Article 11 is commonly known as the Link Tax, wherein linking to public pages may become illegal if the link displays a content preview using OpenGraph tags included by the page authors; Article 13 mandates that all user submissions must go through a content filter to detect copyright violations.
There will be a wider vote on this in the European Parliament in July. Both would affect how Mastodon operates. Here is why we must oppose its passing:
Content detection is not reliable
Known content identification systems such as those on YouTube routinely lead to wrongful takedowns. Sometimes it will detect faint music, inaudible to humans, in a video of the outside. It will mistakenly block public domain or transformative work. But at the same time, it will fail to notice songs with slightly shifted pitch, or video that’s been horizontally flipped. People will file claims for content they don’t actually own, and the onus will be on the creators to prove they have a right to upload. This will stiftle freedom of expression and will rob us of creative diversity.
The YouTube of today is already suffering from this, even without Article 13. You think DMCA and demonetizations are bad? People will be denied at time of upload, everywhere.
Small players vs. content filtering
While large social media platforms like Twitter, Tumblr, Facebook and GitHub will be able to invest in developing the technologies required for copyright infringement scanning, others will not. And there are a lot of places on the internet outside of those platforms: blog comments sections, forums, image boards, and of course, Mastodon servers. Non-profit websites, run by individuals or small organizations, will not be able to comply with such requirements. It presupposes not only a technological investment, but also access to copyrighted content libraries to-be-scanned-for.
This might lead to an emergence of content ID service providers, centralized scanning facilities, which adds not only another financial factor into the picture, but introduces a huge privacy risk by aggregating all posts from many different platforms into one place. You don’t even have to believe in government snooping, just think of all those data breaches like Equifax.
The internet is not just big platforms
If often feels like when the EU passes internet regulations, they think only about the big names like Facebook, Twitter, Google and Amazon. When Germany implemented their own version of the link tax, Google still managed to negotiate a free deal with publishers, because if the publishers are excluded from Google, they’re essentially outcast. But guess who does not have the power to negotiate such deals? Smaller Google competitors.
Similarly, GDPR caused a panic among smaller websites and web services due to the fear of being fined a hefty fee, with many shutting down due to uncertainty. Who did not need to panic or scramble were the companies who the law was primarily aimed at, those who violated our privacy the most: Google, Facebook, Twitter, Amazon. They can afford plenty of lawyers and engineers to comply with any new regulations.
It is the nature of regulations to shut out small players, and that’s not always bad. You want water and food quality to be regulated, you don’t want any amateurs dabbling in that. And internet privacy is important for sure, in the case of GDPR it seemed to come from the right place. But any regulations will entrench the biggest companies on the market, and you have to ask yourself: Are the media conglomerates whose business model is exploitation really the landscape of the internet you want to solidify for the foreseeable future?
The successful companies of today have only been able to become such because the internet was decentralized and anyone could enter the game board freely. I do not think that they are the pinnacle of what is possible, however.
We need to keep the decentralized web alive, and oppose Article 11 and Article 13.
A brand new explore page, post editing, and new moderation features are just some of the additions in this new release of Mastodon!
Mastodon 3.3
Eugen Rochko
Jan 29, 2021
It’s Mastodon 3.3 time 🎉 We’ve got security fixes, performance fixes, new moderation tools and quality of life features!
Mastodon 3.2
Eugen Rochko
Aug 2, 2020
The new Mastodon release brings you a much better audio player and improved support for different audio and video formats, as well as some additional security mechanisms.The audio player has been completely reworked to have a more eye-catching design. It will extract album art from the uploaded audio file automatically, or allow you to upload a thumbnail of your own choosing to be displayed in the center. Dominant colors from the artwork or thumbnail will then be used to give the player a unique look.
Mastodon 3.0
Eleanor
Oct 11, 2019
In this exciting new release: Moving accounts, trending hashtags, private servers and more!
Mastodon 2.9
Eleanor
Jun 14, 2019
The latest release of Mastodon introduces a simplified single-column interface as the new default for new users
Improving support for adult content on Mastodon
Eugen Rochko
May 5, 2019
Using the Blurhash algorithm in Mastodon 2.8.1 to generate prettier previews for sensitive media
In the previous tutorial we have learned how to send a reply to another ActivityPub server, and we have used mostly static parts to do it. Now it’s time to talk about how to subscribe to other people and receive messages.
The inbox
Primarily this means having a publicly accessible inbox and validating HTTP signatures. Once that works, everything else is just semantics. Let’s use a Sinatra web server to implement the inbox.
In fact, I intend to omit persistence from this tutorial. How you would want to store data in a real application is very much up for debate and depends on your goals and requirements. So, we’re going to store data in a variable and implement a simple way to inspect it.
require 'sinatra'
INBOX = []
get '/inspect' do
[200, INBOX.join("\n\n")]
end
post '/inbox' do
request.body.rewind
INBOX << request.body.read
[200, 'OK']
end
That’s an absolutely basic implementation. Save it in server.rb. You can run the server with ruby server.rb (you need the Sinatra gem installed before that: gem install sinatra). Now on this server you can navigate to /inspect to see the contents of your inbox, and you (and anyone, really) can POST to the /inbox to add something there.
Of course, anyone being able to put anything in there is not ideal. We need to check the incoming POST requests for a HTTP signature and validate it. Here is what a HTTP signature header looks like:
We need to read the Signature header, split it into its parts (keyId, headers and signature), fetch the public key linked from keyId, create a comparison string from the plaintext headers we got in the same order as was given in the signature header, and then verify that string using the public key and the original signature.
require 'json'
require 'http'
post '/inbox' do
signature_header = request.headers['Signature'].split(',').map do |pair|
pair.split('=').map do |value|
value.gsub(/\A"/, '').gsub(/"\z/, '') # "foo" -> foo
end
end.to_h
key_id = signature_header['keyId']
headers = signature_header['headers']
signature = Base64.decode64(signature_header['signature'])
actor = JSON.parse(HTTP.get(key_id).to_s)
key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem'])
comparison_string = headers.split(' ').map do |signed_header_name|
if signed_header_name == '(request-target)'
'(request-target): post /inbox'
else
"#{signed_header_name}: #{request.headers[signed_header_name.capitalize]}"
end
end
if key.verify(OpenSSL::Digest::SHA256.new, signature, comparison_string)
request.body.rewind
INBOX << request.body.read
[200, 'OK']
else
[401, 'Request signature could not be verified']
end
end
The code above is somewhat simplified and missing some checks that I would advise implementing in a serious production application. For example:
The request contains a Date header. Compare it with current date and time within a reasonable time window to prevent replay attacks.
It is advisable that requests with payloads in the body also send a Digest header, and that header be signed along in the signature. If it’s present, it should be checked as another special case within the comparison string: Instead of taking the digest value from the received header, recompute it from the received body.
While this proves the request comes from an actor, what if the payload contains an attribution to someone else? In reality you’d want to check that both are the same, otherwise one actor could forge messages from other people.
Still, now you have a reasonably secure toy inbox. Moving on.
Following people
To register as a follower of someone, you need to send them a Follow activity. The receiver may manually decide whether to allow that or not, or their server may do it automatically, but in the case of success you will receive an Accept activity back referring to your Follow. Here is how a Follow may look like, if you would like to follow the official Mastodon project account, the URI of which is https://mastodon.social/users/Mastodon:
Make sure your actor JSON points to your inbox, and your inbox server is running and publicly accessible under that URL, then deliver that activity to the target user’s inbox, in our example it would be https://mastodon.social/inbox.
If everything works correctly, inspecting your inbox you should find an Accept activity. Afterwards, you will find other activities in there from the person you followed, like Create, Announce and Delete.
Ideally, you’d follow your own Mastodon account, just so you can control when to post, otherwise you may end up waiting for your inbox to fill for a long time.
Conclusion
This brings you almost all the way to a fully functioning ActivityPub server. You can send and receive verified messages and subscribe to other people. As mentioned at the start, everything else is semantics. To support other people subscribing to you, you would listen for incoming Follow activities, send back an appropriately formatted Accept activity, write down the follower somewhere and send them every new post you create.
Today we’ll be looking at how to connect the protocols powering Mastodon in the simplest way possible to enter the federated network. We will use static files, standard command-line tools, and some simple Ruby scripting, although the functionality should be easily adaptable to other programming languages. First, what’s the end goal of this exercise? We want to send a Mastodon user a message from our own, non-Mastodon server. So what are the ingredients required?
Mastodon and the W3C
Eugen Rochko
Sep 10, 2017
Mastodon is a free, open-source federated social network spanning over 800,000 users spread across more than 2,000 servers. Mastodon v1.6 is here, and it is the first Mastodon release which fully implements the ActivityPub protocol. ActivityPub is a new federated messaging protocol developed by the World Wide Web Consortium (W3C) which aims to fix the shortcomings of past standards like OStatus. Mastodon is one of the first platforms, and certainly the first major platform to implement this new standard and prove it in the wild.
Isn’t it a bit strange that the entire world has to wait on the CEO of Twitter to come around on what constitutes healthy discourse? I am not talking about it being too little, too late. Rather, my issue is with “instant, public, global messaging and conversation” being entirely dependent on one single privately held company’s whims. Perhaps they want to go in the right direction right now for once, but who’s to say how their opinion changes in the future? Who is Twitter really accountable to except their board of directors?
I still find it hard to believe when Jack Dorsey says that Twitter’s actions are not motivated by a drive to increase their share price. Twitter must make their shareholders happy to stay alive, and it just so happens that bots and negative interactions on their platform drive their engagements metrics upwards. Every time someone quote-tweets to highlight something toxic, it gets their followers to interact with it and continue the cycle. It is known that outrage spreads quicker than positive and uplifting content, so from a financial point of view, it makes no sense for Twitter to get rid of the sources of outrage, and their track record is a testament to that.
In my opinion, “instant, public, global messaging and conversation” should, in fact, be global. Distributed between independent organizations and actors who can self-govern. A public utility, without incentives to exploit the conversations for profit. A public utility, to outsurvive all the burn-rate-limited throwaway social networks. This is what motivated me to create Mastodon.
Besides, Twitter is still approaching the issue from the wrong end. It’s fashionable to use machine learning for everything in Sillicon Valley, and so Twitter is going to be doing sentiment analysis and whatnot when in reality… You just need human moderators. Someone users can talk to, who can understand context. Unscalable for Twitter, where millions of people are huddled together under one rule, but natural for Mastodon, where servers are small and have their own admins.
Twitter is not a public utility. This will never change. And every tweet complaining about it simply makes their quarterly report look better.
To get started with Mastodon, go to joinmastodon.org and pick a place to call home! Use the drop-down menus to help narrow your search by interest and language, and find a community to call your own! Don’t let the fediverse miss out on what you have to say!
Developing an official iOS app for Mastodon
"Why isn't there a 'Mastodon' app?"
One of the ways Mastodon sets itself apart from current-day Twitter is its API-first approach (every function available through the web interface is available through the API, in fact, our web client is just an API client that runs in the browser). A third-party app ecosystem contributed in large part to Twitter’s success at the beginning, with many innovative features like retweets coming originally from unofficial apps, and it is serving a similarly instrumental role for Mastodon. It is great that Mastodon users can choose from a variety of apps with distinct approaches to user experience.
However, there is a gap in this ecosystem, illustrated best by the amount and frequency with which new users ask us where to find the “Mastodon” app, why there is no “Mastodon” app, and when we will release a “Mastodon” app. Irrespective of our efforts of promoting third-party apps at every turn – from joinmastodon.org, from the web interface, from the frontpage of every Mastodon server – the lack of an app that carries our name in the app stores trips up newcomers.
This hampers our chances of converting people browsing app stores for a few reasons: We’re less likely to get on trending lists even when Mastodon is in the spotlight, since people either fail to find a native app or are split between multiple ones; most if not all contemporary third-party Mastodon apps do not prioritize first-time user onboarding, with many not offering sign-up functionality; and while it is fair that some of the apps are paid and not free, somebody looking to try out a new social network is not going to take the chance on their credit card.
That is all to say, we need an official Mastodon app that is free to download and that is specialized in helping new users get started on the platform. The end-goal is also to reach feature-parity with the web interface and spearhead new API features. The more new users we can successfully convert to Mastodon, the bigger the pool of potential users for all third-party apps will be, and if app developers are motivated to implement previously missing features to stay competetive, all the better.
We will focus on developing an official, open-source iOS app first. I have compiled a roadmap of features that a Mastodon app ought to have, with the first milestone being a Minimum Viable Product which we could get out on the App Store by summer. I am teaming up with engineers from Sujitech, who have a long history with the fediverse, and UX designers from the NYC agency Lickability, whose track record includes iOS apps for Meetup and the New Yorker.
The work begins on February 8, 2021.
To help offset the costs of this undertaking, I have created a new milestone on Mastodon’s Patreon profile. If you’ve got a business, you can now sponsor Mastodon directly without going through Patreon, with much smaller processing fees and tax-compliant invoices. Thanks to everyone who is already sponsoring Mastodon, and stay tuned for updates!
An ever growing problem of the modern social media-rich world is misinformation. The trust that was previously placed into government officials and journalism has eroded; the internet gave everyone a voice but with it made it so much more difficult to distinguish truth from fabrication. The consequences of this are very real: Almost eradicated illnesses are making a comeback because people refuse to vaccinate their children, Covid-19 is continuing to spread because people refuse to wear masks and practice social distancing, more and more people start believing that the Earth is flat and descend down a rabbit hole of ever more absurd conspiracy theories.
The social media giants have acknowledged the problem: Both Facebook and Twitter are taking measures to try and limit the damage of misinformation. Both take the fact check approach, wherein a dubious claim that has attracted enough attention on the platform is disputed by deferring to one or multiple trusted authorities. It is a step in the right direction but we must consider how well it would fit into the decentralized model, which is what we’re working with. In both cases, Twitter and Facebook unilaterally decide a) which claims deserve a fact check and b) which fact checking authorities to defer to. Facebook has already gotten in trouble for picking some very dubious fact checkers.
So we have issues on two layers: The fact checkers selected by the platform may not be the ones that the users actually trust, and only claims that the platform decides to fact check get any treatment. On a decentralized social media platform like Mastodon, there is no central authority that can make those decisions, and while you may argue that its more localized governance structure (where a server’s admins and moderators have fewer users to take care of and users have the freedom to pick the server that fits their needs the best) would be an improvement over this, there is a practical limit to how much micromanagement we can expect independent admins and moderators to perform.
While we routinely observe blatant conspiracy theorists being kicked off well-moderated Mastodon servers, the often volunteer staff simply cannot monitor every message for misinformation and link it up with appropriate resources. For the same reason we oppose various upload filter initiatives – manually checking every message on social media does not scale and any automation is so complicated that it inevitably leads to centralized solutions that are equally inaccessible for small players. Regardless, the takeaway is, if we want to tackle misinformation on decentralized social media, we need a solution that does not rely on manual action by server staff.
In late 2018 I was approached by someone from University of Greenwich who wanted to investigate potential solutions to this problem and wanted my advice, support, and knowledge of decentralized social networks. It was an invitation to participate in an academic research project EUNOMIA with, among others, three different universities (University of Greenwich, University of Nicosia, and University of West Attica) and a grant from the European Commission’s Horizon 2020 program – an extremely flattering acknowledgement of Mastodon’s importance. Indeed, Mastodon was the perfect choice for this purpose: An extremely easy to use, well-documented, and extensive API that not only allows, but encourages the creation of alternative user interfaces; and the ability to essentially run a fully-featured social network in an entirely sandboxed environment.
What EUNOMIA aims to be at the end of its 3-year development road map is a “digital companion” – in essence, an alternative user interface, containing a toolkit that would facilitate the discerning of manipulated or incorrect information. Facilitation is key, here: The user would be the ultimate authority for making a call on what they trust or distrust, what EUNOMIA would provide is easier access to the kind of criteria the user deems important for that decision. Someone might want to be notified if a post uses manipulative wording to distort a claim, someone else might want to see if similar messages have been posted by other people before and the one that you see is less accurate, other people may want to check with the wisdom of the crowd and pay extra heed when lots of people distrust a message. Any one method is imperfect by itself, but in tandem they may make fact checking more accessible.
The EUNOMIA “digital companion” is built on Mastodon but they are two completely separate projects. If you would like to follow EUNOMIA’s progress and provide any feedback, please follow its Mastodon account: @Eunomia@mastodon.social
Since Mastodon 2.7, it is actually possible to let users sign up through your app, instead of asking them to go to a Mastodon website directly and then return. Let’s go over how this can be done.
Mastodon 3.0 in-depth
Eugen Rochko
Oct 12, 2019
Detailed notes on REST API changes, new deployment options, new admin settings and how to use them
A fresh new release of the federated social network software is here, and while the primary focus of it has been on fixing bugs and improving performance, it brings a couple of notable new features to the board. Delete & Redraft There are legitimate reasons why social media platforms rarely, if ever, have an editing function. In an environment where content spreads like wildfire in a matter of minutes, you could easily conceive of nefarious misuses such as creating a post about something agreeable and positive, and, once it reaches critical mass, changing the content to something malicious.
#DeleteFacebook
Eugen Rochko
Mar 21, 2018
Deep down you always knew it. On the edge of your perception, you always heard the people who talked about the erosion of privacy, that there was no such thing as free cheese, that if you don’t pay — then you’re the product. Now you know that it’s true. Cambridge Analytica has sucked the data so kindly and diligently collected by Facebook and used that data to influence the US elections (and who knows what else).
The Mastodon Spring Creator’s Release
Eugen Rochko
Mar 14, 2018
The development of the next version of Mastodon coincided with the reveal of Vero, yet another commercial social network silo backed by millionaires with a shady past. Vero has struck a chord, at least until people caught on to its background, and it wasn’t just because of its unlimited marketing budget. It has struck a chord because it promised an alternative to Instagram, which started getting progressively worse for creators after being acquired by Facebook.
Replacing the Pillars of the Internet
Tremaine Friske
Mar 7, 2018
This article assumes you’ve read my previous two blog posts, here and here. Why not give them a quick read if you haven’t already? To balance out the doom and gloom of an internet wholly under the thrall of corporate interests and fed through single channels devoid of competition, it’s worth being aware of just how pervasive and powerful an idea decentralization is in the 21st century. The structure of things now are remnants of the way things have always been done: we trust in a singular authority to manage everything behind the scenes so that our experience on this side remains seamless.
Twitter is not a public utility
Eugen Rochko
Mar 3, 2018
Isn’t it a bit strange that the entire world has to wait on the CEO of Twitter to come around on what constitutes healthy discourse? I am not talking about it being too little, too late. Rather, my issue is with “instant, public, global messaging and conversation” being entirely dependent on one single privately held company’s whims. Perhaps they want to go in the right direction right now for once, but who’s to say how their opinion changes in the future?
The Centralization of Power on the Internet
Tremaine Friske
Feb 28, 2018
The online space is dominated by a small handful of companies that command a disproportionate amount of power and influence over the entire online experience, not just social media. So much influence that several of these companies have fundamentally altered many aspects of life offline; often described with the floral language of the privileged as ‘disruptive,’ but more clearly understood in the common tongue as ‘destructive.’’ The five most valuable companies at the end of 2017 were, in order: Apple, Alphabet (the company that owns Google), Microsoft, Amazon, and Facebook.
Isn’t it a bit strange that the entire world has to wait on the CEO of Twitter to come around on what constitutes healthy discourse? I am not talking about it being too little, too late. Rather, my issue is with “instant, public, global messaging and conversation” being entirely dependent on one single privately held company’s whims. Perhaps they want to go in the right direction right now for once, but who’s to say how their opinion changes in the future? Who is Twitter really accountable to except their board of directors?
I still find it hard to believe when Jack Dorsey says that Twitter’s actions are not motivated by a drive to increase their share price. Twitter must make their shareholders happy to stay alive, and it just so happens that bots and negative interactions on their platform drive their engagements metrics upwards. Every time someone quote-tweets to highlight something toxic, it gets their followers to interact with it and continue the cycle. It is known that outrage spreads quicker than positive and uplifting content, so from a financial point of view, it makes no sense for Twitter to get rid of the sources of outrage, and their track record is a testament to that.
In my opinion, “instant, public, global messaging and conversation” should, in fact, be global. Distributed between independent organizations and actors who can self-govern. A public utility, without incentives to exploit the conversations for profit. A public utility, to outsurvive all the burn-rate-limited throwaway social networks. This is what motivated me to create Mastodon.
Besides, Twitter is still approaching the issue from the wrong end. It’s fashionable to use machine learning for everything in Sillicon Valley, and so Twitter is going to be doing sentiment analysis and whatnot when in reality… You just need human moderators. Someone users can talk to, who can understand context. Unscalable for Twitter, where millions of people are huddled together under one rule, but natural for Mastodon, where servers are small and have their own admins.
Twitter is not a public utility. This will never change. And every tweet complaining about it simply makes their quarterly report look better.
To get started with Mastodon, go to joinmastodon.org and pick a place to call home! Use the drop-down menus to help narrow your search by interest and language, and find a community to call your own! Don’t let the fediverse miss out on what you have to say!
The online space is dominated by a small handful of companies that command a disproportionate amount of power and influence over the entire online experience, not just social media. So much influence that several of these companies have fundamentally altered many aspects of life offline; often described with the floral language of the privileged as ‘disruptive,’ but more clearly understood in the common tongue as ‘destructive.’’ The five most valuable companies at the end of 2017 were, in order: Apple, Alphabet (the company that owns Google), Microsoft, Amazon, and Facebook.
This Isn’t About Social Media. This is About Control.
Tremaine Friske
Feb 19, 2018
Human beings, above all else, are storytellers. It’s how we relate to our own past, or personalities, or each other. It’s how to connect with the world around us, make sense of events, and assess values. We rely on stories to function as agents in the world. These stories are often told in-person: “oh, I did this today, I felt like this, then this happened and I was like ‘whoa no way!
Since Mastodon 2.7, it is actually possible to let users sign up through your app, instead of asking them to go to a Mastodon website directly and then return. Let’s go over how this can be done.
First, not all Mastodon servers accept new users. If you perform a request to GET /api/v1/instance, you will see this in the boolean registrations attribute.
To proceed, your app must already be registered / self-register with the given server, and obtain a “client credentials” grant, which is an API access token that is not connected to any particular user, just to your app. The app must have the write:accounts (or above) scope.
As a refresher, given that you have already registered the app to get a client_id and client_secret, to obtain a “client credentials” grant, you just have to perform a POST /oauth/token request with the params grant_type=client_credentials, your client_id and client_secret, and scope=write:accounts (or whatever scopes you need).
You then need to collect the following information from the new user:
username
email
password
You must ask the user to agree to the server’s terms of use and privacy policy, and record that agreement in the boolean agreement param. The URLs for the terms and privacy policy are /about/more and /terms so you can just let the user open them in a browser, or render them in a web view. If you know what the user’s language is, you can pass that information in the locale param (but make sure the locale is something Mastodon supports, otherwise the API request will fail with a HTTP 422 error).
If the GET /api/v1/instance API has returned a true approval_required attribute, there is an additional piece of information you should ask from the user: reason. Because the user’s sign-up will be reviewed by the server’s staff before being allowed, you must give the user an opportunity to describe themselves and why they should be allowed onto the server.
You must then submit those params to POST /api/v1/accounts (authenticated with the app’s access token). You will need to handle a potential HTTP 422 response from the API in case the user has entered invalid information (like an already taken username).
On success, what you will receive in return will be an access token, identical to what you would get from a standard OAuth authorization procedure. The access token allows your application to use the API of the server on behalf of the registered user.
However, the token will be inactive until the user confirms their e-mail. The link in the confirmation e-mail will actually redirect them back to your application when possible. Of course, if staff approval is required, the token will remain unusable until the account has been approved.
Trying to use an inactive access token will result in a HTTP 403 error.
The development of the next version of Mastodon coincided with the reveal of Vero, yet another commercial social network silo backed by millionaires with a shady past. Vero has struck a chord, at least until people caught on to its background, and it wasn’t just because of its unlimited marketing budget. It has struck a chord because it promised an alternative to Instagram, which started getting progressively worse for creators after being acquired by Facebook. The algorithmic timelines have led to a reality where your post could either get lucky and be seen by all of Instagram, or never be seen by your own followers.
This led me to think — what are the concrete differences between Instagram and Mastodon, and what prevents people from using Mastodon in the same way as Instagram? When you strip away the user interface, all social networks function more or less the same way: People create posts, follow each other, the posts go to the followers, and there’s varying degrees of taxonomy to categorize and browse those posts. The real difference is in the user interface, and what that interface puts emphasis on. Instagram does not allow posts without a picture or video, and the interface is adjusted to display those pictures and videos; while Mastodon does not allow posts without text, with pictures and videos being optional. And that’s the whole difference.
With that in mind, I asked myself, are there any parts of Mastodon that could be optimized for the Instagram use case, without interfering with how Mastodon works overall? And the answer was yes.
This release focuses heavily on the artist experience.
Since Mastodon supports a thriving app ecosystem, there are many different ways in which pictures and videos could be displayed to the viewer. To make sure that whatever aspect ratio a thumbnail is displayed in, it doesn’t cut off important bits, the new “crop” function allows you to select a focal point (or “focus” point) on the uploaded picture. That point will always stay in frame.
Although you were already able to pin posts before, this feature is now complete, displaying the pinned posts in the webapp and across servers, and not just the public profile. This allows you to feature your best work, or important links or conversations. Speaking of links, attaching media to a post no longer inserts a URL into the text of the post, and image-only posts are now allowed.
The media gallery in profiles has been reworked, and is now linked prominently in the webapp, on equal footing with the text-focused profile view. It was linked from a dropdown menu before, and as everybody knows, if something is in a dropdown menu, it might as well not exist. The media modal windows now fill more of the screen and support pinch-to-zoom.
A lot has also been done with how Mastodon pages appear in previews on other sites and apps. With a recent update in Discord, Mastodon videos linked there are finally playable inline. Profile pages in search results now display the bio as description, instead of a random status from the profile. Artists and photographers who publish adult content are no longer disadvantaged by not having their pictures appear in the previews.
You can also now backup your entire Mastodon account, including all the images and videos you uploaded, every 7 days.
That’s not all. There’s a lot more, and if you want every detail, you can read the official changelog — I’m gradually getting better at writing those in a way that’s understandable to non-developers.
Mastodon is built on open web protocols like ActivityPub, so it is possible that someone will write a piece of software that acts more like Instagram, and it will still integrate with Mastodon seamlessly — that’s how federation works, and we’re already seeing it with Mastodon and PeerTube. But for now, I hope that this release makes artists and photographers feel more at home on the fediverse.
If you’d like to try Mastodon today, visit joinmastodon.org. You can select “I am an artist” from the dropdown if you’d like to see servers made specifically for art. Unlike some other platforms, it’s free!
Introducing the Mastodon Server Covenant
Changes to the joinmastodon.org server picker
Although Mastodon has no central authority, we as a project still want to provide a safer experience than found on Twitter or Reddit. One of the things that gave impetus to the creation of Mastodon was a lack of moderation on Twitter against hate groups. The “no nazis” rule of the original mastodon.social server not only continues to serve as a major attraction of the project, but has also been adopted in the majority of subsequently founded communities as well.
We thought long and hard about how to best provide people new to Mastodon a safe and friendly experience without compromising the federated and free nature of the project. Thus, we are proud to announce the creation of the Mastodon Server Covenant. By highlighting those communities that are high quality and best align with our values, we hope to foster a friendly and better moderated online space. Any server that we link to from joinmastodon.org commits to actively moderating against racism, sexism, homophobia and transphobia. Additionally, servers listed on joinmastodon.org are those that have committed to having daily backups, more than one person with emergency access (“bus factor”) and promise to give people a 3 month warning in case of potential closure.
While there have always been server listings on joinmastodon.org, this is a break from our previous practice of listing servers. Before the Server Covenant we pulled a list of servers from a 3rd party provider called instances.social. However, instances.social was a 3rd party and automated service. The one thing that it could not do was any kind of quality control as it simply listed every instance submitted–regardless of stability or their code of conduct. As Mastodon has grown it has become increasingly clear that simply listing every possible server was not in our interest as a project, nor was it in the interest in the majority of the communities running Mastodon.
We want people’s experience with the Mastodon to be safe and consistent and we believe in highlighting those communities that best embody our values. Mastodon is released as free software and that is where our obligations of neutrality end. We do not believe that moderation is a crime, and we do not have to support or promote those who would choose to use Mastodon to spread intolerance and hate.
For those interested in learning more, or learning about including their community in the Mastodon Server Covenant, can find out more here.
Why EUNOMIA builds on Mastodon
An ever growing problem of the modern social media-rich world is misinformation. The trust that was previously placed into government officials and journalism has eroded; the internet gave everyone a voice but with it made it so much more difficult to distinguish truth from fabrication. The consequences of this are very real: Almost eradicated illnesses are making a comeback because people refuse to vaccinate their children, Covid-19 is continuing to spread because people refuse to wear masks and practice social distancing, more and more people start believing that the Earth is flat and descend down a rabbit hole of ever more absurd conspiracy theories.
The social media giants have acknowledged the problem: Both Facebook and Twitter are taking measures to try and limit the damage of misinformation. Both take the fact check approach, wherein a dubious claim that has attracted enough attention on the platform is disputed by deferring to one or multiple trusted authorities. It is a step in the right direction but we must consider how well it would fit into the decentralized model, which is what we’re working with. In both cases, Twitter and Facebook unilaterally decide a) which claims deserve a fact check and b) which fact checking authorities to defer to. Facebook has already gotten in trouble for picking some very dubious fact checkers.
So we have issues on two layers: The fact checkers selected by the platform may not be the ones that the users actually trust, and only claims that the platform decides to fact check get any treatment. On a decentralized social media platform like Mastodon, there is no central authority that can make those decisions, and while you may argue that its more localized governance structure (where a server’s admins and moderators have fewer users to take care of and users have the freedom to pick the server that fits their needs the best) would be an improvement over this, there is a practical limit to how much micromanagement we can expect independent admins and moderators to perform.
While we routinely observe blatant conspiracy theorists being kicked off well-moderated Mastodon servers, the often volunteer staff simply cannot monitor every message for misinformation and link it up with appropriate resources. For the same reason we oppose various upload filter initiatives – manually checking every message on social media does not scale and any automation is so complicated that it inevitably leads to centralized solutions that are equally inaccessible for small players. Regardless, the takeaway is, if we want to tackle misinformation on decentralized social media, we need a solution that does not rely on manual action by server staff.
In late 2018 I was approached by someone from University of Greenwich who wanted to investigate potential solutions to this problem and wanted my advice, support, and knowledge of decentralized social networks. It was an invitation to participate in an academic research project EUNOMIA with, among others, three different universities (University of Greenwich, University of Nicosia, and University of West Attica) and a grant from the European Commission’s Horizon 2020 program – an extremely flattering acknowledgement of Mastodon’s importance. Indeed, Mastodon was the perfect choice for this purpose: An extremely easy to use, well-documented, and extensive API that not only allows, but encourages the creation of alternative user interfaces; and the ability to essentially run a fully-featured social network in an entirely sandboxed environment.
What EUNOMIA aims to be at the end of its 3-year development road map is a “digital companion” – in essence, an alternative user interface, containing a toolkit that would facilitate the discerning of manipulated or incorrect information. Facilitation is key, here: The user would be the ultimate authority for making a call on what they trust or distrust, what EUNOMIA would provide is easier access to the kind of criteria the user deems important for that decision. Someone might want to be notified if a post uses manipulative wording to distort a claim, someone else might want to see if similar messages have been posted by other people before and the one that you see is less accurate, other people may want to check with the wisdom of the crowd and pay extra heed when lots of people distrust a message. Any one method is imperfect by itself, but in tandem they may make fact checking more accessible.
The EUNOMIA “digital companion” is built on Mastodon but they are two completely separate projects. If you would like to follow EUNOMIA’s progress and provide any feedback, please follow its Mastodon account: @Eunomia@mastodon.social
Disclaimer: Since Mastodon is decentralized, different Mastodon servers have a different view of the network depending on user activity, and providing an objective data summary across the entire network is not currently possible. Data provided in this blog post is provided as-seen-from mastodon.social, the oldest and one of the more well connected servers, but it is nevertheless biased towards mastodon.social’s demographic and may not represent other parts of the fediverse accurately.
Disclaimer: We collect aggregate statistics by crawling fediverse servers that identify themselves as running Mastodon. We may not be aware of all Mastodon servers, and aggregate statistics can be disabled for some servers. Temporary service outages across different servers may lead to day-to-day disparities between collected numbers.
2,749,065 total users (+930,724 since January)
244,634 active users (+814 since January)
2,551 active Mastodon servers
As for the mastodon.social server, here are some of our numbers for 2021:
Nowe wydanie Mastodona wprowadza zdecydowanie lepszy odtwarzacz audio, usprawnioną obsługę różnorodnych formatów audio i wideo, a także dodatkowe mechanizmy zabezpieczające. Ten wpis jest tłumaczeniem wpisu pt. Mastodon 3.2 – A look inside. Proszę o zgłaszanie mi uwag dotyczących tłumaczenia, jeżeli takie wystąpią. Całkowicie na nowo opracowano odtwarzacz dźwięku, aby otrzymał bardziej przyciągający wzrok wygląd. Automatycznie wydobywa on obraz albumu z pliku, lub pozwala na wybór wyświetlanej po środku miniatury. Dominujący kolor z tej grafiki jest wykorzystywany aby nadać odtwarzaczowi wyróżniający się wygląd.
Mastodon 2.7
Eugen Rochko
Jan 20, 2019
W tym wydaniu: nowy katalog profilów, nowy poradnik, nowa publiczna strona hashtagów i więcej narzędzi moderacyjnych
Join the social media revolution
Mastodon is a free, decentralized platform with over a million people
Although Mastodon has no central authority, we as a project still want to provide a safer experience than found on Twitter or Reddit. One of the things that gave impetus to the creation of Mastodon was a lack of moderation on Twitter against hate groups. The “no nazis” rule of the original mastodon.social server not only continues to serve as a major attraction of the project, but has also been adopted in the majority of subsequently founded communities as well.
We thought long and hard about how to best provide people new to Mastodon a safe and friendly experience without compromising the federated and free nature of the project. Thus, we are proud to announce the creation of the Mastodon Server Covenant. By highlighting those communities that are high quality and best align with our values, we hope to foster a friendly and better moderated online space. Any server that we link to from joinmastodon.org commits to actively moderating against racism, sexism, homophobia and transphobia. Additionally, servers listed on joinmastodon.org are those that have committed to having daily backups, more than one person with emergency access (“bus factor”) and promise to give people a 3 month warning in case of potential closure.
While there have always been server listings on joinmastodon.org, this is a break from our previous practice of listing servers. Before the Server Covenant we pulled a list of servers from a 3rd party provider called instances.social. However, instances.social was a 3rd party and automated service. The one thing that it could not do was any kind of quality control as it simply listed every instance submitted–regardless of stability or their code of conduct. As Mastodon has grown it has become increasingly clear that simply listing every possible server was not in our interest as a project, nor was it in the interest in the majority of the communities running Mastodon.
We want people’s experience with the Mastodon to be safe and consistent and we believe in highlighting those communities that best embody our values. Mastodon is released as free software and that is where our obligations of neutrality end. We do not believe that moderation is a crime, and we do not have to support or promote those who would choose to use Mastodon to spread intolerance and hate.
For those interested in learning more, or learning about including their community in the Mastodon Server Covenant, can find out more here.
We often tout things like “Mastodon is based on open web protocols” as one of its advantages. I want to elaborate why exactly that’s a good thing.
As a refresher, Mastodon implements the so-called ActivityPub protocol to enable Mastodon servers to talk to each other; that’s the basis of the “federation” we also like to bring up. Federation is what you already know from e-mail, even if you may not know it by name: It’s the concept of servers hosting users that can talk to users from other servers. That protocol pins down on paper how exactly such inter-server communication would look like, using a vocabulary that can be applied for a variety of purposes. And here’s the kicker:
The social network that is Mastodon isn’t really Mastodon. It’s bigger. It’s any piece of software that implements ActivityPub. That software can be wildly different in how it looks and what it does! But the social graph–what we call the people and their connections–is the same.
Mastodon is the software built around 500-character text posts.
You want something centered on photos and pictures? PixelFed is here.
You want to write long, rich blog posts? Plume is in development.
That’s not to mention a multitude of variations on the same concepts. PeerTube and PixelFed won’t be the only ones in their categories. For example, Misskey and Pleroma have a similar use case as Mastodon, but they make different choices in programming languages, design and functionality.
