

Assume Meta follows through and your ActivityPub account will federate through and Threads users can follow it. Reach is done.

Verification/trust and bluechecks, then. Now I’m guessing here, but government organizations can already get bluechecked on Facebook, and at a high level I reckon the process is a bit like “send us an email from a .gov domain, fill out this form and give us a signed letter on your letterhead and fax it to us, and we’ll go check your department and title actually exists”. Whatever, the important thing is the bureaucratic process exists.

So you go over to Meta and you say: as the government, I want you, Meta, to federate out bluecheck verification to off-network accounts, so that I can assure users of my identity and provenance while retaining control of my account.

And Meta will say no, and then you will quietly tell them to say yes because, well, socio-political-governance reasons.

Meta might say “ahaha no, are you kidding, we’d need to figure out how to extend verification from a technical perspective” and then you’d say actually no, because a) we just delegate part of that trust process to “there’s a process for getting a .gov domain”, b) “you already have a bureaucratic internal process for verifying government accounts, so just also use that”, and c) if that bureaucratic process is good enough for you, then you can also design a bureaucratic process that’s good enough for this, we can do it together if you want.

I mean hell, people just send fake faxes to request for information pretending to be law enforcement.

Okay. You’ve just gotten the verification part.

Now you need it to cost no money for all these government offices and agencies to implement, because siiiiigh yet another managed service that, hopefully, isn’t Mastodon because Mastodon is shit to manage.

I mean, do you need it to cost no money?

What you need is for it to not cost any more money.

Because what you could do is tweak government to say: yeah, so you, government office/department/agency, normally you wouldn’t do this because of money and yadda yadda and it’s more work.

But we’re going to just tell you to do it because we’ve decided it’s important.

(This has the potential to piss off a lot of people, especially depending on the way you do it, but people should also do well to remember that “this is also how government works” - it gets to make decisions. Unless the Supreme Court decides not to let it, of course).

Fine, fine, we’ll do it if we have to, say all these offices/departments/agencies (at, I hasten to add, every level of government).

Do you have any money for us to do it?

And then the federal government will look in its pockets and I suggest it look quite hard at what IRA money can be spent on and also who’s wasting IRA money (even though people will accuse this of being a waste of IRA money).

You’d set up some limited scope trials.

You’d do a super cheap, fast (3-6 months?) trial with stock Mastodon to discover the delta between Mastodon and “what needs to exist”, or put together the roadmap for your ActivityPub implementation.

So, to recap:

1. Change government policy to acknowledge the importance of independently owning and operating “social media accounts”
2. Ensure those independently owned and operated accounts can interoperate to achieve reach
3. Set up bureaucratic procedures to assure authenticity
4. Fund implementation and development

Ta-da. Easy. This also solves a tiny sliver of the trust and safety problem. Go us! Excellent stealing so far.

I mean, just the other note I messed around with ChatGPT to generate some ActivityPub Activities around Schools and School District actors for school closures and what extended vocabulary you’d stick in the JSON-LD. Fun! A Thing!

Let’s make some money, and, let’s make some great apps

These two are related. You’re unlikely (not impossible!) to make some great apps without stealing a, uh, economically profitable and sustainable open platform economy.

What do you need to make great apps?

First, you need reach. Thanks, Meta! We’re excited about you delivering reach by supporting open standards and protocols for whatever reason. Excellent kickstart there.

A Sweaty Steve Ballmer, Yelling for All Eternity

I mean, not so much developers as platforms [sic].

Second, you need to make it easy to build ActivityPub applications. In principle, this shouldn’t be hard, but... it is? Kind of?

It’s not that pure ActivityPub implementations don’t exist -- they do! -- but they’re also what I might call immature. In Wardley Map terminology, I’m confident that ActivityPub implementations are in the Genesis stage.

Also, what do I mean by ActivityPub implementation? There’s lots of bits!

• an ActivityPub server that implements server-to-server interaction, so the federation part but also “interesting things you might want a server to do because it makes sense to do them on a server”;
• an ActivityPub server that implements client-to-server interaction, the part of the open spec for receiving and sending ActivityPub activities to, uh, clients; and
• Libraries for Your Favorite Language to deal with (construct, parse, send, receive, act on, etc) ActivityPub actors, activities, and objects

You might say “oh but Dan I definitely have libraries to do the latter already I simply import Mastodon in Python and I’m good”. To which I would say yes, that’s a Library for interacting with Mastodon, i.e. Mastodon’s particular subset and extensions to ActivityPub that use ActivityPub as one of the components of a Free and Open Social Network Product.

