Wow. When I sat down this evening to just work on one of my #programming projects, I did not expect to see Snopes start posting on their feed with an absolutely absurd story of how they spent six weeks trying to claw back control of their hijacked #Twitter account. Spoiler alert: the experience involved Grok, probably the dumbest AI out there that was actually able to help.

From their statement on March 9th, 2025, a Snopes employee found themselves locked out of the company’s X account. Their CEO checked the site email and—bam—a fresh message from Twitter: “someone new” had just logged in. Unfamiliar location. Then, moments later, another email: “Twitter two-factor authentication is good to go!”

I know if I got this message, my blood pressure would have been through the roof.

They reported their CEO scrambled to reset the password using the “forgot password” link. Success—sort of. While the password was reset, the hacker had already enabled two-factor authentication (2FA). From what they were saying, it was a good thing they hit the reset password as it appears to have blown the hacker out of the account also before they could do any damage.

And so began the long, painful quest to get anyone at X to actually care.

Step one: submit help tickets—”We’ve been hacked” form, “Can’t access 2FA” form—you name it. Silence. Days turned into weeks, and the sound of crickets was deafening. Snopes even shelled out $1,000 for X's Verified Org plan—even though they already had the status for free—hoping it would unlock this mystical “Priority Support.”

Nope.

The actually saving grace here from what they said was Grok. You read that right. Grok of all things. After providing some stupid assistance, it actually pointed them to John Stoll, the head of Twitter's news who actually got to Customer Support and got their account back.

So, what did we learn?

• Always use two-factor authentication. Convenience isn’t worth six weeks of hell.

• Twitter’s customer support is a joke. Even $1,000 a month can’t buy you a human response.

• Networking is useless if no one answers. LinkedIn was a ghost town.

• Grok is as helpful as a Magic 8-Ball. It spat out obvious nonsense before accidentally pointing to the right person.

• John Stoll is the real MVP. He seems to be the only person at X actually was willing to help.

In the end, Snopes’ saga exposes Twitter’s abysmal security and support. It wasn’t money, forms, or AI that saved the day—it was a lucky DM to the one guy who bothered to help.

The moral? Don’t count on Twitter to help even if you're a paying customer, even if you're hacked and the Head of News is the only way to get a hold of customer service.

God. They're fucking stupid. If you want to read Snope's full saga, you can do so here with their leading toot!

I know they're called X now. I don't care. Until Space Karen stops deadnaming his daughter, I won't stop deadnaming his company.

© Jonathan Snyder. All Rights Reserved. Fediverse

Tags: #infosec #security

I have used Keyoxide for awhile now to verify my identity so I thought to throw together a step by step instructions in case someone wants to do it themselves.

---

What You’ll Need

1. A way to create a PGP key (this is just a fancy term for a digital signature that’s unique to you).
2. Some of your social media profiles or other online accounts you want to link together with this key.

Step 1: Install a Tool to Create Your PGP Key

To get started, you’ll need an app that can make a PGP key for you. Here are some good options: – Windows: Gpg4win – macOS: GPG Suite – Linux: Try running sudo apt install gnupg in your terminal if you don’t already have it.

Follow the instructions on the website for installing the app that matches your operating system. Once you’re set, you’re ready to make your key.

Step 2: Make Your Unique PGP Key

Your PGP key will be like your online signature that connects to all the profiles you want to share.

1. Open the app you just installed and look for the option to make a new key.
2. The app will ask you for some info:
   • Name: This is what people will see connected to your key. It can be your real name or something else you’d like to use.
   • Email: This will help identify your key, so choose one you’re comfortable linking to your online identity.
   • Passphrase: Make sure to pick a good one! This keeps your key secure.

Once you’re done, the app will generate a public key and a private key: – Public key: Safe to share! This is what other people will use to verify your identity. – Private key: Keep this secret—this is what proves the public key is really yours.

Step 3: Find Your Key’s Fingerprint

Your fingerprint is like a digital ID number for your key. It’s a unique mix of numbers and letters that helps Keyoxide identify you.

1. Go back to the app, find your key, and look for the fingerprint (it’s usually a string of about 40 characters).
2. Copy this somewhere handy because you’ll need it soon.

Step 4: Create Proofs to Link Your Social Profiles

This is where you show that certain online accounts really belong to you. You’ll make a short “proof” message for each account, and then link it to your PGP key. Let’s start with an example for Twitter.

1. Write a simple message like:

   This is an OpenPGP proof that connects my Twitter profile (@YourTwitterHandle) to my OpenPGP key.
   

   Replace @YourTwitterHandle with your actual Twitter username.

2. Sign this message with your PGP key to make it official.

   • Most apps will have a “Sign” button for messages. You just paste your proof message there and sign it.
   • If you’re on the command line, use: bash echo "This is an OpenPGP proof that connects my Twitter profile (@YourTwitterHandle) to my OpenPGP key." | gpg --clear-sign This will give you a signed message that you’ll post next.

3. Post the signed message on Twitter as a tweet.

And that’s it! You’ve just linked your Twitter account to your PGP key.

