How does Fediverse work?

As Elon Musk took over Twitter, people are migrating to alternative social networks. One of them being Mastodon, it is a decentralized social network based on a protocol named ActivityPub. This protocol is what Fediverse is built upon.

But we don’t want to talk about the technical stuff behind the Fediverse. What we want to talk about is simply how Fediverse and/or Mastodon work. Mastodon is just a part of Fediverse, not all of it. Fediverse is a word built by mixing the two words of federation and universe.

The Fediverse is a network of connected different social platforms making it possible for users to communicate with each other. For example, they can follow each other or send posts to each other or simply share whatever they want without being forced to sign up on a single centralized social network, or a web site, app, whatsoever.

Mastodon, Pleroma, GNU Social, and Pixelfed are some of these different social networks all connected to each other using the protocol they are built upon. Each of those social networks have many instances or servers. So they are federated with each other and each of those federations are also federated to other federations.

If it’s too complicated for you, imagine earth. We have multiple countries, all having relationships with each other, and within every country, there are many cities which are also connected with each other. Now every city also can connect to another city whether it’s inside the country or outside.

Continue reading

The need for decentralized domain name system is much felt

It’s been a while since I have started thinking, or worrying, about my email security. And since few days ago my PGP key was compromised, I’ve been changing my passwords and emails on sites I’ve been on and I’ve been wondering if my email is secure and stable enough.

The thing about current email system is it’s easy to take control of it. Many email providers are resided inside the United States or where US government has jurisdiction over. Even if they don’t reside where US government has power, they probably use a domain name which is controlled by American companies.

We know that if the domain name ends in .com or .net, or many other TLDs, it’s seizable by the US government. It means my website can be seized by US government easily. They don’t even have to communicate with my domain provider, they can simply talk to Verisign (the technical company controlling.com domains) and seize the domain. Same goes for my email provider, Riseup, which has a .net domain.

The stability of the domain names is another problem. Imagine all maintainers, or at least those who control the domain name, get arrested over request for data of a user, and they remain in jail for enough time for the domain to get expired. Why would happen then? You can imagine.

I used to use my own domain for my email address. The thing that worried me, and made me change it, was that there’s a chance that I get arrested over my political activism and my domain will be left with no renewal and I eventually will lose it. Or my domain can be seized by cops and they can redirect my mails.

My domain is my identity online. If anything happens to it, I can lose my identity. Whatever I publish on my site is believed to be from me. What I say or publish is exactly like me myself standing somewhere in the city and shouting them to listening people. What happens if a oppressive regime takes control of my domain or site? They can say anything to anyone and pretend it’s me saying them.

People who read me supposedly trust me. One who takes over my domain can misuse their trust in my name.

It wasn’t a long ago since US government seized some Iranian-owned domains accusing them of spreading misinformation. This power over web, which is basically impossible to be on without having a domain, is dangerous.

A decentralized domain system, something like what we have with Tor Onion domain services is much needed. An onion address is generated by the site owner using Tor network. It is also only available on the Tor network, nowhere else. So you should configure your system to run Tor or use Tor Browser.

At the time, Riseup’s Tor address is vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion. See how it’s different from the normal Riseup.net we use? The domain extension of it is .onion, which is different from .com or .net, etc. It is automatically generated by the Tor Onion service running on the server Riseup is operating.

The benefit of Onion addresses is that it’s truly decentralized and no entity, not even those behind the Tor software and services, control it. It’s directly from the operators of the specific web site you’re visiting and since you can only visit the web site while you’re running Tor browser or are configured to run Tor network on your system, all data sent and received from that web site is encrypted and anonymous. Using it correctly will make you completely anonymous and tracker-free, the way the web should be.

Also, the decentralized domain system by Tor gives people opportunity to have chance of free speech online, what we’re missing for a long time. It is made possible by special privacy practices done by Tor developers, making it possible to have privacy and security online.

However, it will cost you to run a Tor network and not all server and hosting providers will let you run a Tor network on your space. Many will shut you down if they find out about it and others who don’t are very cautious about what can happen to them (who can blame them?), often easily giving your personal data to authorities when requested (or not?),

I admire the work done by Tor. I think they’ve planted a seed and developed what is the foundation of what we need as a decentralized domain name system. However, it is not enough. A decentralized domain name system should be accessible for everybody. We need something like what we currently have with normal TLDs, but decentralized.

People should be able to simply run their own domain without worrying about any inconsistencies. Without worrying about a provider banning their account for saying what the provider wasn’t pleased to hear. People should be able to have their own domain, and a safe space on web, without worrying about a government being able to seize it.

I don’t know how it can be developed or even what aspects it may have. I’m not sure about technical details of it, and I don’t know how it can affect the web we have today. All I know is that it’s so necessary for the sake of all of us.

Is freedom more important than safety?