All of these platforms are different and they focus on different needs. And yet, the foundation is all the same: people subscribing to receive posts from other people. And so, they are all compatible. From within Mastodon, Pleroma, Misskey, PixelFed and PeerTube users can be followed and interacted with all the same.
And that’s the strength of using open web protocols. When you decide to switch to Mastodon, you’re not just gambling on the success of one project. You can be certain that regardless what happens with Mastodon, the network will live on and flourish. Newer and better software will be born within this ecosystem, but you will never have to drag all your friends and followers someplace else again–they’ll already be where they need to be.
If Twitter shuts down, you’ll lose your followers. If Facebook shuts down, you’ll lose your friends. For some platforms, it’s not a question of “if”, but “when”. Such events are usually followed by a scrambling into a variety of different platforms, where you inevitably lose some people as you have to make a choice which one to stay on. This happened before. But it doesn’t have to happen again. Use the federated web. Join Mastodon.
Mastodon 3.2
A look inside
The new Mastodon release brings you a much better audio player and improved support for different audio and video formats, as well as some additional security mechanisms.
The audio player has been completely reworked to have a more eye-catching design. It will extract album art from the uploaded audio file automatically, or allow you to upload a thumbnail of your own choosing to be displayed in the center. Dominant colors from the artwork or thumbnail will then be used to give the player a unique look.
Whereas previously video thumbnails were automatically taken from the first frame of the video, you now also have the ability to upload a custom thumbnail that will be displayed before the video starts playing. Simply click on “Edit” on a newly uploaded media file and then choose a new thumbnail!
When you share links to video or audio on Mastodon on other platforms, for example Twitter, your friends will be able to open Mastodon’s video or audio player right on that platform (assuming the platform supports the twitter:player tag).
To better protect your accounts when you’re not there, there’s a new security mechanism guarding new login attempts. When you don’t have two-factor authentication setup, have been away for at least two weeks, and someone tries to login to your account from a previously unseen IP address, they will be required to enter a token sent to your e-mail address.
It’s a feature more meant to guard those who forget to setup two-factor authentication, so if you are reading this, remember that it’s good practice to use two-factor authentication (Mastodon’s does not require a phone number or a Mastodon app, any TOTP app works), and to use a password manager to generate random and unique passwords for each account you have!
Have you ever blocked or muted someone but forgot why? Or have you followed someone but then forgot who they are? Now you can add personal notes to other accounts to keep track of who’s who. Visible only to you!
Conclusion
The 3.2 release consists of 380 commits by 27 contributors since May 14, 2020. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
It’s Mastodon 3.3 time 🎉 We’ve got security fixes, performance fixes, new moderation tools and quality of life features!
Reversible suspensions
The main change in this release of Mastodon is our approach to suspensions. Previously, suspending an account deleted all of its associated data immediately, so while an account could be unsuspended technically, the person would have to start completely from scratch. Of course, that wasn’t ideal – everybody makes mistakes. Now, the data is kept for 30 days after suspension, giving a long enough time window to correct mistakes or talk through appeals. The suspended person also gets the ability to download an archive of their account, which was not possible before. If there is a need to delete the data immediately, the option is still there for moderators.
But that’s not all: Whereas previously suspended accounts would not show up in the app at all, now, as long as they’re recoverable, they do show up and more clealy communicate that they’re in a suspended state. As Mastodon matures and grows, we’re striving for more transparency and fail-safety around moderation.
IP blocks
Another missing piece has been added to Mastodon’s moderation toolbox – the ability to control access from specific IP addresses or subnets. As a response to a troll making alternative accounts to evade suspensions or a bot farm creating spam accounts, server administrators can now either fully block access from an IP or send new accounts through the approval queue while letting everyone else sign-up normally.
Performance improvements
The release includes multiple performance optimizations both on the server-side and on the client-side. On the client-side, lag caused by typing up a new post should be if not completely removed, vastly reduced, and all live updates from the Streaming API now come through a single connection no matter how many different columns you have open, one or thirty. Requests for an account’s media tab, your favourites, bookmarks, or hashtags should be much faster. Operations involving deleting an account’s data are up to 100x faster, reducing delays in the system, and so on.
“Bell button”
Are you following an account that only posts once in a blue moon? And it would almost certainly be drowned out in an otherwise active home feed? Perhaps an artist that only posts new artwork, or a bot that posts weather warnings for your area – now you can choose to be notified when a person you follow makes a new post by toggling the bell button on their profile.
Pop-out media player
As for media, if you scroll away from an audio or video while it’s still playing, the playback will continue in the corner of your screen with convenient buttons to reply, boost, or favourite the post it’s from. You can also finally use familiar hotkeys to control audio and video playback – space to toggle playback, “m” to mute, “j” and “l” to jump backward and forward, and a few others. And finally, media modals got a facelift, now using the average color from the picture for the page overlay and always showing interactive buttons for the post underneath.
Conclusion
The 3.3 release consists of 619 commits by 21 contributors since July 27, 2020. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
Digital companion for detecting misinformation now available for testing
On behalf of the EUNOMIA project, in which I represent Mastodon, I am happy to announce that after nearly 3 years of development there is now a public pilot for the Mastodon community.
But first, what is EUNOMIA and who is EUNOMIA? EUNOMIA is a “digital companion” for social media, a set of additional functions that aim to combat the spread of misinformation by helping you critically analyze social media posts before re-sharing them. Currently available functions include:
Find who a piece of text originally comes from and how it changed as it travelled to your home feed through the information cascade
See when a post is using highly emotive language through sentiment analysis
At a glance, see potentially important information about the post author, such as account age
See whether other users have flagged the post as untrustworthy, and vote yourself
But those functions are only useful when you’re already looking at a post in-depth. You can also configure which criteria and thresholds should make the EUNOMIA indicator flash on a post, prompting you that a deeper look is warranted.
EUNOMIA is decentralized and stores its information, such as the aforementioned votes, on IPFS, a decentralized storage network. It is also not a commercial product, but an academic research project spearheaded by the University of Greenwich and financed through the European Horizon 2020 program. The team consists of 10 entities: 3 universities, 3 private software development companies, representatives from two social media companies (one of which is yours truly), and the Austrian public broadcasting company ORF.
EUNOMIA should in theory work with any social media platform, but thanks to its already decentralized nature and a fantastic API, Mastodon lended itself as the perfect prototyping environment, since it allows the project to develop with its own Mastodon setup that never touches any live user data.
It is important to highlight that as a research project no user data can be processed without explicit user consent and as such EUNOMIA is confined entirely to its own Mastodon servers. One of which is now being opened up for the first public pilot!
The public EUNOMIA pilot is now live at mastodon.eunomia.social! The pilot will last one week, unless the developers receive feedback from users that they would want it to stay on for longer. Keep in mind:
You must be 18 or above to sign-up for the pilot
There is highly complex tech involved so there probably will be bugs
The pilot will federate exclusively with another pilot server, decentralized.eunomia.social
The new Mastodon release brings you a much better audio player and improved support for different audio and video formats, as well as some additional security mechanisms.
The audio player has been completely reworked to have a more eye-catching design. It will extract album art from the uploaded audio file automatically, or allow you to upload a thumbnail of your own choosing to be displayed in the center. Dominant colors from the artwork or thumbnail will then be used to give the player a unique look.
Whereas previously video thumbnails were automatically taken from the first frame of the video, you now also have the ability to upload a custom thumbnail that will be displayed before the video starts playing. Simply click on “Edit” on a newly uploaded media file and then choose a new thumbnail!
When you share links to video or audio on Mastodon on other platforms, for example Twitter, your friends will be able to open Mastodon’s video or audio player right on that platform (assuming the platform supports the twitter:player tag).
To better protect your accounts when you’re not there, there’s a new security mechanism guarding new login attempts. When you don’t have two-factor authentication setup, have been away for at least two weeks, and someone tries to login to your account from a previously unseen IP address, they will be required to enter a token sent to your e-mail address.
It’s a feature more meant to guard those who forget to setup two-factor authentication, so if you are reading this, remember that it’s good practice to use two-factor authentication (Mastodon’s does not require a phone number or a Mastodon app, any TOTP app works), and to use a password manager to generate random and unique passwords for each account you have!
Have you ever blocked or muted someone but forgot why? Or have you followed someone but then forgot who they are? Now you can add personal notes to other accounts to keep track of who’s who. Visible only to you!
Conclusion
The 3.2 release consists of 380 commits by 27 contributors since May 14, 2020. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
After crowdfunding millions of dollars, social media platform Gab abandoned its own code and switched to the freely available Mastodon software in early 2019 as a way of circumventing Google’s and Apple’s ban on their own app from their app stores, since offering Mastodon’s client-side API would allow any existing Mastodon app to be used to access Gab. We have never had any sympathy for their thinly (if at all) veiled white supremacist platform so that was not a welcome move on our part, however the license that we publish our software under (AGPLv3) allows anyone to use it as they see fit as long as they keep the same license and make their modifications public.
While we gave up the ability to choose who can and cannot use our software by publishing our source code using this Free Software license, we can still choose who we as a project associate with. We are opposed to Gab’s philosophy, which uses the pretense of free speech absolutism as an excuse to platform racist and otherwise dehumanizing content.
Mastodon has been originally developed by a person of Jewish heritage and first-generation immigrant background and Mastodon’s userbase includes many people from marginalized communities. Mastodon’s decentralized approach that allows communities to self-govern according to their needs has enabled those marginalized communities to create safe spaces for themselves where previously they were reliant on big companies like Twitter to stand up for them, which these companies have often failed to do. While the Mastodon software is free for everyone to use and modify, our world view could not be further from Gab’s.
As a truly decentralized network, each Mastodon server operator has to make the call on their own. Many have already opted to block communication from Gab’s servers. On our side, we have blocked them from the Mastodon server that we operate, mastodon.social. We have also recently introduced a more strict policy for which Mastodon servers we promote through our official website joinmastodon.org, listing only such servers that commit to standing up against racism, sexism, homophobia and transphobia.
Updates
Last updated: Oct 28, 2021
On Mar 1, 2021, following a breach that likely resulted from Gab’s own modifications to the code and a failure to merge important security fixes from the upstream Mastodon code base, Gab changed the way it published its source code.
First, the public source code repository was taken offline, replacing the code with a message stating that the source code would be provided upon request by e-mail only. Whether this was compliant with the AGPLv3 license was quickly put into question.
At least as soon as the following day, a password-protected archive of the source code was uploaded to the repository, with the password provided in a separate README file.
However, despite changes evidently being made to Gab’s interface and functionality in the following months, that password-protected archive was not updated once in the following 7 months, prompting us to investigate a case of AGPLv3 violation.
On Oct 21, 2021, our legal team sent a Cease & Desist letter to Gab’s legal team, informing them that Gab is in breach of the AGPLv3 license. In response to the letter, the same day the password-protected archive of Gab’s source code was updated.
Disclaimer: Since Mastodon is decentralized, different Mastodon servers have a different view of the network depending on user activity, and providing an objective data summary across the entire network is not currently possible. Data provided in this blog post is provided as-seen-from mastodon.social, the oldest and one of the more well connected servers, but it is nevertheless biased towards mastodon.social’s demographic and may not represent other parts of the fediverse accurately.
Disclaimer: We collect aggregate statistics by crawling fediverse servers that identify themselves as running Mastodon. We may not be aware of all Mastodon servers, and aggregate statistics can be disabled for some servers. Temporary service outages across different servers may lead to day-to-day disparities between collected numbers.
2,749,065 total users (+930,724 since January)
244,634 active users (+814 since January)
2,551 active Mastodon servers
As for the mastodon.social server, here are some of our numbers for 2021:
Inspired by a joke post I decided to go ahead and compile a list of the most shared things on Mastodon in 2018.
Trump's new social media platform found using Mastodon code
Eugen Rochko
Oct 29, 2021
From media reports and individual findings that various people have presented to us, it seems that the new social media platform owned by the former president of the United States, Donald J. Trump, so-called Truth Social, is using Mastodon’s source code with various visual adjustments. The platform has not formally launched yet, but it was made accessible ahead of time. Users were quick to note that the terms of service included a worrying passage, claiming that the site is proprietary property and all source code and software are owned or controlled by them or licensed to them:
Using the Blurhash algorithm in Mastodon 2.8.1 to generate prettier previews for sensitive media
Mastodon 2.8
Eugen Rochko
Apr 10, 2019
In this release: Polls, new tools for managing followers, new frontpage design, new admin features, Keybase integration, and more
Mastodon now available on DigitalOcean
Eugen Rochko
Apr 7, 2019
We have published a 1-click install image on DigitalOcean. This reduces the initial time investment in self-hosting Mastodon substantially. You create a new droplet, choose the Mastodon image, and once it boots up, you are taken through an interactive setup prompt. The only necessary information for the prompt is a domain name (it should already be pointing at the IP address of your droplet!) and credentials to some e-mail delivery service, like SparkPost, Mailgun, Sendgrid, or something similar.
The role of mastodon.social in the Mastodon ecosystem
Eugen Rochko
Mar 20, 2019
Can you imagine Facebook closing registrations and saying “Sorry, we have too many users already, you can go sign up on Twitter instead”? And yet, this sort of situation comes up with Mastodon every so often, in regards to the mastodon.social server. You see, Mastodon is decentralized. That means there is no “main” server. If mastodon.social actually disappeared from the face of the Earth, it would not bring down the Mastodon network at all.
Mastodon 2.7
Eugen Rochko
Jan 20, 2019
In this release: New profile directory, new tutorial, new public hashtag pages and more moderation tools
Why does decentralization matter?
Eugen Rochko
Dec 30, 2018
Reasons why you should care about how your social network is run and structured
After more than a month of work, I am happy to announce the new version of Mastodon, with improved visuals, a new way to assert your identity, and a lot of bug fixes.
Verification
Verifying identity in a network with no central authority is not straightforward. But there is a way. It requires a change in mindset, though. Twitter teaches us that people who have a checkmark next to their name are real and important, and those that don’t are not. That delegates a lot of the decision making to Twitter, the authority. Without a central authority, that decision making cannot be delegated. So, how does identity verification work on Mastodon?
The answer is links. If you have a personal website called johndoe.com, and you link from your site to your Mastodon profile, then people know you are the real John Doe – the link appears verified on your profile. This option is accessible to everyone, not just celebrities. Having a verified link does not confer any special features like it does on Twitter. All safety and convenience features are always available to everyone. Some people don’t need or want to have a recognizable and verified identity, and that is valid, too.
Of course the caveat is that people have to trust the linked website to be able to infer the identity. It’s certainly a more useful feature when you have a recognizable website. However, it does also work with Twitter profiles, so you can at least confirm that you are the same person as you are on Twitter, if that’s something you need.
Check the “Edit profile” page for instructions on how to do that!
Direct messages remaster
The direct messages functionality of Mastodon has been remastered. You can now browse your direct messages grouped by conversations with specific people and conversations you haven’t opened will be highlighted, just like you would expect from other services. This should make keeping up with important messages easier.
In-stream link previews
This has been requested for a long time – link previews and interactive players from sites like YouTube and Vimeo will now appear in-stream, and not only in detailed view. Interactive players have a play button which loads the actual content – no third-party scripts are loaded until you press it, so there is no privacy cost to the convenience.
Reports grouping and blocking
For server administrators and moderators, the reporting system has been improved. Reports are now grouped by the target account visually, so even many reports about one person do not obfuscate others. Reports originating from a specific domain can be blocked if they are impractical. All staff members have a way to opt out of notification e-mails about reports. This should greatly reduce the effects of mass-reporting, so moderators can focus on the quality of reports over their quantity.
Command-line tools
The command-line interface for Mastodon, tootctl (as in “toot control”), has been expanded. Many commands were added for managing accounts, generating account backups, and performing various maintenance tasks. For example, to give someone moderator privileges from the command line, you could do:
bin/tootctl accounts modify alice93 --role moderator
To give a username that was previously used by someone who deleted their account to a new person, with a randomly generated password:
Mastodon 2.5 is the 100th released version of Mastodon since the project’s inception almost 2 years ago.It brings a variety of improvements to the software, the full list of which is available in the changelog. Public profile page The public areas of the web interface have been redesigned. The color scheme and design is now more consistent with the logged-in interface. The new profile layout makes better use of space for bio text and increases the value of header images.
If you could edit tweets
Eugen Rochko
Jun 19, 2018
A fresh new release of the federated social network software is here, and while the primary focus of it has been on fixing bugs and improving performance, it brings a couple of notable new features to the board. Delete & Redraft There are legitimate reasons why social media platforms rarely, if ever, have an editing function. In an environment where content spreads like wildfire in a matter of minutes, you could easily conceive of nefarious misuses such as creating a post about something agreeable and positive, and, once it reaches critical mass, changing the content to something malicious.
In this long-awaited release: Polls, new tools for managing followers, new frontpage design, new admin features, Keybase integration, and more.
Mastodon now has a poll feature. Instead of attaching images or video to your post, you can ask your followers to choose an answer to your question. You can choose how long a poll will remain open for. Polls in private posts are accessible only to your followers.
You can now choose which hashtags to feature on your profile. They will be displayed on the sidebar and allow visitors to browse your posts specifically under those hashtags.
A new server setting will allow communities to grow without worrying about spammers, trolls, or unexpected traffic spikes: Instead of allowing everyone to sign up, or allowing nobody to sign up, a server owner can choose to let people apply for an invite and manually approve sign-ups.
The landing page has been simplified to its essence: Sign up form, quick access to a login form for returning users, short and to the point information about the server, and links to ways of exploring the server.
The design of profiles within the web app has been changed to match the design of public profiles more closely, making better use of space and showing the header image without obscuring it.
There is a new powerful UI for managing your followers and follows. It allows you to filter them by various criteria, such as your mutuals, or who hasn’t been active in a long time, and you can unfollow them in batches, as well as remove them from your followers in batches.
In a similar vein, the import tool for follows, mutes, and blocks now allows you to choose whether the imported data will merge with what you already had in your account, or replace it.
Among other things, Mastodon now supports Keybase’s new proof system, allowing you to connect your Keybase account with your Mastodon account to affirm your identity across the web. Keybase is slowly rolling this feature out on their side, and it will eventually be available to all Mastodon servers.
Conclusion
The 2.8 release consists of 392 commits by 32 contributors since January 28, 2019. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
Translators for this release: Aditoo, Albakham, Alessandro Levati, Ali Demirtas, Alix D. R., Amrz0, Andrew Zyabin, Angeles Broullón, Antonis, arshat, Austin Jones, Becci Cat, Besnik Bleta, Burekz Finezt, ButterflyOfFire, dxwc, Einhjeriar, Eirworks, Evgeny Petrov, goofy-mdn, Hinaloe, Ivan Pleva, Jaz-Michael King, Jeong Arm, jeroenpraat, Joseph Nuthalapati, João Pinheiro, Kaitian Xie, Kevin Houlihan, koyu, Kristijan Tkalec, Kumasun Morino, Leia, lilo, Maigonis, Marcin Mikołajczak, Marek Ľach, martialarts, Masoud Abkenar, Max Winkler, mayaeh, Mikko Poussu, Mélanie Chauvel, Osoitz, Owain Rhys Lewis, pan93412, parnikkapore, Peter, Quenti2, Quentí, Rasmus Sæderup, Renato “Lond” Cerqueira, Sarunas Medeikis, Sergio Soriano, spla, Thai Localization, Vanege, Xose M., Павел Гастелло, 森の子リスのミーコの大冒険
In this release: New profile directory, new tutorial, new public hashtag pages and more moderation tools
Mastodon 2.6 released
Eugen Rochko
Oct 31, 2018
After more than a month of work, I am happy to announce the new version of Mastodon, with improved visuals, a new way to assert your identity, and a lot of bug fixes.Verification Verifying identity in a network with no central authority is not straightforward. But there is a way. It requires a change in mindset, though. Twitter teaches us that people who have a checkmark next to their name are real and important, and those that don’t are not.
About 6 months have passed since April, during which the major mainstream breakthrough of our decentralized social network took place. From 20,000 users to almost a million! What better time to run through a couple examples of what’s been introduced since then?
Mastodon is defined by its focus on good user experience, polished design and superior anti-abuse tools. In that vein, the web app has received numerous updates. Using the latest browser features, the web app receives real push notifications, making it almost indistinguishable from a native mobile app. It works faster and looks smoother thanks to many performance and design improvements.
On the desktop, it allows you to add, remove and rearrange columns. It can even be navigated and controlled using hotkeys!
When you get annoyed by notifications for a toot of yours that’s gone viral, or a conversation you’ve been tagged in that you no longer have interest in, you have the ability to simply mute the whole thread. If you keep encountering content you hate and it always comes from a specific domain, but your admins won’t do anything about it (or perhaps it’s annoying, but merely on a personal level), you no longer have to rely on your admin: You can simply hide everything from a particular domain for yourself.
A lot of attention has been given to how the user interface presents itself to onlookers. Both in terms of OpenGraph tags, which is to say, how links to Mastodon look when shared on other social networks or apps like Discord, and in terms of the sign-up, about, profile, toot and hashtag pages. The profile pages let you filter someone’s toots, for example to only see ones that include pictures or videos, which is a great addition for all artists and photographers. The sign up and hashtag pages do a better job of showing what’s actually inside in terms of content.
Mastodon is a global experience. That means a lot of language diversity. Since most people don’t know most languages, language filters have been added so you can decide which ones to see.
Another addition is custom emoji. That is a concept more familiar to Discord and Twitch users, but it’s a first for a social network. Custom emoji add flavours to instances and allow people to express very specific things that could never be conveyed by standardized Unicode characters.
There are a lot of other small features and important fixes. Better logos, better icons, ongoing improvements to accessibility such as image descriptions for screen readers; upgrades to the protocol, better APIs… You can view the detailed release notes of 2.0 here.
It’s also worth mentioning that the central resource for the Mastodon project is now the joinMastodon.org website, which explains the benefits of decentralization, links to all related resources, lists the project’s sponsors, and most importantly, provides an overview of the existing network. If you want to tell someone about Mastodon, you’ve got two options now— invite them over to the instance you’re using, or link them to joinMastodon.org where they’ll pick one on their own.
More than ever people need an escape hatch, an alternative to commercial networks that are incentivized to keep bad actors around to drive engagement, that sell your time and screen estate to advertisers and then throw you out without recourse for saying a bad word to a celebrity. Mastodon is that hatch. It’s an alternative reality where communities know and care about each other and moderators aren’t far away from the users. Free software stands first and foremost for the freedom of its user.
So you want to join Mastodon and get tooting. Great! Here’s how to dive straight in.
Let’s start with the basics. What is this?
Mastodon is a microblogging platform akin to others you may have seen, such as Twitter, but instead of being centralised it is a federated network which operates in a similar way to email.
Like email, you choose your server and whether it’s GMail, Outlook, iCloud, wherever you sign up you know you’ll be able to email everyone you need to so long as you know their address.
The word “instance” is often used on Mastodon as a synonym of server.
This means there’s no big uncaring company running it all, no shareholders, no central control, none of the targeted advertising we’re all fed up with, just a bunch of people sharing the things they want to share with each other.
Where do I sign up?
The first thing you have to do is choose your server. This is an extra step compared to sites like Twitter or Tumblr, but isn’t as difficult as it may seem.
Like with email, your identity is hosted by the server you sign up on. So for example, I joined mastodon.social so to mention me you can type @nico@mastodon.social in your post.
If what you want to talk about most fits into a clear category (maybe it’s video games or art or queer life or coding or fiction or whatever) then it might be worth making your first server one where that will primarily host that sort of content – it’ll be easier to make connections and find like-minded folk. Some consider your server to be like a neighbourhood or a venue where the general chatter can have a specific focus.
You have the ability to view all public local posts that have been made by people on your server in the so-called “local timeline”.
If you aren’t here to stick mainly to one topic, you’ll likely want to pick a server that caters to general interests. Either way, there’s a helpful server picker tool on joinmastodon.org.
Don’t panic! You’ll be able to chatter to people on other servers, no matter which one you choose. Remember, this is like email and you can still email your mum on her ancient Yahoo account from your GMail, for example.
The word “fediverse” (federated universe) refers to the network of all Mastodon servers and other projects, users of which are able to talk to each other seamlessly.
In time, you might find yourself wanting an account on another server, whether that means moving your primary account or having a secondary account for a certain aspect of yourself. This is normal behaviour on the fediverse and nothing to worry about. People are completely used to seeing the occasional post like this:
Knowing your server
Take a moment before registering to check out the rules of your chosen server and make sure they are compatible with how you want to be tooting.
Posts on Mastodon are called “toots”, because that’s the sound an elephant makes.
Under the sign up form you will see a link to the rules page. It is likewise linked from the “Learn more” button under “Administered by”; on other pages, the rules are linked in the footer as simply “About”. You could also just enter the correct URL into the address bar of your browser directly as it always follows a format like https://mastodon.social/about/more.
The rules page also tells you who the owner/administrator of the server is. Most servers set you up following the admin when you sign up, kind of like a modern take on MySpace Tom. This is great, it means you know who to ask if you run into problems and you can receive server-specific announcements (like when the software is being upgraded) and in general it’s great to know who runs the server you’re on.
Admins are super friendly people who are usually running the server out of their own pocket so it’s good to get to know them like you would a landlord. Many accept donations to cover the running costs and if you’re able to contribute then it’s always appreciated.
I think I found my new home!
Head to the homepage of your server and choose your username and password in the sign up form. You’ll need an email address to register, which you will be asked to confirm before being able to log in.
Next thing to do is upload your profile picture, give the settings page a good once-over (and do come back to it when you’ve been on Mastodon a week or so just to make any tweaks that might help your experience) and get ready to introduce yourself.
Some interesting settings worth checking are: two-factor authentication to improve your account’s security; GIF autoplay which is turned off by default; the language you intend to post in; and the languages you prefer seeing when viewing the local, federated, and hashtag timelines (by default, you see all languages).
Hashtags are a really important thing on Mastodon. In fact, they are the only part of the content of toots that is searchable. So if you want to be found by people who are looking for toots about photography it’s best to include #photography.
For multiple word hashtags, please use camel case #LikeThisGoodHashtag instead of #likethisbadhashtag for accessibility reasons.
So for your first toot, a great idea is to post a short #introduction giving some information about yourself and what your interests are and what you’ll be talking about on Mastodon. That’s also a great hashtag to search, you’ll find lots of other people new to the network and many will care about the things you do.
A quick tour of the web interface
Mastodon offers many apps, both for mobile phones and for the browser; you are not locked into using the standard interface. For a simplified experience, try out Pinafore
The standard Mastodon interface has multiple columns rather than a single feed. You can move or remove these at your leisure.
Home is all the toots in chronological order of the people you’re following. It includes the toots of people on your server and on other servers, all that matters is that it’s people you follow. Some people like to disable boosts in this column so they just see what their follows themselves say. That option is there if you click the settings button on the top right of the column.
“Boost” (as in “signal boost” or “rocket boost”) is a synonym of “reblog” or “retweet” in Mastodon.
Notifications does what it says on the tin. Again, this is across the fediverse. The settings button (top right) has a range of options for this column. You may want to turn off the “boop” sound, for example.
Local timeline is the live feed of all the toots of people on your server. On many servers, particularly smaller ones and ones focused on a particular topic, this is where the magic happens. It feels like a town square or Slack chatroom. You can reply to people from there and it’s a great place to meet people.
The federated timeline is a view of all the public toots your servers knows about from across the whole network (including local ones). The most common reason that something appears in the federated timeline is that someone from your server follows the author of that toot. This column moves fast, and can often be pretty wild. I enjoy setting that column to show only toots with media, hiding boosts, then seeing a constant stream of daft selfies, hot memes, and funky art.
You can also pin a column for a hashtag you’re interested in – just search for that hashtag and then in the column settings choose “pin” and done.
Using content warnings
One of the best features on Mastodon is that button that says “CW” where you write your toots. Clicking that adds a content warning field where you can put information about what the toot contains (eg. mental health, politics, lewd talk, nudity) so that people don’t have to see content they wish to avoid, for whatever reason. Of course, it’s also great for show or book spoilers.
A common convention is to put +, -, or ~ in a content warning to signify if the contents are broadly positive, negative, or mixed respectively.
My advice is simple: if you’re not sure whether a toot needs a CW or not, give it a CW. People really appreciate it and it doesn’t do any harm to be too cautious and too respectful of others.
You can also use a CW to summarise a long post. Some use it for joke punchlines. Maybe you’ll think of other uses for it. Have fun.
The role of mastodon.social in the Mastodon ecosystem
Can you imagine Facebook closing registrations and saying “Sorry, we have too many users already, you can go sign up on Twitter instead”? And yet, this sort of situation comes up with Mastodon every so often, in regards to the mastodon.social server.
You see, Mastodon is decentralized. That means there is no “main” server. If mastodon.social actually disappeared from the face of the Earth, it would not bring down the Mastodon network at all. But it is one of the biggest servers, meaning that if you look at the registered userbase, it is “effectively centralized”. 300,000 is not a small chunk of 2,000,000, after all.
No other social network has a problem like that, or rather, they would not consider it a problem, at all. But some believe that the Mastodon project should actively enforce decentralization in terms of user distribution, and that presents a unique challenge. Frankly, the only precedent that I can think of, obscure as it is, and on a much smaller scale, is Blizzard’s distribution of World of Warcraft players on different realms.
The challenge lies herein: Since most other social networks are centralized, there is an expectation in people’s minds that “sign up on Mastodon” is equal to “sign up on mastodon.social”. Explaining the difference, the importance of the difference, and making the reader consciously choose a server out of an incredibly wide selection, all within the limited attention span of a just mildly curious person, is not simple.
I have been trying to deal with this issue for most of Mastodon’s existence. There are many benefits from not having everyone use the same server, that I have described in a different article.
There are two dimensions to the problem. One, when a person arrives at the mastodon.social address directly, instead of joinmastodon.org, there is no way to ensure that they sign up somewhere else, you can only ensure that they don’t sign up here. You can close registrations, put up a message linking back to joinmastodon.org. Sorry, we’re full!
The other dimension is when people arrive at joinmastodon.org, as is expected. It has a large, filterable list of Mastodon servers ready to accept new members, that people are supposed to scroll through to find the one that will fit them. Here, you can just hide mastodon.social from the list, to not make it an option for people to choose. Problem solved!
But…
These solutions solve one problem, while creating another.
When you close registrations and put up a link to go somewhere else, the reality of the situation is that there will be a non-zero amount of people who will just drop out and lose interest at that point. And if they don’t, and they navigate through the link to joinmastodon.org? Choice is difficult. Most Mastodon servers out there are themed around specific interests or identities. You’re in academia? scholar.social. You’re a photographer? photog.social. Video games? elekk.xyz. But what if you don’t feel like you belong in any particular category like that? Twitter didn’t force you to decide on your interests upfront. General-purpose servers seem to be a rarity. And even the ones that are around, not all of them have the benefit of having “mastodon” in the domain name.
It does feel like the growth of the fediverse slows down when mastodon.social is unavailable.
It is a hard call to make. I have closed and re-opened registrations on mastodon.social multiple times in the course of its history. There is definitely a danger in effective centralization, and I am for example worried about GMail’s hegemony in the e-mail ecosystem. But I also believe that growth is key to the network, as it won’t be able to compete with centralized alternatives otherwise. A musician won’t ask themselves if every of the 4,000 servers has an equal number of users, they will pick the network where they see the best perspective to reach fans or make connections with fellow musicians.
It’s worth mentioning that many people who are now running large and active Mastodon servers have started with a mastodon.social account. It is the easy choice to sign up on without knowing anything else, and it is much easier to educate someone on Mastodon about decentralization, than say, educate someone who lost interest in Mastodon because they were turned away and went back to Twitter.
Today, I am re-opening registrations on mastodon.social after nearly three months. I don’t know if I’ll always be able to keep them open, or if someone will come up with more effective ways of onboarding new users, but this here is an explanation for the past and the future of why it is such a contested topic.
Mastodon 2.8
Highlights from the changelog
In this long-awaited release: Polls, new tools for managing followers, new frontpage design, new admin features, Keybase integration, and more.
Mastodon now has a poll feature. Instead of attaching images or video to your post, you can ask your followers to choose an answer to your question. You can choose how long a poll will remain open for. Polls in private posts are accessible only to your followers.
You can now choose which hashtags to feature on your profile. They will be displayed on the sidebar and allow visitors to browse your posts specifically under those hashtags.
A new server setting will allow communities to grow without worrying about spammers, trolls, or unexpected traffic spikes: Instead of allowing everyone to sign up, or allowing nobody to sign up, a server owner can choose to let people apply for an invite and manually approve sign-ups.
The landing page has been simplified to its essence: Sign up form, quick access to a login form for returning users, short and to the point information about the server, and links to ways of exploring the server.
The design of profiles within the web app has been changed to match the design of public profiles more closely, making better use of space and showing the header image without obscuring it.
There is a new powerful UI for managing your followers and follows. It allows you to filter them by various criteria, such as your mutuals, or who hasn’t been active in a long time, and you can unfollow them in batches, as well as remove them from your followers in batches.
In a similar vein, the import tool for follows, mutes, and blocks now allows you to choose whether the imported data will merge with what you already had in your account, or replace it.
Among other things, Mastodon now supports Keybase’s new proof system, allowing you to connect your Keybase account with your Mastodon account to affirm your identity across the web. Keybase is slowly rolling this feature out on their side, and it will eventually be available to all Mastodon servers.
Conclusion
The 2.8 release consists of 392 commits by 32 contributors since January 28, 2019. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
Translators for this release: Aditoo, Albakham, Alessandro Levati, Ali Demirtas, Alix D. R., Amrz0, Andrew Zyabin, Angeles Broullón, Antonis, arshat, Austin Jones, Becci Cat, Besnik Bleta, Burekz Finezt, ButterflyOfFire, dxwc, Einhjeriar, Eirworks, Evgeny Petrov, goofy-mdn, Hinaloe, Ivan Pleva, Jaz-Michael King, Jeong Arm, jeroenpraat, Joseph Nuthalapati, João Pinheiro, Kaitian Xie, Kevin Houlihan, koyu, Kristijan Tkalec, Kumasun Morino, Leia, lilo, Maigonis, Marcin Mikołajczak, Marek Ľach, martialarts, Masoud Abkenar, Max Winkler, mayaeh, Mikko Poussu, Mélanie Chauvel, Osoitz, Owain Rhys Lewis, pan93412, parnikkapore, Peter, Quenti2, Quentí, Rasmus Sæderup, Renato “Lond” Cerqueira, Sarunas Medeikis, Sergio Soriano, spla, Thai Localization, Vanege, Xose M., Павел Гастелло, 森の子リスのミーコの大冒険
A committee of members of the European Parliament have voted to approve Article 11 and Article 13, which pose a risk to the decentralization of the web and freedom of creative expression.
#DeleteFacebook
Eugen Rochko
Mar 21, 2018
Deep down you always knew it. On the edge of your perception, you always heard the people who talked about the erosion of privacy, that there was no such thing as free cheese, that if you don’t pay — then you’re the product. Now you know that it’s true. Cambridge Analytica has sucked the data so kindly and diligently collected by Facebook and used that data to influence the US elections (and who knows what else).
Replacing the Pillars of the Internet
Tremaine Friske
Mar 7, 2018
This article assumes you’ve read my previous two blog posts, here and here. Why not give them a quick read if you haven’t already? To balance out the doom and gloom of an internet wholly under the thrall of corporate interests and fed through single channels devoid of competition, it’s worth being aware of just how pervasive and powerful an idea decentralization is in the 21st century. The structure of things now are remnants of the way things have always been done: we trust in a singular authority to manage everything behind the scenes so that our experience on this side remains seamless.
Twitter is not a public utility
Eugen Rochko
Mar 3, 2018
Isn’t it a bit strange that the entire world has to wait on the CEO of Twitter to come around on what constitutes healthy discourse? I am not talking about it being too little, too late. Rather, my issue is with “instant, public, global messaging and conversation” being entirely dependent on one single privately held company’s whims. Perhaps they want to go in the right direction right now for once, but who’s to say how their opinion changes in the future?
The Centralization of Power on the Internet
Tremaine Friske
Feb 28, 2018
The online space is dominated by a small handful of companies that command a disproportionate amount of power and influence over the entire online experience, not just social media. So much influence that several of these companies have fundamentally altered many aspects of life offline; often described with the floral language of the privileged as ‘disruptive,’ but more clearly understood in the common tongue as ‘destructive.’’ The five most valuable companies at the end of 2017 were, in order: Apple, Alphabet (the company that owns Google), Microsoft, Amazon, and Facebook.