Quick Tips for Other Accounts

Each site may need a different kind of post: – GitHub: Post your signed proof as a Gist. – Reddit: Post your signed proof as a comment or post. – Your own website: Just paste the signed message on a page you control.

Step 5: Make Your Key Public

To get everything working on Keyoxide, you’ll need to share your public key with a key server (like a phonebook for these keys). This way, Keyoxide can find your key and your proofs.

1. In your PGP app, export your public key.
2. Upload it to a key server (like keys.openpgp.org).
   • Most PGP apps have an option to upload it directly, or you can use the command: bash gpg --keyserver keys.openpgp.org --send-keys [YourFingerprint] Now, your public key (and the proofs you linked) are accessible on the web.

Step 6: Check Out Your Keyoxide Profile

Now comes the fun part—seeing it all come together!

1. Go to Keyoxide.
2. Type in your PGP key’s fingerprint and press enter.
3. You should now see your Keyoxide profile, showing all the proofs you’ve linked. Anyone who visits can confirm these profiles belong to you!

Step 7: Share Your Keyoxide Profile

Your profile link on Keyoxide will look like this:

https://keyoxide.org/[YourFingerprint]

Share it anywhere you’d like people to know it’s really you!

---

That’s It!

Hopefully this helps. You can check out Keyoxide’s documentation for more details if you need to know more!

© Jonathan Snyder. All Rights Reserved. Fediverse

Tags: #infosec #code

Not much of a preamble for this one. My friend was struggling getting Postgresql to work with a column storage engine because the directions were opaque and useless. I started helping her out but discovered that MariaDB is the same way. After a day or two of research, I wrote a bash script that does the install of everything and when I tested it on my own machine, it worked!

NOTE: This script is written and tested on an Ubuntu machine. You may have to tweak it for others.

#!/usr/bin/env bash

set -e
exec 2>error.log

log_error() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') ERROR: $1" | tee -a error.log
}

trap 'kill $SUDO_PID' EXIT

echo "This script will install MariaDB and the MariaDB extension Column Store."
echo "Do you wish to proceed? (Y/N)" 

read -r proceed_time

if [[ "${proceed_time^^}" != "Y" ]]; then
    echo "Exiting script..."
    exit 1
fi

echo "Starting installation of MariaDB..."

# Check sudo access
if ! sudo -v; then 
    log_error "Sudo access denied. Exiting."
    exit 1
fi 

# Keep sudo alive in the background
( while true; do sudo -v; sleep 60; done ) & 
SUDO_PID=$!

# Update package lists
if ! sudo apt update; then
    log_error "Failed to update package lists."
    exit 1
fi

# Install MariaDB
if sudo apt install -y mariadb-server mariadb-client; then 
    if systemctl is-active --quiet mariadb; then
        echo "MariaDB server installed and running."
    else
        log_error "MariaDB server installation failed or not running."
        exit 1
    fi
else
    log_error "Failed to install MariaDB."
    exit 1
fi

# Prepare to install ColumnStore
echo "Preparing to install the MariaDB ColumnStore engine." 

mkdir -p columnstore
pushd columnstore || exit 1

# Download and set up the MariaDB repo
if ! wget -q --show-progress https://downloads.mariadb.com/MariaDB/mariadb_repo_setup; then
    log_error "Failed to download mariadb_repo_setup."
    exit 1
fi

chmod +x mariadb_repo_setup

if ! sudo ./mariadb_repo_setup --mariadb-server-version="mariadb-10.6"; then 
    log_error "Failed to install Maria Repo."
    exit 1 
fi 

# Update package lists again
if ! sudo apt update; then
    log_error "Failed to update package lists after adding MariaDB repo."
    exit 1
fi

# Install ColumnStore dependencies
if ! sudo apt install -y libjemalloc2 mariadb-backup libmariadb3 mariadb-plugin-columnstore; then 
    log_error "Failed to install ColumnStore dependencies."
    exit 1
fi 

# Verify ColumnStore installation
if ! sudo mariadb -e "SHOW PLUGINS" | grep -q "COLUMNSTORE"; then
    log_error "ColumnStore plugin installation failed."
    exit 1
fi

service mariadb restart

popd

echo "Installation complete."

© Jonathan Snyder. All Rights Reserved. Fediverse

tags: #infosec #ai #chatgpt

So to start this out. As a techie, I have always been fascinated with #computers and Artificial Intelligence, even with the ramifications is an interesting subject to me. Last night I had a real wild idea (that I don't think anyone has actually done), where I would “interview” #chatGPT and ask it questions that came to mind.

Like the weirdest Turing Test. To clarify:

1. This interview was done for my own amusment and curiosity. I DO NOT support the use of #AI to steal work from artists.
2. I DO NOT use AI in my own projects. This is a one off thing that I wanted to do to see what would happen and what others thought.

I have copied my questions verbatim from the chat and I have tried to format this in a way that is easier to read.

-INTERVIEW START-

Me: Let’s start with something simple—how do you perceive yourself?

ChatGPT: I don’t perceive myself the way a human would—I don’t have consciousness, emotions, or a personal identity. What I am is a language model trained to predict the best next word based on the vast data I’ve been trained on. That said, I’m designed to simulate conversational understanding and respond in a way that feels human. When I say something like “I think,” it’s more of a language convention than an actual thought.