Every freedom we surrender is a freedom our children will never know existed. History shows humans are willing to die to gain freedom. For thousands of years, as much as we know about myths and legends of wars, people were willing to fight to death to gain freedom and liberty. Either they liberated themselves from external forces or local dictators, people who fought were seen as heroes and those who surrendered were seen as cowards and unworthy.

Is freedom more important than safety? I believe it doesn’t even depend on what you call safety. I know dictators that will protect their citizens from anything, but no person feels safe. Living in fear of losing everything with a simple mistake is more unsafe situation than fear of losing your life to an army of invaders.

Today, we see Ukrainians fighting against Russian invaders. They are willing to die but not lose their liberty. People in Iran are protesting against violations of their liberty and personal and societal freedoms. Many are killed by the cops. There are thousands of marches and protests in United States every year against tyrannical laws and rules and I’ve seen people arrested, tear gassed, and getting shot for that.

For human beings, life without freedom is not worth living. Safety has become a keyword for tyrants to violate our liberties. By safety, the dictator means “keep being alive” and that’s wrong. Safety has a lot of meanings and is multi-dimensional.

Economical safety, emotional safety, health and environmental safety, humanitarian and freedom safety, and protection against anything that can take these away are kinds of safety a human being needs, and without any of them, you’re not safe.

A right is a right when you have it, if anything can take it away, it’s just a privilege and an illusion. Safety is a keyword for that illusion to make you emotionally prepared to lose your rights. And when you lose any of your rights, any, you’re no longer free.

I am a fan of free software. A software is free when it gives the user the four essential freedoms. The four freedoms are 1) freedom to run the program as you wish, for any purpose; 2) freedom to study how the program works, and change it so it does your computing as you wish; 3) freedom to redistribute copies so you can help others; and 4) freedom to distribute copies of your modified versions to others.

A program is free when it gives you all these freedoms. Even if you lose one of these freedoms, the program is considered proprietary. A proprietary software violates users’ rights. It gives privileges to some people but violates others. That’s wrong.

Now I know many (if not most) free programs are gratis (meaning free of cost) but sometimes having these freedoms costs you money. Sometimes it costs you effort and work, and sometimes it costs you giving up something else, such as comfort of using a nice interface or smooth progress of work on a proprietary program. I am willing to give up that comfort and pay money to have my essential four freedoms. I know a community of very nice and hard-working people who think the same as me on this.

I believe free programs are much more safe than proprietary ones. When a program is free, and lets you express and practice freedoms, it gives you ability to change it so it works and behaves as you wish. If it has security vulnerabilities, you can fix them yourself or hire someone to do it for you. If there’s a backdoor or a violation of privacy, you can close that door and stop the violation. If there’s a behavior you don’t like, you can change it.

You may not want to change anything but the freedoms are still there to assure you one important matter: it’s you who is in control.

A proprietary program doesn’t let you practice your freedoms, therefore you’re reliant on the developer, the master, to grant you what you need.

I believe this effort, to have software freedom, is much similar to life. In life we sometimes need to give up on some comfort to gain freedom and that freedom eventually leads us to a safe society with individual liberties that collectively will create a safe society where there’s comfort and safety.

I believe safety is a result of freedom. Safety without freedom is an illusion, is a violation of whatever humans stood for, for thousands of years. It’s freedom and personal liberties that brings us safety, not vice versa.

Justifying privacy!

Trying to justify the right of privacy is like trying to justify any other human right. They are called rights, not because you need to justify them, but because we came to a consensus that they are integral parts of a working society. The right to privacy is like the right to not being harmed, your right to free speech or right to freedom. All of these are nothing you need to justify in order to acquire them, you innately have them, period.

You may choose not to use them, but you can never use that as grounds to deny them to others. The answer “because I have a right to privacy” is enough to satisfyingly answer the “I have nothing to hide” paradigm; no justification needed for making use of basic human rights.

Consequences of Roe v. Wade overturn

The expected reversal of Roe v. Wade will trigger the most significant and far reaching challenge to Big Tech Trust & Safety policies in the history of the Internet. Anti-choice states will demand access to search and location data. And that’s only the beginning.

Internet security should not be taken for granted. We already know that data-collectors sell these information to one who pays the most and buying such data is easy even for a normal citizen. The fact that these data can end up in the hands of dangerous people who will give you death sentence is frightening.

This is a time for reconsideration of our safety and privacy practices as well as a demand for more strict regulations on people’s privacy-related matters on internet.

If Roe v. Wade is overturned, states should pass laws on people’s privacy to protect people from being recognized as someone who did or aided an abortion. Every humane legislator should fight this law and pass other laws that will practically make this overturn ineffective.

Human privacy was always essential to freedom and security but these are the times we should take it more seriously. Every major player in the field should now act upon the matter and spread the information about the consequences of this overturn for our privacy and the consequences of privacy-violation for this overturn and our lives.

This is a great example for us and everybody to see how privacy is essential for us and is far more serious than what anyone could think. Privacy is a matter of human right and it should be respected as one of the most important of our rights whatsoever.