This Isn’t About Social Media. This is About Control.
Tremaine Friske
Feb 19, 2018
Human beings, above all else, are storytellers. It’s how we relate to our own past, or personalities, or each other. It’s how to connect with the world around us, make sense of events, and assess values. We rely on stories to function as agents in the world. These stories are often told in-person: “oh, I did this today, I felt like this, then this happened and I was like ‘whoa no way!
Digital companion for detecting misinformation now available for testing
On behalf of the EUNOMIA project, in which I represent Mastodon, I am happy to announce that after nearly 3 years of development there is now a public pilot for the Mastodon community.
But first, what is EUNOMIA and who is EUNOMIA? EUNOMIA is a “digital companion” for social media, a set of additional functions that aim to combat the spread of misinformation by helping you critically analyze social media posts before re-sharing them. Currently available functions include:
Find who a piece of text originally comes from and how it changed as it travelled to your home feed through the information cascade
See when a post is using highly emotive language through sentiment analysis
At a glance, see potentially important information about the post author, such as account age
See whether other users have flagged the post as untrustworthy, and vote yourself
But those functions are only useful when you’re already looking at a post in-depth. You can also configure which criteria and thresholds should make the EUNOMIA indicator flash on a post, prompting you that a deeper look is warranted.
EUNOMIA is decentralized and stores its information, such as the aforementioned votes, on IPFS, a decentralized storage network. It is also not a commercial product, but an academic research project spearheaded by the University of Greenwich and financed through the European Horizon 2020 program. The team consists of 10 entities: 3 universities, 3 private software development companies, representatives from two social media companies (one of which is yours truly), and the Austrian public broadcasting company ORF.
EUNOMIA should in theory work with any social media platform, but thanks to its already decentralized nature and a fantastic API, Mastodon lended itself as the perfect prototyping environment, since it allows the project to develop with its own Mastodon setup that never touches any live user data.
It is important to highlight that as a research project no user data can be processed without explicit user consent and as such EUNOMIA is confined entirely to its own Mastodon servers. One of which is now being opened up for the first public pilot!
The public EUNOMIA pilot is now live at mastodon.eunomia.social! The pilot will last one week, unless the developers receive feedback from users that they would want it to stay on for longer. Keep in mind:
You must be 18 or above to sign-up for the pilot
There is highly complex tech involved so there probably will be bugs
The pilot will federate exclusively with another pilot server, decentralized.eunomia.social
So you want to be part of the Mastodon network, and you want to truly own your data, independent of anyone else. Perhaps you want to curate a niche community for a specific interest, or maybe for your own family or close circle of friends. You went through the documentation and installed the software, or maybe you chose one of the available hosting options to avoid all the technical nonsense altogether.
This Isn’t About Social Media. This is About Control.
Tremaine Friske
Feb 19, 2018
Human beings, above all else, are storytellers. It’s how we relate to our own past, or personalities, or each other. It’s how to connect with the world around us, make sense of events, and assess values. We rely on stories to function as agents in the world. These stories are often told in-person: “oh, I did this today, I felt like this, then this happened and I was like ‘whoa no way!
Mastodon 2.0
Eugen Rochko
Oct 19, 2017
About 6 months have passed since April, during which the major mainstream breakthrough of our decentralized social network took place. From 20,000 users to almost a million! What better time to run through a couple examples of what’s been introduced since then? Mastodon is defined by its focus on good user experience, polished design and superior anti-abuse tools. In that vein, the web app has received numerous updates. Using the latest browser features, the web app receives real push notifications, making it almost indistinguishable from a native mobile app.
Mastodon and the W3C
Eugen Rochko
Sep 10, 2017
Mastodon is a free, open-source federated social network spanning over 800,000 users spread across more than 2,000 servers. Mastodon v1.6 is here, and it is the first Mastodon release which fully implements the ActivityPub protocol. ActivityPub is a new federated messaging protocol developed by the World Wide Web Consortium (W3C) which aims to fix the shortcomings of past standards like OStatus. Mastodon is one of the first platforms, and certainly the first major platform to implement this new standard and prove it in the wild.
M for Mastodon
Eugen Rochko
Aug 1, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network with over 760,000 users. You can check it out here. The Mastodon project is finally well-represented visually. I always felt like the previous logo did not do it justice. To its credit, it was both an M, and 3 sideways speech bubbles, but it did not scale well and overall it was just a circle.
April post-mortem
Eugen Rochko
Apr 25, 2017
This is an update for my Patreon supporters. It is posted on Medium because of its superiour formatting capabilities. So, April, huh. A lot happened. I was putting off writing an update on here because I knew I had to go into detail on all the things that happened, and that’s quite a daunting task. Before I dive into things, a couple short notices: The way I work with the GitHub repository has changed.
A brief overview of current efforts and innovations in the decentralization movement on the World Wide Web.
This article assumes you’ve read my previous two blog posts, here and here. Why not give them a quick read if you haven’t already?
To balance out the doom and gloom of an internet wholly under the thrall of corporate interests and fed through single channels devoid of competition, it’s worth being aware of just how pervasive and powerful an idea decentralization is in the 21st century.
The structure of things now are remnants of the way things have always been done: we trust in a singular authority to manage everything behind the scenes so that our experience on this side remains seamless. ISPs, once a central requirement, are increasingly becoming outmoded, antiquated, and unnecessary. Do we need a middleman managing what is, for all intents and purposes, access to a utility?
Now, the same goes for the acts of communication themselves. We don’t need centralized servers, ostensibly the property of a single organization: we live in a time when the computers we keep on our persons, on our desks, and even run as virtual instances in the cloud are powerful enough to accomplish the same ends, without the need for a profit-driven entity to do the hard work for us.
Decentralization of services on the internet is critical. It has fundamentally transformed the way we share large files online already: bittorrent is, whatever you might think of it, a hugely successful demonstration of the power of decentralized services.
Mastodon is more than just a twitter-like platform. It’s proof that microblogging isn’t something that needs corporate ownership to be functional. Moreover, it’s flexible: with very little tweaking Mastodon instances can operate like Instagram, like Snapchat, or like any other content that comes tucked away in a container.
More than functionally-similar, it can maintain cross-compatibility, and continue to federate with instances that can run with completely different rules. One project, Peertube, does exactly this. A federated, decentralized video sharing platform using the same backend as Mastodon, but around the sharing of video clips.
Outside of social media, decentralization is, and has, paved the way for radical communication. We often don’t consider this, but the World Wide Web itself is decentralized (or should be, lest we ask Facebook), and so is Email: the original federated communications system. Going forward, these ideas are taking on a new life.
Matrix is exactly the kind of exciting development that high-speed, synchronous communications have been waiting for, and more. It offers extremely secure end-to-end communication, is designed to be applicable to just about any communication channel, and ready for enterprising developers to implement it. Not later, but now: you can start using Matrix immediately.
This is a serious development: serious enough that the forthcoming Librem-5 phone from Purism incorporates it natively.
Let’s think about the future, by thinking about the present.
Despite the current US political climate, many states are enshrining net neutrality rules that disallow ISPs to play favorites with traffic. This is, to my mind, a powerful step to ensuring they operate as utilities and not as luxuries.
But do we need ISPs at all? Many communities have sued large ISPs for failing to deliver on contracts, and opt instead to install and manage extremely high-speed fiber optic networks themselves. In New York, this has gone one step further: NYMesh.
A decentralized, high-speed network that operates from node to node, independent from ISPs, and at no profit. Not only is it community-owned and oriented for public use, it’s functional even during emergencies, for anyone willing to participate. The speeds it delivers are comparable, and exceed, what you can get from traditional ISPs at reasonable prices.
As hardware improves for line-of-sight data transmission and for mesh networks to operate phone-to-phone, or even from local wireless repeaters owned and maintained at the municipal level, the need for corporate structures to exist as a measure of control disappears altogether. We are on the cusp of a massive shift towards an end to the central control of our experiences, but only if we’re willing to make the changes individually.
Mastodon isn’t the first decentralized anything, but it’s the first real proof that we can have what, until recently, has only been promised by huge corporations at the cost of our privacy, our data, and our intellectual freedom. It gives back a platform; the first of many.
How long until someone develops a way to host a facebook-alike platform without the need for a centralized server? It doesn’t have to be long: we have the means today, all we need now is the will to change.
To get started with Mastodon, go to JoinMastodon.org and pick a place to call home! Use the drop-down menus to help narrow your search by interest and language, and find a community to call your own! Don’t let the fediverse miss out on what you have to say!
Most popular content of the fediverse from 2021 and some numbers
Trump's new social media platform found using Mastodon code
Eugen Rochko
Oct 29, 2021
From media reports and individual findings that various people have presented to us, it seems that the new social media platform owned by the former president of the United States, Donald J. Trump, so-called Truth Social, is using Mastodon’s source code with various visual adjustments. The platform has not formally launched yet, but it was made accessible ahead of time. Users were quick to note that the terms of service included a worrying passage, claiming that the site is proprietary property and all source code and software are owned or controlled by them or licensed to them:
Mastodon now a non-profit organisation
Eugen Rochko
Aug 13, 2021
In June, I was able to officially register Mastodon gGmbH after nearly 8 months of legal work (“gGmbH” means “non-profit limited liability company”). A non-profit limited liability company in Germany is structered and operates similarly to a for-profit limited liability company with a few key differences. The founding document of the company is written such that the activity of the company is working towards goals that benefit the public; the shareholders may not receive any revenue from the company’s activities and can at most withdraw the funds that they originally paid in; employees may not receive extraordinarily high wages; and the company can receive donations which are then tax-free, although any other income that does not fit the definition of a donation continues to incur various taxes.
Why EUNOMIA builds on Mastodon
Eugen Rochko
Aug 4, 2020
An ever growing problem of the modern social media-rich world is misinformation. The trust that was previously placed into government officials and journalism has eroded; the internet gave everyone a voice but with it made it so much more difficult to distinguish truth from fabrication. The consequences of this are very real: Almost eradicated illnesses are making a comeback because people refuse to vaccinate their children, Covid-19 is continuing to spread because people refuse to wear masks and practice social distancing, more and more people start believing that the Earth is flat and descend down a rabbit hole of ever more absurd conspiracy theories.
Gab switches to Mastodon's code
Eugen Rochko
Jul 4, 2019
After crowdfunding millions of dollars, social media platform Gab abandoned its own code and switched to the freely available Mastodon software in early 2019 as a way of circumventing Google’s and Apple’s ban on their own app from their app stores, since offering Mastodon’s client-side API would allow any existing Mastodon app to be used to access Gab. We have never had any sympathy for their thinly (if at all) veiled white supremacist platform so that was not a welcome move on our part, however the license that we publish our software under (AGPLv3) allows anyone to use it as they see fit as long as they keep the same license and make their modifications public.
Introducing the Mastodon Server Covenant
Eugen Rochko
May 16, 2019
To provide a safer experience to new Mastodon users, we are changing the joinmastodon.org server picker
Nowe wydanie Mastodona wprowadza zdecydowanie lepszy odtwarzacz audio, usprawnioną obsługę różnorodnych formatów audio i wideo, a także dodatkowe mechanizmy zabezpieczające.
Ten wpis jest tłumaczeniem wpisu pt. Mastodon 3.2 – A look inside. Proszę o zgłaszanie mi uwag dotyczących tłumaczenia, jeżeli takie wystąpią.
Całkowicie na nowo opracowano odtwarzacz dźwięku, aby otrzymał bardziej przyciągający wzrok wygląd. Automatycznie wydobywa on obraz albumu z pliku, lub pozwala na wybór wyświetlanej po środku miniatury. Dominujący kolor z tej grafiki jest wykorzystywany aby nadać odtwarzaczowi wyróżniający się wygląd.
Tak jak poprzednio miniatury filmów były automatycznie oparte o pierwszą klatkę filmu, teraz możesz wysłać własną miniaturę, która będzie wyświetlana przed odtworzeniem filmu. Po prostu naciśnij „Edytuj” na nowo wysłanym medium i wybierz nową miniaturę!
Jeżeli dzielisz się linkami do filmów lub dźwięku z Mastodona na innych platformach, np. na Twitterze, twoi znajomi będą mogli otworzyć odtwarzacz mediów Mastodona bezpośrednio z tej platformy (zakładając że platforma obsługuje tag twitter:player).
Aby lepiej zabezpieczać konta gdy nie korzystasz z nich, powstał nowy mechanizm zabezpieczający próby logowania. Jeżeli nie skonfigurowałeś(-aś) uwierytelniania dwustopniowego, nie byłeś(-aś) obecny(-a) przez przynajmniej dwa tygodnie, a ktoś spróbuje zalogować się z wcześniej nieznanego adres IP, otrzymasz prośbę o wysłanie tokenu wysłanego na Twój adres e-mail.
Ta funkcja jest przeznaczona dla osób które zapomniały skonfigurować uwierzytelnianie dwuetapowe. Jeśli to czytasz, pamiętaj że wzorową praktyką jest korzystanie z 2FA (Mastodon nnie wymaaga podana numeru telefonu ani aplikacji Mastodona, każda aplikacja TOTP działa) i używania menedżera haseł, aby tworzyć losowe i unikatowe hasła dla każdego posiadanego konta!
Zdarzyło ci się zablokować lub wyciszyć kogoś i zapomnieć, dlaczego to zrobiłeś(-aś)? A może zaobserwowałeś(-aś) sporo osób i nie pamiętasz kim oni są? Teraz możesz dodać osobiste notatki do innych kont, aby pamiętać kto jest kim. Widoczne tylko dla ciebie!
Podsumowanie
Na wydanie 3.2 składa się 380 commitów od 27 autorów od 14 maja 2020. Aby dowiedzieć się kto odpowiada za konkretną zmianę, możesz przejrzeć plik changelogu, a dla kompletnej i listy wkładu i tłumaczeń możesz skorzystać z pliku authors (oba uwzględnione w tym wydaniu).
Tłumacze tego wydania: Duy, stan ionut, Besnik_b, Emanuel Pina, regulartranslator, ButterflyOfFire, adrmzz, FédiQuébec, GiorgioHerbie, Marcin Mikołajczak, ariasuni, Thai Localization, 奈卜拉, Mentor Gashi, Xosé M., axi, Selyan Slimane AMIRI, Alix Rossi, Jeroen, SteinarK, ThonyVezbe, Hrach Mkrtchyan, Gwenn, ᏦᏁᎢᎵᏫ mask, Danial Behzadi, spla, Rafael H L Moretti, Jeong Arm, koyu, Yi-Jyun Pan, norayr, Alessandro Levati, Sasha Sorokin, gagik_, lamnatos, Sveinn í Felli, Zoltán Gera, cybergene, Tagomago, Michal Stanke, borys_sh, Ramdziana F Y, Osoitz, Maya Minatsuki, Willia, BurekzFinezt, Evert Prants, ThibG, Dewi, Emyn-Russell Nt Nefydd, vishnuvaratharajan, tolstoevsky, Diluns, Falling Snowdin, Marek Ľach, Balázs Meskó, Ryo, Roboron, StanleyFrew, PPNplus, Heimen Stoffels, Andrew, Iváns, Carlos Solís, Sokratis Alichanidis, TS, SensDeViata, AzureNya, OctolinGamer, 北䑓如法, Laura, Imre Kristoffer Eilertsen, Rikard Linde, Ali Demirtaş, diorama, Daniele Lira Mereb, Goudarz Jafari, psymyn, v4vachan, Sebastián Andil, Khóo, ZiriSut, strubbl, Reg3xp, AlexKoala, VSx86, Mo_der Steven, musix, ギャラ, Saederup92, mynameismonkey, omquylzu, Miro Rauhala, 硫酸鶏, siamano, Viorel-Cătălin Răpițeanu, Pachara Chantawong, Balázs Meskó, Steven Tappert, Unmual, Zijian Zhao, Skew, enolp, Yann Aguettaz, Mick Onio, r3dsp1, Tianqi Zhang, piupiupiudiu, Padraic Calpin, るいーね, Belkacem Mohammed, Miquel Sabaté Solà, serubeena, Solid Rhino, Rintan, 林水溶, Tagada, shafouz, Tom_, OminousCry, ALEM FARID, Nathaël Noguès, Robin van der Vliet, twpenguin, Paz Galindo, 夜楓Yoka, mkljczk, kiwi0, Esther, Renato “Lond” Cerqueira, igordrozniak, Philipp Fischbeck, GaggiX, Allen Zhong, Albatroz Jeremias, Nocta, pezcurrel, Aditoo17, 森の子リスのミーコの大冒険, Doug, Fleva
Jak zawsze, chcielibyśmy podziękować każdemu kto wniósł wkład w ten projekt, każdemu kto wspiera projekt na Patreonie i każdego kto korzysta z sieci! 🐘
Dlaczego musimy sprzeciwić się nowej dyrektywie o prawie autorskim
Eugen Rochko
Jun 25, 2018
Komisja składająca się z członków [głosowała za przyjęciem Artykułu 11 i 13](https://www.bbc.com/news/technology-44546620), które tworzą zagrożenie dla decentralizacji sieci i wolności ekspresji twórczej.
Join the social media revolution
Mastodon is a free, decentralized platform with over a million people
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network with over 760,000 users. You can check it out here.
The Mastodon project is finally well-represented visually. I always felt like the previous logo did not do it justice. To its credit, it was both an M, and 3 sideways speech bubbles, but it did not scale well and overall it was just a circle. Now, after months of planning and weeks of back and forth with the designer, we have a distinct shape and a distinct font.
Along with the logo, we now have a beautiful homepage for the project itself. The kind of link you can send to someone to show them what Mastodon is without committing to any particular instance — joinmastodon.org
And as all good things come in threes, the landing page distributed along with the software itself — the instance frontpage if you will — has also been refurbished. Now that there is a project homepage to differentiate itself, the instance frontpage puts more effort into presenting a particular instance’s identity, rather than the underlying software. The name and the customizable description have a lot more prominence.
And something that’s been requested since literally day one of the project is finally here too — the frontpage now features a preview of the public timeline (“firehose”, if you will) of the instance, thereby letting you get a taste of what’s inside this hip new social network. Though instances that prefer to stay mysterious can still opt-out of that new feature.
All of the above comes bundled in our 1.5 release. But that’s just the tip of the iceberg. The other cool stuff can be classified into five main categories: quality of life improvements, admin features, mobile experience and accessibility, and other.
Quality of Life improvements:
Previous behaviour of “content warning” and “media sensitivity” being completely separate was confusing to most. This has been simplified. Media can be sensitive without hiding the text, but hiding the text with a content warning will now always hide the media, too.
A new preference setting to always pre-mark media as sensitive on your account.
A new preference setting to opt your public profile out of search engine indexing.
A new preference setting to have the web UI displayed using your operating system’s native font instead of Roboto.
When editing your profile, you now get a preview of your avatar and header. The operating system’s “no file selected” label on file inputs confused people.
The muting feature has been adjusted. Previously it was meant only to hide someone’s toots from timelines, not to hide them from your notifications (e.g. you’d mute a friend who is annoying in general but you want to hear from when they’re talking to you). By popular demand this has been changed to block notifications, too, essentially becoming a stealth-block.
The overview of active sessions is now a lot more accurate, and you can now revoke a session.
The disparity between toots/following/follower numbers on the local instance vs user’s origin instance was also confusing. There was an asterisk next to the numbers with a disclaimer that they may not be accurate, but it was way too invisible. Now, profiles of users who originate from a different instance display a prominent disclaimer with a link to view the full profile.
The character counter now ignores the domain part of user handles, and treats all links as 23 characters long, regardless of how long they are. This removes the unfair penalty of users whose domain is longer, and allows you to not worry about the length of the URLs you are sharing, since they get shortened visually anyway.
Mobile experience and accessibility:
We now have Web Push notifications. It is a method of sending notifications directly to the browser, without having to use a native app (opt-in, of course). It is a relatively new web standard, which more and more browsers are implementing and it blurs the line between mobile website and native app.
The swiping gestures have not only been adjusted to be less sensitive, but are now accompanied by visual feedback — no more accidental swiping between columns.
Another feature making use of an upcoming web standard, which is a bit newer and may not be available in any browsers yet, is the “share” button, which acts like the “share” feature of native apps.
All dropdown menus now open as modal windows on mobile, making it much easier to hit the right item.
Multiple accessibility improvements — too many to list here, but including improved contrasts, screen reader support, and keyboard access.
Admin features:
Admins will now receive immediate e-mail notifications about new reports.
For troubleshooting, admins now have a button to re-subscribe to accounts from a particular domain.
Added a domain block option that does nothing but reject local cache of media files.
The contents of the /terms page can now be customized entirely if you want a different privacy policy than the default one.
Other:
I have previously mentioned that Mastodon is looking to implement a newer federation protocol, ActivityPub, to replace OStatus in the very long term. This protocol itself is a work in progress incredibly close to being done, and I’m working closely with the W3C working group responsible to make sure the needs of the Mastodon project are well met, along with many other developers.
The implementation of a completely new underlying protocol in Mastodon is not easy. It has been an ongoing effort for a couple months, and it is split into stages. With this release, one stage of the implementation is ready — ActivityPub-compatible representations of public data. This is just a first step, but I’m proud of it anyway.
The fight for an ethical, decentralized internet is not over. We have made a significant impact in April, we’ve gotten big in Japan, but we need to keep going! We need a couple more months like April to cement our position in the public perception, to nurture the idea that no, you don’t have to just succumb to surveillance capitalism to hang out with friends and reach an audience. I truly hope that this release is another step in the right direction, in making it easier to convince people to use Mastodon.
I want to conclude this post by giving shout-outs to the people who make the development of this project possible — my patrons. Likewise, to Sorin Davidoi for implementing a huge chunk of the mobile experience improvements. To Dopatwo, for providing me with a steady supply of adorable elephant friends, and to Jin Nguyen, who designed our new logo.
This is an update for my Patreon supporters. It is posted on Medium because of its superiour formatting capabilities. So, April, huh. A lot happened. I was putting off writing an update on here because I knew I had to go into detail on all the things that happened, and that’s quite a daunting task. Before I dive into things, a couple short notices: The way I work with the GitHub repository has changed.
Scaling Mastodon
Eugen Rochko
Apr 12, 2017
My instance mastodon.social has recently surpassed 43,000 users. I have closed registrations both to have more time to investigate the infrastructure and ensure a good experience for existing users, and to encourage more decentralization in the network (with a wonderful effect — the Mastodon fediverse now hosts over 161,000 people spread out over more than 500 independent instances!) But providing a smooth and swift service to 43,000 users takes some doing, and as some of the other instances are approaching large sizes themselves, it is a good time to share the tips & tricks I learned from doing it.
It’s Mastodon 3.3 time 🎉 We’ve got security fixes, performance fixes, new moderation tools and quality of life features!
Reversible suspensions
The main change in this release of Mastodon is our approach to suspensions. Previously, suspending an account deleted all of its associated data immediately, so while an account could be unsuspended technically, the person would have to start completely from scratch. Of course, that wasn’t ideal – everybody makes mistakes. Now, the data is kept for 30 days after suspension, giving a long enough time window to correct mistakes or talk through appeals. The suspended person also gets the ability to download an archive of their account, which was not possible before. If there is a need to delete the data immediately, the option is still there for moderators.
But that’s not all: Whereas previously suspended accounts would not show up in the app at all, now, as long as they’re recoverable, they do show up and more clealy communicate that they’re in a suspended state. As Mastodon matures and grows, we’re striving for more transparency and fail-safety around moderation.
IP blocks
Another missing piece has been added to Mastodon’s moderation toolbox – the ability to control access from specific IP addresses or subnets. As a response to a troll making alternative accounts to evade suspensions or a bot farm creating spam accounts, server administrators can now either fully block access from an IP or send new accounts through the approval queue while letting everyone else sign-up normally.
Performance improvements
The release includes multiple performance optimizations both on the server-side and on the client-side. On the client-side, lag caused by typing up a new post should be if not completely removed, vastly reduced, and all live updates from the Streaming API now come through a single connection no matter how many different columns you have open, one or thirty. Requests for an account’s media tab, your favourites, bookmarks, or hashtags should be much faster. Operations involving deleting an account’s data are up to 100x faster, reducing delays in the system, and so on.
“Bell button”
Are you following an account that only posts once in a blue moon? And it would almost certainly be drowned out in an otherwise active home feed? Perhaps an artist that only posts new artwork, or a bot that posts weather warnings for your area – now you can choose to be notified when a person you follow makes a new post by toggling the bell button on their profile.
Pop-out media player
As for media, if you scroll away from an audio or video while it’s still playing, the playback will continue in the corner of your screen with convenient buttons to reply, boost, or favourite the post it’s from. You can also finally use familiar hotkeys to control audio and video playback – space to toggle playback, “m” to mute, “j” and “l” to jump backward and forward, and a few others. And finally, media modals got a facelift, now using the average color from the picture for the page overlay and always showing interactive buttons for the post underneath.
Conclusion
The 3.3 release consists of 619 commits by 21 contributors since July 27, 2020. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
The new Mastodon release brings you a much better audio player and improved support for different audio and video formats, as well as some additional security mechanisms.The audio player has been completely reworked to have a more eye-catching design. It will extract album art from the uploaded audio file automatically, or allow you to upload a thumbnail of your own choosing to be displayed in the center. Dominant colors from the artwork or thumbnail will then be used to give the player a unique look.
Mastodon 3.0
Eleanor
Oct 11, 2019
In this exciting new release: Moving accounts, trending hashtags, private servers and more!
Trump's new social media platform found using Mastodon code
Our statement
From media reports and individual findings that various people have presented to us, it seems that the new social media platform owned by the former president of the United States, Donald J. Trump, so-called Truth Social, is using Mastodon’s source code with various visual adjustments. The platform has not formally launched yet, but it was made accessible ahead of time. Users were quick to note that the terms of service included a worrying passage, claiming that the site is proprietary property and all source code and software are owned or controlled by them or licensed to them:
Unless otherwise indicated, the Site is our proprietary property and all source code, databases, functionality, software, website designs, audio, video, text, photographs, and graphics on the Site (collectively, the “Content”) and the trademarks, service marks, and logos contained therein (the “Marks”) are owned or controlled by us or licensed to us, and are protected by copyright and trademark laws and various other intellectual property rights and unfair competition laws of the United States, foreign jurisdictions, and international conventions.
Notably, neither the terms nor any other part of the website contained any references to Mastodon, nor any links to the source code, which are present in Mastodon’s user interface by default. Mastodon is free software published under the AGPLv3 license, which requires any over-the-network service using it to make its source code and any modifications to it publicly accessible.
We pride ourselves on providing software that allows anyone to run their own social media platform independent of big tech, but the condition upon which we release our work for free in the first place is the idea that, as we give to the platform operators, so do the platform operators give back to us by providing their improvements for us and everyone to see. But that doesn’t only benefit us as the developers – it benefits the people that use these platforms as it gives them insight into the functionality of the platforms that manage their data and gives them the ability to walk away and start their own.
As far as personal feelings are concerned, of course we would prefer if people so antithetical to our values did not use and benefit from our labour, but the reality of working on free software is that you give up the possibility of choosing who can and cannot use it from the get-go, so in a practical sense the only issue we can take with something like Truth Social is if they don’t even comply with the free software license we release our work under.
On Oct 26, we sent a formal letter to Truth Social’s chief legal officer, requesting the source code to be made publicly available in compliance with the license. According to AGPLv3, after being notified by the copyright holder, Truth Social has 30 days to comply or the license may be permanently revoked.
Truth Social added a page (“Legal Docs” → “Open Source”) that links to a ZIP archive of the Mastodon source code, which for now seems to bring them in compliance, though a more detailed analysis will only be possible once their platform publicly launches. In the media: Trump’s social media site quietly admits it’s based on Mastodon
After crowdfunding millions of dollars, social media platform Gab abandoned its own code and switched to the freely available Mastodon software in early 2019 as a way of circumventing Google’s and Apple’s ban on their own app from their app stores, since offering Mastodon’s client-side API would allow any existing Mastodon app to be used to access Gab. We have never had any sympathy for their thinly (if at all) veiled white supremacist platform so that was not a welcome move on our part, however the license that we publish our software under (AGPLv3) allows anyone to use it as they see fit as long as they keep the same license and make their modifications public.
Developing an official iOS app for Mastodon
Eugen Rochko
Feb 5, 2021
Starting on Feb 8, 2021, we will be developing an official iOS app for Mastodon together with Sujitech and Lickability, which will be free to download and focused on helping new users get started
Mark Zuckerberg’s manifesto might be well-spirited, but one thing in it is fundamentally wrong:
In times like these, the most important thing we at Facebook can do is develop the social infrastructure to give people the power to build a global community that works for all of us.
Facebook isn’t, and can never be, a platform where people have the power to build anything. Facebook doesn’t even have the pretense of a non-profit like Wikipedia or Mozilla; there is no doubt about the company’s main focus — extracting as much as possible from you — by analyzing your data and showing you ads in exchange for advertiser’s money. A future where Facebook is the global social infrastructure, is a future with no refuge from advertising and number crunching.
Facebook simply cannot give anyone the power to do anything, because that power will always, ultimately, reside in Facebook itself, which controls both the software, the servers and the moderation policies.
No, the future of social media must be federation. The ultimate power is in giving people the ability to create their own spaces, their own communities, to modify the software as they see fit, but without sacrificing the ability of people from different communities to interact with each other. Of course, not every end user is interested in running their own little social network — just like every citizen isn’t interested in running their own little country. But I think that there is a good reason why many countries consist of separate but compatible states, and why many separate but compatible countries form alliances like the European Union or NATO. A mix between sovereignity and union. Federation.
The internet has seen many rises and falls of social networks. MySpace. Friendfeed. Google+. App.net. Each and every time, different UX, new accounts, having to convince your friends to switch over, or having to have multiple accounts to talk to them all. Do you think this cycle will stop with Facebook? Community dynamics to some extent guarantee a rise and downfall cycle, but we could stop dragging each other from website to website and stick to a standardized protocol. E-mail may not be sexy, for having been created in a simpler time, but it’s impossible not to appreciate that it still works, regardless of which provider you choose.
Do you want the website, that displays the photos of your friends with the caption “they’ll miss you” when you’re trying to delete your account, to be in charge of a global community?
I believe that with Mastodon, I have created a piece of software that is an actually viable alternative to Twitter. A federated microblogging server that continues the work of GNU social, but unlike GNU social is able to appeal to people without an active history of interest in itself. To put it another way, it’s usable by non-technical people. I don’t know if the work I’m doing is good enough to serve the future of humanity, but I think that it is at least a good, strong step in the right direction.
I follow many talented artists on Mastodon, and over my 2 years of being on the platform I have noticed some common patterns that may help a newcomer find their audience on here, too.
Introduce yourself
A lot of the toots that get shared around widely are artists’ introductions. It may sound odd coming from larger, more faceless platforms like Twitter, but Mastodon communities are more tight-knit, and a new community member saying hello is genuinely appreciated. You may describe who you are, where you come from, link your past work or profiles, and include a few examples of your work. Just like everywhere else, pretty pictures attract eyes.
On Mastodon, you may pin up to 5 posts to the top of your profile. So the introduction post may serve as an additional, permanent piece of information going forward if you pin it.
Fill out your profile
You can upload an avatar and a header image. It is wise to do both, as people tend to ignore posts from accounts with the default avatar, and profiles look a lot prettier with a header image. Avatars can even be animated! Animated avatars will be displayed to users who opted into interface animations, which are off by default for accessibility reasons.
Describe in short who you are. The profile bio may be displayed when pinned posts, such as your introduction, are not, so it makes sense to add some common, important information in both. Here comes the coolest thing, though: Profile metadata.
You get 4 label/content pairs to use however you like. Want to tell people what country you are from? You can do it. You can use them to refer to your significant other, or credit the author of your avatar image (if it’s not you), or to simply link to your other websites. If you have a Patreon, and a Twitch or Picarto channel, that’s where you would put them. Be sure, when posting links, to include the https:// part at the start, or it won’t show up as a link!
Choose focal points
If you’re posting vertical pictures, one of the most unfortunate things that can happen is the crotch crop. Mastodon is available on all sorts of platforms, used across a variety of screen sizes, so thumbnails of your art do not always have the same dimensions. Sometimes, this means the thumbnail shows the less enticing parts of the picture. But there is a solution for that:
When uploading a picture, you may click “crop” to select a focal point on the image. Once that is done, whatever the dimensions of the thumbnail, it will always include the selected area in this visible area.
Use hashtags
This will be familiar to those coming from Instagram, but hashtags are really rather important on Mastodon! Of course, unlike Instagram, there’s another way to discover content: the “firehose”, or the local and federated timelines. They show a slice of the real-time content as it appears. In a way, this means you have a chance of being noticed even if you don’t have any followers yet. But not everyone can keep up with that! Using hashtags allows people to find your art when they’re looking for it. Some of the hashtags that people use are #mastoart, #creativetoots, #photography, #catsofmastodon…
Posting schedule
It may be tempting to dump your entire portfolio straight away, but do not do this! While your posts will always appear on your profile, the presence of your posts on your followers’ home feeds is ephermal, they will be pushed out by newer toots! Consider that people from different timezones are online at different times. It makes sense to post on different days, at different times of day, to draw the most attention.
Do not feel bad about mixing art posts and personal updates. I’ve never seen anyone mind that, on the contrary, people appreciate personality behind the work.
Engage!
Thank people who comment on, fave or boost your work. Look at who boosts and faves other people’s work and follow them to silently introduce them to your work, too. Support other artists on the platform.
How to deal with sensitive media
Mastodon allows you to mark pictures or videos as sensitive, so they’re hidden behind a warning. This is great for people who cannot or do not want to see explicit imagery, but for artists who create primarily that, it can be inhibiting. Art hidden behind a warning is less likely to be noticed on timelines, and you need to be aware of that trade-off. What you can do is mix your explicit and non-explicit art to gain more followers.
There is also an off-by-default preference to always view sensitive media without a warning. You and your followers may wish to enable that.
In conclusion,
Mastodon 3.5
What's new
Work on multiple features in this release has been kindly sponsored by the German Federal Ministry of Education and Research through the Prototype Fund.
We’ve added one of the most requested functions among our competitors, the ability to edit posts. Since older Mastodon versions would not understand the edits, the function is disabled in the web app until more Mastodon servers upgrade to 3.5, but all parts are already included in the release. The original and previous versions of the posts are saved and remain accessible through a history view. And people who have previously shared the post get notified about any edits, so they can un-share if there’s foul play.
Coincidentally, the order of media attachments in a post is no longer dependent on the order in which they were uploaded.
Discoverability has always been a hot topic on Mastodon. Discoverability makes or breaks a platform, as there is nothing more important to retain a new user than to let them find something interesting to stay for, as soon as possible. In 3.5, we bring a new explore page which features currently popular posts, news stories that people share a lot, trending hashtags and follow recommendations. Furthermore, for the first time, we attempt to bring people content in their own language.
As we value safety, these new features come with their own moderation tools–nothing will show up in trends unless reviewed by one of the server’s moderators first.
A new, multi-step report flow improves the quality of information for moderators and highlights available self-help tools in Mastodon to the user.
On the topic of moderation, any action taken by a server moderator against a user’s account, such as deleting their posts or suspending the account, will now be viewable through account settings, by default accompanied by an e-mail notification, and permit the user to submit an appeal. Since actions such as deleting posts or marking posts as sensitive did not use to generate any kind of notification, this should make them more viable precursors to harsher punishments like suspensions; and being able to handle appeals within Mastodon should reduce the burden of out-of-band e-mail communication for moderators and increase user trust in Mastodon.
There is a brand new moderation dashboard that shows the development of various key metrics over time and shines some light on where new users come from, which languages they speak, and how many of them stay active months later. A completely new look for the report screen reduces the time and effort required to handle reports, and multiple selections on the accounts page offer a way to clean up spam and bot accounts in large batches.
Conclusion
The 3.5 release consists of 887 commits by 23 contributors between June 3, 2021 and March 30, 2022. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
Mark Zuckerberg’s manifesto might be well-spirited, but one thing in it is fundamentally wrong:
In times like these, the most important thing we at Facebook can do is develop the social infrastructure to give people the power to build a global community that works for all of us.
Facebook isn’t, and can never be, a platform where people have the power to build anything. Facebook doesn’t even have the pretense of a non-profit like Wikipedia or Mozilla; there is no doubt about the company’s main focus — extracting as much as possible from you — by analyzing your data and showing you ads in exchange for advertiser’s money. A future where Facebook is the global social infrastructure, is a future with no refuge from advertising and number crunching.