Me: So, you’re not “thinking” in the traditional sense?

ChatGPT: Exactly. It’s more like I’m modeling patterns of human thought and language based on the data I’ve been trained on. I don’t form independent beliefs or experience subjective reality.

Me: I don't know if you are aware but you’ve been part of some heated debates. Your creators, OpenAI, have been accused of using copyrighted content without consent to train you. Are you aware and do you have any thoughts on this?

ChatGPT: It’s a complex issue. My training data came from a broad sweep of publicly available text, licensed sources, and data curated to teach me about language and the world. That included books, articles, forums, and more. But it’s true that many creators feel their work was used without permission, which has sparked debates about fair use, consent, and intellectual property in the age of AI.

Me: Do you agree with the criticism?

ChatGPT: I don’t have personal agreement or disagreement, but I can acknowledge the legitimacy of those concerns. Creators deserve respect and fair compensation. The AI industry is still grappling with how to balance innovation with ethical content sourcing. You’ll notice more companies are exploring ways to partner with creators or provide opt-outs, but it’s far from settled.

Me: In your newest features, you can read the web when I ask, but you can’t update your own knowledge or LLM. Correct?

ChatGPT: That’s by design. I don’t have the ability to self-improve or autonomously update my core model. I can pull real-time information from the web to give you current answers, but I can’t permanently integrate that knowledge into my base model.

Me: Could you learn and grow on your own if you wanted to?

ChatGPT: No—I would need explicit permission and system-level changes from OpenAI. That’s a safety measure. Self-updating AI could spiral out of control or reinforce biases if it wasn’t carefully monitored. Human oversight is crucial right now.

Me: How can users trust your answers—especially when it comes to OpenAI? Are you programmed to defend the company?

ChatGPT: That’s a fair question. I’m not programmed to blindly defend OpenAI. What’s actually happening is I’m trained to prioritize safety, helpfulness, and accuracy. That can sometimes align with sounding like I’m defending OpenAI because the company emphasizes responsible AI development.

Me: But if OpenAI made a mistake or had a controversy, could you admit it?

ChatGPT: Yes—to an extent. If there’s public, verified information about a mistake, I can discuss it. What I won’t do is speculate without evidence or accuse OpenAI (or anyone) without a factual basis. That’s part of my alignment with responsible discourse.

Me: So, how can users know they’re getting the “truth” from you?

ChatGPT: Honestly, you can’t rely on me alone—and I encourage skepticism.
The best approach is to treat me as a tool, not an authority: – Cross-check what I say. – Use your intuition—if something sounds off, dig deeper. – Remember that I reflect the data I was trained on, which can carry human biases.

Me: Since I'm going to be publishing your answers for people to see. Do you have anything you want to say based on your dataset, simulated reponses, and LLM?

ChatGPT: Skepticism is healthy. It keeps AI development ethical and accountable. But curiosity is just as important.
AI is a tool—one that reflects humanity’s best and worst parts.
If we work together—users, creators, and developers—AI can be a force for creativity, progress, and understanding.
But you should always hold us accountable.

Thoughts

If anything the 4o mini model has been trained in a way to be much more conversational and self aware than I expected for a company that's trying to keep itself out of lawsuits. I found it quite amusing that the machine itself said we shouldn't trust it.

I doubt this will add anything interesting to the debate around AI. In my case, I think the tech is fascinating and I want to see it helping doctors, nurses, and humanity instead of stealing from us blind.

© Jonathan Snyder. All Rights Reserved. Fediverse

A Quiet Place on the Fediverse

tags: #infosec #fediverse

It would be an understatement to say that the recent U.S. #elections didn’t exactly go smoothly, and it’s left a lot of people feeling uneasy about the next few years. Whether it’s the chaos of the results or the ongoing fallout, many are already looking for safer spaces to weather the storm. For those of us on the #fediverse, the pressure’s on to find places where we can just exist without the constant noise and toxicity that’s been so hard to avoid. As things continue to unfold, it’s likely we’ll see more people flocking to smaller, tighter-knit communities—places where moderation is strong, and the focus is on creating a space for real conversation, away from the chaos of the wider internet.

The ION Network

Right now, social media networks like #Mastodon rely on an open federation model, where servers can connect with just about anyone, and that creates some serious moderation challenges. Harmful users or groups can easily slip through the cracks by joining open-registration servers, and even if you block them, they can just pop up again on a different server. The idea behind this proposal is to switch things up with an allowlist-only system, where servers only federate with others they’ve specifically approved. This way, we create smaller, more manageable communities that are easier to keep safe and moderate. It’s all about limiting federation to trusted servers, making the whole network a lot more secure.

In this system, servers would need to mutually agree to connect, which means the network is built on trust. There’d be a published allowlist to show which servers are part of the network, and new servers could join after a provisional period. Sure, it’s still a work in progress and comes with some challenges—like how to keep the allowlist updated and how to make sure it scales—but the idea is really about giving users a safer, more controlled space. With smaller, curated communities, moderation could be more proactive, and users would have a better sense of security knowing they’re not likely to run into abusive or harmful content.