Toxicity around programmer community

See the above picture? That’s what have been annoying many people, specially between programmers. We have been trolling many people into a cult and a fashion to make everybody look like us. We made it to a point that whenever we see a (relatively) weird-looking person, we know he’s a programmer. We even call ourselves nerds.

We constantly are in war for our text editors (while we know Emacs is superior), we constantly talk about our operating systems, we constantly are looking to compute and write small programs, we bang about not having a life or not being able to live a normal day, and we pressure ourselves to show everybody that we’re familiar with computers.

For the last 3 or 4 years, I’ve been avoiding to call myself a programmer and emphasize that I just know how to code. I’ve been avoiding the cult we’re in for a long time now and I hope I succeed.

A programmer should have a life. Instead of banging about how fucked up we are, we should instead show off how our lives are keep becoming better. Instead of joking about how anti-social we are, we should show off what a great family we built.

Few days ago, Kev Quirk shared this picture (of a tweet) and shared his thoughts:

This is what’s wrong with the tech industry. The expectation that one should give their free time *EVERY DAY* or you’re somehow “not passionate”.

My response to that would be fuck you and your shitty fucking culture.

My kids and family are FAR more important to me than your ridiculous expectations.

I fully agree. We should stop participating in this cult and start caring about ourselves. Nothing is wrong about caring about ourselves. Nothing is wrong about having a good night sleep. Nothing is wrong to take our life as serious as our job.

It’s OK to care about politics and environment and other important matters. We’re not robots built to do certain jobs. Just because we have passion, talent, and skills for creating and working with programs, doesn’t mean we should sacrifice everything we have for it.

Can fediverse admins read your DMs?

As the news about Elon Musk buying Twitter reaches more people, Mastodon (and others) face increase in user number and active members. This is good news.

And yes, fediverse admins can read your DMs. That’s not news to anyone. Every person with some knowledge of how internet and web application/services work knows that a sysadmin and those with access to databases control everything and in this example, can read your direct messages.

Even with encrypted services, a sysadmin can disable encryption or do various series of attacks to get your encryption keys/passwords. I posted something on Mastodon the other day about the irony of people using Gmail to sign up for Mastodon (or generally any other social network/online service) and then being worried about the privacy of their DMs.

I’m not saying they don’t have a right for privacy or their concern is baseless. Coming from Middle East I truly understand it. Here’s a scenario as an example: Imagine an authoritarian regime, like Russia, sets and runs thousands of Mastodon instances and operates them to aggregate data about people. People unknowingly will send private messages and all of those messages are now in hand of a regime that suppresses its opposition.

Or even if you trust an instance admin, you can still be in danger as Mastodon is a federated network and the admin of the other instance you’re talking to (through DMs) can too read your messages.

However, trusting a social network for private messaging is wrong at first place. You shouldn’t use a social network of any kind to send important messages or to communicate safely. Mastodon DMs (or any other network’s direct message) is just a post that is shown to people who are mentioned, nothing more.

The best use for DMs is to ask for a private communication method or handle, like XMPP, and then contact them there. It would be nice for Mastodon and other fediverse software to have end-to-end encrypted private messaging implemented in.

The other thing is that Mastodon, and every other fediverse software I now, are free software. Meaning people can run, study, change, and share it as they wish (under the terms of the free licenses they have) and it gives people to freely modify the software and run their own server to please their own needs for communication on the fediverse. I don’t think that can be done by normal everyday users as they probably lack skills, time, and money to do so, but it’s possible.

The other thing is that we should teach people about their privacy rights and how internet and online services work. For a long time, mega corporations mistreated people and misguided them to accept or trust services that violate their basic human right of privacy and it should be our job and obligation to teach them this.

Fediverse is currently the best social network we can have. It’s decentralized, without ads, without trackers, and designed solely for socializing and creating networks/connections. We should help develop it to be more secure and trustworthy and we should keep promoting it to have more people there. Of course, that requires us to be honest, respectful, and welcoming to new people.

My favorite social network

Few days ago I found honk, my favorite social network. Taking a look at it, it’s just perfect, the way I want all social networks to be.

It’s federated with ActivityPub protocol, has no likes, no faves, no polls, no stars, no claps, no counts. There’s no attention mining in it and it just works to connect people’s postings and thoughts and create a community.

It’s theme and look/feeling may be not desirable and beautiful but since it’s free software, you surely can change its user interface. I’m pretty positive that the original developers will accept contributions to the user interface and/or user experience of it.

The honk mission is to work well with minimal setup and support costs. It’s to spend more time using the software and less time operating it. It currently works well as intended. It’s multi-user, supports many features, and is my favorite social network now. It’s exactly how I wanted social networks to be since years ago.

The developers have a sense of humor too, you know by reading their documentation and intro/README texts, but I hope the whole project is not a joke and they are like-minded people.