What I think is least interesting thing ActivityPub is the social network stuff.

What I think is the most interesting stuff about ActivityPub is that it’s an open protocol for sending messages around, and that one of the largest internet companies in the world says it’s going to adopt it, in some fashion.

“Sending messages around” was one of the things Twitter tried out when Twitter had no idea what it was and when Twitter’s API strategy was different.

(Arguably Twitter still does not know what it is, so perhaps the problem is more of a Twitter-in-itself problem, rather than a problem of whomever is holding the bag of Tweets at the time)

Twitter for “sending messages around” was a great time. Things would Tweet, like bridges and lamp posts and, uh, other things. There was a lot of whimsy. Those Tweets were all human-readable, though. Thing is, Twitter was a private platform and its usefulness and reliability as a messaging bus was instantly demonstrated when it had a shift in strategy and suddenly... didn’t do those things anymore.

But.

An open protocol for sending messages around would certainly be... interesting. It would also form a sort of backbone for notifications in general.

Here are some terrible, geeky, stereotypical, non-normie examples of things that could be followed and could send messages that don’t have mass appeal like “sports”:

• buses or public infrastructure transit, like a bus or bus stop that sends you a message when it’s 5 minutes away from your stop
• “legacy media” like, uh, that “radio program” or “broadcast television program” you like, which could send you a message when, uh, it’s broadcast
• every single internet of things device that suddenly has slightly more of a use case, like when there’s a stupendous forest fire and you can’t go outside and you’re like to know the AQI from a sensor nearby
• Industrial Internet of Things that, I suspect, doesn’t have any open protocols, like agricultural stuff, because everyone’s incentivized toward their Platform Silo, like John Deere

But. The general principle here is that if you’re reading this, you’re probably already persuaded that it would be good to have a robust, open protocol for sending messages that anyone could take advantage of. (Sure, a side-effect is that suddenly every app can receive messages.)

There’s been bits of playing around the edges here. Terence Eden, in his prolific way, hacked up a Foursquare-type checkin demo over the past week¹⁰. The thing is, Terence -- I think -- needed an ActivityPub (not Mastodon!) server for this, because he’s using other parts of the ActivityPub spec for Objects and Activities that Mastodon doesn’t use, because Mastodon is a Twitter-clone free and open social network product.

It’s more like that having an open messaging protocol would be an enabling technology -- as in one that would enable sustainable businesses, new applications, and so on. The crucial thing here is that it would be open.

Yes, this is like XMPP. Yes, we’ve tried this before. But as I get older, I keep wondering if there were a lot of times when, well, the timing wasn’t right. When the attempt was just too early, but the potential was clear. Maybe it’s worth trying again?

Here are some things that I’d like to try, just as proofs-of-concept. Or, things that I’m in the middle of trying:

• A Home Assistant to ActivityPub bridge, so all the Home Assistant nerds can experiment with sending device messages out into the fediverse [sic] and what sort of vocabulary would be needed (and just sending includes a whole minefield of security and safety considerations)
• A GTFS Realtime¹¹ to ActivityPub bridge, for the above mentioned Trope-y Bus Messaging.

You may be thinking to yourself: but Dan, there exists at least one open messaging standard and it’s used a lot and it’s called XMPP¹². You may also be thinking that there’s another web3 messaging protocol, and that one is called XMTP¹³. And you would be right that these are both messaging networks that exist, that the former is definitely used a lot, and that while XMTP certainly looks very shiny, it’s unlikely it’s used significantly more than ActivityPub, which is to say... not a lot.

Dan, this is a lot. A really, really lot.

Yes. This is a long and involved heist. There’s even a bit more to cover, and it’s already over 3,500 words long. So what I’m going to do is to stop and take a deep breath and come back to it in the next episode. Which will also give me an opportunity to do some re-organizing and, honestly, editing.

Hopefully this isn’t so much a head-trauma inducing stop as a “to be continued”.

---

Anyway, how are you doing? You good? Terrible? Just existing?

---

Best,

Dan

---

How you can support Things That Caught My Attention

Things That Caught My Attention is a free newsletter, and if you like it and find it useful, please consider becoming a paid supporter.

Let my boss pay!

Do you have an expense account or a training/research materials budget? Let your boss pay, at $25/month, or $270/year, $35/month, or $380/year, or $50/month, or $500/year.

Paid supporters get a free copy of Things That Caught My Attention, Volume 1, collecting the best essays from the first 50 episodes, and free subscribers get a 20% discount.