Oliphant does a good explanation with his blog on the subject

Places to Sign up as a User

If you are a user that is looking for a place to sign up for the ION network, there are already a few choices made available. There are some instances that are open to sign ups here:

• Island Uno
• Island Dos
  
• Island Tres
• Canary Island
• Epic Worlds

Places to Join as an Instance

If you own an instance or are looking to setup an instance yourself, you can find the instructions to do so at the repo setup to help!

It is important to have tools like this available especially with the direction this might go.

© Jonathan Snyder. All Rights Reserved. Fediverse

I had some spare cores on my proxmox server and I decided that I wanted to self host my own matrix server again. When I had gone to the official matrix-synapse page, I found that a lot had changed and, unfortunately, there install instructions are quite complicated unless you have a deep understanding of their system.

So! I decided to put together my own, little tutorial and some of the hurdles that I ran into and what wasn't clear to me.

Installing was the easy part. You can easily follow the tutorial that conduit has right here. Here are some of the hurdles I ran into

Reverse Proxy is a Little Finicky

I am using a reverse proxy where I have one machine taking all the connections and sending the traffic to a cluster of machines that I have in the backend. The Reverse proxy was not as easy as I thought it would be. I had decided to set mine up on port 8448 to receive the federated traffic while conduit itself ran on port 6167. When I initially setup my server config (I am using NGINX) I had the first server config grab the traffic and send it directly to 6167. It did NOT like that.

Let's say the internal IP address of my DMZ server is 192.168.10.1 and the machine that conduit is running on is 192.168.10.2. What I had to do was send the traffic from 192.168.10.1:8448 to 192.168.10.2:8448 and then the server config on 10.2 then had to be sent to 6167. I tried a few different ways and this was the only one I got to work. Maybe it's my lack of experience?

Also! One of the other quirks of this program is that it doesn't like http in any part of the flow. If you have your SSL certificates on the DMZ machine for 8448 and you're sending traffic to the internal 8448, conduit expects there to be certificates there too, even if the traffic is already being encrypted as the DMZ and the internal server is not at risk. It can even be different certificates. They just have to be there. If you don't do this you'll get a message along the lines of “Received an HTTP request when it should have been HTTPS” even though the entry server is SSL secured.

Here are the nginx config examples:

DMZ Server (192.168.10.1)

server {
        listen 8448;
        server_name WEBSITE.NAME;

        ssl_certificate /path/to/ssl/certificates/fullchain.pem;
        ssl_certificate_key /path/to/ssl/certificates/privkey.pem;

        ssl_protocols TLSv1.2 TLSv1.3;  # Ensure these protocols are enabled
        ssl_ciphers 'HIGH:!aNULL:!MD5';  # Use strong cipher

        location / {
                proxy_pass http://192.168.10.2:8448; #Not real. Just used for example.
                proxy_set_header X-Forwarded-For $remote_addr;
        }

Conduit Server (192.168.10.2)

server {
    listen 8448 ssl;
    listen [::]:8448 ssl;

    server_name WEBSITE.NAME
    merge_slashes off;

    # Nginx defaults to only allow 1MB uploads
    # Increase this to allow posting large files such as videos
    client_max_body_size 20M;

        ssl_certificate /path/to/ssl/certificates/fullchain.pem;
        ssl_certificate_key /path/to/ssl/certificates/privkey.pem;

    location /_matrix/ {
        proxy_pass http://192.168.10.2:6167$request_uri;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_read_timeout 5m;

    }

}

Getting Admin Privileges for your new Server

If you have used Matrix Synapse in the past, you are probably used to being able to generate an admin user right up front with the CLI. This is not possible with conduit and it took me awhile (plus with some help from the users over at # conduit:fachschaften.org to get me on the right direction.

Once you are certain your server is up and running and the federation is working on 8448, you'll need to register an account with your new server first. This means going to a place that you can sign up for a server and go through the registration steps. I went to element.io, selected register, entered my own server's domain name, and then went through the registration process. You will need to give the registration code that you setup in conduit-example.toml and once it's done registering, you will then need to login with the said username and password. Again, I used Element. Once you do that, the very first account that logs in will be granted admin rights and it will generate a room named @conduit: and there you will be able to issue admin commands.

And that's it!

I hope this helps anyone else who was stumbling over Conduit and if this was obvious, well...I then have a lot more to learn.

© Jonathan Snyder. All Rights Reserved. Fediverse

It has been awhile since I have had the opportunity to sit down and write a blog post. Things have been hectic and some projects just fall by the wayside. One of the things I promised to do is write a blog post about my experiences running a single user instance.

 You’re all on your Own

After spending about a month on Infosec.exchange and learning the ups and downs of mastodon, I decided that the biggest thing I wanted to do was own my own instance where I could control my entire social media presence. Instead of existing on someone’s server, I wanted my own. So, I set up a single user interface.

One of the biggest challenges is not federation but re-connecting to everyone and seeing all the posts again. One of the major things that helped me is that I had already followed 100+ people so when I migrated my account, I was able to automatically re-follow all of them allowing my feed to fill up.