Facebook simply cannot give anyone the power to do anything, because that power will always, ultimately, reside in Facebook itself, which controls both the software, the servers and the moderation policies.
No, the future of social media must be federation. The ultimate power is in giving people the ability to create their own spaces, their own communities, to modify the software as they see fit, but without sacrificing the ability of people from different communities to interact with each other. Of course, not every end user is interested in running their own little social network — just like every citizen isn’t interested in running their own little country. But I think that there is a good reason why many countries consist of separate but compatible states, and why many separate but compatible countries form alliances like the European Union or NATO. A mix between sovereignity and union. Federation.
The internet has seen many rises and falls of social networks. MySpace. Friendfeed. Google+. App.net. Each and every time, different UX, new accounts, having to convince your friends to switch over, or having to have multiple accounts to talk to them all. Do you think this cycle will stop with Facebook? Community dynamics to some extent guarantee a rise and downfall cycle, but we could stop dragging each other from website to website and stick to a standardized protocol. E-mail may not be sexy, for having been created in a simpler time, but it’s impossible not to appreciate that it still works, regardless of which provider you choose.
Do you want the website, that displays the photos of your friends with the caption “they’ll miss you” when you’re trying to delete your account, to be in charge of a global community?
I believe that with Mastodon, I have created a piece of software that is an actually viable alternative to Twitter. A federated microblogging server that continues the work of GNU social, but unlike GNU social is able to appeal to people without an active history of interest in itself. To put it another way, it’s usable by non-technical people. I don’t know if the work I’m doing is good enough to serve the future of humanity, but I think that it is at least a good, strong step in the right direction.
About 6 months have passed since April, during which the major mainstream breakthrough of our decentralized social network took place. From 20,000 users to almost a million! What better time to run through a couple examples of what’s been introduced since then?
Mastodon is defined by its focus on good user experience, polished design and superior anti-abuse tools. In that vein, the web app has received numerous updates. Using the latest browser features, the web app receives real push notifications, making it almost indistinguishable from a native mobile app. It works faster and looks smoother thanks to many performance and design improvements.
On the desktop, it allows you to add, remove and rearrange columns. It can even be navigated and controlled using hotkeys!
When you get annoyed by notifications for a toot of yours that’s gone viral, or a conversation you’ve been tagged in that you no longer have interest in, you have the ability to simply mute the whole thread. If you keep encountering content you hate and it always comes from a specific domain, but your admins won’t do anything about it (or perhaps it’s annoying, but merely on a personal level), you no longer have to rely on your admin: You can simply hide everything from a particular domain for yourself.
A lot of attention has been given to how the user interface presents itself to onlookers. Both in terms of OpenGraph tags, which is to say, how links to Mastodon look when shared on other social networks or apps like Discord, and in terms of the sign-up, about, profile, toot and hashtag pages. The profile pages let you filter someone’s toots, for example to only see ones that include pictures or videos, which is a great addition for all artists and photographers. The sign up and hashtag pages do a better job of showing what’s actually inside in terms of content.
Mastodon is a global experience. That means a lot of language diversity. Since most people don’t know most languages, language filters have been added so you can decide which ones to see.
Another addition is custom emoji. That is a concept more familiar to Discord and Twitch users, but it’s a first for a social network. Custom emoji add flavours to instances and allow people to express very specific things that could never be conveyed by standardized Unicode characters.
There are a lot of other small features and important fixes. Better logos, better icons, ongoing improvements to accessibility such as image descriptions for screen readers; upgrades to the protocol, better APIs… You can view the detailed release notes of 2.0 here.
It’s also worth mentioning that the central resource for the Mastodon project is now the joinMastodon.org website, which explains the benefits of decentralization, links to all related resources, lists the project’s sponsors, and most importantly, provides an overview of the existing network. If you want to tell someone about Mastodon, you’ve got two options now— invite them over to the instance you’re using, or link them to joinMastodon.org where they’ll pick one on their own.
More than ever people need an escape hatch, an alternative to commercial networks that are incentivized to keep bad actors around to drive engagement, that sell your time and screen estate to advertisers and then throw you out without recourse for saying a bad word to a celebrity. Mastodon is that hatch. It’s an alternative reality where communities know and care about each other and moderators aren’t far away from the users. Free software stands first and foremost for the freedom of its user.
Mastodon is a free, open-source federated social network spanning over 800,000 users spread across more than 2,000 servers. Mastodon v1.6 is here, and it is the first Mastodon release which fully implements the ActivityPub protocol. ActivityPub is a new federated messaging protocol developed by the World Wide Web Consortium (W3C) which aims to fix the shortcomings of past standards like OStatus. Mastodon is one of the first platforms, and certainly the first major platform to implement this new standard and prove it in the wild.
M for Mastodon
Eugen Rochko
Aug 1, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network with over 760,000 users. You can check it out here. The Mastodon project is finally well-represented visually. I always felt like the previous logo did not do it justice. To its credit, it was both an M, and 3 sideways speech bubbles, but it did not scale well and overall it was just a circle.
Two reasons why organizations should switch to self-hosting social media
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 23,000 users and is growing fast. You can check it out here.
If your organization is hosting a Mastodon instance, it is essentially a self-perpetuating brand awareness campaign. When people from other instances talk to or follow your users, they see your domain name all the time, since it is part of their globally unique usernames. It’s like those sticker ads on cars, except you don’t have to pay for them and it doesn’t disturb anyone because you’re providing a service.
Twitter has put their API behind a paywall, strangled the app ecosystem. Twitter censors tweets on behalf of countries like Turkey, messes with its content delivery algorithms in unknown ways. Remember when Facebook changed its news feed algorithms, and overnight every Facebook page’s posts became virtually invisible and “fans” worthless? Unless you paid up to Facebook, of course. Being in control of your own megaphone rather than relying on a third party letting you use theirs is increasingly important.
Your own Mastodon instance means you decide what content to host. You take back control from commercial companies. And without sacrificing reachability — normally if you self-host a website, forum, or blog it means having to bring everyone over from other places, but the federated nature of Mastodon means that people don’t need to leave their own instances to follow yours.
I’ve been writing about Mastodon for two whole years now, and it occurred to me that at no point did I lay out why anyone should care about decentralization in clear and concise text. I have, of course, explained it in interviews, and you will find some of the arguments here and there in promotional material, but this article should answer that question once and for all.
decentralization, noun: The dispersion or distribution of functions and powers; The delegation of power from a central authority to regional and local authorities.
fediverse, noun: The decentralized social network formed by Mastodon, Pleroma, Misskey and others using the ActivityPub standard.
So why is it a big deal? Decentralization upends the social network business model by dramatically reducing operating costs. It absolves a single entity of having to shoulder all operating costs alone. No single server needs to grow beyond its comfort zone and financial capacity. As the entry cost is near zero, an operator of a Mastodon server does not need to seek venture capital, which would pressure them to use large-scale monetization schemes. There is a reason why Facebook executives rejected the $1 per year business model of WhatsApp after its acquisition: It is sustainable and fair, but it does not provide the same unpredictable, potentially unbounded return of investment that makes stock prices go up. Like advertising does.
If you are Facebook, that’s good for you. But if you are a user of Facebook… The interests of the company and the user are at odds with each other, from which the old adage comes that if you are not paying, you are the product. And it shines through in dark patterns like defaulting to non-chronological feeds (because it’s hard to tell if you’ve seen everything on the page before, it leads to more scrolling or refreshing, which leads to more ad impressions), sending e-mails about unread notifications that don’t actually exist, tracking your browsing behaviour across the internet to find out who you are…
Decentralization is biodiversity of the digital world, the hallmark of a healthy ecosystem. A decentralized network like the fediverse allows different user interfaces, different software, different forms of government to co-exist and cooperate. And when some disaster strikes, some will be more adapted to it than others, and survive what a monoculture wouldn’t. You don’t have to think long for recent examples–consider the FOSTA/SESTA bill passed in the US, which turned out to be awful for sex workers, and which affected every mainstream social network because they are all based in the US. In Germany, sex work is legal, so why should sex workers in Germany be unable to take part in social media?
A decentralized network is also more resilient to censorship–and I do mean the real kind, not the “they won’t let me post swastikas” kind. Some will claim that a large corporation can resist government demands better. But in practice, commercial companies struggle to resist government demands from markets where they want to operate their business. See for example Google’s lackluster opposition to censorship in China and Twitter’s regular blocks of Turkish activists. The strength of a decentralized network here is in numbers–some servers will be blocked, some will comply, but not all. And creating new servers is easy.
Last but not least, decentralization is about fixing power asymmetry. A centralized social media platform has a hierarchical structure where rules and their enforcement, as well as the development and direction of the platform, are decided by the CEO, with the users having close to no ways to disagree. You can’t walk away when the platform holds all your friends, contacts and audience. A decentralized network deliberately relinquishes control of the platform owner, by essentially not having one. For example, as the developer of Mastodon, I have only an advisory influence: I can develop new features and publish new releases, but cannot force anyone to upgrade to them if they don’t want to; I have no control over any Mastodon server except my own, no more than I have control over any other website on the internet. That means the network is not subject to my whims; it can adapt to situations faster than I can, and it can serve use cases I couldn’t have predicted.
Any alternative social network that rejects decentralization will ultimately struggle with these issues. And if it won’t perish like those that tried and failed before it, it will simply become that which it was meant to replace.
The profile directory is a way to discover users who want to be discovered. To fetch the profile directory, access GET /api/v1/directory with the possible params local (boolean) and order (new or active). Pagination is accomplished using offset and limit params.
Trends
Hashtags that are used more than usual (and above a small minimal threshold) are “trending”. To fetch trending hashtags, access GET /api/v1/trends. Only 10 results are returned maximally but you can request fewer with limit param.
Managing featured hashtags
Users can feature hashtags on their public profile, which allows visitors to easily browse their public posts filed under those hashtags. These cannot yet be arbitrarily retrieved through the API, but there is now an API for managing the featured hashtags of the current user:
GET /api/v1/featured_tags to retrieve current user’s featured hashtags
POST /api/v1/featured_tags to create a new featured hashtag, specified by the param name
DELETE /api/v1/featured_tags/:id to delete a featured hashtag
GET /api/v1/featured_tags/suggestions to retrieve the user’s 10 most commonly used hashtags
A featured hashtag contains the attributes id, name, statuses_count and last_status_at.
Timeline position markers
Apps can now synchronize their position in certain timelines between each other. Currently these are the home timeline and the notifications timeline. The web UI already implements this API and will save its position when closed.
To retrieve a map of markers with timeline names as keys, access GET /api/v1/markers . You must specify the desired timelines with the array param timeline. This is a slightly unusual structure in Mastodon’s REST API so it deserves an example:
To create a new marker, pass a map to POST /api/v1/markers with timeline names as keys (home and/or notifications), and an object containing the last_read_id for each timeline. Essentially, you pass it something like this, either encoded as JSON or using nested form/query params:
{
"home": {
"last_read_id": "567..."
}
}
Hashtag autocomplete
If you are using the GET /api/v2/search API for showing the user autocomplete for hashtags, you can now pass the exclude_unreviewed boolean param to limit the results to only those hashtags that have been looked at by the server’s staff. This is a way to reduce junk and harmful results.
Sign-up API in approval-required registrations mode
You can now pass the reason param to POST /api/v1/accounts, containing the user’s reason for wanting to join the server, which is useful when the server is in approval-required registrations mode. You can detect when that mode is active by the approval_required boolean attribute returned from GET /api/v1/instance (in conjunction with the registrations boolean attribute).
Custom emoji categories
New attribute category on custom emojis returned from GET /api/v1/custom_emojis contains a string with which emojis are supposed to be grouped when displayed in a picker UI.
Displaying user’s own votes in polls
New attribute own_votes on polls contains an array of the user’s choices (as indices corresponding to the options array).
New search syntax support
When ElasticSearch is enabled, you can use the following syntax to fine-tune your search:
Surround keywords with double quotes (") to search for the exact phrase
Prepend a keyword (or phrase) with minus sign (-) to exclude it from results
It should be noted that the default operator has been changed from “and” to “or”, so by searching for “foo bar” you will get results that contain both “foo” and “bar” at the top, but also those that only contain “foo” and only contain “bar”. For this reason, there is also another new operator, the plus sign (+) which you can prepend to a keyword or phrase to make sure the results definitely contain it.
Health check
There is now GET /health endpoint for the web process which you can use with a monitoring service. The endpoint measures not only that the web process responds to requests but can successfully connect to the database and the cache as well.
New deployment settings
Reply-to header on e-mails
If you want e-mails to be sent with a reply-to header, i.e. redirecting replies to those e-mails to a particular address, use the new SMTP_REPLY_TO environment variable. Mind that the reply-to header on moderation warning e-mails is set to the contact address configured in the admin UI.
Secure mode
Normally, all public resources are available without authentication or authorization. Because of this, it is hard to know who (in particular, which server, or which person) has accessed a particular resource, and impossible to deny that access to the ones you want to avoid. Secure mode requires authentication (via HTTP signatures) on all public resources, as well as disabling public REST API access (i.e. no access without access token, and no access with app-only access tokens, there has to be a user assigned to that access token). This means you always know who is accessing any resource on your server, and can deny that access using domain blocks.
Unfortunately, secure mode is not fully backwards-compatible with previous Mastodon versions. For this reason, it cannot be enabled by default. If you want to enable it, knowing that it may negatively impact communications with other servers, set the AUTHORIZED_FETCH=true environment variable.
Whitelist mode
Taking a step further than the secure mode, whitelist mode is meant for private servers. Our aim here are educational uses, such as schools and universities, where Mastodon could be used to provide a safe learning environment. When whitelist mode is enabled, no page is available without login, and any incoming or outgoing federation is ignored except for manually whitelisted domains. Domains can be whitelisted in the federation part of the admin UI. When whitelist mode is enabled, secure mode is also enabled.
To enable whitelist mode, set the WHITELIST_MODE=true environment variable. Please mind that this option was not designed for being switched on on already running servers. To clean an existing database of content that is not whitelisted, run tootctl domains purge --whitelist-mode
Because whitelist mode essentially creates a silo, not unlike Twitter, Facebook, and other centralized services, we do not recommend running public servers in whitelist mode.
New command-line tools
Please mind that if you find any of the below descriptions insufficient, you can always append --help to whichever command you’re interested in and receive the most detailed information about the usage of that command and the available options.
Parallization and progress
Commands that used to accept a --background flag for Sidekiq-based execution have been changed to instead support a --concurrency (or -c) flag specifying the number of threads to use for parallel execution.
Instead of printing dots to signal progress, real progress bars are now displayed, with the number of processed items and estimated time to completion.
Cleaning up old link preview cards
To remove thumbnails from older link preview cards, run tootctl preview_cards remove, specifying age with --days just like for media removal.
Re-downloading removed media attachments
If you need to re-download media attachments, run tootctl media refresh. You can either re-download media attachments from a specific --status, from a specific --account, or from an entire --domain.
Re-counting counters
Sometimes various counters in Mastodon get out of sync with reality. To fix account counters (e.g. followers, following, toots), run tootctl cache recount accounts. This should not take very long. To fix status counters (e.g. reblogs, favourites, replies), run tootctl cache recount statuses. This may take a lot longer.
New admin UIs
Trends
Hashtags will not trend without your approval. Whenever a hashtag is beginning to trend, you receive a notification e-mail asking to review it. You can disable those e-mails from your personal e-mail notification preferences. You can disable the trends feature altogether from admin settings. Or you can choose to auto-approve hashtags instead, which may be suitable for trusted communities.
The hashtags area in the admin UI has been updated. When looking at hashtags that are pending review, you can approve or reject them in batches. From individual hashtag view, you can control whether the hashtag can trend, whether it can appear on the profile directory and in searches, or whether it can be used at all. You will also see which servers you know about are contributing how much to that hashtag’s usage to help you determine whether to let it trend or not.
Including reported toots in warning e-mails
If you want to perform an action or warning against a user related to a report, you can choose if the toots that were in that report should be included in the e-mail the user will get about that action or warning. This will provide more clarity to the user about how they broke your rules.
Table of contents on about page
The about page of your server will now auto-generate a table of contents based on the structure of your extended description HTML. It is recommended to have a h1 tag, which will not be reflected on the table of contents, to give the entire page a title, then h2 and h3 tags for the different sections. Make sure your HTML is valid, otherwise the table of contents may not work as expected.
Public and private domain blocks information
You can now add comments to domain blocks. Private comments are for other staff members only. From the admin settings, you can choose if domain blocks should be disclosed publicly or to logged-in users only, or not at all. If you choose to disclose them, they will appear on the about page, below your extended description. You can use the public comments to give public reasons for your decisions.
Custom emoji categories
The custom emojis area in the admin UI has been updated. You can now assign emojis to custom categories and perform batch actions on them such as copying, deleting, or unlisting.
Spam checks
When a user mentions someone who isn’t following them and it’s not a reply to something directed at that user, their message is run through a simplistic spam check which detects repeating messages. When spam is detected, a new report is created automatically. If that was a mistake, you can mark the report as resolved and it will exempt that user from future spam checks. You can disable the spam check feature from admin settings.
Trump's new social media platform found using Mastodon code
Our statement
From media reports and individual findings that various people have presented to us, it seems that the new social media platform owned by the former president of the United States, Donald J. Trump, so-called Truth Social, is using Mastodon’s source code with various visual adjustments. The platform has not formally launched yet, but it was made accessible ahead of time. Users were quick to note that the terms of service included a worrying passage, claiming that the site is proprietary property and all source code and software are owned or controlled by them or licensed to them:
Unless otherwise indicated, the Site is our proprietary property and all source code, databases, functionality, software, website designs, audio, video, text, photographs, and graphics on the Site (collectively, the “Content”) and the trademarks, service marks, and logos contained therein (the “Marks”) are owned or controlled by us or licensed to us, and are protected by copyright and trademark laws and various other intellectual property rights and unfair competition laws of the United States, foreign jurisdictions, and international conventions.
Notably, neither the terms nor any other part of the website contained any references to Mastodon, nor any links to the source code, which are present in Mastodon’s user interface by default. Mastodon is free software published under the AGPLv3 license, which requires any over-the-network service using it to make its source code and any modifications to it publicly accessible.
We pride ourselves on providing software that allows anyone to run their own social media platform independent of big tech, but the condition upon which we release our work for free in the first place is the idea that, as we give to the platform operators, so do the platform operators give back to us by providing their improvements for us and everyone to see. But that doesn’t only benefit us as the developers – it benefits the people that use these platforms as it gives them insight into the functionality of the platforms that manage their data and gives them the ability to walk away and start their own.
As far as personal feelings are concerned, of course we would prefer if people so antithetical to our values did not use and benefit from our labour, but the reality of working on free software is that you give up the possibility of choosing who can and cannot use it from the get-go, so in a practical sense the only issue we can take with something like Truth Social is if they don’t even comply with the free software license we release our work under.
On Oct 26, we sent a formal letter to Truth Social’s chief legal officer, requesting the source code to be made publicly available in compliance with the license. According to AGPLv3, after being notified by the copyright holder, Truth Social has 30 days to comply or the license may be permanently revoked.
Truth Social added a page (“Legal Docs” → “Open Source”) that links to a ZIP archive of the Mastodon source code, which for now seems to bring them in compliance, though a more detailed analysis will only be possible once their platform publicly launches. In the media: Trump’s social media site quietly admits it’s based on Mastodon
In the previous tutorial we have learned how to send a reply to another ActivityPub server, and we have used mostly static parts to do it. Now it’s time to talk about how to subscribe to other people and receive messages. The inbox Primarily this means having a publicly accessible inbox and validating HTTP signatures. Once that works, everything else is just semantics. Let’s use a Sinatra web server to implement the inbox.
How to become a successful artist on Mastodon
Eugen Rochko
Jun 24, 2018
I follow many talented artists on Mastodon, and over my 2 years of being on the platform I have noticed some common patterns that may help a newcomer find their audience on here, too.
How to implement a basic ActivityPub server
Eugen Rochko
Jun 23, 2018
Today we’ll be looking at how to connect the protocols powering Mastodon in the simplest way possible to enter the federated network. We will use static files, standard command-line tools, and some simple Ruby scripting, although the functionality should be easily adaptable to other programming languages. First, what’s the end goal of this exercise? We want to send a Mastodon user a message from our own, non-Mastodon server. So what are the ingredients required?
How to start a Mastodon server
Eugen Rochko
Feb 23, 2018
So you want to be part of the Mastodon network, and you want to truly own your data, independent of anyone else. Perhaps you want to curate a niche community for a specific interest, or maybe for your own family or close circle of friends. You went through the documentation and installed the software, or maybe you chose one of the available hosting options to avoid all the technical nonsense altogether.
Scaling Mastodon
Eugen Rochko
Apr 12, 2017
My instance mastodon.social has recently surpassed 43,000 users. I have closed registrations both to have more time to investigate the infrastructure and ensure a good experience for existing users, and to encourage more decentralization in the network (with a wonderful effect — the Mastodon fediverse now hosts over 161,000 people spread out over more than 500 independent instances!) But providing a smooth and swift service to 43,000 users takes some doing, and as some of the other instances are approaching large sizes themselves, it is a good time to share the tips & tricks I learned from doing it.
In this release: Polls, new tools for managing followers, new frontpage design, new admin features, Keybase integration, and more
Mastodon 2.7
Eugen Rochko
Jan 20, 2019
In this release: New profile directory, new tutorial, new public hashtag pages and more moderation tools
Mastodon 2.6 released
Eugen Rochko
Oct 31, 2018
After more than a month of work, I am happy to announce the new version of Mastodon, with improved visuals, a new way to assert your identity, and a lot of bug fixes.Verification Verifying identity in a network with no central authority is not straightforward. But there is a way. It requires a change in mindset, though. Twitter teaches us that people who have a checkmark next to their name are real and important, and those that don’t are not.
Mastodon 2.5 released
Eugen Rochko
Sep 5, 2018
Mastodon 2.5 is the 100th released version of Mastodon since the project’s inception almost 2 years ago.It brings a variety of improvements to the software, the full list of which is available in the changelog. Public profile page The public areas of the web interface have been redesigned. The color scheme and design is now more consistent with the logged-in interface. The new profile layout makes better use of space for bio text and increases the value of header images.
If you could edit tweets
Eugen Rochko
Jun 19, 2018
A fresh new release of the federated social network software is here, and while the primary focus of it has been on fixing bugs and improving performance, it brings a couple of notable new features to the board. Delete & Redraft There are legitimate reasons why social media platforms rarely, if ever, have an editing function. In an environment where content spreads like wildfire in a matter of minutes, you could easily conceive of nefarious misuses such as creating a post about something agreeable and positive, and, once it reaches critical mass, changing the content to something malicious.
The Mastodon Spring Creator’s Release
Eugen Rochko
Mar 14, 2018
The development of the next version of Mastodon coincided with the reveal of Vero, yet another commercial social network silo backed by millionaires with a shady past. Vero has struck a chord, at least until people caught on to its background, and it wasn’t just because of its unlimited marketing budget. It has struck a chord because it promised an alternative to Instagram, which started getting progressively worse for creators after being acquired by Facebook.
Inspired by a joke post I decided to go ahead and compile a list of the most shared things on Mastodon in 2018.
From Tumblr to Mastodon
Eugen Rochko
Nov 19, 2018
A lot of artists have lost their blogs in the Tumblr purge. Here are 5 reasons why Mastodon is the perfect alternative.
Mastodon 2.6 released
Eugen Rochko
Oct 31, 2018
After more than a month of work, I am happy to announce the new version of Mastodon, with improved visuals, a new way to assert your identity, and a lot of bug fixes.Verification Verifying identity in a network with no central authority is not straightforward. But there is a way. It requires a change in mindset, though. Twitter teaches us that people who have a checkmark next to their name are real and important, and those that don’t are not.
Mastodon's 2 Year Anniversary
Eugen Rochko
Oct 14, 2018
Mastodon was first announced to the public through Hacker News, a link aggregator site for programmers, on October 6, 2016. Now we’re celebrating the 2 year anniversary! 🎉
Mastodon 2.5 released
Eugen Rochko
Sep 5, 2018
Mastodon 2.5 is the 100th released version of Mastodon since the project’s inception almost 2 years ago.It brings a variety of improvements to the software, the full list of which is available in the changelog. Public profile page The public areas of the web interface have been redesigned. The color scheme and design is now more consistent with the logged-in interface. The new profile layout makes better use of space for bio text and increases the value of header images.
Mastodon quick start guide
Nico
Aug 27, 2018
So you want to join Mastodon and get tooting. Great! Here's how to dive straight in.
Mastodon is a free, open-source federated social network spanning over 800,000 users spread across more than 2,000 servers.
Mastodon v1.6 is here, and it is the first Mastodon release which fully implements the ActivityPub protocol. ActivityPub is a new federated messaging protocol developed by the World Wide Web Consortium (W3C) which aims to fix the shortcomings of past standards like OStatus.
Mastodon is one of the first platforms, and certainly the first major platform to implement this new standard and prove it in the wild. It was a natural upgrade for our project, as we long ago reached the limits of what OStatus was capable of. And what we needed was better privacy, better defaults, better cryptographic verifiability, and better distribution mechanisms.
This protocol is also very flexible in what it allows you to express and it is naturally extensible as it is based on JSON-LD. Besides allowing Mastodon to fully and reliably exchange the data it currently needs to exchange, it also has a lot of potential for future developments in the area of distributed identities and end-to-end encryption.
Servers which support this new protocol will use it in version 1.6. OStatus is still available as a full-fledged fallback.
Here are some of the juicier highlights from this release:
1. We’ve improved the integrity of distributed conversations. Up until now, the only server which had a full view of a conversation was the server of the conversation’s starter, as all responders sent their replies to it. But the servers of the responders or followers had only an incidental view of the conversation conversation; to get a full view, one would have to either follow the other responders, or get a reply from the conversation starter. Now, the server that receives the replies forwards them to followers’ servers as long as they are public. This means that when opening the conversation view on a different server, it will be as complete as on the origin server. This is especially helpful to those who run single-user instances, as they are the least likely to have already been following all responders.
2. Another feature, which is small, but has a big UX effect, is that we can finally fetch account statistics from remote profiles (total toots, number of followers, etc.), as there is now a standardized way of expressing this using ActivityPub. Technically this is not a big deal, but it did confuse new users when they saw someone from another server with a seemingly empty profile, when in reality it had thousands of toots and followers.
3. Speaking of profiles, this release brings you redesigned public profile pages, as well as the ability to pin certain toots on them to be permanently displayed. By default, stand-alone toots are displayed, and there are now tabs for toots with replies and toots with media.
4. The function of getting embed codes for toots is now more accessible — through a button in the web UI, and not just through the OEmbed API. The look of the embedded view has also been refurbished, and an optional script has been added to ensure the embeds have the correct height. I am excited to see Mastodon content appear on other websites.
5. To improve the experience of brand new users, we’ve added something in the old tradition of MySpace Tom — except instead of following some central Tom, new accounts will start off following their local admins (this can be adjusted by the administrator). That way, on your first login you are greeted with a populated home timeline instead of an empty one.
All in all, this release is all about filling the gaps in the server-to-server layer, improving content discovery and first time experience of new users, and making it easier to share Mastodon content.
Big shout-out to Chris Webber, Puck Meerburg, and Unarist specifically, and to the W3C Social Working Group in general for helping put everything together.
Mastodon is free, open-source software. The development is crowdfunded through Patreon and Liberapay. The source code is available on GitHub. General information and a list of instances is available on joinmastodon.org
How to implement a basic ActivityPub server
Today we’ll be looking at how to connect the protocols powering Mastodon in the simplest way possible to enter the federated network. We will use static files, standard command-line tools, and some simple Ruby scripting, although the functionality should be easily adaptable to other programming languages.
First, what’s the end goal of this exercise? We want to send a Mastodon user a message from our own, non-Mastodon server.
So what are the ingredients required? The message itself will be formatted with ActivityPub, and it must be attributed to an ActivityPub actor. The actor must be discoverable via Webfinger, and the delivery itself must be cryptographically signed by the actor.
The actor
The actor is a publicly accessible JSON-LD document answering the question “who”. JSON-LD itself is a quite complicated beast, but luckily for our purposes we can treat it as simple JSON with a @context attribute. Here is what an actor document could look like:
The id must be the URL of the document (it’s a self-reference), and all URLs should be using HTTPS. You need to include an inbox even if you don’t plan on receiving messages in response, because for legacy purposes Mastodon doesn’t acknowledge inbox-less actors as compatible.
The most complicated part of this document is the publicKey as it involves cryptography. The id will in this case refer to the actor itself, with a fragment (the part after #) to identify it–this is because we are not going to host the key in a separate document (although we could). The owner must be the actor’s id. Now to the hard part: You’ll need to generate an RSA keypair.
The contents of the public.pem file is what you would put into the publicKeyPem property. However, JSON does not support verbatim line-breaks in strings, so you would first need to replace line-breaks with \n instead.
Webfinger
What is Webfinger? It is what allows us to ask a website, “Do you have a user with this username?” and receive resource links in response. Implementing this in our case is really simple, since we’re not messing with any databases and can hardcode what we want.
The Webfinger endpoint is always under /.well-known/webfinger, and it receives queries such as /.well-known/webfinger?resource=acct:bob@my-example.com. Well, in our case we can cheat, and just make it a static file:
The subject property here consists of the username (same as preferredUsername earlier) and the domain you’re hosting on. This is how your actor will be stored on other Mastodon servers and how people will be able to mention it in toots. Only one link is required in the Webfinger response, and it’s the link to the actor document.
After this is uploaded to your webhost and available under your domain with a valid SSL certificate, you could already look up your actor from another Mastodon by entering alice@my-example.com into the search bar. Although it’ll look quite barren.
The message
ActivityPub messages practically consist of two parts, the message itself (the object) and a wrapper that communicates what’s happening with the message (the activity). In our case, it’s going to be a Create activity. Let’s say “Hello world” in response to my toot about writing this blog post:
With the inReplyTo property we’re chaining our message to a parent. The content property may contain HTML, although of course it will be sanitized by the receiving servers according to their needs — different implementations may find use for a different set of markup. Mastodon will only keep p, br, a and span tags. With the to property we are defining who should be able to view our message, in this case it’s a special value to mean “everyone”.
For our purposes, we don’t actually need to host this document publicly, although ideally both the activity and the object would be separately available under their respective id. Let’s just save it under create-hello-world.json because we’ll need it later.
So the next question is, how do we send this document over, where do we send it, and how will Mastodon be able to trust it?
HTTP signatures
To deliver our message, we will use POST it to the inbox of the person we are replying to (in this case, me). That inbox is https://mastodon.social/inbox. But a simple POST will not do, for how would anyone know it comes from the real @alice@my-example.com and not literally anyone else? For that purpose, we need a HTTP signature. It’s a HTTP header signed by the RSA keypair that we generated earlier, and that’s associated with our actor.
HTTP signatures is one of those things that are much easier to do with actual code instead of manually. The signature looks like this:
The keyId refers to public key of our actor, the header lists the headers that are used for building the signature, and then finally, the signature string itself. The order of the headers must be the same in plain-text and within the to-be-signed string, and header names are always lowercase. The (request-target) is a special, fake header that pins down the HTTP method and the path of the destination.
The to-be-signed string would look something like this:
(request-target): post /inbox
host: mastodon.social
date: Sun, 06 Nov 1994 08:49:37 GMT
Mind that there is only a ±30 seconds time window when that signature would be considered valid, which is a big reason why it’s quite difficult to do manually. Anyway, assuming we’ve got the valid date in there, we now need to build a signed string out of it. Let’s put it all together:
Let’s save it as deliver.rb. I am using the HTTP.rb gem here, so you’ll need to have that installed (gem install http). Finally, run the file with ruby deliver.rb, and your message should appear as a reply on my toot!
Conclusion
We have covered how to create a discoverable ActivityPub actor and how to send replies to other people. But there is a lot we haven’t covered: How to follow and be followed (it requires a working inbox), how to have a prettier profile, how to support document forwarding with LD-Signatures, and more. If there is demand, I will write more in-depth tutorials!
We often tout things like “Mastodon is based on open web protocols” as one of its advantages. I want to elaborate why exactly that’s a good thing.
As a refresher, Mastodon implements the so-called ActivityPub protocol to enable Mastodon servers to talk to each other; that’s the basis of the “federation” we also like to bring up. Federation is what you already know from e-mail, even if you may not know it by name: It’s the concept of servers hosting users that can talk to users from other servers. That protocol pins down on paper how exactly such inter-server communication would look like, using a vocabulary that can be applied for a variety of purposes. And here’s the kicker:
The social network that is Mastodon isn’t really Mastodon. It’s bigger. It’s any piece of software that implements ActivityPub. That software can be wildly different in how it looks and what it does! But the social graph–what we call the people and their connections–is the same.
Mastodon is the software built around 500-character text posts.
You want something centered on photos and pictures? PixelFed is here.
You want to write long, rich blog posts? Plume is in development.
That’s not to mention a multitude of variations on the same concepts. PeerTube and PixelFed won’t be the only ones in their categories. For example, Misskey and Pleroma have a similar use case as Mastodon, but they make different choices in programming languages, design and functionality.
All of these platforms are different and they focus on different needs. And yet, the foundation is all the same: people subscribing to receive posts from other people. And so, they are all compatible. From within Mastodon, Pleroma, Misskey, PixelFed and PeerTube users can be followed and interacted with all the same.
And that’s the strength of using open web protocols. When you decide to switch to Mastodon, you’re not just gambling on the success of one project. You can be certain that regardless what happens with Mastodon, the network will live on and flourish. Newer and better software will be born within this ecosystem, but you will never have to drag all your friends and followers someplace else again–they’ll already be where they need to be.
If Twitter shuts down, you’ll lose your followers. If Facebook shuts down, you’ll lose your friends. For some platforms, it’s not a question of “if”, but “when”. Such events are usually followed by a scrambling into a variety of different platforms, where you inevitably lose some people as you have to make a choice which one to stay on. This happened before. But it doesn’t have to happen again. Use the federated web. Join Mastodon.
Today we’ll be looking at how to connect the protocols powering Mastodon in the simplest way possible to enter the federated network. We will use static files, standard command-line tools, and some simple Ruby scripting, although the functionality should be easily adaptable to other programming languages. First, what’s the end goal of this exercise? We want to send a Mastodon user a message from our own, non-Mastodon server. So what are the ingredients required?
Mastodon and the W3C
Eugen Rochko
Sep 10, 2017
Mastodon is a free, open-source federated social network spanning over 800,000 users spread across more than 2,000 servers. Mastodon v1.6 is here, and it is the first Mastodon release which fully implements the ActivityPub protocol. ActivityPub is a new federated messaging protocol developed by the World Wide Web Consortium (W3C) which aims to fix the shortcomings of past standards like OStatus. Mastodon is one of the first platforms, and certainly the first major platform to implement this new standard and prove it in the wild.
This is an update for my Patreon supporters. It is posted on Medium because of its superiour formatting capabilities. So, April, huh. A lot happened. I was putting off writing an update on here because I knew I had to go into detail on all the things that happened, and that’s quite a daunting task. Before I dive into things, a couple short notices: The way I work with the GitHub repository has changed.
Two reasons why organizations should switch to self-hosting social media
Eugen Rochko
Mar 16, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 23,000 users and is growing fast. You can check it out here. If your organization is hosting a Mastodon instance, it is essentially a self-perpetuating brand awareness campaign. When people from other instances talk to or follow your users, they see your domain name all the time, since it is part of their globally unique usernames.
The power to build communities
Eugen Rochko
Feb 20, 2017
Mark Zuckerberg’s manifesto might be well-spirited, but one thing in it is fundamentally wrong: In times like these, the most important thing we at Facebook can do is develop the social infrastructure to give people the power to build a global community that works for all of us. Facebook isn’t, and can never be, a platform where people have the power to build anything. Facebook doesn’t even have the pretense of a non-profit like Wikipedia or Mozilla; there is no doubt about the company’s main focus — extracting as much as possible from you — by analyzing your data and showing you ads in exchange for advertiser’s money.
It’s finally here! Mastodon 3.0 is live! The team has been hard at work on making sure that this release is one of our most user-friendly yet with some exciting new features! Here are just a few:
Stronger anti-harassment tools
We’re always looking for new ways to provide users and admins with the most robust and comprehensive tools to combat harassment on the fediverse. We take a lot of pride in excelling where Twitter, Tumblr and Facebook have continuously failed in this regard. As such 3.0 introduces some powerful new features: whitelist mode, and an optional public list of blocked domains.
