I'm looking for a well put together written case for institutions (academic, professional) to set up their own Mastodon instance.
Something that not only highlights the obvious benefits, but also that the technical costs are within the capacity of most places that have a decent IT department.
Please do not make the case here, I'm looking for links. 😜
The scam-heavy crytpocurrency industry, flush with money from the latest inflated bubble, is pouring vast sums into American elections. Their goal is to to be an unregulated "market" or an industry that is regulated only in ways they like.
Our economy is risky enough now, but this would push it closer to the edge.
I'm happy to announce that I have tagged the latest commit in the activitypub branch as v4.0.0-alpha. That designation means (mostly symbolically) that we have moved past the "proof-of-concept" stage of ActivityPub research and development, and into the alpha phase.
This release has been a long time in coming. Work on the ActivityPub integration back in late 2023, although work accelerated around February of this year. The initial idea was to create a proof-of-concept build of NodeBB that could communicate with other fediverse apps, and federate local content outwards for other applications to consume.
As it turns out, it is difficult to temper your expectations when using a protocol with implementations that expect richer compatibility than one can provide! It seemed like a disservice to only offer a minimal subset of expected features, and so we started a deeper integration into ActivityPub with the aims of providing full user-to-user following, notifications, and two-way communication.
In the interim, FediForum happened, causing us to once again re-evaluate our short-to-medium term plans. Devs from NodeBB and Discourse, along with many other interested parties, formed the SWICG Forum and Threaded Discussions Task Force, which aims to promote the use and broader acceptance of threaded discussions as a modality of communication, as opposed to the expected "microblogging" format.
What this release contains
The alpha build contains a fully-capable ActivityPub server instance, including:
Two-way follow relationships between local and remote users
Two-way communication with fediverse content
A dedicated page (/world) to view remote content that is not organized into local categories
Categories followable from the fediverse (via FEP 1b12)
Integration with local flagging tools (reports sent to originating server)
Server-wide domain blocks (allow/deny list capability)
What this release does not contain
Support for emoji (images are federated out, which are sometimes stripped)
Support for non-public notes, as NodeBB does not currently have the facility to maintain or display them. Research on this problem is ongoing.
Roadmap
Now that the alpha has been tagged and released, I will be making our working roadmap public → you can take a look at it here
I will be starting a new backlog/roadmap for beta items, and existing backlogged items will be carried over.
Final Thoughts
We wouldn't have even thought to implement ActivityPub if it were not for the funding granted to us by the NLNet foundation. They allowed us the runway to pursue the necessary R&D work, and we're pleased that everything has been pointing positively so far!
This entire time, it has been particularly satisfying to continually see the integration working on this instance (the NodeBB support forum). Expanding the reach of NodeBB beyond the confines of the "local" mindset and into the "global fediverse" mindset has been daunting, but is well worth the price of admission.
I'm happy to also say that now that we've proceeded to the alpha stage, it signifies a commitment toward a beta phase, then an RC, and then towards the release of NodeBB v4. ActivityPub has legs, and we're invested in making it work!
I’m a fan of open source, free software, whatever you want to call it. I have contributed to a GNU project and will do again when my workload reduces. I put my own stuff out there open licensed. I know a thing or two about this stuff.
So try to take it in when I tell you that the software freedom world has a big fucking problem, and that problem is cultural.
Great heaping swaths of the software libré world are culturally dominated by some of the most radioactively toxic people in tech. Not just nonce defenders like Stallman or WASPy racists like Raymond, but Silicon Valley techbros, libertarian whack jobs, and out and out fascists.
What is the fucking point of FLOSS if not to make the world better, more equitable, to use technology and our skill with it to lift people up? Are we really just in this to provide a commons for robber barons and the genocide brigade to pillage?
Each and every shitty person and their enablers must be purged from any space we, the decent people, control. If a fascist submits a pull request, it’s rejected unexamined. If you moderate a Discord chat and you see someone you know is harassing trans people outside of that chat, ban them for life.
End-to-end encryption only works if nobody other than the two parties in a conversation (including the government and the provider of the service itself), under no circumstances, can ever decrypt the encrypted traffic.
You can't violate encryption only for a handful of use-cases without weakening it for everyone. Anyone who tells you otherwise, and tells you that a government backdoor or private keys signed by government agents are safe, is either a complete ignorant about math or technology (or both), or is acting in very bad faith.
If you break end-to-end encryption for one use-case, you break it for everyone. It's like leaving your house key in the fob of your door and expect only your trusted friend to use it.
Every time someone says "but it's to protect the kids" / "but it's to protect you from terrorists", be aware that they're using an over-abused argument to convince you that degrading privacy for everyone is a requirement to keep you safe. And it's a shitty argument because if I say "actually I'd rather keep my conversations private, without the government or companies with a business model based on surveillance snooping on them", then someone will promptly react with "then you don't want to protect the kids / then you support terrorists?"
The first time a government tried to make the argument that end-to-end encryption is a crime was in 1991, when Zimmermann first developed PGP and gave military-grade encryption to the masses. Not knowing what he should be incriminated for, the US government prosecuted him for terrorism and arms trade. These arguments have remained nearly the same for the past three decades.
"The government needs to protect you from criminals and abusers, and in order to protect you it needs to be able to access everybody's digital content" is an argument as weak as "the police needs to protect you, and in order to protect you it needs to get a copy of everyone's house keys".
Just like police forces have many means to investigate criminal activities other than breaking into everybody's houses, they also have many ways of investigating online crime without breaking everybody's privacy.
If you say "I've got nothing to hide" about unauthorized actors spying into your email and messages, would you also say the same about strangers breaking into your house without your authorization? Privacy is all about deciding what you share with others.
The simple truth is that governments don't like encryption in the hands of citizens, they've never liked it, and they've spent the past three decades looking for ways of breaking it.
The persecution against Zimmermann and Snowden, the NSA backdoors, the deals under the table with the developers of large tech products, the anti-encryption legislation regularly pushed "to protect children from potential abusers" / "to protect citizens against terrorists", are all actions that point to one single, simple truth: governments think that it's their right to spy into everyone's lives, and will keep fighting for that right, and they'll keep trying to make you believe that it's for your own good.
The EU Chat Control may have been temporarily withdrawn, but it's far from dead. It'll go through another round of consensus-seeking negotiations. And in July Hungary will start its 6 months turn at the head of the EU Commission. Orban is a deeply illiberal and despicable human being who would love to snoop over political opponents, and he's already made it clear that he'll try to get the Chat Control draft approved whatever the cost.
It's our job as European citizens to keep protesting against this awful piece of legislation, to invite everyone to join the fight, and not to cast our vote for anyone who doesn't explicitly oppose widespread institutional surveillance.
Sign the petition here https://stopchatcontrol.eu/ and keep applying pressure on our elected representatives.
If a legislation like Chat Control were to be approved, I'll be more than happy to start publishing guides on how to use alternative methods to still get end-to-end encryption - the takeaway is that WhatsApp, Signal, Telegram etc. would no longer be safe, and you'll have to get back to emails signed with PGP keys generated by yourself.