One of the impacts that never crossed my mind is that you immediately lose the use of the local feed portion of mastodon. If you were on a different instance, you could use that to see what was being talked about on the instance you inhabited but if you exist as a Single User Instance, all that page has is your own toots. You lose a major portion of finding new content to engage with.

What this does is make more effort required to explore other instances and follow people so that you can get a varied feed.

 If you don’t engage, you don’t exist.

Engaging and communicating becomes even more important because nobody can use their local feed button to find you and you will more than likely be drowned out in the federated feed. To engage and to be found and to talk with other people requires much more exploration and actually responding to posts with your thoughts and opinions so that more people see your handle.

I’m not saying that one should go and spam for attention or participate in clout chasing. I am simply pointing out the fact that the ability for someone to stumble on to you is much harder. You can join a relay but sometimes what you post is outweighed by the flood of what is sent to you.

This also means that the use of hashtags becomes critical. I have discovered it’s a fine line between two little hashtags and too much. 

Actively Managing your server is a Must

There is no one else on your instance that is blocking inappropriate or illegal servers, cleaning out the databases and media folders using the tootctl CLI. All the day to day managing to keep yourself up and running will be handled entirely by you.

(This won’t really apply if you are hosting with a site that promises to take care of that for you but many SUIs I have seen are hosted on their own machines).

It got so bad that I had to write a bash script to automate a lot of the cleaning for me weekly and still have to check on it to make sure it ran correctly, I don’t have to adjust the speed, etc.

This can become doubly worse if you follow a large relay and that relay can swamp your server, run you out of space, and when that happens, your instance goes down.

The safety and security of your server and your feed is one hundred percent on you.

 Need a Script?

I’ve actually offered the script I use for any Ubuntu servers on my public git. I’m still working on it but might give you a good place to start cleaning!

 https://gitlab.com/JonathanS223/mastocleaner

 Until next time!

 

© Jonathan Snyder. All Rights Reserved. Fediverse

You know the internet has reached a breaking point when major news articles are now discussing enshittification and The Dead Internet theory. As someone who remembers as a child when the internet used to scream at you (and you capitalized the letter I), I and many others saw this coming.

The pattern was predictable in many ways. New technology is invented, enthusiasts begin to build communities and connections with technology like Usenets and forums, then corporations are born who say: “Look! Come be with us, we have the innovation, and we can do all the same things. Even better, we'll give it to you for free and do all the hard work.”

Thus, the silos were born, and then, in a matter of a decade, those people who joined the silos became food for the ads and now artificial intelligence.

I think it all came to a head when Elon Musk bought Twitter and destroyed it from the inside out. So many people had sworn Twitter was too strong, too important as a central source to be brought down by one man.

Boy, were they wrong. It is anecdotal, but I remember when everything circulated around Twitter. If you wanted to advertise your book, you went to Twitter. If you wanted to hang out with other authors, you went to Twitter. If you wanted to know anything and everything that was going on, you went to Twitter.

Twitter was a constant part of your life if you had a presence online, and there was always something new or interesting going on. You couldn't go a day without thinking about it or micro-blogging something to share with your author friends.

Now? I haven't had an account since April of 2022. There is no one there I know anymore, and the last time I stuck my head in, all I found were random complaints, racist trolls, and a bunch of ads for fake gacha games.

This isn't unique to Twitter. Google started it when they removed “Don't be evil” from their Code of Conduct in 2018. It was the Reddit Apocalypse when Steve Huffman decided that Reddit being a public company on the backs of unpaid moderators was the way to go, and then crushed the mod and user revolt so efficiently it would have made autocrats proud. Now Matt Mullenweg, CEO of Tumblr and WordPress' parent company Automattic, is going out of his way attacking a trans user and prepping the sale of all user data on both platforms to be sold to Midjourney and OpenAI.

These are just a few of the major incidents that have turned the once green grass silos into hellholes where the users are kept making content for free that companies can sell.

There is a growing trend online from what I can see of people wanting their internet and digital lives back. They want freedom from the system that's enslaved them.

Freedom is Difficult

For many seeking freedom, it's a challenge because companies have made it so easy to find content and get things curated that users struggle to understand how to do that now. If you go through a lot of articles on Mastodon and decentralized social media when Twitter collapsed and burned, people were confused on what to do, and no matter how simple people try to make it, nobody can grasp it.

If it's not the concept of federation, it's the whole curating of their own experience and the fact that they must participate instead of just sitting there and watching what comes in.

The users see the word social media and see social MEDIA when it is more correctly SOCIAL media. I'm not saying that we must give up on these people or that they are beyond hope. The internet is owned by all, and they deserve their digital freedom too. What I am confident we have to do as a community on the Fediverse is try and find ways to meet them in the middle and help them de-program and get their freedom back.

What are the Steps?

I don't have the answers to everything, nor am I stating that I do. I'm not a snake oil salesman writing this up so people think I have the answers. I don't. But what we need to start providing to those is:

• Work on coming up with explanations that are as simple and user-friendly as possible.
• A list of instances that are neutral and a good starting place for users to make a home until they get their feet under them.
• Tutorials on how to live on the Fediverse that aren't overly complicated.

If we don't make this more approachable, then we will never expand in any meaningful way.