With the whitelist feature it’s now possible for private, semi-private, and secured networks to be deployed. Want to deploy mastodon for educational institutions, networked between a couple schools? Or do you want to build a secured, user-first network within the fediverse itself? The choice is yours. This protects servers and their users from stalkers, intrusive web crawlers, and other malign agents by creating the tightest security on a server yet.
Additionally, server admins now have the option of making their domain blocklists public, with optional comments clarifying why a domain was blocked. Security on the fediverse relies in part on admins working together to enforce safe community standards, and this allows for the most robust way of sharing information about bad actors in the fediverse. We want you to not just see who was blocked, but why. Transparency lets you see how yours, and other, servers are being run, so you can make informed decisions.
Moving accounts
You spoke, we listened! Here is the completely revamped account migration system! Easier than ever, and with 3.0 comes the ability to bring your followers with you like magic! Point the old account to the new one, and the new one to the old one, using the new interface, and your followers will be transferred over!
Additionally, your old account will no longer show up in searches and will have limited functionality (that, of course, can be undone by re-activating it). This process is streamlined and straightforward, and we hope that it makes moving between servers even easier than before!
A more powerful search
Searching is now more flexible and more powerful than before. You can now search using “phrase matching” and by excluding words from a search by including a minus sign before a term. For example: if you wanted to search for Cute Doggos (I know what you like) but didn’t want to include cats, you’d just search for cute doggos -cat to get to get those puppies.
💁 Working with custom emojis just got easier! 😸
Admins can now create custom emoji categories! No more worrying about having too many, or thinking ‘oh jeez now I have 40 thounking emojo, where will I put them??’ No more scrolling through hundreds of custom emojis on the web UI to find that perfect way to express yourself! 🐣 Categories! They’re here!
Goodbye OStatus; You’ve been deprecated!
Mastodon will no longer support OStatus. For most users this means that there will be no change whatsoever. For the extremely slim margin of people this affects, please refer to the discussion on the bug tracker to see how we got here. We’re a 100% ActivityPub household now!
The hashiest hashtags
3.0 brings support for auto-suggestions for hashtags and shows you how many times each tag has been used in the past week! This makes it easier to see what the fediverse is talking about and what tags are most popular during the week!
Even better, you can see trending hashtags now, making it easy to follow along with current events and the lightning-fast world of memes on the fediverse. Hashtag trends aren’t blind though; they’re reviewed by your admin to ensure they aren’t being gamed as a vector for abuse. Trust your admin? Use those hashtags!
The timeline’s alive, with the sound of music
We thought the old media player was pretty disappointing, so we did something about it! Introducing the new and improved audio player for web UI! Sharing audio on Mastodon is now much more user-friendly, with a vastly improved experience over the old player.
Changes to the UI
Single-column mode now supports scrolling from anywhere on the page! This makes viewing the timeline easier than ever and makes mastodon even friendlier to use on laptops and touchscreens.
Slow mode! It’s a slower mode! Pop into the preferences pane and toggle this mode to disable livestreaming in the timeline. Instead, you’ll see a manual link to refresh the feed, with a counter letting you know how many new toots there are for you to catch up on. Having a lot of followers doesn’t mean you aren’t able to keep up anymore: stay in the loop with slow mode!
Lastly, new users see a minimal UI and can change their email address before their account is acivated! Less worrying about typos in the sign-up phase just makes it easier for new friends to join, which is good news for everyone!
Conclusion
The 3.0 release consists of 563 commits by 23 contributors since June 22, 2019. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
It’s finally here! Mastodon 3.0 is live! The team has been hard at work on making sure that this release is one of our most user-friendly yet with some exciting new features! Here are just a few:
Stronger anti-harassment tools
We’re always looking for new ways to provide users and admins with the most robust and comprehensive tools to combat harassment on the fediverse. We take a lot of pride in excelling where Twitter, Tumblr and Facebook have continuously failed in this regard. As such 3.0 introduces some powerful new features: whitelist mode, and an optional public list of blocked domains.
With the whitelist feature it’s now possible for private, semi-private, and secured networks to be deployed. Want to deploy mastodon for educational institutions, networked between a couple schools? Or do you want to build a secured, user-first network within the fediverse itself? The choice is yours. This protects servers and their users from stalkers, intrusive web crawlers, and other malign agents by creating the tightest security on a server yet.
Additionally, server admins now have the option of making their domain blocklists public, with optional comments clarifying why a domain was blocked. Security on the fediverse relies in part on admins working together to enforce safe community standards, and this allows for the most robust way of sharing information about bad actors in the fediverse. We want you to not just see who was blocked, but why. Transparency lets you see how yours, and other, servers are being run, so you can make informed decisions.
Moving accounts
You spoke, we listened! Here is the completely revamped account migration system! Easier than ever, and with 3.0 comes the ability to bring your followers with you like magic! Point the old account to the new one, and the new one to the old one, using the new interface, and your followers will be transferred over!
Additionally, your old account will no longer show up in searches and will have limited functionality (that, of course, can be undone by re-activating it). This process is streamlined and straightforward, and we hope that it makes moving between servers even easier than before!
A more powerful search
Searching is now more flexible and more powerful than before. You can now search using “phrase matching” and by excluding words from a search by including a minus sign before a term. For example: if you wanted to search for Cute Doggos (I know what you like) but didn’t want to include cats, you’d just search for cute doggos -cat to get to get those puppies.
💁 Working with custom emojis just got easier! 😸
Admins can now create custom emoji categories! No more worrying about having too many, or thinking ‘oh jeez now I have 40 thounking emojo, where will I put them??’ No more scrolling through hundreds of custom emojis on the web UI to find that perfect way to express yourself! 🐣 Categories! They’re here!
Goodbye OStatus; You’ve been deprecated!
Mastodon will no longer support OStatus. For most users this means that there will be no change whatsoever. For the extremely slim margin of people this affects, please refer to the discussion on the bug tracker to see how we got here. We’re a 100% ActivityPub household now!
The hashiest hashtags
3.0 brings support for auto-suggestions for hashtags and shows you how many times each tag has been used in the past week! This makes it easier to see what the fediverse is talking about and what tags are most popular during the week!
Even better, you can see trending hashtags now, making it easy to follow along with current events and the lightning-fast world of memes on the fediverse. Hashtag trends aren’t blind though; they’re reviewed by your admin to ensure they aren’t being gamed as a vector for abuse. Trust your admin? Use those hashtags!
The timeline’s alive, with the sound of music
We thought the old media player was pretty disappointing, so we did something about it! Introducing the new and improved audio player for web UI! Sharing audio on Mastodon is now much more user-friendly, with a vastly improved experience over the old player.
Changes to the UI
Single-column mode now supports scrolling from anywhere on the page! This makes viewing the timeline easier than ever and makes mastodon even friendlier to use on laptops and touchscreens.
Slow mode! It’s a slower mode! Pop into the preferences pane and toggle this mode to disable livestreaming in the timeline. Instead, you’ll see a manual link to refresh the feed, with a counter letting you know how many new toots there are for you to catch up on. Having a lot of followers doesn’t mean you aren’t able to keep up anymore: stay in the loop with slow mode!
Lastly, new users see a minimal UI and can change their email address before their account is acivated! Less worrying about typos in the sign-up phase just makes it easier for new friends to join, which is good news for everyone!
Conclusion
The 3.0 release consists of 563 commits by 23 contributors since June 22, 2019. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
Following the successful launch of our official iOS app, in January we’ve begun the development of an Android version. We continue working with the NYC design agency Lickability and welcome Gregory Klyushnikov, better known as grishka on the fediverse, as the lead Android developer. Gregory is a talented developer with a history of working on social apps like VKontakte and Telegram.
Continued development is not limited to Android. Work on the app flows into the main Mastodon software as existing APIs are adjusted and new APIs are added to support new features, and the web app’s UI is improved with ideas from the professional UX designers working on the iOS and Android apps.
We are excited to bring an app that takes usability, new user onboarding and visual design seriously to one of the largest mobile platforms.
The efforts are sponsored by our generous sponsors on Patreon and our custom sponsorship platform, and by the Federal Ministry of Education and Research through the Prototype Fund (BMBF Förderkennzeichen: 01IS21S29). Thanks to everyone who is already sponsoring Mastodon, and stay tuned for updates!
You can subscribe to the mailing list below to be notified when the app enters a public beta, and when it launches:
Starting on Feb 8, 2021, we will be developing an official iOS app for Mastodon together with Sujitech and Lickability, which will be free to download and focused on helping new users get started
Mastodon Recap 2021
Eugen Rochko
Dec 8, 2021
Most popular content of the fediverse from 2021 and some numbers
Two reasons why organizations should switch to self-hosting social media
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 23,000 users and is growing fast. You can check it out here.
If your organization is hosting a Mastodon instance, it is essentially a self-perpetuating brand awareness campaign. When people from other instances talk to or follow your users, they see your domain name all the time, since it is part of their globally unique usernames. It’s like those sticker ads on cars, except you don’t have to pay for them and it doesn’t disturb anyone because you’re providing a service.
Twitter has put their API behind a paywall, strangled the app ecosystem. Twitter censors tweets on behalf of countries like Turkey, messes with its content delivery algorithms in unknown ways. Remember when Facebook changed its news feed algorithms, and overnight every Facebook page’s posts became virtually invisible and “fans” worthless? Unless you paid up to Facebook, of course. Being in control of your own megaphone rather than relying on a third party letting you use theirs is increasingly important.
Your own Mastodon instance means you decide what content to host. You take back control from commercial companies. And without sacrificing reachability — normally if you self-host a website, forum, or blog it means having to bring everyone over from other places, but the federated nature of Mastodon means that people don’t need to leave their own instances to follow yours.
Mark Zuckerberg’s manifesto might be well-spirited, but one thing in it is fundamentally wrong: In times like these, the most important thing we at Facebook can do is develop the social infrastructure to give people the power to build a global community that works for all of us. Facebook isn’t, and can never be, a platform where people have the power to build anything. Facebook doesn’t even have the pretense of a non-profit like Wikipedia or Mozilla; there is no doubt about the company’s main focus — extracting as much as possible from you — by analyzing your data and showing you ads in exchange for advertiser’s money.
Learning from Twitter’s mistakes
Eugen Rochko
Mar 3, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 22,000 users and is growing fast.You can check it out here. Very early on in the development of Mastodon I’ve decided that centralization and unexpected algorithmic changes were not the only one of Twitter’s problems. Harrassment and tools to deal with it have always been lacking on Twitter’s end.
A brief overview of current efforts and innovations in the decentralization movement on the World Wide Web.
This article assumes you’ve read my previous two blog posts, here and here. Why not give them a quick read if you haven’t already?
To balance out the doom and gloom of an internet wholly under the thrall of corporate interests and fed through single channels devoid of competition, it’s worth being aware of just how pervasive and powerful an idea decentralization is in the 21st century.
The structure of things now are remnants of the way things have always been done: we trust in a singular authority to manage everything behind the scenes so that our experience on this side remains seamless. ISPs, once a central requirement, are increasingly becoming outmoded, antiquated, and unnecessary. Do we need a middleman managing what is, for all intents and purposes, access to a utility?
Now, the same goes for the acts of communication themselves. We don’t need centralized servers, ostensibly the property of a single organization: we live in a time when the computers we keep on our persons, on our desks, and even run as virtual instances in the cloud are powerful enough to accomplish the same ends, without the need for a profit-driven entity to do the hard work for us.
Decentralization of services on the internet is critical. It has fundamentally transformed the way we share large files online already: bittorrent is, whatever you might think of it, a hugely successful demonstration of the power of decentralized services.
Mastodon is more than just a twitter-like platform. It’s proof that microblogging isn’t something that needs corporate ownership to be functional. Moreover, it’s flexible: with very little tweaking Mastodon instances can operate like Instagram, like Snapchat, or like any other content that comes tucked away in a container.
More than functionally-similar, it can maintain cross-compatibility, and continue to federate with instances that can run with completely different rules. One project, Peertube, does exactly this. A federated, decentralized video sharing platform using the same backend as Mastodon, but around the sharing of video clips.
Outside of social media, decentralization is, and has, paved the way for radical communication. We often don’t consider this, but the World Wide Web itself is decentralized (or should be, lest we ask Facebook), and so is Email: the original federated communications system. Going forward, these ideas are taking on a new life.
Matrix is exactly the kind of exciting development that high-speed, synchronous communications have been waiting for, and more. It offers extremely secure end-to-end communication, is designed to be applicable to just about any communication channel, and ready for enterprising developers to implement it. Not later, but now: you can start using Matrix immediately.
This is a serious development: serious enough that the forthcoming Librem-5 phone from Purism incorporates it natively.
Let’s think about the future, by thinking about the present.
Despite the current US political climate, many states are enshrining net neutrality rules that disallow ISPs to play favorites with traffic. This is, to my mind, a powerful step to ensuring they operate as utilities and not as luxuries.
But do we need ISPs at all? Many communities have sued large ISPs for failing to deliver on contracts, and opt instead to install and manage extremely high-speed fiber optic networks themselves. In New York, this has gone one step further: NYMesh.
A decentralized, high-speed network that operates from node to node, independent from ISPs, and at no profit. Not only is it community-owned and oriented for public use, it’s functional even during emergencies, for anyone willing to participate. The speeds it delivers are comparable, and exceed, what you can get from traditional ISPs at reasonable prices.
As hardware improves for line-of-sight data transmission and for mesh networks to operate phone-to-phone, or even from local wireless repeaters owned and maintained at the municipal level, the need for corporate structures to exist as a measure of control disappears altogether. We are on the cusp of a massive shift towards an end to the central control of our experiences, but only if we’re willing to make the changes individually.
Mastodon isn’t the first decentralized anything, but it’s the first real proof that we can have what, until recently, has only been promised by huge corporations at the cost of our privacy, our data, and our intellectual freedom. It gives back a platform; the first of many.
How long until someone develops a way to host a facebook-alike platform without the need for a centralized server? It doesn’t have to be long: we have the means today, all we need now is the will to change.
To get started with Mastodon, go to JoinMastodon.org and pick a place to call home! Use the drop-down menus to help narrow your search by interest and language, and find a community to call your own! Don’t let the fediverse miss out on what you have to say!
The online space is dominated by a small handful of companies that command a disproportionate amount of power and influence over the entire online experience, not just social media. So much influence that several of these companies have fundamentally altered many aspects of life offline; often described with the floral language of the privileged as ‘disruptive,’ but more clearly understood in the common tongue as ‘destructive.’’ The five most valuable companies at the end of 2017 were, in order: Apple, Alphabet (the company that owns Google), Microsoft, Amazon, and Facebook.
This Isn’t About Social Media. This is About Control.
Tremaine Friske
Feb 19, 2018
Human beings, above all else, are storytellers. It’s how we relate to our own past, or personalities, or each other. It’s how to connect with the world around us, make sense of events, and assess values. We rely on stories to function as agents in the world. These stories are often told in-person: “oh, I did this today, I felt like this, then this happened and I was like ‘whoa no way!
It always was, but now it takes one click to install
We have published a 1-click install image on DigitalOcean. This reduces the initial time investment in self-hosting Mastodon substantially. You create a new droplet, choose the Mastodon image, and once it boots up, you are taken through an interactive setup prompt.
The only necessary information for the prompt is a domain name (it should already be pointing at the IP address of your droplet!) and credentials to some e-mail delivery service, like SparkPost, Mailgun, Sendgrid, or something similar. Once you enter them into the setup prompt, your brand new Mastodon server boots up, ready to go.
Optionally, the setup prompt can also take Amazon S3, Wasabi or Google Cloud credentials for storing user uploads in the cloud instead of the local filesystem on the droplet.
What you get in the droplet is a standard installation of Mastodon, exactly as if you simply followed installation instructions in our documentation. This means that the documentation already covers everything you might want to know!
The role of mastodon.social in the Mastodon ecosystem
Eugen Rochko
Mar 20, 2019
Can you imagine Facebook closing registrations and saying “Sorry, we have too many users already, you can go sign up on Twitter instead”? And yet, this sort of situation comes up with Mastodon every so often, in regards to the mastodon.social server. You see, Mastodon is decentralized. That means there is no “main” server. If mastodon.social actually disappeared from the face of the Earth, it would not bring down the Mastodon network at all.
Mastodon 2.7
Eugen Rochko
Jan 20, 2019
In this release: New profile directory, new tutorial, new public hashtag pages and more moderation tools
So you want to be part of the Mastodon network, and you want to truly own your data, independent of anyone else. Perhaps you want to curate a niche community for a specific interest, or maybe for your own family or close circle of friends. You went through the documentation and installed the software, or maybe you chose one of the availablehosting options to avoid all the technical nonsense altogether. What’s next?
There are three categories of things you’ll be doing: Customization, federation and promotion. If your community is going to be private, you can skip that last part.
Customization
After logging in (with admin privileges on your account!), navigate to Administration -> Site Settings. At the top of the page is the most important information about your server. You may leave the title as Mastodon, but you absolutely should:
Specify a contact e-mail address, so people know who to reach out to if all else fails
Username of a contact person (usually it’s your own username), so people can see who owns the server
A one-paragraph description of what your server is about or what differentiates it from others.
You can also upload a (preferably) 1200x630px picture to be used as thumbnail for when your server is linked from other websites, such as Slack, Discord and Twitter. JoinMastodon.org also displays that thumbnail when listing your server (more on that later).
The next and last crucial part is adding a code of conduct. This is not necessary for private servers, but if you expect strangers to sign up, you need it. A code of conduct delineates what sort of community and what sort of content you want to host. If you don’t know where to start, a lot of servers have copied the code of conduct from mastodon.social, which has been collaboratively drafted by its community.
Federation
You should not be starting your own server if you’re totally new to Mastodon, unless you have a private community you’re bringing with you. In a decentralized system like Mastodon, content travels through a web of personal connections, so if you don’t have any connections, you don’t have any content. You should start with an account on a reasonably active Mastodon server and find people you like.
Then you should bring those connections with you to your own server. That can be quite simple if, on the other server, you go to Settings -> Data Export and download your following list as a CSV file, and finally on your own server, you go to Settings -> Import and upload that file. From my experience, you should follow at least 40 or 50 active people from other servers to kickstart your own. That ensures a steady flow of new content — on your home timeline it’s just those people you follow, but on the federated timeline, it’s them and the people they share and interact with.
I might be biased, but I find that following admins of other servers is usually a good choice. Usually, they share a lot of content from their users, so you get some insight into their entire community. You might feel compelled to do the same when you get your own users, too.
When new people join your server, they will have something to look at and so will be more likely to stick around.
Promotion
JoinMastodon.org is meant to do some of this work for you. It pulls its data from instances.social, an independent directory of Mastodon servers. Once you have a contact e-mail address configured in your Site Settings, you should sign up on instances.social and fill out which languages and which categories you want to be listed under. As long as you have open registrations and at least one active user, you should appear on JoinMastodon.org (I cannot guarantee this, however — the priority of JoinMastodon.org is to onboard new users as smoothly as possible, not necessarily to promote each and every admin). In any case, you will appear on instances.social, and that’s important too.
Beyond that… Community building is magic, and there is no one formula for it. Spread it in your group of friends. When you see people on other social media express interest in alternatives to those platforms, plug your instance. Good luck 😋
Improving support for adult content on Mastodon
Introducing Blurhash in Mastodon 2.8.1
The latest point release of Mastodon adds a small new feature that might have a significant impact on all adult content creators on the platform. The feature has a fancy, memorable name: Blurhash. But first, let’s talk about how adult content works on Mastodon.
Mastodon allows you to put content warnings on posts. These can be textual, hiding the text content, for example if you want to talk about spoilers or something uncomfortable for other people. Images and videos can be hidden as well, even while leaving the text visible. When the images and videos are hidden, you only see a black box where they would be, that can be clicked to show them.
Beyond providing visual protection against say, co-workers looking over your shoulder to see something inappropriate on your screen, Mastodon also does not load said images or videos at all until you choose to unhide them, which helps if it’s important that inappropriate content is not stored in your browser’s cache. But there is a drawback. Every post with hidden media looks the same. They all blend together. Especially in public timelines, which provide a stream of all public posts that people use to explore Mastodon outside of their friend circle. As a result, posts with hidden media usually get less interactions.
Here comes Blurhash. Developed by Dag Ågren, who is behind the popular iOS app for Mastodon, Toot!, it is an algorithm that compresses a picture into a short string of letters. The string is so small that there is no problem with saving it in the database, instead of as an image file, and conversely, sending it along with API responses. That means that string is available before any image files are loaded by the browser. You can see where this is going… When you decode the string back into an image, you get a gradient of colors used in the original image.
So little information is transmitted through blurhash that is is safe to display even if the underlying content is inappropriate, and the resulting gradient is pleasant to look at. Even more importantly, it’s different for each image, making posts with hidden media look different from each other, which should hopefully increases their chances of getting noticed. But that’s not all! Even for posts where images and videos are not supposed to be hidden, it provides a pleasant placeholder while the much heavier image files are loaded by the browser.
If you would like to use Blurhash in your project, there is a Ruby port on RubyGems and a JavaScript port on NPM. More are to be published by Dag Ågren in the future!
In June, I was able to officially register Mastodon gGmbH after nearly 8 months of legal work (“gGmbH” means “non-profit limited liability company”). A non-profit limited liability company in Germany is structered and operates similarly to a for-profit limited liability company with a few key differences. The founding document of the company is written such that the activity of the company is working towards goals that benefit the public; the shareholders may not receive any revenue from the company’s activities and can at most withdraw the funds that they originally paid in; employees may not receive extraordinarily high wages; and the company can receive donations which are then tax-free, although any other income that does not fit the definition of a donation continues to incur various taxes.
Developing an official iOS app for Mastodon
Eugen Rochko
Feb 5, 2021
Starting on Feb 8, 2021, we will be developing an official iOS app for Mastodon together with Sujitech and Lickability, which will be free to download and focused on helping new users get started
Mastodon 3.3
Eugen Rochko
Jan 29, 2021
It’s Mastodon 3.3 time 🎉 We’ve got security fixes, performance fixes, new moderation tools and quality of life features!
Why EUNOMIA builds on Mastodon
Eugen Rochko
Aug 4, 2020
An ever growing problem of the modern social media-rich world is misinformation. The trust that was previously placed into government officials and journalism has eroded; the internet gave everyone a voice but with it made it so much more difficult to distinguish truth from fabrication. The consequences of this are very real: Almost eradicated illnesses are making a comeback because people refuse to vaccinate their children, Covid-19 is continuing to spread because people refuse to wear masks and practice social distancing, more and more people start believing that the Earth is flat and descend down a rabbit hole of ever more absurd conspiracy theories.
Mastodon 3.2
Eugen Rochko
Aug 2, 2020
The new Mastodon release brings you a much better audio player and improved support for different audio and video formats, as well as some additional security mechanisms.The audio player has been completely reworked to have a more eye-catching design. It will extract album art from the uploaded audio file automatically, or allow you to upload a thumbnail of your own choosing to be displayed in the center. Dominant colors from the artwork or thumbnail will then be used to give the player a unique look.
Adding sign-up to your Mastodon app
Eugen Rochko
Oct 12, 2019
Since Mastodon 2.7, it is actually possible to let users sign up through your app, instead of asking them to go to a Mastodon website directly and then return. Let’s go over how this can be done.
In the previous tutorial we have learned how to send a reply to another ActivityPub server, and we have used mostly static parts to do it. Now it’s time to talk about how to subscribe to other people and receive messages.
The inbox
Primarily this means having a publicly accessible inbox and validating HTTP signatures. Once that works, everything else is just semantics. Let’s use a Sinatra web server to implement the inbox.
In fact, I intend to omit persistence from this tutorial. How you would want to store data in a real application is very much up for debate and depends on your goals and requirements. So, we’re going to store data in a variable and implement a simple way to inspect it.
require 'sinatra'
INBOX = []
get '/inspect' do
[200, INBOX.join("\n\n")]
end
post '/inbox' do
request.body.rewind
INBOX << request.body.read
[200, 'OK']
end
That’s an absolutely basic implementation. Save it in server.rb. You can run the server with ruby server.rb (you need the Sinatra gem installed before that: gem install sinatra). Now on this server you can navigate to /inspect to see the contents of your inbox, and you (and anyone, really) can POST to the /inbox to add something there.
Of course, anyone being able to put anything in there is not ideal. We need to check the incoming POST requests for a HTTP signature and validate it. Here is what a HTTP signature header looks like:
We need to read the Signature header, split it into its parts (keyId, headers and signature), fetch the public key linked from keyId, create a comparison string from the plaintext headers we got in the same order as was given in the signature header, and then verify that string using the public key and the original signature.
require 'json'
require 'http'
post '/inbox' do
signature_header = request.headers['Signature'].split(',').map do |pair|
pair.split('=').map do |value|
value.gsub(/\A"/, '').gsub(/"\z/, '') # "foo" -> foo
end
end.to_h
key_id = signature_header['keyId']
headers = signature_header['headers']
signature = Base64.decode64(signature_header['signature'])
actor = JSON.parse(HTTP.get(key_id).to_s)
key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem'])
comparison_string = headers.split(' ').map do |signed_header_name|
if signed_header_name == '(request-target)'
'(request-target): post /inbox'
else
"#{signed_header_name}: #{request.headers[signed_header_name.capitalize]}"
end
end
if key.verify(OpenSSL::Digest::SHA256.new, signature, comparison_string)
request.body.rewind
INBOX << request.body.read
[200, 'OK']
else
[401, 'Request signature could not be verified']
end
end
The code above is somewhat simplified and missing some checks that I would advise implementing in a serious production application. For example:
The request contains a Date header. Compare it with current date and time within a reasonable time window to prevent replay attacks.
It is advisable that requests with payloads in the body also send a Digest header, and that header be signed along in the signature. If it’s present, it should be checked as another special case within the comparison string: Instead of taking the digest value from the received header, recompute it from the received body.
While this proves the request comes from an actor, what if the payload contains an attribution to someone else? In reality you’d want to check that both are the same, otherwise one actor could forge messages from other people.
Still, now you have a reasonably secure toy inbox. Moving on.
Following people
To register as a follower of someone, you need to send them a Follow activity. The receiver may manually decide whether to allow that or not, or their server may do it automatically, but in the case of success you will receive an Accept activity back referring to your Follow. Here is how a Follow may look like, if you would like to follow the official Mastodon project account, the URI of which is https://mastodon.social/users/Mastodon:
Make sure your actor JSON points to your inbox, and your inbox server is running and publicly accessible under that URL, then deliver that activity to the target user’s inbox, in our example it would be https://mastodon.social/inbox.
If everything works correctly, inspecting your inbox you should find an Accept activity. Afterwards, you will find other activities in there from the person you followed, like Create, Announce and Delete.
Ideally, you’d follow your own Mastodon account, just so you can control when to post, otherwise you may end up waiting for your inbox to fill for a long time.
Conclusion
This brings you almost all the way to a fully functioning ActivityPub server. You can send and receive verified messages and subscribe to other people. As mentioned at the start, everything else is semantics. To support other people subscribing to you, you would listen for incoming Follow activities, send back an appropriately formatted Accept activity, write down the follower somewhere and send them every new post you create.
This is an update for my Patreon supporters. It is posted on Medium because of its superiour formatting capabilities.
So, April, huh. A lot happened. I was putting off writing an update on here because I knew I had to go into detail on all the things that happened, and that’s quite a daunting task. Before I dive into things, a couple short notices:
The way I work with the GitHub repository has changed. I no longer work directly on the master branch. I (and other volunteers) work on feature branches. Something can only be merged into the master branch through a pull request that receives a review and approval from at least one trusted contributor. This means that the master branch is a lot more stable, and there is a lot more accountability for who does what and when. However, the master branch is still not a stable enough medium for the (literally) thousands of Mastodon instances running in production. Therefore, we now do actual releases — v1.1, v1.2, v1.2.2 etc. The releases now contain detailed changelogs, linking back to the pull requests in which the changes were made, with a list of all contributors for the release at the bottom. This replaces the changelogs I was publishing on this blog.
With 666 patrons (hah!) individually managing the sponsors list is no longer viable. I will be automating it from the CSV export in Patreon. This means the sponsors list will be using the username you have on Patreon and link to your Patreon profile.
So, April, huh. Twitter changed the reply system, which everybody told them they shouldn’t do, and then removed the iconic egg avatar for new users, and suddenly all of my work of telling people that one day Twitter would do something they didn’t like and they’d need a viable alternative paid off. Mastodon caught on on Infosec Twitter, which is both huge and influential, and (somehow, I do not quite understand how) also French Twitter. France really likes free software and decentralization, as it turns out! Think explosion of users from 20,000 to 42,000 in the span of two days. Most importantly, this offset a wave of press attention, from French journals to tech journals to non-tech journals. I had phone and text interviews with The Verge, Mashable, Wired, Engadget and more. I actually don’t remember exactly, because I chose not to read the resulting (or any) articles for the sake of my mental health. (On the other hand, my mother collected them all). The Mastodon band has playfully acknowledged the project. We also witnessed the birth of a meme of a man not being able to be found by William Shattner.
Did I mention that Pixiv, the Japanese artist gallery company (sort of like deviantArt, but better) has opened its own Mastodon instance, Pawoo.net? They even made their own version of the Mastodon mascot. They have already contributed back some cool performance improvements, as well.
At the time of writing, the Mastodon network includes more than 486,767 users spread out among more than a 1,212 instances. That’s how far we’ve come. But it’s not just that. A lot more people have learned and become interested in Free and Open Software and decentralization. The GitHub repository has seen an absolute explosion of activity, from bug reports and feature requests (550 at the time of writing) to code and translation contributions from the community. Many people started learning Ruby/Rails and JavaScript/React.js to be able to participate. I feel like there is a lot more documentation on how to deploy a Rails application on the Internet than there was before Mastodon.
Success brings challenges. Insane new loads on mastodon.social were reason for multiple optimizations and bug fixes, speeding up performance hotspots by more than two times, as well as exploration of more complicated deployment techniques (e.g. pgBouncer). The hardest challenges are organizational rather than technical. Tending to the bug tracker, support questions, reviewing and merging pull requests is all a huge responsibility and time sink. Furthermore, there are other tasks like communicating the roadmap for the near future, community outreach, and coordinating efforts from contributors that I feel myself ridiculously overwhelmed by. My personal philosophy of “announce when it’s done, promise nothing” may be good for positively surprising people after the fact, but pretty bad for managing a project and people’s morale.
Seeing the Patreon pledge at over $3,000 means a lot to me. First of all, and this has come up a lot, so I feel like mentioning it — Patreon distributes the pledges on 1st of each month. That means I have seen nothing from all the new pledges yet — from last month I received about $700, which was less than my living and hosting costs. So any articles talking about me making a comfortable $3k/mo are a bit premature on that front, and ignore all the past months I was working full-time on less than a living wage. With that out of the way, the new budget allows me more wiggling room in hosting options of mastodon.social, makes my dad worry less about me not working for another company like all the other people, and will hopefully allow me to hire additional staff for the aforemention tasks like project management and community outreach.
On a somewhat related topic, people love fluffy elephant friend, and there were a lot of calls for merchandise. That’s another way the project can be supported financially, with the added benefit of spreading awareness of it. I am still waiting on my artist friend to free up to work on new high-res artwork for t-shirts, but I have published an official sticker with the iconic cutie:
To conclude, here is the list of releases published since my last Patreon update mid-March:
The above links will take you to the detailed changelogs, but here are the most prominent changes summarized:
Direct messages
Avatars now finally hover-to-play
Option to disable all GIF autoplay
Option for confirmation dialogs for boosts
Confirmation dialogs for deleting/blocking/muting
Videos can be expanded
Improved search UI, ability to open remote statuses by pasting their permalink URL into the search
Two-factor authentication now requires one confirmation before activation, recovery codes added
Admin UI for domain blocks has been introduced (and improved in general)
An onboarding modal to greet new users and explain the basics
Localization and translations have been improved and expanded respectively
Various bug fixes, performance improvements and UX polishing
A public road map for the future is being worked on, but it’s safe to say now that the next release will be v1.3 (minor release) and not a patch release due to the amount of new features in the pipeline.
My instance mastodon.social has recently surpassed 43,000 users. I have closed registrations both to have more time to investigate the infrastructure and ensure a good experience for existing users, and to encourage more decentralization in the network (with a wonderful effect — the Mastodon fediverse now hosts over 161,000 people spread out over more than 500 independent instances!) But providing a smooth and swift service to 43,000 users takes some doing, and as some of the other instances are approaching large sizes themselves, it is a good time to share the tips & tricks I learned from doing it.
Two reasons why organizations should switch to self-hosting social media
Eugen Rochko
Mar 16, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 23,000 users and is growing fast. You can check it out here. If your organization is hosting a Mastodon instance, it is essentially a self-perpetuating brand awareness campaign. When people from other instances talk to or follow your users, they see your domain name all the time, since it is part of their globally unique usernames.
Article 11 is commonly known as the Link Tax, wherein linking to public pages may become illegal if the link displays a content preview using OpenGraph tags included by the page authors; Article 13 mandates that all user submissions must go through a content filter to detect copyright violations.
There will be a wider vote on this in the European Parliament in July. Both would affect how Mastodon operates. Here is why we must oppose its passing:
Content detection is not reliable
Known content identification systems such as those on YouTube routinely lead to wrongful takedowns. Sometimes it will detect faint music, inaudible to humans, in a video of the outside. It will mistakenly block public domain or transformative work. But at the same time, it will fail to notice songs with slightly shifted pitch, or video that’s been horizontally flipped. People will file claims for content they don’t actually own, and the onus will be on the creators to prove they have a right to upload. This will stiftle freedom of expression and will rob us of creative diversity.
The YouTube of today is already suffering from this, even without Article 13. You think DMCA and demonetizations are bad? People will be denied at time of upload, everywhere.
Small players vs. content filtering
While large social media platforms like Twitter, Tumblr, Facebook and GitHub will be able to invest in developing the technologies required for copyright infringement scanning, others will not. And there are a lot of places on the internet outside of those platforms: blog comments sections, forums, image boards, and of course, Mastodon servers. Non-profit websites, run by individuals or small organizations, will not be able to comply with such requirements. It presupposes not only a technological investment, but also access to copyrighted content libraries to-be-scanned-for.
This might lead to an emergence of content ID service providers, centralized scanning facilities, which adds not only another financial factor into the picture, but introduces a huge privacy risk by aggregating all posts from many different platforms into one place. You don’t even have to believe in government snooping, just think of all those data breaches like Equifax.
The internet is not just big platforms
If often feels like when the EU passes internet regulations, they think only about the big names like Facebook, Twitter, Google and Amazon. When Germany implemented their own version of the link tax, Google still managed to negotiate a free deal with publishers, because if the publishers are excluded from Google, they’re essentially outcast. But guess who does not have the power to negotiate such deals? Smaller Google competitors.
Similarly, GDPR caused a panic among smaller websites and web services due to the fear of being fined a hefty fee, with many shutting down due to uncertainty. Who did not need to panic or scramble were the companies who the law was primarily aimed at, those who violated our privacy the most: Google, Facebook, Twitter, Amazon. They can afford plenty of lawyers and engineers to comply with any new regulations.
It is the nature of regulations to shut out small players, and that’s not always bad. You want water and food quality to be regulated, you don’t want any amateurs dabbling in that. And internet privacy is important for sure, in the case of GDPR it seemed to come from the right place. But any regulations will entrench the biggest companies on the market, and you have to ask yourself: Are the media conglomerates whose business model is exploitation really the landscape of the internet you want to solidify for the foreseeable future?
The successful companies of today have only been able to become such because the internet was decentralized and anyone could enter the game board freely. I do not think that they are the pinnacle of what is possible, however.
We need to keep the decentralized web alive, and oppose Article 11 and Article 13.
I follow many talented artists on Mastodon, and over my 2 years of being on the platform I have noticed some common patterns that may help a newcomer find their audience on here, too.
How to implement a basic ActivityPub server
Eugen Rochko
Jun 23, 2018
Today we’ll be looking at how to connect the protocols powering Mastodon in the simplest way possible to enter the federated network. We will use static files, standard command-line tools, and some simple Ruby scripting, although the functionality should be easily adaptable to other programming languages. First, what’s the end goal of this exercise? We want to send a Mastodon user a message from our own, non-Mastodon server. So what are the ingredients required?
First, a refresher on the fundamentals, which haven’t changed: Mastodon is decentralized between independently-operated servers. These servers each have a separate admin, and possibly a moderation team, as well as their own code of conduct. From that follows that:
You can be with a community that resonates with your values and ideas of moderation
The ratio of “everyone” to “people who can handle abuse reports” is much, much higher than on any centralized service
The moderation team of your server, be it just one admin or multiple people, is a lot closer to you and more approachable and can therefore take abuse seriously
So that’s already a huge advantage over other platforms due the basic design. And in my opinion it’s got advantages over the other extreme, too, a pure peer-to-peer design, where everyone would have to fend for themselves, without the pooled resources. However, there’s more.
Design decisions
Before I proceed, I need to delineate that the following design decisions are more about what the software nudges you towards, rather than a tamper-proof barrier against some behaviours, which is not possible. Mastodon deliberately does not support arbitrary search. If someone wants their message to be discovered, they can use a hashtag, which can be browsed. What does arbitrary search accomplish? People and brands search for their own name to self-insert into conversations they were not invited to.
What you can do, however, is search messages you posted, received or favourited. That way you can find that one message on the tip of your tongue.
Another feature that has been requested almost since the start, and which I keep rejecting is quoting messages. Coming back to my disclaimer, of course it’s impossible to prevent people from sharing screenshots or linking to public resources, but quoting messages is immediately actionable. It makes it a lot easier for people to immediately engage with the quoted content… and it usually doesn’t lead to anything good. When people use quotes to reply to other people, conversations become performative power plays. “Heed, my followers, how I dunk on this fool!” When you use the reply function, your message is broadcast only to people who happen to follow you both. It means one person’s follower count doesn’t play a massive role in the conversation. A quote, on the other hand, very often invites the followers to join in on the conversation, and whoever has got more of them ends up having the upper hand and massively stressing out the other person.
Twitter forces you to choose between two extremes, a protected account and a fully public account. If you have a public account, all your tweets are visible to everyone and infinitely shareable. Mastodon realizes that it’s not something you might always want, though. Each individual message can either be:
Fully public, appearing to your followers, the public timelines, anyone looking at your profile
Unlisted, appearing to your followers and anyone looking at your profile, but skipping the public timelines
Private, appearing only to your followers and people mentioned in it
And direct, appearing only to people mentioned in it
Unlisted messages are perfect if you want to be just a little low-key and not attract strangers to interact with you; private is great when you don’t want your messages easily shared around. Each choice can be set as the default. And of course, on top of that, you can “lock” your account: Locking prevents people from being able to follow you without you getting a chance to say yes or no first.
Mastodon has a lists feature for categorizing the people you are following and making your home feed more readable by essentially splitting into multiple ones, but unlike on Twitter, you cannot add someone to a list unless you are already following them, and the lists are personal, not public.
Hiding things
Mastodon offers a massive amount of ways to hide unwanted content from your eyes. Are strangers bothering you? You can block notifications from people you don’t follow. You don’t want someone to easily see your posts, as well as forgetting they exist? The good old block function is there. It hides notifications from the person, it hides any messages that mention the person, it hides other people sharing that person’s messages. Want the same thing, but for them to not know they’ve been blocked? That’s the mute function.
Are you tired of receiving responses to one of your posts? You can mute the conversation and forget about it. And if you notice that you’re muting a lot of people from the same Mastodon server, and there’s no end to it, you can hide everything from a specific domain. That will hide all of their posts and remove any followers you might have had from that server so they no longer receive your posts, either.
In the coming weeks, once 2.4.3 is released, you’ll be able to tune out of a specific topic for a time or forever by adding text filters. They will match keywords or phrases in the posts and hide those posts from you, either everywhere or in specific contexts only.
On the other end, you can hide your messages behind content warnings, for example if you want to discuss the events of the last episode of some show or a book. And rather than dooming your entire account to be “sensitive” like on Twitter, where it’s hidden from everyone who hasn’t opted to look at sensitive content, on Mastodon you can hide media uploads only in specific posts (or, of course, set it as the default).
You can also hide the list of people you are following and who follow you from your profile.
Moderation tools
When someone’s breaking a servers rules, it’s no longer a matter of just hiding them from your personal sight–that’s where moderation steps in. Mastodon has a report function, in which you can report an account to the server’s administration, optionally specifying a message and choosing which of their posts to include in the report as examples. If the reported person resides on a different Mastodon server, you also have the option of anonymously forwarding a copy of the report to the admins of that server, since they might also be interested in knowing about an offender.
Mastodon’s moderation system is very similar to that of a forum. It supports two administratives roles: moderators and admins. When a report comes in, both groups get a notification e-mail and can proceed to either:
Ignore the report if it’s unsubstantiated
Leave notes for the account that other staff members can see
Delete the offending posts
Sandbox the account so nobody who isn’t already following them can see their posts
Disable access to the account temporarily
Remove the account and all of its data permanently
It doesn’t matter if the offending account is on your server or a different one, these measures are contained within your server, which is how servers with different policies can co-exist on the network: You moderate according to yours, I moderate according to mine.
If there is a server fundamentally opposed to yours, or one that refuses to keep its offenders in check so moderating them on your end individually ends up being too much work, there is an option to either sandbox or block an entire domain.
Conclusion
Wherever people meet, there will be disagreements and trouble. Maintaining communities that feel safe for all of its members is not easy. Mastodon provides a lot of foundational framework and tools for doing it, and shifts the power to effect change from one commercial entity to the communities themselves.
In the previous tutorial we have learned how to send a reply to another ActivityPub server, and we have used mostly static parts to do it. Now it’s time to talk about how to subscribe to other people and receive messages. The inbox Primarily this means having a publicly accessible inbox and validating HTTP signatures. Once that works, everything else is just semantics. Let’s use a Sinatra web server to implement the inbox.
Why we must oppose the new copyright directive
Eugen Rochko
Jun 25, 2018
A committee of members of the European Parliament have voted to approve Article 11 and Article 13, which pose a risk to the decentralization of the web and freedom of creative expression.
With the release of our Android app on the Play Store we are now present on the both major mobile platforms. The apps are gaining overwhelmingly positive reviews, some even going so far as to claim that our onboarding is smoother than any other social media platform’s; our iOS app is rising through the ranks of top social networking apps on the App Store; and for the first time in Mastodon’s history, server admins are seeing ever increasing numbers of new sign-ups from mobile apps instead of the web interface.
We hope the trend continues now that people can easily find the app and sign-up by simply searching Mastodon on their app store of choice, and now that Mastodon can take advantage of the app stores’ own discovery features.
We’ve put a lot of care and resources into developing these apps, counter-acting the stigma that open-source projects do not prioritize ease of use and visual design by working with world-class UX designers that had prior experience working on major commercial social networks. As a result, we have apps that are extremely slick and visually pleasing and do not look out of place on their respective platforms.
This is an opportunity to take a closer look at some of the design considerations.
Onboarding
One of the challenges of Mastodon adoption is the onboarding process, because it’s not enough to capture a person’s desired username and e-mail and let them create an account, which is what people are used to from major websites; instead, you need to first choose a Mastodon server where you will make the account (comparable to e.g. choosing an e-mail provider). The implications of choosing the server are primarily in who is the entity responsible for the server, what moderation policies they enforce, what language and jurisdiction they operate in, and which domain name will be part of your username.
We approached this problem with a multiple-step sign-up flow that begins with choosing a server, then requires to agree to summarized moderation policies of the server, and finally goes on to the more familiar username, e-mail and password form. We maintain our own directory of servers that people submit to us after agreeing to some basic rules that guarantee data and user safety and quality of service; those are the servers we display on the first step by default. Still more consideration has been given to how to display them.
Our user studies have shown that retention drops off dramatically if the user has to wait for moderator approval before being able to log in (exception being experienced Mastodon users who are already invested in the network and know exactly what they are getting into by requesting an account from an invite-only server); people lose interest and never login even after being approved. Therefore we do not show invite-only servers in the app, focusing instead on the ones that allow people to get started immediately.
The determining factor in a user’s experience on a server is the number of other active users on the server. All discovery features are ultimately powered by user activity, and the first user on a server would have to do a lot of exploration off-site (through word of mouth, browsing other servers, or other channels) to fill their home feed. But cultivating a decentralized social network, we do not want power to concentrate on just a few ever-growing servers. Therefore, rather than simply putting the most active servers on the top, our algorithm pushes medium-sized servers higher.
We also provide a search field that allows inputting the server domain directly.
The last step in onboarding, after the user has confirmed their e-mail address, they are presented with the options to follow a selection of accounts popular on the server that predominantly post in the user’s language, or to head to the explore tab to look at what’s trending on the server.
Discovery
While designing the official apps we got an opportunity to reconsider some Mastodon features. The federated timeline, also known as the public timeline, firehose, or “whole known network”, is a view into a Mastodon server’s real-time database of public posts; and the local timeline is that, but filtered by only posts originating from your Mastodon server. While some people came to rely on those tools, there were multiple reasons against including them in the apps.
The federated timeline has too high of a signal vs. noise ratio to be effective as a discovery tool. Due to the way Mastodon pulls down content to provide more detailed profiles and conversations, the federated timeline becomes unmanageable on servers of all sizes, even single-user ones. Unsurprisingly, most content is not actually worth looking at, and in some cases, actively undesirable.
This real-time view into everything that’s published on the server is a platform for all sorts of abuse that can only be stopped after the damage has been done. Normally, if someone posts spam or nudity, it would not be seen by anyone but themselves. Local and federated timelines instantly turn that into an issue affecting everyone. This puts extra strain on moderators.
With Apple and Google historically holding apps accountable for content users can access through the app, even when the app could be reasonably classified as a browser, showing unfiltered content is a ticking time bomb for the app’s presence on the major app stores. Especially considering our goal of attracting new users, those users are of-yet less invested in Mastodon as a platform and less likely to use in-app reporting and blocking tools instead of giving up on the app.
Another consideration for the local timeline specifically is that it detracts from Mastodon’s core functionality. Let’s say you explain that Mastodon lets you follow anyone regardless what Mastodon server you are on, their posts will be in your home feed, so you can sign-up anywhere or even self-host. But then you have to add that actually, there’s a feature that is the total opposite of that, that you have to be on a specific server to see it so you will need multiple accounts.
The local timeline is a centralizing force, as it puts pressure on people to sign-up to a specific server to get the experience they want, rather than being able to get that experience from any account on the network. It’s like if GMail started allowing people to send e-mails that are only visible if you have a GMail account. Google would love to do that, and GMail users might even have reasons to want it to happen, but it would be terrible for e-mail.
So if not local and federated timelines, then what?
We offer a new explore tab that highlights, among other things, currently popular posts. It is a much more efficient way to find interesting content and follow users on Mastodon without scrolling through many low-quality posts and unfamiliar languages. All data that Mastodon uses for calculating rankings is locally sourced so it’s heavily skewed towards things that are popular on your server, and everything goes through your server’s moderators before appearing on the explore tab, making it much less prone to abuse.
We also have a vision of a new feature to replace local timelines: groups. We imagine a group as a place with an actually separate timeline that you can post to, without the post also going out to the public, your profile, and your followers’ home feeds. This timeline could be made visible for group members only. You could join it from your account on any other server, thus alleviating concerns of infrastructure centralization while giving people everything they’ve ever wanted from local timelines. We’re set to complete this feature this year.
Going forward
We are not done! While the apps support all core functionality of Mastodon, there are still missing features like lists, pinned posts, new post notifications (“bell icon!"), editing, phrase filters management and so on that will be gradually added as we continue development. Plus the aforementioned groups feature in Mastodon itself!
We are developing an official Android app which will be free and focused on helping new users get started on the fediverse
Developing an official iOS app for Mastodon
Eugen Rochko
Feb 5, 2021
Starting on Feb 8, 2021, we will be developing an official iOS app for Mastodon together with Sujitech and Lickability, which will be free to download and focused on helping new users get started
With the sad news that KNZK was shutting down we thought it might be useful for people to have a refresher on the features that Mastodon has built in that make moving instances easy and painless.
Backing up Your Data
If you are moving to a new instance the first thing you will want to do is to get a backup of all of your data. Thankfully this process is painless with the Data Export tab under the “Import and Export” page. Here you can download your followers list, your muted users list and your blocked users list.
Keeping users safe is one of our top priorities and we highly recommend that anyone moving instances backs up their muted and block lists. We’ve made this as straightforward as possible to ensure that moving instances is a seamless experience and free from having to block those accounts that you do not want to see or interact with.
On this page you can also download a copy of your archive that can be read by any ActivityPub software. This archive includes all of your posts and media. So even if the instance that you are moving from shuts down, as is the case with KNZK, you will still have a copy of all of your posts!
Importing Your Data
Once you have backed up the data that you wish to bring over to your new account (we recommend all of it!) it’s easy to import these into your new account under the “Import” tab of the “Import and Export” page!
Here you will simply select the type of data that you are importing and then choose the CVS file that you exported earlier before hitting upload! The CVS files are by default clearly labeled with what kind of data they contain to make it easier to know which file to upload. Depending on your new instances size and the size of the lists that you have imported it will take a few minutes for all of the new data to be properly imported. When the data has finished upload your home TL should look like it did before!
Announcing the Move
As a final step in moving your account, something you may want to do is to let people know that you have moved your account to a new instance! Scrolling to the bottom of the “Appearances” tab of the Profile edit page you will find the option to announce that you have moved accounts under the helpfully titled “Move to a different account” header! What this will do is make it so that when people visit your old profile it is grayed out and people are redirected to your new account.
Moving instances is painless and straightforward with Mastodon and we’re happy to have developed tools that give users the greatest possible control over their own data while also keeping them safe!
In the future we are planning to expand the account migration functionality beyond a mere redirect message. The system will support notifying followers of the move and have them automatically re-follow the new account, with safety precautions. Stay tuned!
A fresh new release of the federated social network software is here, and while the primary focus of it has been on fixing bugs and improving performance, it brings a couple of notable new features to the board.
Delete & Redraft
There are legitimate reasons why social media platforms rarely, if ever, have an editing function. In an environment where content spreads like wildfire in a matter of minutes, you could easily conceive of nefarious misuses such as creating a post about something agreeable and positive, and, once it reaches critical mass, changing the content to something malicious.
Credit where credit’s due, people have come up with a compromise a long time ago. For example, the Better Tweetdeck browser extension includes an edit function that essentially takes the contents of a tweet, deletes the tweet, and pre-fills the compose screen with the old contents ready for editing.
Mastodon has adopted this Delete & Redraft function, with a slight change that allows us to avoid re-uploading the media altogether, so we can re-use it directly.
Hide network
You can find out a lot about a person by looking at who that person associates with. Some people are more vulnerable to this than others, like dissidents, activists and people from persecuted groups.
In a social network, associations are important for other purposes, too. Finding good content by looking at who your friends follow, or confirming that an account is not a bot or sockpuppet by looking at who follows them. Still, Mastodon now has an option to hide who you follow and who follows you from your profile.
Of course, that isn’t perfect — the people you follow, and the people who follow also have profiles… But it’s at least a small obstacle to unsolicited data collection.
Language filtering
Language filtering is vastly improved. When we released the feature, our community only had a handful of languages, and the language detection algorithm had a high rate of wrong guesses, which meant it was safer to err on the side of opting out of unfamiliar languages, rather than limiting your timelines to some particular language. Nowadays, Mastodon is extremely diverse, so the average person who speaks only their native tongue would have to go to the preferences screen and tick more than 20 boxes just to see only toots that they would understand. That’s obviously not how it should be.
We’ve added the ability for people to select a default language for their toots to override automatic detection (therefore reducing false positives) and we turned the opt-out system around into an opt-in one. Now, on the preferences screen, you only need to tick the boxes of the languages you want to see.
Friend finding
The biggest challenge of any social network is, unsurprisingly, the “network effect”. It becomes more useful the more people that you care about are on it. Another one is surfacing interesting content, which is tangentially related, but a topic for another article/release.
We are adding a more prominent link to “Find Twitter friends” to the UI. The tool in question is called the Mastodon Bridge: By having people sign in using their Twitter account and their Mastodon account, we can create a mapping between the two, and by checking the Twitter friend data, we can tell people who of their friends is on Mastodon, with a convenient “follow all” button.
There is a very common pattern where people would say to follow them on Mastodon, either on Twitter, Facebook, or another platform that was their primary. People who would listen to that would have to find a server, sign up, then find the person in the UI and finally follow them. We’re adding a new feature to roll all of that into one action: You can now create personalized invite links. Send the invite link to your old friends and followers, and they will be able to sign up on the same server as you and automatically follow you straight away. (Please mind that invites have to be enabled by your server admin — some have reasons not to allow that. Look out for the “Invite people” link in the UI, as it appears when the function is enabled)
The development of the next version of Mastodon coincided with the reveal of Vero, yet another commercial social network silo backed by millionaires with a shady past. Vero has struck a chord, at least until people caught on to its background, and it wasn’t just because of its unlimited marketing budget. It has struck a chord because it promised an alternative to Instagram, which started getting progressively worse for creators after being acquired by Facebook.
Mastodon 2.0
Eugen Rochko
Oct 19, 2017
About 6 months have passed since April, during which the major mainstream breakthrough of our decentralized social network took place. From 20,000 users to almost a million! What better time to run through a couple examples of what’s been introduced since then? Mastodon is defined by its focus on good user experience, polished design and superior anti-abuse tools. In that vein, the web app has received numerous updates. Using the latest browser features, the web app receives real push notifications, making it almost indistinguishable from a native mobile app.
The online space is dominated by a small handful of companies that command a disproportionate amount of power and influence over the entire online experience, not just social media. So much influence that several of these companies have fundamentally altered many aspects of life offline; often described with the floral language of the privileged as ‘disruptive,’ but more clearly understood in the common tongue as ‘destructive.’’
The five most valuable companies at the end of 2017 were, in order: Apple, Alphabet (the company that owns Google), Microsoft, Amazon, and Facebook. each business not only depends on, but commands large parts of the technological landscape. What do all these companies have in common?
Each are worth north of half a trillion dollars
They dictate the online experience, not describe it
They push extremely hard to have a closed ecosystem
They are monolithic, centralized power structures with unimaginable influence
These companies all are attempting to dominate the metaphorical place I generally call ‘the last mile’. This is, in shipping, the distance from the distribution center to your door, but it’s a term that can apply to the space between the content and your computer. If a website publishes news, or videos, or any sort of media at all, these are the companies that work to force it through a portal they own, rather than let you, as a user, leave their experience and go someplace else.
Control of this last mile is something that should be in the hands of people, and not centralized inside a corporate structure. Imagine an internet experience where you could never leave the walls of Facebook, or you couldn’t watch a movie, or a video, or even see a picture, outside of something with a ubiquitous Google logo in the corner.
In a recent article at Splitsider, Sarah Aswell speaks with Matt Klinman about the effect Facebook has had with online comedy and, in a sense, the overall problem it’s had on all forms of media as they occur on the internet. Go ahead and read it; I’ll be right here.
Facebook’s attempt at consolidating the entire internet experience through their initiative internet.org and collaborative partnerships therein are a direct way to deny the developing world the sort of unregulated, unflattened internet experience we take for granted, and are rapidly losing. Imagine more than half the world’s population never experiencing an internet of possibility, of different voices, of free expression, that wasn’t designed to be under the total provisional control of Facebook, including its direct need to control the entire pipeline for publishing all content, monetizing all experiences, and forcing advertising at the user.
Consider what Klinman said:
“Facebook is essentially running a payola scam where you have to pay them if you want your own fans to see your content. If you run a large publishing company and you make a big piece of content that you feel proud of, you put it up on Facebook. From there, their algorithm takes over, with no transparency. So, not only is the website not getting ad revenue they used to get, they have to pay Facebook to push it out to their own subscribers. So, Facebook gets the ad revenue from the eyeballs on the thing they are seeing, and they get revenue from the publisher. It’s like if The New York Times had their own subscriber base, but you had to pay the paperboy for every article you wanted to see.”
Think about Amazon, and it’s attempt to control the commercial, mercantile experience.
Consider every store on Amazon: identical in many ways, with little to nothing allowing one to differentiate from another. The only details highlighted are: cost of item, shipping rates, and is it prime available. It homogenizes the entire experience of purchasing online and drives everyone to a single site to buy. Once it has the only reasonable online space to shop, it takes total control over the vendors, their ability to sell, and can arbitrarily charge people to be able to participate in their space. Just like Facebook and publishers of content.
Amazon’s push to dominate the last-mile of delivery means they would own every part of the pipe: who gets to sell, who sees the products, and when it arrives. It runs shipping competition out of business and privatizes every step under a single brand. If you want to compete on the market, you have to chase prices to the bottom you can survive on, or you’ll be eliminated. Amazon’s goal, like Facebook’s, is to absolutely conquer the space and disallow any competition at all.
Even looking in the recent past, you can see this pattern playing out, over and over. Amazon buys Whole Foods to take over a large segment of physical shelf space for grocery shopping. Social alternatives like Instagram, WhatsApp, Periscope, and more, and bought and folded into a single experience, changed from update to update, until it becomes a homogeneous experience with no discernible difference from the company that owns it.
Centralized control takes away the power of choice, and replaces it with an illusion of selection.
Mastodon is a powerful first start in allowing people to take back their channels of engagement. It gives everyone an opportunity to, in part, diversify their online social universe, and prevent money from being the sole deciding factor in who gets to see, hear, or say anything on the internet.
To get started with Mastodon, go to JoinMastodon.org and pick a place to call home! Use the drop-down menus to help narrow your search by interest and language, and find a community to call your own! Don’t let the fediverse miss out on what you have to say!
Mastodon 2.5 released
Highlights from the changelog
Mastodon 2.5 is the 100th released version of Mastodon since the project’s inception almost 2 years ago. It brings a variety of improvements to the software, the full list of which is available in the changelog.
The public areas of the web interface have been redesigned. The color scheme and design is now more consistent with the logged-in interface. The new profile layout makes better use of space for bio text and increases the value of header images. Prominent follow buttons ensure that even people new to Mastodon understand quickly what they can do on it.
But that’s not all: The public pages now also display reply, favourite and boost buttons that open a remote interaction dialog that can take you back to your home server where you can actually interact with the toot from your account. That’s a lot simpler than having to copy & paste the toot permalink into your server’s search bar!
The other thing on the new profiles: You can choose to feature some of the people you follow on your profile, to be displayed in random order as a sort of recommendation to anyone who is visiting it. Your favourite cat owners, important voices or your associates, it’s up to you. Like the MySpace Top 8 without the “top” and the “8”, or even more like the WordPress blogroll.
Some of the smaller changes: The number of replies to toots is now stored and displayed so you can know straight away if a question you see has already been answered or if a lively discussion is happening. Mastodon now accepts MOV videos from iOS, and larger video files in general, and is smarter about resizing images.
Administration and moderation
For those who moderate Mastodon servers, a new dashboard provides an overview of important weekly numbers such as new sign-ups, user activity and liveliness. The number of e-mail notifications generated from reports has been reduced: reports for the same person do not generate a notification if one of the reports is currently unresolved. Additionally, you can now disable report notifications for yourself.
Suspensions in Mastodon are a harsh measure: You no longer have to fear misclicking and suspending the wrong person with a new confirmation screen that tells you how many toots and followers the suspension will affect before asking you to re-type the name of the account to make sure you didn’t click on the wrong one.
But that’s not all: The temporary account lock-out function has been made available to moderators as a softer, and completely reversible alternative to suspensions.
Deployment and scaling
For those who run Mastodon servers, the database schema has been adjusted to reduce disk write operations and CPU load of PostgreSQL. And for those who need to scale big, support for read-replicas is now baked into the software: it’s just a matter of changing configuration.
A new command-line interface is supposed to make working with Mastodon from the terminal easier, in place of the clunky rake tasks system. For example, there is a new way to import a pack of custom emojis. Let’s say we have an archive stored under /home/alice/Downloads/hackerman.tar.gz with the hackerman set of letter emojis saved as PNG files like a.png, b.png and so on, it could be imported with:
This will create custom emojis in Mastodon with shortcodes like :hacker_a: that will not clutter up the emoji picker but will be autocompleted.
Federation relays
If your Mastodon server does not have enough activity to be interesting to new users, that chicken-and-egg problem can now be solved by subscribing to a so-called federation relay. Federation relays are separate servers that act as a, well, relay between participating Mastodon servers, that is, every participating server receives every public toot from every other participating server.
It has to be mentioned that the core design of Mastodon where a server receives only toots from users it follows, rather than all toots from any one server, is more scalable long-term. However, servers that don’t yet follow a lot of people can often feel like ghost towns, and federation relays fix that.
Mastodon is now available on Google Play Store and the Apple App Store. Read about some of the design decisions we made for these apps!
Mastodon 3.5
Eugen Rochko
Mar 30, 2022
A brand new explore page, post editing, and new moderation features are just some of the additions in this new release of Mastodon!
Official Mastodon for Android app is coming soon
Eugen Rochko
Feb 9, 2022
We are developing an official Android app which will be free and focused on helping new users get started on the fediverse
Mastodon Recap 2021
Eugen Rochko
Dec 8, 2021
Most popular content of the fediverse from 2021 and some numbers
Trump's new social media platform found using Mastodon code
Eugen Rochko
Oct 29, 2021
From media reports and individual findings that various people have presented to us, it seems that the new social media platform owned by the former president of the United States, Donald J. Trump, so-called Truth Social, is using Mastodon’s source code with various visual adjustments. The platform has not formally launched yet, but it was made accessible ahead of time. Users were quick to note that the terms of service included a worrying passage, claiming that the site is proprietary property and all source code and software are owned or controlled by them or licensed to them:
EUNOMIA public pilot launch
Eugen Rochko
Oct 21, 2021
On behalf of the EUNOMIA project, in which I represent Mastodon, I am happy to announce that after nearly 3 years of development there is now a public pilot for the Mastodon community. But first, what is EUNOMIA and who is EUNOMIA? EUNOMIA is a “digital companion” for social media, a set of additional functions that aim to combat the spread of misinformation by helping you critically analyze social media posts before re-sharing them.
My instance mastodon.social has recently surpassed 43,000 users. I have closed registrations both to have more time to investigate the infrastructure and ensure a good experience for existing users, and to encourage more decentralization in the network (with a wonderful effect — the Mastodon fediverse now hosts over 161,000 people spread out over more than 500 independent instances!) But providing a smooth and swift service to 43,000 users takes some doing, and as some of the other instances are approaching large sizes themselves, it is a good time to share the tips & tricks I learned from doing it.
Two reasons why organizations should switch to self-hosting social media
Eugen Rochko
Mar 16, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 23,000 users and is growing fast. You can check it out here. If your organization is hosting a Mastodon instance, it is essentially a self-perpetuating brand awareness campaign. When people from other instances talk to or follow your users, they see your domain name all the time, since it is part of their globally unique usernames.
Learning from Twitter’s mistakes
Eugen Rochko
Mar 3, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 22,000 users and is growing fast.You can check it out here. Very early on in the development of Mastodon I’ve decided that centralization and unexpected algorithmic changes were not the only one of Twitter’s problems. Harrassment and tools to deal with it have always been lacking on Twitter’s end.
The power to build communities
Eugen Rochko
Feb 20, 2017
Mark Zuckerberg’s manifesto might be well-spirited, but one thing in it is fundamentally wrong: In times like these, the most important thing we at Facebook can do is develop the social infrastructure to give people the power to build a global community that works for all of us. Facebook isn’t, and can never be, a platform where people have the power to build anything. Facebook doesn’t even have the pretense of a non-profit like Wikipedia or Mozilla; there is no doubt about the company’s main focus — extracting as much as possible from you — by analyzing your data and showing you ads in exchange for advertiser’s money.
One of the biggest obstacles for new users to Mastodon has been the multi-column UI. For users accustomed to the single-column layouts of Twitter or Tumblr, Mastodon’s multi-column layout can be overwhelming. At Mastodon, we want users’ first-day experience with us to be a positive and accessible one! A UI that feels cluttered or that leaves users confused dramatically reduces the chances that they will come back to Mastodon as a regular user. It was clear to us that the multi-column layout was impeding this accessibility.
So, we are happy to introduce the new single-column layout. Instead of seeing multiple columns side by side the new single-column layout turns the Home, Notifications, Local, and Federated timelines into their own tabs within the single column that you can easily access by clicking on the tab name or—if you are on a tablet—swiping left and right. The new single-column layout reduces visual clutter and lets you focus on the specific part of Mastodon you want to engage in. We also hope that by reducing visual clutter the new single-column layout also makes the relationship between the Home, Local, and Federated timelines clearer.
For new users this new interface provides an easier and more familiar way to join the fediverse without sacrificing the special features of the fediverse itself. For returning users it provides a new way to use Mastodon that provides greater accessibility in general. Notably, we haven’t cut any features with this new layout. Everything you love about Mastodon is still accessible, just in a new user-friendly interface. But for those users who prefer the old layout it can still be enabled on the Appearance Preferences page by clicking “Enable advanced web interface”—it’s not going away anytime soon.
Learn more:
Check out the full changelog and credits for v2.9.0 on GitHub
Try out Mastodon by signing up on any server listed on our server picker
See who sponsors the development of Mastodon on our sponsors page
Work on multiple features in this release has been kindly sponsored by the German Federal Ministry of Education and Research through the Prototype Fund.
We’ve added one of the most requested functions among our competitors, the ability to edit posts. Since older Mastodon versions would not understand the edits, the function is disabled in the web app until more Mastodon servers upgrade to 3.5, but all parts are already included in the release. The original and previous versions of the posts are saved and remain accessible through a history view. And people who have previously shared the post get notified about any edits, so they can un-share if there’s foul play.
Coincidentally, the order of media attachments in a post is no longer dependent on the order in which they were uploaded.
Discoverability has always been a hot topic on Mastodon. Discoverability makes or breaks a platform, as there is nothing more important to retain a new user than to let them find something interesting to stay for, as soon as possible. In 3.5, we bring a new explore page which features currently popular posts, news stories that people share a lot, trending hashtags and follow recommendations. Furthermore, for the first time, we attempt to bring people content in their own language.
As we value safety, these new features come with their own moderation tools–nothing will show up in trends unless reviewed by one of the server’s moderators first.
A new, multi-step report flow improves the quality of information for moderators and highlights available self-help tools in Mastodon to the user.
On the topic of moderation, any action taken by a server moderator against a user’s account, such as deleting their posts or suspending the account, will now be viewable through account settings, by default accompanied by an e-mail notification, and permit the user to submit an appeal. Since actions such as deleting posts or marking posts as sensitive did not use to generate any kind of notification, this should make them more viable precursors to harsher punishments like suspensions; and being able to handle appeals within Mastodon should reduce the burden of out-of-band e-mail communication for moderators and increase user trust in Mastodon.
There is a brand new moderation dashboard that shows the development of various key metrics over time and shines some light on where new users come from, which languages they speak, and how many of them stay active months later. A completely new look for the report screen reduces the time and effort required to handle reports, and multiple selections on the accounts page offer a way to clean up spam and bot accounts in large batches.
Conclusion
The 3.5 release consists of 887 commits by 23 contributors between June 3, 2021 and March 30, 2022. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
It’s Mastodon 3.3 time 🎉 We’ve got security fixes, performance fixes, new moderation tools and quality of life features!
Mastodon 3.2
Eugen Rochko
Aug 2, 2020
The new Mastodon release brings you a much better audio player and improved support for different audio and video formats, as well as some additional security mechanisms.The audio player has been completely reworked to have a more eye-catching design. It will extract album art from the uploaded audio file automatically, or allow you to upload a thumbnail of your own choosing to be displayed in the center. Dominant colors from the artwork or thumbnail will then be used to give the player a unique look.
One of the biggest obstacles for new users to Mastodon has been the multi-column UI. For users accustomed to the single-column layouts of Twitter or Tumblr, Mastodon’s multi-column layout can be overwhelming. At Mastodon, we want users’ first-day experience with us to be a positive and accessible one! A UI that feels cluttered or that leaves users confused dramatically reduces the chances that they will come back to Mastodon as a regular user. It was clear to us that the multi-column layout was impeding this accessibility.
So, we are happy to introduce the new single-column layout. Instead of seeing multiple columns side by side the new single-column layout turns the Home, Notifications, Local, and Federated timelines into their own tabs within the single column that you can easily access by clicking on the tab name or—if you are on a tablet—swiping left and right. The new single-column layout reduces visual clutter and lets you focus on the specific part of Mastodon you want to engage in. We also hope that by reducing visual clutter the new single-column layout also makes the relationship between the Home, Local, and Federated timelines clearer.
For new users this new interface provides an easier and more familiar way to join the fediverse without sacrificing the special features of the fediverse itself. For returning users it provides a new way to use Mastodon that provides greater accessibility in general. Notably, we haven’t cut any features with this new layout. Everything you love about Mastodon is still accessible, just in a new user-friendly interface. But for those users who prefer the old layout it can still be enabled on the Appearance Preferences page by clicking “Enable advanced web interface”—it’s not going away anytime soon.
Learn more:
Check out the full changelog and credits for v2.9.0 on GitHub
Try out Mastodon by signing up on any server listed on our server picker
See who sponsors the development of Mastodon on our sponsors page
After crowdfunding millions of dollars, social media platform Gab abandoned its own code and switched to the freely available Mastodon software in early 2019 as a way of circumventing Google’s and Apple’s ban on their own app from their app stores, since offering Mastodon’s client-side API would allow any existing Mastodon app to be used to access Gab. We have never had any sympathy for their thinly (if at all) veiled white supremacist platform so that was not a welcome move on our part, however the license that we publish our software under (AGPLv3) allows anyone to use it as they see fit as long as they keep the same license and make their modifications public.
While we gave up the ability to choose who can and cannot use our software by publishing our source code using this Free Software license, we can still choose who we as a project associate with. We are opposed to Gab’s philosophy, which uses the pretense of free speech absolutism as an excuse to platform racist and otherwise dehumanizing content.
Mastodon has been originally developed by a person of Jewish heritage and first-generation immigrant background and Mastodon’s userbase includes many people from marginalized communities. Mastodon’s decentralized approach that allows communities to self-govern according to their needs has enabled those marginalized communities to create safe spaces for themselves where previously they were reliant on big companies like Twitter to stand up for them, which these companies have often failed to do. While the Mastodon software is free for everyone to use and modify, our world view could not be further from Gab’s.
As a truly decentralized network, each Mastodon server operator has to make the call on their own. Many have already opted to block communication from Gab’s servers. On our side, we have blocked them from the Mastodon server that we operate, mastodon.social. We have also recently introduced a more strict policy for which Mastodon servers we promote through our official website joinmastodon.org, listing only such servers that commit to standing up against racism, sexism, homophobia and transphobia.
Updates
Last updated: Oct 28, 2021
On Mar 1, 2021, following a breach that likely resulted from Gab’s own modifications to the code and a failure to merge important security fixes from the upstream Mastodon code base, Gab changed the way it published its source code.
First, the public source code repository was taken offline, replacing the code with a message stating that the source code would be provided upon request by e-mail only. Whether this was compliant with the AGPLv3 license was quickly put into question.
At least as soon as the following day, a password-protected archive of the source code was uploaded to the repository, with the password provided in a separate README file.
However, despite changes evidently being made to Gab’s interface and functionality in the following months, that password-protected archive was not updated once in the following 7 months, prompting us to investigate a case of AGPLv3 violation.
On Oct 21, 2021, our legal team sent a Cease & Desist letter to Gab’s legal team, informing them that Gab is in breach of the AGPLv3 license. In response to the letter, the same day the password-protected archive of Gab’s source code was updated.
The latest release of Mastodon introduces a simplified single-column interface as the new default for new users
How to migrate from one server to another
Eleanor
Jun 13, 2019
With the sad news that KNZK was shutting down we thought it might be useful for people to have a refresher on the features that Mastodon has built in that make moving instances easy and painless.Backing up Your Data Data export If you are moving to a new instance the first thing you will want to do is to get a backup of all of your data.
In June, I was able to officially register Mastodon gGmbH after nearly 8 months of legal work (“gGmbH” means “non-profit limited liability company”). A non-profit limited liability company in Germany is structered and operates similarly to a for-profit limited liability company with a few key differences. The founding document of the company is written such that the activity of the company is working towards goals that benefit the public; the shareholders may not receive any revenue from the company’s activities and can at most withdraw the funds that they originally paid in; employees may not receive extraordinarily high wages; and the company can receive donations which are then tax-free, although any other income that does not fit the definition of a donation continues to incur various taxes. To found such a legal entity the founding document must pass a review by the German tax office and the founders must pay in 25,000 EUR of starting capital.