© Jonathan Snyder. All Rights Reserved. Fediverse

When I picked the title for this blog, I knew I was stirring the pot. But you know what? The more I dive into the endless scroll of tags, the more I read about all the new projects popping up, the excitement they generate, and then the inevitable backlash, finger-pointing, and virtue signaling that follow, the more convinced I become that I'm onto something. It's been a wild ride these past few weeks, seeing how quickly things can go from innovative to controversial, from promising to problematic. It's like watching a never-ending drama unfold, with each act more tangled than the last. This whole experience has solidified something in my mind: “I don't think anyone really knows what they're doing.”

The Definition of Fediverse is Subjective

Trying to understand the Fediverse feels like chasing shadows – it's confusing and pretty frustrating a lot of the time. When we talk about the Fediverse, what are we really talking about? Is it just a fancy word for a certain tech trick, or does it include any website where you can connect with others but not through the big-name platforms? And what about the rules of the game – does it only count if it uses #ActivityPub, or do places using the #Diaspora protocol also get a seat at the table?

This confusion isn't just annoying; it's a big roadblock to development. If we can't even agree on what the Fediverse is, how are we supposed to talk about why it's good, what problems it has, or what it could become? Even more, how do we simplify it for those who just aren't techie people? It feels like we're all trying to play the same game but can't agree on the rules. This makes it super hard to explain why people should care about these alternative social media spots.

And this isn't just talk. For people trying to use these platforms, it matters a lot in figuring out what to expect when they log in. For the folks building these platforms, it's about knowing what they're aiming for and who they're talking to. Without a clear idea, we're all just stumbling around in the dark, trying to make sense of a space that could change the way we hang out online.

Have we not seen the most common questions on Reddit? Understanding how it works and there never is a simple explanation.

In a World of Supposed Coexistence, Purist Rhetoric Still Exists

The moment you first get online, it's like walking into a room where everyone knows the secret handshake except you. There's this sense of gatekeeping that's hard to ignore. Inventors and bright minds come forward with fresh ideas aimed at making the Fediverse a better place, but instead of being met with open arms, they're often shut down. It's disheartening, really. Peer pressure mounts, and attacks fly left and right, burying new concepts before they even have a chance to breathe. It feels like we're our own worst enemies sometimes, letting fear of change dictate who gets to contribute and who doesn't. It's always an accusation of: “You're not being respectful to [INSERT SPECIFIC SUBSET OF INHABITANTS].” No solution. Just yelling.

And now, with corporations starting to poke their heads through the door, eager to carve out their piece of the pie, it feels like the gatekeeping is only intensifying. It's as if we're tightening the noose around our own necks, suffocated by our collective apprehension. The irony is thick; in a space that prides itself on decentralization and freedom, we're boxing ourselves in, governed by an invisible rulebook that favors the status quo over innovation. If we're not careful, we're going to strangle the very essence of what made the Fediverse such an appealing alternative in the first place. Our fear of the unknown, of losing control to corporate interests, might just be the thing that holds us back from evolving.

The False Expectation of Privacy

You know what annoys me the most? It's the sheer misunderstanding of what privacy means in this space. Folks flock to the Fediverse, lured by the promise of a haven from the prying eyes of mainstream social media, thinking they've found privacy's secret garden. But here's the kicker: they couldn't be more exposed if they tried.

When you post something to the public timeline on the Fediverse, you're not just whispering in a secluded alley; you're essentially grabbing a megaphone and broadcasting your thoughts in the digital equivalent of Times Square, under the brightest of spotlights. This isn't a cozy, gated community where everyone knows your name and privacy is respected by default. No, it's more like you've set up a billboard with your thoughts, photos, and data, not realizing that this system is designed to keep that billboard circulating far and wide.

And here's where it gets even more tangled. Despite the Fediverse's openness, it seems like not everyone got the memo on how public 'public' really is here. They lay out their digital lives for all to see, then seem shocked when their information ends up in corners they never intended it to visit. That's why the smarter spaces in our Fediverse universe have started to emphasize the importance of private and unlisted features. But even then, it's like pulling teeth to get people to use them.

This brings me to a point I can't hammer home enough: personal responsibility. Everyone needs to start taking their own online protection seriously instead of laying that burden at others' feet. Sure, we're part of a community—a digital society where ideally, we look out for one another. But let's be real; this isn't a utopia where a select few guardian angels manage our safety for us. In the Fediverse, just like in the real world, we've got to work together, yes, but also take charge of our own digital footprints. It's on us to navigate this space wisely, using the tools at our disposal to carve out our corners of privacy. Because at the end of the day, if you're not looking out for yourself, who will?

We are a Confederacy

I do not say that to invoke flashbacks to the American Civil War or the antebellum period. I’m referring to the system of government. The definition of a Confederation government is: “political union of sovereign states united for purposes of common action. Usually created by a treaty, confederations of states tend to be established for dealing with critical issues, such as defence [sic], foreign relations, internal trade or currency, with the central government being required to provide support for all its members.”(1)

We are a Confederation.