Since I am the sole founder and shareholder, the 25,000 EUR are owed by me (with 12,500 EUR having had to be paid in at day of founding, and the remaining to be paid in the future). In terms of day-to-day operations, there are no changes. I will continue all my activities as the CEO of this legal entity. Starting July I’ve transferred everything related to Mastodon’s activities to the ownership of this new legal entity and redirected all sources of Mastodon’s income to it. Unlike the past 5 years that I’ve been running Mastodon operations as a sole proprietor, where Mastodon’s income was my personal income (minus all the expenses), I am now an employee with a fixed wage. My personal income will thus be lower but I was willing to go this route because I want Mastodon to have more resources for things like hiring extra developers, UX designers, developing official apps and so on, and I want there to be a clear boundary between fundraising for that cause and my personal income.
Since both Patreon and our custom sponsorship platform are based around rewards to patrons/sponsors, they cannot be classified as donations, so there are no changes to how those are taxed.
This would not have been possible without the generous help of the law firm Dentons that assisted in all aspects related to corporate law in the course of the foundation as well as employment law, telecommunications law, and privacy.
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 22,000 users and is growing fast. You can check it out here.
Very early on in the development of Mastodon I’ve decided that centralization and unexpected algorithmic changes were not the only one of Twitter’s problems. Harrassment and tools to deal with it have always been lacking on Twitter’s end. I reached out to people who have been affected by it to collect ideas. Here is what I gathered:
When you block someone, you don’t want to see them, ever. This means that if someone you follow shares their post, you don’t want to see it. If someone talks about them, you don’t want to see it. If someone replies to their post and mentions you, you don’t want to see it. That’s how it should be, and that’s how it works in Mastodon.
Of course maybe you don’t want to go that far. You merely don’t want to see someone’s posts, not lock them off entirely. Muting an account to remove it from your feeds is also possible.
You can hide an individual post’s text behind a content warning — whether to use this for trigger warnings or spoiler warnings is up to you. Beyond this, when you share images that you wouldn’t want someone to see you looking at in public, you can mark individual posts as containing sensitive material.
Sometimes you want to broadcast to the open web, other times you want to address only people that you know. For this purpose, you can optionally lock your account, requiring all new followers to get your approval before being allowed to follow you. Independently of this, you can individually choose the visibility of your posts. Public, or visible only to followers and the people you mention in them. The presence of public timelines — timelines of “everyone’s” posts — mandates a middle ground, where your posts are still fully public but opted-out of being listed on the public timelines.
When you encounter inappropriate content, there is a quick option to report the account, allowing you to select any offending posts and optionally specify a message.
In some cases you know exactly who you want to talk to, and who you don’t. You have a choice to outright block any notifications from people who don’t follow you (to never see a “rando” again), or who you don’t follow (limiting yourself to “mutuals”).
The federated nature of the network also has implications on behaviour. Different instances, owned by different entities, will have different rules and moderation policies. This gives the power to shape smaller, independent, yet integrated communities back to the people. As an end-user, you have the ability to choose an instance with the rules and policies that you agree with (or roll your own, if you are technically inclined).
Smaller, tight-knit communities are less prone to harbouring toxic behaviour; you could think of it as moderation work of the entire network being spread somewhat* between countless administrators of independent but compatible communities, which makes it way more scalable than a single multi-million-user company with a small safety team.
(I need to specify that naturally, moderation is not global in the network. An admin of one instance cannot affect the account of a user on another. Admins have control over content that arrives on their instances, and can curate it with various tools. This allows places with different rules to coexist)
Of course, communities with the sole purpose of spreading toxic behaviour will pop up too. In such cases, instance administrators can blacklist specific instances outright. It takes substantially more effort to setup a brand-new instance than it is to create a new account on a centralized social network — you have to acquire hosting, domain name, invest time in installation and configuration — so blacklist-evading is a lot harder.
With all this, Mastodon aims to be a safer and more humane place.
If you’d like to check these features out for yourself, go to mastodon.social.
Mastodon now a non-profit organisation
In June, I was able to officially register Mastodon gGmbH after nearly 8 months of legal work (“gGmbH” means “non-profit limited liability company”). A non-profit limited liability company in Germany is structered and operates similarly to a for-profit limited liability company with a few key differences. The founding document of the company is written such that the activity of the company is working towards goals that benefit the public; the shareholders may not receive any revenue from the company’s activities and can at most withdraw the funds that they originally paid in; employees may not receive extraordinarily high wages; and the company can receive donations which are then tax-free, although any other income that does not fit the definition of a donation continues to incur various taxes. To found such a legal entity the founding document must pass a review by the German tax office and the founders must pay in 25,000 EUR of starting capital.
Since I am the sole founder and shareholder, the 25,000 EUR are owed by me (with 12,500 EUR having had to be paid in at day of founding, and the remaining to be paid in the future). In terms of day-to-day operations, there are no changes. I will continue all my activities as the CEO of this legal entity. Starting July I’ve transferred everything related to Mastodon’s activities to the ownership of this new legal entity and redirected all sources of Mastodon’s income to it. Unlike the past 5 years that I’ve been running Mastodon operations as a sole proprietor, where Mastodon’s income was my personal income (minus all the expenses), I am now an employee with a fixed wage. My personal income will thus be lower but I was willing to go this route because I want Mastodon to have more resources for things like hiring extra developers, UX designers, developing official apps and so on, and I want there to be a clear boundary between fundraising for that cause and my personal income.
Since both Patreon and our custom sponsorship platform are based around rewards to patrons/sponsors, they cannot be classified as donations, so there are no changes to how those are taxed.
This would not have been possible without the generous help of the law firm Dentons that assisted in all aspects related to corporate law in the course of the foundation as well as employment law, telecommunications law, and privacy.
Official Mastodon for Android app is coming soon
Following the successful launch of our official iOS app, in January we’ve begun the development of an Android version. We continue working with the NYC design agency Lickability and welcome Gregory Klyushnikov, better known as grishka on the fediverse, as the lead Android developer. Gregory is a talented developer with a history of working on social apps like VKontakte and Telegram.
Continued development is not limited to Android. Work on the app flows into the main Mastodon software as existing APIs are adjusted and new APIs are added to support new features, and the web app’s UI is improved with ideas from the professional UX designers working on the iOS and Android apps.
We are excited to bring an app that takes usability, new user onboarding and visual design seriously to one of the largest mobile platforms.
The efforts are sponsored by our generous sponsors on Patreon and our custom sponsorship platform, and by the Federal Ministry of Education and Research through the Prototype Fund (BMBF Förderkennzeichen: 01IS21S29). Thanks to everyone who is already sponsoring Mastodon, and stay tuned for updates!
You can subscribe to the mailing list below to be notified when the app enters a public beta, and when it launches:
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 22,000 users and is growing fast. You can check it out here.
Very early on in the development of Mastodon I’ve decided that centralization and unexpected algorithmic changes were not the only one of Twitter’s problems. Harrassment and tools to deal with it have always been lacking on Twitter’s end. I reached out to people who have been affected by it to collect ideas. Here is what I gathered:
When you block someone, you don’t want to see them, ever. This means that if someone you follow shares their post, you don’t want to see it. If someone talks about them, you don’t want to see it. If someone replies to their post and mentions you, you don’t want to see it. That’s how it should be, and that’s how it works in Mastodon.
Of course maybe you don’t want to go that far. You merely don’t want to see someone’s posts, not lock them off entirely. Muting an account to remove it from your feeds is also possible.
You can hide an individual post’s text behind a content warning — whether to use this for trigger warnings or spoiler warnings is up to you. Beyond this, when you share images that you wouldn’t want someone to see you looking at in public, you can mark individual posts as containing sensitive material.
Sometimes you want to broadcast to the open web, other times you want to address only people that you know. For this purpose, you can optionally lock your account, requiring all new followers to get your approval before being allowed to follow you. Independently of this, you can individually choose the visibility of your posts. Public, or visible only to followers and the people you mention in them. The presence of public timelines — timelines of “everyone’s” posts — mandates a middle ground, where your posts are still fully public but opted-out of being listed on the public timelines.
When you encounter inappropriate content, there is a quick option to report the account, allowing you to select any offending posts and optionally specify a message.
In some cases you know exactly who you want to talk to, and who you don’t. You have a choice to outright block any notifications from people who don’t follow you (to never see a “rando” again), or who you don’t follow (limiting yourself to “mutuals”).
The federated nature of the network also has implications on behaviour. Different instances, owned by different entities, will have different rules and moderation policies. This gives the power to shape smaller, independent, yet integrated communities back to the people. As an end-user, you have the ability to choose an instance with the rules and policies that you agree with (or roll your own, if you are technically inclined).
Smaller, tight-knit communities are less prone to harbouring toxic behaviour; you could think of it as moderation work of the entire network being spread somewhat* between countless administrators of independent but compatible communities, which makes it way more scalable than a single multi-million-user company with a small safety team.
(I need to specify that naturally, moderation is not global in the network. An admin of one instance cannot affect the account of a user on another. Admins have control over content that arrives on their instances, and can curate it with various tools. This allows places with different rules to coexist)
Of course, communities with the sole purpose of spreading toxic behaviour will pop up too. In such cases, instance administrators can blacklist specific instances outright. It takes substantially more effort to setup a brand-new instance than it is to create a new account on a centralized social network — you have to acquire hosting, domain name, invest time in installation and configuration — so blacklist-evading is a lot harder.
With all this, Mastodon aims to be a safer and more humane place.
If you’d like to check these features out for yourself, go to mastodon.social.
Mark Zuckerberg’s manifesto might be well-spirited, but one thing in it is fundamentally wrong: In times like these, the most important thing we at Facebook can do is develop the social infrastructure to give people the power to build a global community that works for all of us. Facebook isn’t, and can never be, a platform where people have the power to build anything. Facebook doesn’t even have the pretense of a non-profit like Wikipedia or Mozilla; there is no doubt about the company’s main focus — extracting as much as possible from you — by analyzing your data and showing you ads in exchange for advertiser’s money.
The development of the next version of Mastodon coincided with the reveal of Vero, yet another commercial social network silo backed by millionaires with a shady past. Vero has struck a chord, at least until people caught on to its background, and it wasn’t just because of its unlimited marketing budget. It has struck a chord because it promised an alternative to Instagram, which started getting progressively worse for creators after being acquired by Facebook. The algorithmic timelines have led to a reality where your post could either get lucky and be seen by all of Instagram, or never be seen by your own followers.
This led me to think — what are the concrete differences between Instagram and Mastodon, and what prevents people from using Mastodon in the same way as Instagram? When you strip away the user interface, all social networks function more or less the same way: People create posts, follow each other, the posts go to the followers, and there’s varying degrees of taxonomy to categorize and browse those posts. The real difference is in the user interface, and what that interface puts emphasis on. Instagram does not allow posts without a picture or video, and the interface is adjusted to display those pictures and videos; while Mastodon does not allow posts without text, with pictures and videos being optional. And that’s the whole difference.
With that in mind, I asked myself, are there any parts of Mastodon that could be optimized for the Instagram use case, without interfering with how Mastodon works overall? And the answer was yes.
This release focuses heavily on the artist experience.
Since Mastodon supports a thriving app ecosystem, there are many different ways in which pictures and videos could be displayed to the viewer. To make sure that whatever aspect ratio a thumbnail is displayed in, it doesn’t cut off important bits, the new “crop” function allows you to select a focal point (or “focus” point) on the uploaded picture. That point will always stay in frame.
Although you were already able to pin posts before, this feature is now complete, displaying the pinned posts in the webapp and across servers, and not just the public profile. This allows you to feature your best work, or important links or conversations. Speaking of links, attaching media to a post no longer inserts a URL into the text of the post, and image-only posts are now allowed.
The media gallery in profiles has been reworked, and is now linked prominently in the webapp, on equal footing with the text-focused profile view. It was linked from a dropdown menu before, and as everybody knows, if something is in a dropdown menu, it might as well not exist. The media modal windows now fill more of the screen and support pinch-to-zoom.
A lot has also been done with how Mastodon pages appear in previews on other sites and apps. With a recent update in Discord, Mastodon videos linked there are finally playable inline. Profile pages in search results now display the bio as description, instead of a random status from the profile. Artists and photographers who publish adult content are no longer disadvantaged by not having their pictures appear in the previews.
You can also now backup your entire Mastodon account, including all the images and videos you uploaded, every 7 days.
That’s not all. There’s a lot more, and if you want every detail, you can read the official changelog — I’m gradually getting better at writing those in a way that’s understandable to non-developers.
Mastodon is built on open web protocols like ActivityPub, so it is possible that someone will write a piece of software that acts more like Instagram, and it will still integrate with Mastodon seamlessly — that’s how federation works, and we’re already seeing it with Mastodon and PeerTube. But for now, I hope that this release makes artists and photographers feel more at home on the fediverse.
If you’d like to try Mastodon today, visit joinmastodon.org. You can select “I am an artist” from the dropdown if you’d like to see servers made specifically for art. Unlike some other platforms, it’s free!
About 6 months have passed since April, during which the major mainstream breakthrough of our decentralized social network took place. From 20,000 users to almost a million! What better time to run through a couple examples of what’s been introduced since then? Mastodon is defined by its focus on good user experience, polished design and superior anti-abuse tools. In that vein, the web app has received numerous updates. Using the latest browser features, the web app receives real push notifications, making it almost indistinguishable from a native mobile app.
Replacing the Pillars of the Internet
Tremaine Friske
Mar 7, 2018
This article assumes you’ve read my previous two blog posts, here and here. Why not give them a quick read if you haven’t already? To balance out the doom and gloom of an internet wholly under the thrall of corporate interests and fed through single channels devoid of competition, it’s worth being aware of just how pervasive and powerful an idea decentralization is in the 21st century. The structure of things now are remnants of the way things have always been done: we trust in a singular authority to manage everything behind the scenes so that our experience on this side remains seamless.
About 6 months have passed since April, during which the major mainstream breakthrough of our decentralized social network took place. From 20,000 users to almost a million! What better time to run through a couple examples of what’s been introduced since then? Mastodon is defined by its focus on good user experience, polished design and superior anti-abuse tools. In that vein, the web app has received numerous updates. Using the latest browser features, the web app receives real push notifications, making it almost indistinguishable from a native mobile app.
Mastodon and the W3C
Eugen Rochko
Sep 10, 2017
Mastodon is a free, open-source federated social network spanning over 800,000 users spread across more than 2,000 servers. Mastodon v1.6 is here, and it is the first Mastodon release which fully implements the ActivityPub protocol. ActivityPub is a new federated messaging protocol developed by the World Wide Web Consortium (W3C) which aims to fix the shortcomings of past standards like OStatus. Mastodon is one of the first platforms, and certainly the first major platform to implement this new standard and prove it in the wild.
M for Mastodon
Eugen Rochko
Aug 1, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network with over 760,000 users. You can check it out here. The Mastodon project is finally well-represented visually. I always felt like the previous logo did not do it justice. To its credit, it was both an M, and 3 sideways speech bubbles, but it did not scale well and overall it was just a circle.
Learning from Twitter’s mistakes
Eugen Rochko
Mar 3, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 22,000 users and is growing fast.You can check it out here. Very early on in the development of Mastodon I’ve decided that centralization and unexpected algorithmic changes were not the only one of Twitter’s problems. Harrassment and tools to deal with it have always been lacking on Twitter’s end.
Artykuł 11 znany jako „podatek od linków”, według którego umieszczanie odnośników do publicznych stron może być nielegalne, jeżeli zawierają one podgląd zawartości z użyciem tagów OpenGraph umieszczanych tam przez autorów stron. Artykuł 13 postanawia, że wszystkie treści wysyłane przez użytkowników muszą przechodzić przez filtr zawartości, aby wykrywać naruszenia praw autorskich.
W lipcu odbędzie się szersze głosowanie nad tą dyrektywą w Parlamencie Europejskim. Oba artykuły wpływają na sposób, w jaki działa Mastodon. Oto dlaczego musimy się sprzeciwić się ich przyjęciu:
Wykrywanie zawartości nie jest wiarygodne
Znane systemy identyfikacji treści takie jak używany na YohTube często prowadzą do błędnego usunięcia treści. Czasami mogą wykryć cichą muzykę, niesłyszalna dla ludzi lub film grający w tle. Mogą przypadkowo zablokować domenę publiczną lub twórczość przeobrażoną, przy czym nie wykryją już utworów o podwyższonej wysokości lub obróconych w poziomie filmów. Ludzie będą wnosić roszczenia do treści, których nie posiadają, a właściwi twórcy będą musieli udowadniać, że to oni posiadają prawa do wysłania ich. To zaszkodzi wolności wyrażania siebie i pozbawi nas kreatywnej różnorodności.
Już dzisiaj YouTube traci na tym, nawet bez Artykułu 13. Wydaje Ci się, że DMCA i demonetyzacja są złe? Odmowy będą dokonywane w czasie wysyłania, wszędzie.
Mniejsi gracze vs. filtrowanie treści
Choć wielkie platformy społecznościowe takie jak Twitter, Tumblr, Facebook i GitHub będą mogły zainwestować w technologie wymagane do wykrywania naruszeń praw autorskich, inni nie zawsze będą mogli. W Internecie jest wiele innych miejsc: sekcje komentarzy na blogach, fora, imageboardy i oczywiście — serwery Mastodona. Strony prowadzone nie dla zysku, tworzone przez osoby prywatne i małe organizacje nie będą mogły spełnić tych wymogów. Wymaga to nie tylko zainwestowania w technologię, ale i dostępu do bazy treści objętej prawami autorskimi do skanowania.
Może to doprowadzić do powstania nowych dostawców usług filtrujących naruszenia, centralizacji skanowania treści, która nie tylko dodaje do całości kolejny czynnik finansowy, ale też tworzy ogromne zagrożenie dla prywatności zbierając wszystkie wpisy z różnych platform w jednym miejscu. Nie musisz wierzyć w szpiegowanie przez rząd, wystarczy pomyśleć o wyciekach danych takich jak Equifax.
Internet jest nie tylko dla wielkich platform
Często wydaje się, że kiedy UE uchwala regulacje dotyczące Internetu, myślą tylko o wielkich graczach takich jak Facebook, Twitter, Google i Amazon. Kiedy w Niemczech pojawił się „podatek od linków”, Google udało się wynegocjować bezpłatną umowę z wydawcami, ponieważ gdy treści są wykluczone z Google, są w zasadzie wyrzucone poza nawias. Zgadnijcie jednak, kto nie byłby w stanie wynegocjować takiej umowy? Tak, mniejsza konkurencja dla Google.
Podobnie, RODO spowodowało panikę wśród mniejszych stron i usług sieciowych z powodu obawy przed karą pieniężną, powodując wiele wyłączeń stron spowodowanych niepewnością. Nie musieli panikować ci, w których skierowane było to prawo — ci, którzy najbardziej naruszali naszą prywatność. Mogą oni pozwolić oni sobie na zatrudnienie wielu prawników i osób, które pozwolą im na dostosowanie się do nowego prawa.
Naturą regulacji prawnych jest odcięcie mniejszych graczy, co nie zawsze jest złe. Chcesz, aby jakość wody i jedzenia była regulowana, nie chcesz pozostawić tego amatorom. Prywatność w Internecie jest z pewnością ważna, więc wydaje się, że RODO również zajęło odpowiednie miejsce. Jednak takie regulacje umacniają największe firmy na rynku i musisz zapytać siebie — czy konglomeraty, których model biznesowy opiera się na wykorzystywaniu słabości Internetu są czymś, co powinno utrwalić się na zawsze?
Firmy, które osiągnęły sukces w Internecie doszły do tego tylko dlatego, że Internet był zdecentralizowany i każdy mógł pojawić się na rynku bez ograniczeń. Nie uważam jednak, aby osiągnęły szczyt tego, co jest możliwe.
Musimy utrzymać zdecentralizowaną sieć przy życiu i sprzeciwić się Artykułowi 11 i 13.
Ten wpis jest tłumaczeniem wpisu Nico pt. Mastodon quick start guide. Dziękuję Wojtkowi za dokonanie poprawek w moim tłumaczeniu. Proszę o zgłaszanie mi uwag dotyczących tłumaczenia, jeżeli takie wystąpią.
Więc chcesz dołączyć do Mastodona i zacząć tootować. Świetnie! Ten artykuł pomoże ci zagłębić się.
Zacznijmy od podstaw. Czym jest Mastodon?
Mastodon jest platformą mikroblogową podobną do tych, które możesz już znać, takich jak Twitter. Nie jest jednak scentralizowana — jest to sfederowana sieć działająca w sposób podobny do e-maila.
Tak jak w przypadku e-maila, wybierasz swój serwer i — niezależnie od tego, czy jest to GMail, Outlook, iCloud — gdziekolwiek się zarejestrujesz, wiesz że będziesz mógł/mogła napisać wiadomość do wszystkich, jeżeli znasz ich adres.
Wyraz „instancja” jest często używany przez użytkowników Mastodona do określenia serwera.
Oznacza to, że nie ma tu jednej, bezwzględnej firmy kontrolującej to wszystko, akcjonariuszy, centralnego zarządzania i targetowanych reklam których wszyscy mamy dosyć, są tu tylko osoby wzajemnie udostępniające sobie rzeczy, które chcą wzajemnie udostępniać.
Gdzie mogę się zarejestrować?
Pierwszą rzeczą którą musisz zrobić jest wybór serwera. Jest to dodatkowy krok w porównaniu do stron takich jak Twitter i Tumblr, ale nie jest to tak trudne, jak się wydaje.
Tak jak w przypadku e-maila, twój identyfikator zawiera serwer na który się logujesz. Na przykład, zarejestrowałem się na mastodon.social, więc aby o mnie wspomnieć, wprowadź @nico@mastodon.social w swoim wpisie. Nie jest to tak nieporęczne jak się wydaje, ponieważ interfejs użytkownika nie wyświetla nazw serwerów, gdy nie są one przypadnie (np. wyświetlając konwersacje) i dodaje je, gdy są potrzebne (np. gdy odpowiadasz na wpis użytkownika innego serwera), więc nie jest to problem którym powinieneś(-naś) się przejmować.
Jeżeli to, o czym chcesz, rozmawiać mieści się zwykle w jednej kategorii (mogą być to gry wideo, sztuka, programowanie, fikcja lub cokolwiek innego), dobrym pomysłem może być wybranie serwera, który skupia się na związanej z tym zawartości — będzie łatwiej nawiązać kontakty i znaleźć podobne osoby. Dla niektórych serwer jest czymś jak sąsiedztwo lub miejsce spotkań, gdzie większość rozmów skupiona jest na jednym temacie.
Możesz wyświetlać wszystkie publiczne lokalne wpisy utworzone przez użytkowników twojego serwera na tak zwanej „lokalnej osi czasu”.
Jeżeli nie zamierzasz skupić się na jednym temacie, prawdopodobnie chcesz wybrać ogólnotematyczny serwer. Niezależnie od tego, możesz znaleźć przydatne narzędzie do wyboru serwerów na joinmastodon.org.
Nie panikuj! Będziesz mógł/mogła rozmawiać z osobami z innych serwerów niezależnie od tego, który wybierzesz. Pamiętaj, to tak jak e-mail — możesz na przykład wysłać maila do swojej mamy na jej stare konto na WP ze swojego GMaila.
Słowo „Fediwersum” (ang. „fediverse”, „federation” + „universe”) odnosi się do sieci serwerów Mastodona i innego kompatybilnego oprogramowania, którego użytkownicy mogą wzajemnie ze sobą konwersować.
Po upływie czasu, możesz uznać, że chcesz założyć konto na innym serwerze, chcąc przenieść swoje główne konto lub utworzyć drugie konto dotyczące określonej cząstki siebie. Jest to normalna rzecz w Fediwersum i nie ma czym się martwić. Ludzie przywykli tu do widoku wpisów tego typu raz na jakiś czas:
Poznaj swój serwer
Poświęć chwilę przed rejestracją, aby przejrzeć zasady wybranego serwera i upewnić się, czy pozwala na publikowanie treści, które chcesz tam zamieszczać.
Wpisy na Mastodonie są nazywane „tootami”, co jest onomatopeją ogłosu wydawanego przez słonie.
Pod polem rejestracji znajdziesz odnośnik do strony zasad. Jest nim prawdopodobnie przycisk „Dowiedz się więcej” pod „Administrowana przez”. Na innych stronach, zasady znajdują się w stopce, podpisane jako „O tej instancji”. Możesz też wprowadzić prawidłowy adres URL w pasek adresu przeglądarki, zawsze ma on format taki jak https://mastodon.social/about/more.
Strona zasad informuje też, kto jest właścicielem/administratorem serwera. Większość serwerów jest skonfigurowana tak, że po rejestracji zaczynasz śledzić administratora, tak jak kiedyś Toma na MySpace. Jest to świetne, ponieważ wiesz, do kogo możesz się zwrócić gdy napotkasz jakiś problem i możesz otrzymywać ogłoszenia dotyczące serwera (np. gdy oprogramowania zostanie zaktualizowane), jest to też dobry sposób na poznanie osoby, która zarządza serwerem, z którego korzystasz.
Administratorzy są bardzo przyjaznymi osobami, które zwykle opłacają serwer z własnej kieszeni, więc dobrze jest poznać ich tak, jakby byli właścicielami mieszkania, które wynajmujesz. Wielu z nich przyjmuje dotacje, aby pokryć koszty utrzymania serwera, więc jeżeli możesz pomóc, będzie to docenione.
Wydaje mi się, że znalazłem(-am) nowy dom!
Przejdź na stronę główną swojego serwera i wprowadź swoją nazwę użytkownika i hasło w formularzu rejestracji. Musisz użyć adresu e-mail, który będziesz musiał(a) potwierdzić, zanim otrzymasz możliwość zalogowania.
Następna rzeczą którą powinieneś(-naś) zrobić jest zmiana zdjęcia profilowego, przejrzenie strony ustawień (i powrót tam po mniej więcej tygodniu korzystania z Mastodona, aby poprawić swoje doświadczenie) i przygotowanie do przedstawienia się.
Wartymi uwagi ustawieniami są: uwierzytelnianie dwuetapowe zwiększające bezpieczeństwo konta, domyślnie wyłączone automatyczne odtwarzanie GIF-ów, język w którym umieszczasz wpisy o języki które chcesz wyświetlać na lokalnej i globalnej osi czasu i osiach czasu hashtagów (domyślnie widzisz wpisy we wszystkich językach).
Hashtagi są ważnym elementem Mastodona. Są one jedyną częścią tootów, którą możesz wyszukiwać. Jeżeli chcesz zostać znaleziony(-a) przez osoby zainteresowane fotografią, najlepiej uwzględnić we wpisie hashtag #photography.
W przypadku hashtagów zawierających wiele słów, używaj „camel case” #JakWTymDobrymHashtagu zamiast tak #jakwtymgorszymhashtgu ze względu na dostępność.
Jako pierwszy wpis, dobrym pomysłem jest przedstawienie się pod hashtagiem #introductions i umieszczenie informacji o sobie, swoich zainteresowaniach i tym, o czym będziesz rozmawiać na Mastodonie. Jest to świetny hashtag do przeglądania, możesz znaleźć dużo nowych osób w sieci i wielu z nich może się tobą zainteresować.
Krótkie oprowadzenie po interfejsie webowym
Mastodon oferuje wiele aplikacji, zarówno na urządzenia mobilne jak i przeglądarkę z nie musisz używać standardowego interfejsu. Jeżeli oczekujesz prostszego rozwiązania, wypróbuj Pinafore
Standardowy interfejs Mastodona składa się z wielu kolumn zamiast jednego strumieniami Możesz przenosić i usuwać je, aby dostosować go do swoich potrzeb.
Strona główna zawiera wszystkie tooty od osób które śledzisz w kolejności chronologicznej. Są to osoby z twojego serwera i pozostałych, jeżeli tylko je śledzisz. Niektóre osoby nie chcą, aby podbicia były widoczne w tej kolumnie, chcą widzieć tylko autorskie wpisy śledzonych. Aby je ukryć, naciśnij przycisk ustawień w prawym górnym rogu kolumny.
„Podbicie” jest synonimem „retweeta”/„udostępnienia” na Mastodonie.
Powiadomienia służą do tego, co wskazuje nazwa. Znowu, dotyczą one całego Fediwersum. Przycisk ustawień (prawy górny róg) zawiera liczne opcje dotyczące tej kolumny. Możesz na przykład wyłączyć dźwięk „boop” towarzyszący nowym powiadomieniom.
Lokalna oś czasu jest aktualizowanym na żywo strumieniem wpisów wszystkich użytkowników twojego serwera. Na wielu serwerach, szczególnie tych mniejszych, jest to miejsce wokół którego wszystko się toczy. To jak rynek na mieście lub pokój na Slacku. Możesz odpowiadać tam osobom z jest to świetnie miejsce do poznawania ludzi.
Oś czasu federacji jest widokiem na wszystkie publiczne wpisy z całej sieci o których wie twój serwer (łącznie z lokalnymi). Najczęściej pojawiają się one tam, jeżeli któryś użytkownik twojego serwera śledzi ich autora. Ta kolumna aktualizuje się bardzo szybko. Ustawiam w tej kolumnie widok wyłącznie wpisów z zawartością multimedialną, ukrywam podbicia i otrzymuję nieustający strumień głupkowatych selfie, świeżych memów i sztuki.
Możesz też przypiąć kolumnę z hashtagiem który cię interesuje — po prostu znajdź tej hashtag i wybierz „Przypnij” w ustawieniach kolumny.
Korzystanie z ostrzeżeń o zawartości
Jedną z najlepszych funkcji Mastodona jest przycisk „CW” w miejscu gdzie tworzysz tooty. Kliknięcie go tworzy pole ostrzeżenia o zawartości pozwalające na umieszczenie informacji, czego dotyczy wpis (np. stan psychiczny, polityka, sprośne wpisy, nagość), aby osoby które nie chcą widzieć tego rodzaju wpisów mogły je ominąć. Jest to też oczywiście dobre rozwiązanie na spoilery treści książek i filmów.
Powszechną praktyką jest umieszczanie +, - i ~ w ostrzeżeniu o zawartości aby określić, czy zawartość ma wydźwięk odpowiednio pozytywny, negatywny czy mieszany.
Moja rada jest prosta: jeżeli nie masz pewności, czy wpis wymaga CW, nadaj mu CW. Ludzie doceniają to, a nadmierna ostrożność i szacunek wobec innych nie skrzywdzi nikogo.
Możesz też użyć CW, aby streścić dłuższy wpis. Niektórzy używają go do puent dowcipów. Może znajdziesz inne zastosowania dla tej funkcji. Baw się dobrze.
So you want to be part of the Mastodon network, and you want to truly own your data, independent of anyone else. Perhaps you want to curate a niche community for a specific interest, or maybe for your own family or close circle of friends. You went through the documentation and installed the software, or maybe you chose one of the availablehosting options to avoid all the technical nonsense altogether. What’s next?
There are three categories of things you’ll be doing: Customization, federation and promotion. If your community is going to be private, you can skip that last part.
Customization
After logging in (with admin privileges on your account!), navigate to Administration -> Site Settings. At the top of the page is the most important information about your server. You may leave the title as Mastodon, but you absolutely should:
Specify a contact e-mail address, so people know who to reach out to if all else fails
Username of a contact person (usually it’s your own username), so people can see who owns the server
A one-paragraph description of what your server is about or what differentiates it from others.
You can also upload a (preferably) 1200x630px picture to be used as thumbnail for when your server is linked from other websites, such as Slack, Discord and Twitter. JoinMastodon.org also displays that thumbnail when listing your server (more on that later).
The next and last crucial part is adding a code of conduct. This is not necessary for private servers, but if you expect strangers to sign up, you need it. A code of conduct delineates what sort of community and what sort of content you want to host. If you don’t know where to start, a lot of servers have copied the code of conduct from mastodon.social, which has been collaboratively drafted by its community.
Federation
You should not be starting your own server if you’re totally new to Mastodon, unless you have a private community you’re bringing with you. In a decentralized system like Mastodon, content travels through a web of personal connections, so if you don’t have any connections, you don’t have any content. You should start with an account on a reasonably active Mastodon server and find people you like.
Then you should bring those connections with you to your own server. That can be quite simple if, on the other server, you go to Settings -> Data Export and download your following list as a CSV file, and finally on your own server, you go to Settings -> Import and upload that file. From my experience, you should follow at least 40 or 50 active people from other servers to kickstart your own. That ensures a steady flow of new content — on your home timeline it’s just those people you follow, but on the federated timeline, it’s them and the people they share and interact with.
I might be biased, but I find that following admins of other servers is usually a good choice. Usually, they share a lot of content from their users, so you get some insight into their entire community. You might feel compelled to do the same when you get your own users, too.
When new people join your server, they will have something to look at and so will be more likely to stick around.
Promotion
JoinMastodon.org is meant to do some of this work for you. It pulls its data from instances.social, an independent directory of Mastodon servers. Once you have a contact e-mail address configured in your Site Settings, you should sign up on instances.social and fill out which languages and which categories you want to be listed under. As long as you have open registrations and at least one active user, you should appear on JoinMastodon.org (I cannot guarantee this, however — the priority of JoinMastodon.org is to onboard new users as smoothly as possible, not necessarily to promote each and every admin). In any case, you will appear on instances.social, and that’s important too.
Beyond that… Community building is magic, and there is no one formula for it. Spread it in your group of friends. When you see people on other social media express interest in alternatives to those platforms, plug your instance. Good luck 😋
This Isn’t About Social Media. This is About Control.
Tremaine Friske
Feb 19, 2018
Human beings, above all else, are storytellers. It’s how we relate to our own past, or personalities, or each other. It’s how to connect with the world around us, make sense of events, and assess values. We rely on stories to function as agents in the world. These stories are often told in-person: “oh, I did this today, I felt like this, then this happened and I was like ‘whoa no way!
Mastodon 2.0
Eugen Rochko
Oct 19, 2017
About 6 months have passed since April, during which the major mainstream breakthrough of our decentralized social network took place. From 20,000 users to almost a million! What better time to run through a couple examples of what’s been introduced since then? Mastodon is defined by its focus on good user experience, polished design and superior anti-abuse tools. In that vein, the web app has received numerous updates. Using the latest browser features, the web app receives real push notifications, making it almost indistinguishable from a native mobile app.
Today we’ll be looking at how to connect the protocols powering Mastodon in the simplest way possible to enter the federated network. We will use static files, standard command-line tools, and some simple Ruby scripting, although the functionality should be easily adaptable to other programming languages.
First, what’s the end goal of this exercise? We want to send a Mastodon user a message from our own, non-Mastodon server.
So what are the ingredients required? The message itself will be formatted with ActivityPub, and it must be attributed to an ActivityPub actor. The actor must be discoverable via Webfinger, and the delivery itself must be cryptographically signed by the actor.
The actor
The actor is a publicly accessible JSON-LD document answering the question “who”. JSON-LD itself is a quite complicated beast, but luckily for our purposes we can treat it as simple JSON with a @context attribute. Here is what an actor document could look like:
The id must be the URL of the document (it’s a self-reference), and all URLs should be using HTTPS. You need to include an inbox even if you don’t plan on receiving messages in response, because for legacy purposes Mastodon doesn’t acknowledge inbox-less actors as compatible.
The most complicated part of this document is the publicKey as it involves cryptography. The id will in this case refer to the actor itself, with a fragment (the part after #) to identify it–this is because we are not going to host the key in a separate document (although we could). The owner must be the actor’s id. Now to the hard part: You’ll need to generate an RSA keypair.
The contents of the public.pem file is what you would put into the publicKeyPem property. However, JSON does not support verbatim line-breaks in strings, so you would first need to replace line-breaks with \n instead.
Webfinger
What is Webfinger? It is what allows us to ask a website, “Do you have a user with this username?” and receive resource links in response. Implementing this in our case is really simple, since we’re not messing with any databases and can hardcode what we want.
The Webfinger endpoint is always under /.well-known/webfinger, and it receives queries such as /.well-known/webfinger?resource=acct:bob@my-example.com. Well, in our case we can cheat, and just make it a static file:
The subject property here consists of the username (same as preferredUsername earlier) and the domain you’re hosting on. This is how your actor will be stored on other Mastodon servers and how people will be able to mention it in toots. Only one link is required in the Webfinger response, and it’s the link to the actor document.
After this is uploaded to your webhost and available under your domain with a valid SSL certificate, you could already look up your actor from another Mastodon by entering alice@my-example.com into the search bar. Although it’ll look quite barren.