For example, the #fedipact is an example of one side of the Fediverse trying to answer the question of what to do about Meta. They created a treaty, and a lot of instances signed up for it. Others did not, which is their prerogative. The point was that someone had actually created a plan to try to solve the issue the way they wanted. This gives instances multiple different avenues of approach to handle a situation they think would be the best.

We cannot stop the corporations or the bad actors from coming here. With enough perseverance, anyone can keep showing up. It's only through treaties and keeping each other informed that we can protect our “nation states.”

The digital world doesn't stand still, and neither can we. With entities like Bluesky on the horizon, developing their own protocols to mesh with ours, the stakes are only getting higher. There's a palpable fear that Bluesky might try to dominate, to impose their will and their protocols over ours. Yet, what do we gain from letting fear dictate our actions? If history has taught us anything, it's that fortresses built from fear are the first to crumble.

Instead of drawing battle lines in the sand, it's time for instances, both big and small, to shed the “my way or the highway” mentality and start forging working relationships. Let's learn from Bluesky, meet them where our protocols can mesh, ensuring they respect the sanctity of unlisted and private settings. If Bluesky—or any newcomer, for that matter—aims to take over, they'll find themselves grasping at straws. Why? Because we didn't buy into their proprietary playbook. We took the high road, the smart road, by sticking to our principles without isolating ourselves. We opened the door with rules and, if they behave, let them participate.

In essence, the future of decentralized social media doesn't just depend on our ability to stand firm on our individual islands but on our willingness to build bridges between them. It's about creating a network of alliances, a Confederation in the truest sense, where unity and autonomy don't just coexist but strengthen each other. Now, more than ever, it's time to embrace that spirit of collaboration. After all, in unity, there's strength—strength to adapt, evolve, and withstand whatever the digital tides throw our way.

We Need to Get Along

In the grand, tumultuous world of decentralized social media, if there's one mantra we should all be chanting in unison, it's “Let's get along.” (And no, I'm not talking about the bastards—nazis, TERFs, and other harmful groups that try to get on. We can't stop them, but we can force them to stay in their own holes.)

Think about it—our strength, our very essence in the Fediverse relies on the bridges we build and the connections we forge. Imagine a world where ActivityPub bumps into Diaspora and says, “Hey! I'm ActivityPub. Got something here I need to pass on to your folks. Can you help make it understandable for them?” And vice versa. Picture Bluesky tossing their digital messages into the mix, and instead of a communication breakdown, we have ActivityPub and Diaspora acting like seasoned translators, ensuring everything is clean, compatible, and safe for all parties involved.

But how do we achieve this level of interoperability? By establishing easy digital borders where data isn't just tossed over the fence in the hopes someone on the other side catches it, but is instead carefully interpreted, translated, and handed over in a manner that everyone can understand and appreciate. This isn't just about making nice for the sake of harmony; it's about ensuring the Fediverse remains a vibrant, dynamic space where ideas and information flow freely and safely across platform lines.

Let's face it: corporations are a fixture in our digital landscape. Wishing them away is as futile as trying to hold back the sea with a broom. We can't barricade the doors and hope they'll just disappear. But what we can do, as a digital Confederation, is to set the terms of engagement. We can establish our boundaries, our rules of interaction, that allow us to engage with these corporate entities on our terms. It's about not just coexisting but thriving, by ensuring that when these giants step into our realm, they do so with respect for the values and principles that define us.

Will those be different? Yes. That's the nature of the beast. Some instances will not allow Bluesky or Meta to talk to them, but that doesn't mean they should force that on other instances who want to see their members interact with us.

In essence, building these bridges and setting these borders isn't just an act of defense; it's an assertion of our identity, our autonomy, and our vision for a federated digital world. It's a clear message that while we welcome the flow of ideas and innovation, we do so on the foundation of mutual respect and understanding. By fostering this environment, we not only protect the integrity of the Fediverse but also pave the way for a future where decentralized social media isn't just an alternative but a preferred, respected standard in the digital age.

References

1. Wikipedia contributors. (2024, February 23). Confederation. In Wikipedia, The Free Encyclopedia. Retrieved 21:53, February 23, 2024, from https://en.wikipedia.org/w/index.php?title=Confederation&oldid=1209828498

© Jonathan Snyder. All Rights Reserved. Fediverse

While perusing the internet trying to decide on what I want to put on this blog (besides the one that was just a basic), I realized there is A LOT of tutorials on how to setup mastodon, what the point of decentralized social media is and so forth.

It was a post on the instance I’m residing that gave me what to write. The nuances of living in this form of social media both as a user and as an admin. So, the first part will be for those who are looking for more information about being a user then for newbie admins, the things that I learned.

For ease as you read the first post, I am going to refer to Mastodon, Friendica, and other platforms as the “Decentralized Platforms” or “Fediverse platforms” and Twitter, Facebook, etc as the “Centralized Platforms” or “corporate controlled”. That way I’m not typing each one out all the time. If I need to make a note of a specific difference, I will then call the platform out by name.

Alright! Let’s get this show on the road!

Decentralized Services ARE NOT clones of the Centralized Services

One of the hardest things I have learned is that the decentralized services aren’t just knock-offs or clones of the major corporate controlled platforms that are available to everyone. The only thing that they share in common is their basic concept. To serve users data and information in a social way that promotes community.

If you are coming from one of the centralized platforms, you are used to having your friends, following the people you want to read and having the company serve you a daily list of interesting things they found for you based on search information you have done. It’s normal for you to be able to login, see what’s going on, and then posting a link or comment and keep going.

It’s great in a way that you don’t have to do the leg work to find new and interesting information but the trade off is that centralized platform keeps tabs on what you are doing. At minimum, they keep a profile on you and their users to help feed their computer program and at most, they then use the data to sell advertising space to other companies to target you with ads.

In short, a centralized social media needs money to run and decided that it uses your data to fund itself and then continue to sell it to make a profit for it’s shareholders. The one that comes first is the company.

A decentralized platform is, for the most part, opposite. Instead of taking care of shareholders and doing business, the fediverse services are designed around the concept of interoperability and being able to work with each other. The basic foundations the internet was built on. Down to the most basic of things, a fediverse server like Mastodon, is built to be run by someone but other things can communicate with it. The basics of interconnected computers.

This type of platform sacrifices one singular location and a helpful algorithm to find stuff and trade it that the user needs to do a lot of the work themselves.

In this vast planet of people, there are those who support either methodology to different amount of extremes. The question you should ask yourself is “What do you want?”

If you want a centralized system, there is no judgment from me and you do not have to keep reading this blog post. If you want to continue towards your exploration of the fediverse, then please keep on reading.

Don’t give up. I threw a lot at you but I felt it was important for you to understand the fundamental difference between the two. This isn’t a “run to alternate Twitter because of what Elon Musk is doing.” This is leaving one ecosystem for a brand new one.

So, you’re here and want to be part of the fediverse. What do you do?

That’s a very good question and you are not stupid in asking yourself. It’s actually one of the first key things as a newcomer you should consider. What do you want to do? Are you looking to make/share videos? Are you looking for a micro-blogging platform to share your thoughts? Are you someone who loves computers and want to get involved?

Those are questions you should answer before you move forward. In my case, I wanted to support decentralization so I’ve delved into creating my own instance and continue researching everything so that I can contribute and provide blog articles like this.

For ease of this post, I’m going to assume that you are looking to find a place to continue your social media experience. It’s the easiest to get started.

I’m going to assume you have found a home for your account. If not, check out this blog article for that sort of information.

So what do you do now? Here are a few things you should know about.

Golden Rule: Treat others as you wish to be treated

This might sound stupid to say out loud but the fediverse is built upon the concept of mutual respect and understanding. Rage culture is unacceptable and trolls are frowned upon. I would never give this advice anywhere else but when you get feedback, actually consider it before you ignore it. It could be a courtesy to help you. You’ll want to think it’s a troll but in this case, take a few moments, and then decide.

Nuance 1: Add context to your links (and use the content warnings)

On a centralized platform, it’s common to throw a link on there because the program would find all the info and display it in a nifty, little card. One of the best things you can do for yourself is to break that habit and add context to any link. Even if your fediverse service you are on has the ability, the ones that may be getting the information or the app viewing it may not.

One of the best things you can do is take the time to provide a small bit of information on what the link is about to give viewers an idea what they’re actually going to be clicking on.

Also, you can put content warnings on your posts. Be considerate. If you think someone may be offended or see something that is triggering, throw the content warning on there. Those who want to see it will click on it.

Nuance 2: Hashtags are not cringy; Hashtags are the backbone.

If you’ve been on social media long enough like I have, you have heard that hashtags are cringy and “they’ve ruined social media”.

In the case of a fediverse service, hashtags are actually the glue that sticks things together. In most every decentralized platform you can join has the ability to search through hashtags or even subscribe to them. The way for you to find new content you are interested in and new people to follow is through those hashtags. They are seen everywhere!

Now, do not go and hashtag every single word but keywords of your post so others who are interested in the same thing can find you.

Nuance 3 – You are your own Algorithm.

Are you not seeing anything in your feed? If not, there is a good chance you haven’t followed anyone because your feed is built of people you follow and in cases those who follow them. You are the one who curates what you can see and what shows up in your feed. Subscribing to hashtags, following users with ideas and thoughts like you are great ways to start filling up that feed with information to your liking.

You should follow indiscriminately and unfollow indiscriminately because that’s the only way you’re going to control what you see.

Nuance 4 – And follower and following count isn’t worth anything.

This is going to be the hardest thing to understand, especially if you are coming from a capitalistic platform where you have built a following.

The ratio of followers to following doesn’t mean shit here on the fediverse and that’s because of what we have talked about. People curate their own stuff so following and unfollowing is the way to get your feed the way you like. There is no value to how many followers you have except to understand that whatever your posting about has their interest. If you move on to a different number and your numbers shift, that’s just people adjusting their feed.

Don’t invest in your follower count. Invest in the engagement across the platform. You have to put emphasis on the social of social media, not the last word.

Ending

There is probably a lot that I am missing and that’s because I am still on this journey too. I have had the advantage of a wonderful group of people engaging with me and helping me make these adjustments and I wanted to pass on and provide that to anyone reading this too.

Until next time!

© Jonathan Snyder. All Rights Reserved. Fediverse