The message
ActivityPub messages practically consist of two parts, the message itself (the object) and a wrapper that communicates what’s happening with the message (the activity). In our case, it’s going to be a Create activity. Let’s say “Hello world” in response to my toot about writing this blog post:
With the inReplyTo property we’re chaining our message to a parent. The content property may contain HTML, although of course it will be sanitized by the receiving servers according to their needs — different implementations may find use for a different set of markup. Mastodon will only keep p, br, a and span tags. With the to property we are defining who should be able to view our message, in this case it’s a special value to mean “everyone”.
For our purposes, we don’t actually need to host this document publicly, although ideally both the activity and the object would be separately available under their respective id. Let’s just save it under create-hello-world.json because we’ll need it later.
So the next question is, how do we send this document over, where do we send it, and how will Mastodon be able to trust it?
HTTP signatures
To deliver our message, we will use POST it to the inbox of the person we are replying to (in this case, me). That inbox is https://mastodon.social/inbox. But a simple POST will not do, for how would anyone know it comes from the real @alice@my-example.com and not literally anyone else? For that purpose, we need a HTTP signature. It’s a HTTP header signed by the RSA keypair that we generated earlier, and that’s associated with our actor.
HTTP signatures is one of those things that are much easier to do with actual code instead of manually. The signature looks like this:
The keyId refers to public key of our actor, the header lists the headers that are used for building the signature, and then finally, the signature string itself. The order of the headers must be the same in plain-text and within the to-be-signed string, and header names are always lowercase. The (request-target) is a special, fake header that pins down the HTTP method and the path of the destination.
The to-be-signed string would look something like this:
(request-target): post /inbox
host: mastodon.social
date: Sun, 06 Nov 1994 08:49:37 GMT
Mind that there is only a ±30 seconds time window when that signature would be considered valid, which is a big reason why it’s quite difficult to do manually. Anyway, assuming we’ve got the valid date in there, we now need to build a signed string out of it. Let’s put it all together:
Let’s save it as deliver.rb. I am using the HTTP.rb gem here, so you’ll need to have that installed (gem install http). Finally, run the file with ruby deliver.rb, and your message should appear as a reply on my toot!
Conclusion
We have covered how to create a discoverable ActivityPub actor and how to send replies to other people. But there is a lot we haven’t covered: How to follow and be followed (it requires a working inbox), how to have a prettier profile, how to support document forwarding with LD-Signatures, and more. If there is demand, I will write more in-depth tutorials!
Mastodon is a free, open-source federated social network spanning over 800,000 users spread across more than 2,000 servers. Mastodon v1.6 is here, and it is the first Mastodon release which fully implements the ActivityPub protocol. ActivityPub is a new federated messaging protocol developed by the World Wide Web Consortium (W3C) which aims to fix the shortcomings of past standards like OStatus. Mastodon is one of the first platforms, and certainly the first major platform to implement this new standard and prove it in the wild.
If you could edit tweets
Eugen Rochko
Jun 19, 2018
A fresh new release of the federated social network software is here, and while the primary focus of it has been on fixing bugs and improving performance, it brings a couple of notable new features to the board. Delete & Redraft There are legitimate reasons why social media platforms rarely, if ever, have an editing function. In an environment where content spreads like wildfire in a matter of minutes, you could easily conceive of nefarious misuses such as creating a post about something agreeable and positive, and, once it reaches critical mass, changing the content to something malicious.
So you want to join Mastodon and get tooting. Great! Here’s how to dive straight in.
Let’s start with the basics. What is this?
Mastodon is a microblogging platform akin to others you may have seen, such as Twitter, but instead of being centralised it is a federated network which operates in a similar way to email.
Like email, you choose your server and whether it’s GMail, Outlook, iCloud, wherever you sign up you know you’ll be able to email everyone you need to so long as you know their address.
The word “instance” is often used on Mastodon as a synonym of server.
This means there’s no big uncaring company running it all, no shareholders, no central control, none of the targeted advertising we’re all fed up with, just a bunch of people sharing the things they want to share with each other.
Where do I sign up?
The first thing you have to do is choose your server. This is an extra step compared to sites like Twitter or Tumblr, but isn’t as difficult as it may seem.
Like with email, your identity is hosted by the server you sign up on. So for example, I joined mastodon.social so to mention me you can type @nico@mastodon.social in your post.
If what you want to talk about most fits into a clear category (maybe it’s video games or art or queer life or coding or fiction or whatever) then it might be worth making your first server one where that will primarily host that sort of content – it’ll be easier to make connections and find like-minded folk. Some consider your server to be like a neighbourhood or a venue where the general chatter can have a specific focus.
You have the ability to view all public local posts that have been made by people on your server in the so-called “local timeline”.
If you aren’t here to stick mainly to one topic, you’ll likely want to pick a server that caters to general interests. Either way, there’s a helpful server picker tool on joinmastodon.org.
Don’t panic! You’ll be able to chatter to people on other servers, no matter which one you choose. Remember, this is like email and you can still email your mum on her ancient Yahoo account from your GMail, for example.
The word “fediverse” (federated universe) refers to the network of all Mastodon servers and other projects, users of which are able to talk to each other seamlessly.
In time, you might find yourself wanting an account on another server, whether that means moving your primary account or having a secondary account for a certain aspect of yourself. This is normal behaviour on the fediverse and nothing to worry about. People are completely used to seeing the occasional post like this:
Knowing your server
Take a moment before registering to check out the rules of your chosen server and make sure they are compatible with how you want to be tooting.
Posts on Mastodon are called “toots”, because that’s the sound an elephant makes.
Under the sign up form you will see a link to the rules page. It is likewise linked from the “Learn more” button under “Administered by”; on other pages, the rules are linked in the footer as simply “About”. You could also just enter the correct URL into the address bar of your browser directly as it always follows a format like https://mastodon.social/about/more.
The rules page also tells you who the owner/administrator of the server is. Most servers set you up following the admin when you sign up, kind of like a modern take on MySpace Tom. This is great, it means you know who to ask if you run into problems and you can receive server-specific announcements (like when the software is being upgraded) and in general it’s great to know who runs the server you’re on.
Admins are super friendly people who are usually running the server out of their own pocket so it’s good to get to know them like you would a landlord. Many accept donations to cover the running costs and if you’re able to contribute then it’s always appreciated.
I think I found my new home!
Head to the homepage of your server and choose your username and password in the sign up form. You’ll need an email address to register, which you will be asked to confirm before being able to log in.
Next thing to do is upload your profile picture, give the settings page a good once-over (and do come back to it when you’ve been on Mastodon a week or so just to make any tweaks that might help your experience) and get ready to introduce yourself.
Some interesting settings worth checking are: two-factor authentication to improve your account’s security; GIF autoplay which is turned off by default; the language you intend to post in; and the languages you prefer seeing when viewing the local, federated, and hashtag timelines (by default, you see all languages).
Hashtags are a really important thing on Mastodon. In fact, they are the only part of the content of toots that is searchable. So if you want to be found by people who are looking for toots about photography it’s best to include #photography.
For multiple word hashtags, please use camel case #LikeThisGoodHashtag instead of #likethisbadhashtag for accessibility reasons.
So for your first toot, a great idea is to post a short #introduction giving some information about yourself and what your interests are and what you’ll be talking about on Mastodon. That’s also a great hashtag to search, you’ll find lots of other people new to the network and many will care about the things you do.
A quick tour of the web interface
Mastodon offers many apps, both for mobile phones and for the browser; you are not locked into using the standard interface. For a simplified experience, try out Pinafore
The standard Mastodon interface has multiple columns rather than a single feed. You can move or remove these at your leisure.
Home is all the toots in chronological order of the people you’re following. It includes the toots of people on your server and on other servers, all that matters is that it’s people you follow. Some people like to disable boosts in this column so they just see what their follows themselves say. That option is there if you click the settings button on the top right of the column.
“Boost” (as in “signal boost” or “rocket boost”) is a synonym of “reblog” or “retweet” in Mastodon.
Notifications does what it says on the tin. Again, this is across the fediverse. The settings button (top right) has a range of options for this column. You may want to turn off the “boop” sound, for example.
Local timeline is the live feed of all the toots of people on your server. On many servers, particularly smaller ones and ones focused on a particular topic, this is where the magic happens. It feels like a town square or Slack chatroom. You can reply to people from there and it’s a great place to meet people.
The federated timeline is a view of all the public toots your servers knows about from across the whole network (including local ones). The most common reason that something appears in the federated timeline is that someone from your server follows the author of that toot. This column moves fast, and can often be pretty wild. I enjoy setting that column to show only toots with media, hiding boosts, then seeing a constant stream of daft selfies, hot memes, and funky art.
You can also pin a column for a hashtag you’re interested in – just search for that hashtag and then in the column settings choose “pin” and done.
Using content warnings
One of the best features on Mastodon is that button that says “CW” where you write your toots. Clicking that adds a content warning field where you can put information about what the toot contains (eg. mental health, politics, lewd talk, nudity) so that people don’t have to see content they wish to avoid, for whatever reason. Of course, it’s also great for show or book spoilers.
A common convention is to put +, -, or ~ in a content warning to signify if the contents are broadly positive, negative, or mixed respectively.
My advice is simple: if you’re not sure whether a toot needs a CW or not, give it a CW. People really appreciate it and it doesn’t do any harm to be too cautious and too respectful of others.
You can also use a CW to summarise a long post. Some use it for joke punchlines. Maybe you’ll think of other uses for it. Have fun.
In the previous tutorial we have learned how to send a reply to another ActivityPub server, and we have used mostly static parts to do it. Now it’s time to talk about how to subscribe to other people and receive messages. The inbox Primarily this means having a publicly accessible inbox and validating HTTP signatures. Once that works, everything else is just semantics. Let’s use a Sinatra web server to implement the inbox.
The fresh release of Mastodon brings long-overdue improvements to discoverability of content and the administration interface, as well as a large number of bug fixes and extra polish.
The 2.7 release consists of 376 commits by 36 contributors since October 31, 2018. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
One of the new features is a profile directory that people can opt-in to. The directory allows you to see at a glance active posters on a given Mastodon server and filter them by the hashtags in their profile bio. So you can find people who share your interests without reading through the public timelines, and you can even find out who to follow from a different Mastodon server without needing to sign up and lurk there!
The tutorial that new people see after signing up has been completely reworked. It has a tighter narrative: Rather than explaining the minutea of the default user interface, it focuses on the main concepts of Mastodon, from which the interface is a derivation. And it is accompanied by colorful illustrations. It also has the benefit of loading a bit faster, since it’s not a modal window laid over the interface, but rather it loads before the interface.
The public hashtag page now makes better use of screen estate by arranging toots in a masonry grid instead of a narrow column. The public hashtag page is the page outside the columnized web interface that logged in users see and use–it is a page oriented primarily towards anonymous viewers.
2.7 includes a new moderation warning system for Mastodon. Whereas previously people would learn that their account was suspended or disabled only through a generic error page when trying to access their account, now moderators can choose to notify users about any actions taken against them. Even without specific actions, moderators can send official warnings that get delivered over e-mail and are reflected in the moderator interface, allowing other moderators to stay updated. Moderators can write any additional information in those e-mails. Because many moderation cases are similar, there is a system for saving presets, that moderators can very easily choose from instead of typing messages from scratch every time.
Of course, because it’s hard to generalize, and some trolls and spam bots are best contained when they don’t realize they are being contained, that notification system can be overriden on a case by case basis.
The moderation interfaces for accounts and instances has also been reworked. Accounts now display the most important numbers in an easy to skim grid. Some useless information has been removed, and some useful information has been added, such as when the user signed up, or who sent them an invite. For accounts from other servers, you can now see which local users follow them at a glance.
The administration interfaces for known servers and domain blocks have been unified into a common area. Besides displaying how many accounts are known from a particular server, you can now also see how many accounts are followed from your server, how many of their accounts are following your users, how many have been individually blocked or reported, and how much disk space that server’s media attachments are taking up.
App developers will be delighted to learn that 2.7 introduces a registration API. By implementing that API, apps will be able to accept new registrations from their users, instead of having to send them to a web browser. When a user signs up through an app, they still receive a confirmation e-mail which they have to open before their account is activated, but the e-mail contains a link that can open the app, and once the account is activated, the app is already authenticated and ready to go.
The command-line utility for managing a Mastodon server, tootctl (pronounced “toot control”) has received a few new commands. Over the course of Mastodon’s existence, some people built websites collecting statistics from known Mastodon servers. However, their numbers always differ a little, and it’s difficult to inspect how they function. Now, you can scan the Mastodon network from your own machine to discover servers and aggregate statistics about Mastodon’s usage with tootctl domains crawl.
By running that command from my machine, I was able to gather these figures: 2251 active Mastodon servers, 1,882,838 registered users, 172,041 active users and 21,537 new sign-ups in the first week of January 2019.
The other new command is tootctl accounts follow and it allows you to make the users on your server follow a specified account. As a reminder, users on Mastodon follow their administrator by default, both for important announcements as well as to kickstart their home feed with something when they’re new. So that command is useful in those rare cases where the administrator needs to change their account.
To learn more about a tootctl command, append --help to it, for example: tootctl domains crawl --help
This is far from everything included in the release–there are many smaller improvements, like CSV export for lists and domain blocks, volume sliders for videos, ability to follow multiple hashtags from the same column, improved emoji support, better defences against spammers with MX checks, and more.
After more than a month of work, I am happy to announce the new version of Mastodon, with improved visuals, a new way to assert your identity, and a lot of bug fixes.Verification Verifying identity in a network with no central authority is not straightforward. But there is a way. It requires a change in mindset, though. Twitter teaches us that people who have a checkmark next to their name are real and important, and those that don’t are not.
Mastodon 2.5 released
Eugen Rochko
Sep 5, 2018
Mastodon 2.5 is the 100th released version of Mastodon since the project’s inception almost 2 years ago.It brings a variety of improvements to the software, the full list of which is available in the changelog. Public profile page The public areas of the web interface have been redesigned. The color scheme and design is now more consistent with the logged-in interface. The new profile layout makes better use of space for bio text and increases the value of header images.
First, a refresher on the fundamentals, which haven’t changed: Mastodon is decentralized between independently-operated servers. These servers each have a separate admin, and possibly a moderation team, as well as their own code of conduct. From that follows that:
You can be with a community that resonates with your values and ideas of moderation
The ratio of “everyone” to “people who can handle abuse reports” is much, much higher than on any centralized service
The moderation team of your server, be it just one admin or multiple people, is a lot closer to you and more approachable and can therefore take abuse seriously
So that’s already a huge advantage over other platforms due the basic design. And in my opinion it’s got advantages over the other extreme, too, a pure peer-to-peer design, where everyone would have to fend for themselves, without the pooled resources. However, there’s more.
Design decisions
Before I proceed, I need to delineate that the following design decisions are more about what the software nudges you towards, rather than a tamper-proof barrier against some behaviours, which is not possible. Mastodon deliberately does not support arbitrary search. If someone wants their message to be discovered, they can use a hashtag, which can be browsed. What does arbitrary search accomplish? People and brands search for their own name to self-insert into conversations they were not invited to.
What you can do, however, is search messages you posted, received or favourited. That way you can find that one message on the tip of your tongue.
Another feature that has been requested almost since the start, and which I keep rejecting is quoting messages. Coming back to my disclaimer, of course it’s impossible to prevent people from sharing screenshots or linking to public resources, but quoting messages is immediately actionable. It makes it a lot easier for people to immediately engage with the quoted content… and it usually doesn’t lead to anything good. When people use quotes to reply to other people, conversations become performative power plays. “Heed, my followers, how I dunk on this fool!” When you use the reply function, your message is broadcast only to people who happen to follow you both. It means one person’s follower count doesn’t play a massive role in the conversation. A quote, on the other hand, very often invites the followers to join in on the conversation, and whoever has got more of them ends up having the upper hand and massively stressing out the other person.
Twitter forces you to choose between two extremes, a protected account and a fully public account. If you have a public account, all your tweets are visible to everyone and infinitely shareable. Mastodon realizes that it’s not something you might always want, though. Each individual message can either be:
Fully public, appearing to your followers, the public timelines, anyone looking at your profile
Unlisted, appearing to your followers and anyone looking at your profile, but skipping the public timelines
Private, appearing only to your followers and people mentioned in it
And direct, appearing only to people mentioned in it
Unlisted messages are perfect if you want to be just a little low-key and not attract strangers to interact with you; private is great when you don’t want your messages easily shared around. Each choice can be set as the default. And of course, on top of that, you can “lock” your account: Locking prevents people from being able to follow you without you getting a chance to say yes or no first.
Mastodon has a lists feature for categorizing the people you are following and making your home feed more readable by essentially splitting into multiple ones, but unlike on Twitter, you cannot add someone to a list unless you are already following them, and the lists are personal, not public.
Hiding things
Mastodon offers a massive amount of ways to hide unwanted content from your eyes. Are strangers bothering you? You can block notifications from people you don’t follow. You don’t want someone to easily see your posts, as well as forgetting they exist? The good old block function is there. It hides notifications from the person, it hides any messages that mention the person, it hides other people sharing that person’s messages. Want the same thing, but for them to not know they’ve been blocked? That’s the mute function.
Are you tired of receiving responses to one of your posts? You can mute the conversation and forget about it. And if you notice that you’re muting a lot of people from the same Mastodon server, and there’s no end to it, you can hide everything from a specific domain. That will hide all of their posts and remove any followers you might have had from that server so they no longer receive your posts, either.
In the coming weeks, once 2.4.3 is released, you’ll be able to tune out of a specific topic for a time or forever by adding text filters. They will match keywords or phrases in the posts and hide those posts from you, either everywhere or in specific contexts only.
On the other end, you can hide your messages behind content warnings, for example if you want to discuss the events of the last episode of some show or a book. And rather than dooming your entire account to be “sensitive” like on Twitter, where it’s hidden from everyone who hasn’t opted to look at sensitive content, on Mastodon you can hide media uploads only in specific posts (or, of course, set it as the default).
You can also hide the list of people you are following and who follow you from your profile.
Moderation tools
When someone’s breaking a servers rules, it’s no longer a matter of just hiding them from your personal sight–that’s where moderation steps in. Mastodon has a report function, in which you can report an account to the server’s administration, optionally specifying a message and choosing which of their posts to include in the report as examples. If the reported person resides on a different Mastodon server, you also have the option of anonymously forwarding a copy of the report to the admins of that server, since they might also be interested in knowing about an offender.
Mastodon’s moderation system is very similar to that of a forum. It supports two administratives roles: moderators and admins. When a report comes in, both groups get a notification e-mail and can proceed to either:
Ignore the report if it’s unsubstantiated
Leave notes for the account that other staff members can see
Delete the offending posts
Sandbox the account so nobody who isn’t already following them can see their posts
Disable access to the account temporarily
Remove the account and all of its data permanently
It doesn’t matter if the offending account is on your server or a different one, these measures are contained within your server, which is how servers with different policies can co-exist on the network: You moderate according to yours, I moderate according to mine.
If there is a server fundamentally opposed to yours, or one that refuses to keep its offenders in check so moderating them on your end individually ends up being too much work, there is an option to either sandbox or block an entire domain.
Conclusion
Wherever people meet, there will be disagreements and trouble. Maintaining communities that feel safe for all of its members is not easy. Mastodon provides a lot of foundational framework and tools for doing it, and shifts the power to effect change from one commercial entity to the communities themselves.
Mastodon's 2 Year Anniversary
A retrospective
Mastodon was first announced to the public through Hacker News, a link aggregator site for programmers, on October 6, 2016. Now we’re celebrating the 2 year anniversary! 🎉
Network growth
From 45 registered users on mastodon.social, the only Mastodon server at the time, the network grew to 1,627,557 registered users on 3,460 servers. That’s not counting people on non-Mastodon servers that are compatible with Mastodon via ActivityPub!
There are a lot of small servers: The median user number per server is 8 people. The biggest server hosts 415,941 accounts. The 3 largest servers combined host 52% of the network’s users, the 25 largest servers host 77% of all users *. This is natural as the largest servers are more known and therefore attract a lot of new people. However, for many people who stick around, they act as gateways, wherein once they learn more about Mastodon, they switch to a different, usually smaller server.
The oldest servers that are still around today are mastodon.social, awoo.space, social.tchncs.de and icosahedron.website.
Most exciting new server growth events:
In April 2017, mstdn.jp was created by nullkal in his apartment. The first Japanese server of Mastodon went viral and saw a growth of tens of thousands accounts within a few days, and served as a catalyst for Mastodon’s popularity in Japan.
In May 2018, after the SESTA/FOSTA laws were passed in the US and forced many sex workers into exile from mainstream social media websites, Assembly Four founded switter.at, a Mastodon server for sex workers. It grew rapidly towards a hundred thousand accounts.
To this day, mastodon.social, mstdn.jp, switter.at, pawoo.net and friends.nico are the largest servers.
Development milestones
From 332 commits by a single developer, the GitHub repository grew to over 6,140 commits by 513 people. Since the start of development in March 2016, 102 versions of Mastodon have been released, beginning with v0.1.0 up to the latest v2.5.2.
4,343 pull requests were merged, and 2,851 issues were closed.
This is what Mastodon looked like in October 2016:
Here is a time table of Mastodon’s most notable features, that is, features that Mastodon is most known for today:
October 2016
The interface becomes responsive for mobile screens
November 2016
Hashtags are implemented
Search for accounts is implemented
Notifications
Marking media as sensitive is added
The “unlisted” visibility setting is added
The publish button is renamed to “toot”
December 2016
The reblog button is renamed to “boost”
Public timeline now excludes boosts and replies
First admin interface is added
Locked accounts are implemented
The “private” visibility setting is added
January 2017
Viewing one’s own favourites is implemented
Remote follow dialog is added
The “boop” sound for notification appears
Content warnings are implemented
Two-factor authentication is added
February 2017
The Streaming API appears
Reporting accounts and toots is implemented
The public timeline is split into “local” and “whole known network”
March 2017
An emoji picker is added
April 2017
The “direct” visibility setting is added
The coyote stops rotating as new GIF autoplay preferences are added
June 2017
The columns in the web interface can be moved, added and removed
Deleting own account is implemented
August 2017
The Mastodon logo is updated
Web Push is implemented, allowing the web interface to receive push notifications
September 2017
The entire Mastodon network is successfully upgraded from OStatus to ActivityPub
Pinning toots is implemented
MySpace Tom lives on as Mastodon begins making new users follow their admin by default
October 2017
Custom emoji are implemented
Alternative text for media attachments is added
Hotkeys in the web interface are implemented
December 2017
Lists are implemented
Invite system is added
January 2018
The e-mails sent by Mastodon become pretty
March 2018
Search for toots is implemented
Account backup download is implemented
Focal point selection for thumbnails is implemented
The frontpage is redesigned
May 2018
Profile metadata can now be customized
Up-to-date privacy policy is included
September 2018
Support for federation relays to improve content discovery is added
Public pages of profiles and toots are redesigned
Featuring friends on public profile is implemented
One piece of coverage stands out particularly as the source of a running joke on Mastodon. Lance Ulanoff from Mashable opened his April 2017 article “Six Reasons Mastodon Won’t Survive” with the words “William Shatner couldn’t find me on Mastodon. This was a problem.” Since then, Mastodon was known as the Shatner-free space, where you are safe to hide from his gaze.
Of course, that article was wrong on many accounts, and severely underestimated Mastodon’s survivability. There were many opinion pieces titled things like “Mastodon is dead in the water” predicting its timely demise. In the end, Mastodon out-survived App.net and Google+, a multi-million dollar project.
Other
Since beginning as a single repository on GitHub, Mastodon has got:
I’m very happy with Mastodon’s accomplishments. Overseeing such a large project has its ups and downs, as it’s impossible to keep everyone happy all the time when people have conflicting desires. Regardless, I consider these to be the two best years of my life, as work on Mastodon is incredibly fulfilling and interacting with all the interesting people on the platform is very fun.
Would I have done something differently if I was starting from scratch now? Mostly, no. I still receive comments about the name “Mastodon” not being suitable, or “toot” being too silly. I wouldn’t change it. I think there is nothing wrong with being less serious, and if it alienates more corporate-minded users, that’s fine. I don’t wake up every day wishing to interact with my favourite brand.
As for the future, development continues: The v2.6.0 version of Mastodon is currently in the works, containing many quality of life improvements, bug fixes, improved administrative tools and a decentralized version of identity verification.
Mastodon has proved itself sustainable and has accomplished a lot in taking a foothold in mainstream consciousness. With more and more people become disillusioned with the tech giants, Mastodon will become ever more appealing. Let’s get to ten million users next.
The fresh release of Mastodon brings long-overdue improvements to discoverability of content and the administration interface, as well as a large number of bug fixes and extra polish.
The 2.7 release consists of 376 commits by 36 contributors since October 31, 2018. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release.
One of the new features is a profile directory that people can opt-in to. The directory allows you to see at a glance active posters on a given Mastodon server and filter them by the hashtags in their profile bio. So you can find people who share your interests without reading through the public timelines, and you can even find out who to follow from a different Mastodon server without needing to sign up and lurk there!
The tutorial that new people see after signing up has been completely reworked. It has a tighter narrative: Rather than explaining the minutea of the default user interface, it focuses on the main concepts of Mastodon, from which the interface is a derivation. And it is accompanied by colorful illustrations. It also has the benefit of loading a bit faster, since it’s not a modal window laid over the interface, but rather it loads before the interface.
The public hashtag page now makes better use of screen estate by arranging toots in a masonry grid instead of a narrow column. The public hashtag page is the page outside the columnized web interface that logged in users see and use–it is a page oriented primarily towards anonymous viewers.
2.7 includes a new moderation warning system for Mastodon. Whereas previously people would learn that their account was suspended or disabled only through a generic error page when trying to access their account, now moderators can choose to notify users about any actions taken against them. Even without specific actions, moderators can send official warnings that get delivered over e-mail and are reflected in the moderator interface, allowing other moderators to stay updated. Moderators can write any additional information in those e-mails. Because many moderation cases are similar, there is a system for saving presets, that moderators can very easily choose from instead of typing messages from scratch every time.
Of course, because it’s hard to generalize, and some trolls and spam bots are best contained when they don’t realize they are being contained, that notification system can be overriden on a case by case basis.
The moderation interfaces for accounts and instances has also been reworked. Accounts now display the most important numbers in an easy to skim grid. Some useless information has been removed, and some useful information has been added, such as when the user signed up, or who sent them an invite. For accounts from other servers, you can now see which local users follow them at a glance.
The administration interfaces for known servers and domain blocks have been unified into a common area. Besides displaying how many accounts are known from a particular server, you can now also see how many accounts are followed from your server, how many of their accounts are following your users, how many have been individually blocked or reported, and how much disk space that server’s media attachments are taking up.
App developers will be delighted to learn that 2.7 introduces a registration API. By implementing that API, apps will be able to accept new registrations from their users, instead of having to send them to a web browser. When a user signs up through an app, they still receive a confirmation e-mail which they have to open before their account is activated, but the e-mail contains a link that can open the app, and once the account is activated, the app is already authenticated and ready to go.
The command-line utility for managing a Mastodon server, tootctl (pronounced “toot control”) has received a few new commands. Over the course of Mastodon’s existence, some people built websites collecting statistics from known Mastodon servers. However, their numbers always differ a little, and it’s difficult to inspect how they function. Now, you can scan the Mastodon network from your own machine to discover servers and aggregate statistics about Mastodon’s usage with tootctl domains crawl.
By running that command from my machine, I was able to gather these figures: 2251 active Mastodon servers, 1,882,838 registered users, 172,041 active users and 21,537 new sign-ups in the first week of January 2019.
The other new command is tootctl accounts follow and it allows you to make the users on your server follow a specified account. As a reminder, users on Mastodon follow their administrator by default, both for important announcements as well as to kickstart their home feed with something when they’re new. So that command is useful in those rare cases where the administrator needs to change their account.
To learn more about a tootctl command, append --help to it, for example: tootctl domains crawl --help
This is far from everything included in the release–there are many smaller improvements, like CSV export for lists and domain blocks, volume sliders for videos, ability to follow multiple hashtags from the same column, improved emoji support, better defences against spammers with MX checks, and more.
After Apple has delisted the Tumblr app from its store citing a large amount of adult content on the site, artists and other creators are reporting having their blogs deleted, and are now looking for alternatives. Before choosing another commercial solution like Twitter, let me outline why Mastodon is the better choice:
1. Mastodon has a flexible approach to adult content. Unlike Tumblr and Twitter, your entire account isn’t either safe-for-work or not-safe-for-work. Each individual post can be marked as not-safe-for-work, with the media attachments conveniently hidden behind a spoiler until you choose to view them. You as a viewer can, of course, opt in to skip the spoilers automatically. Bonus round: You don’t need to be logged in to view sensitive content.
2. Artists have more control over how their art is displayed. Different screens and apps may show thumbnails in varying sizes, so to ensure that the thumbnails make sense and show the most appealing parts of the picture, you can set a focal point on each uploaded image. No more unfortunate crotch thumbnails! The thumbnails also have a lot less quality loss compared to e.g. Twitter.
3. Mastodon offers extensive customization options for your profile. Along with the expected custom display name, avatar, header image and “about me” text, you can set up to 5 featured posts at the top, and up to 4 custom link or text blurbs. For example, a link to your Patreon, your commission status and your preferred pronouns. But that’s not all – you can promote your friends or accounts you’re a fan of by endorsing them so they are featured on your profile in a random rotation.
4. Mastodon is decentralized. Why does this matter? Because if you host your own Mastodon server (as you easily can, it’s open source and there’s even hosting providers specifically for it!), literally nobody except yourself has control over your posts. No more getting deleted off Tumblr. Of course, not everybody is interested in running their own server, but it still matters – you can use a server that somebody you personally know runs, or that a community that you trust runs.
5. Mastodon is not commercial. It doesn’t track your every move. It doesn’t interrupt your home feed with ads and promoted posts. It’s just you, and people you choose to follow. Because of its decentralized nature, individual servers are smaller and cheaper than Twitter or Tumblr as a whole, and can be maintained with earnest crowdfunding rather than advertising/marketing schemes.
And last but not least, Mastodon is big, and getting larger, approaching an audience of 2 million users spread over 2,000 servers. If that sounds convincing to you, navigate to the server picker and select the “I am an adult content creator” option to see a list of servers you could sign up on.
I follow many talented artists on Mastodon, and over my 2 years of being on the platform I have noticed some common patterns that may help a newcomer find their audience on here, too.
The Mastodon Spring Creator’s Release
Eugen Rochko
Mar 14, 2018
The development of the next version of Mastodon coincided with the reveal of Vero, yet another commercial social network silo backed by millionaires with a shady past. Vero has struck a chord, at least until people caught on to its background, and it wasn’t just because of its unlimited marketing budget. It has struck a chord because it promised an alternative to Instagram, which started getting progressively worse for creators after being acquired by Facebook.
In the previous tutorial we have learned how to send a reply to another ActivityPub server, and we have used mostly static parts to do it. Now it’s time to talk about how to subscribe to other people and receive messages. The inbox Primarily this means having a publicly accessible inbox and validating HTTP signatures. Once that works, everything else is just semantics. Let’s use a Sinatra web server to implement the inbox.
Why ActivityPub is the future
Eugen Rochko
Jun 27, 2018
We often tout things like “Mastodon is based on open web protocols” as one of its advantages. I want to elaborate why exactly that’s a good thing.
Why we must oppose the new copyright directive
Eugen Rochko
Jun 25, 2018
A committee of members of the European Parliament have voted to approve Article 11 and Article 13, which pose a risk to the decentralization of the web and freedom of creative expression.
How to become a successful artist on Mastodon
Eugen Rochko
Jun 24, 2018
I follow many talented artists on Mastodon, and over my 2 years of being on the platform I have noticed some common patterns that may help a newcomer find their audience on here, too.
How to implement a basic ActivityPub server
Eugen Rochko
Jun 23, 2018
Today we’ll be looking at how to connect the protocols powering Mastodon in the simplest way possible to enter the federated network. We will use static files, standard command-line tools, and some simple Ruby scripting, although the functionality should be easily adaptable to other programming languages. First, what’s the end goal of this exercise? We want to send a Mastodon user a message from our own, non-Mastodon server. So what are the ingredients required?
My instance mastodon.social has recently surpassed 43,000 users. I have closed registrations both to have more time to investigate the infrastructure and ensure a good experience for existing users, and to encourage more decentralization in the network (with a wonderful effect — the Mastodon fediverse now hosts over 161,000 people spread out over more than 500 independent instances!)
But providing a smooth and swift service to 43,000 users takes some doing, and as some of the other instances are approaching large sizes themselves, it is a good time to share the tips & tricks I learned from doing it.
Mastodon consists of two parts that scale differently: databases, and code. Databases scale vertically. That means, it’s a lot easier and more cost efficient to buy a super beefy machine for your database, than it is to spread the database over multiple machines with sharding or replication. The Mastodon code on the other hand, scales horizontally — run it from as many machines as you want, concurrently, and load balance the web requests, and you’re good.
First of all, where does the load on Mastodon come from?
The act of browsing and using the site requires the user’s HTTP requests to be answered. Every Puma worker (WEB_CONCURRENCY) can answer MAX_THREADS of requests at the same time. If every worker’s every thread is busy answering something, the new request must wait. If it has to wait too long, it is canceled with a timeout. That means, you need more workers and threads to be able to handle a higher request throughput.
Being connected to the streaming API means a constantly open connection through nginx to the streaming API service. The streaming API itself, I do not notice being strained from a high number of connections, but nginx requires a high limit on open files (worker_rlimit_nofile) and a high number of worker_connections to keep the connections up. Thankfully, nginx is quite lightweight even with such high parameters.
Actual activity on the site, like sending messages, following or unfollowing people, and many more things that people can do, all generates background jobs that must be processed by Sidekiq. If they are not processed in time, they start queuing up in a backlog, and it becomes noticeable when a toot you wrote reaches your followers only 1 hour later. That means, more Sidekiq workers are needed to be able to process more activity.
Those are the basic principles of Mastodon scaling. However, there is more.
Each time you scale horizontally, you are putting more strain on the database, because web workers and background workers and the streaming API all need database connections. Each service uses connection pools to provide for their threads. This can go up to 200 connections overall easily, which is the recommended max_connections on a PostgreSQL database with 16GB of RAM. When you reach that point, it means you need pgBouncer. pgBouncer is a transparent proxy for PostgreSQL that provides pooling based on database transactions, rather than sessions. That has the benefit that a real database connection is not needlessly occupied while a thread is doing nothing with it. Mastodon supports pgBouncer, you simply need to connect to it instead of PostgreSQL, and set the environment variable PREPARED_STATEMENTS=false
Simply spinning up more Sidekiq processes with the default recommended settings may not be the silver bullet for processing user activity in time. Not all background jobs are created equal! There are different queues, with different priorities, which Sidekiq works with. In Mastodon, these queues are:
default: responsible for distribution of toots into local follower’s timelines
push: delivery of toots to other servers and processing of toots incoming from other servers, before they are queued up for distribution to local followers
pull: download of conversations, user avatars and headers, profile information
mailers: sending of e-mail through the SMTP server
I have ordered them in the order of importance. The default queue is the most important, because it directly and instantly affects user experience on your Mastodon instance. Push is also important, because it affects your followers and contacts from other places. Pull is less important, because downloading that information can wait without much harm. And finally, mailers — there is usually not that much e-mail being sent from Mastodon, anyway.
When you have a Sidekiq process with a defined order of queues like -q default -q push -q pull -q mailers, it first checks the first queue, if nothing is there, the next one, etc. That is, each thread defined by the -c (concurrency) parameter, does that. But I think you must see the problem — if you suddenly have 100 jobs in the default queue, and 100 in the push queue, and you only have 25 threads working on all of them, there will be a huge delay before Sidekiq will ever get to the push ones.
For this reason, I found it useful to split queues between different Sidekiq processes on different machines. A couple responsible only for the default queue, a couple only responsible for push, pull, etc. This way, you are not getting too much delay on any type of user-facing action.
Another big revelation, though obvious in hindsight, is that it is less effective to set a high concurrency setting on a single Sidekiq process, than it is to spin up a couple independent Sidekiq processes with lower concurrency settings. Actually, the same is true for Puma workers — more workers with less threads work faster than less workers with more threads. This is because MRI Ruby does not have native threads, so they cannot be run truly in parallel, no matter how many CPUs you have. The only drawback is this: While threads share the same memory, separate processes don’t. That means, more separate processes consumes more RAM. But if you have free RAM on your server doing nothing, it means you should split up a worker into more workers with less threads.
The current mastodon.social infrastructure looks like this:
2x baremetal C2M (8 cores,16GB RAM) servers:
1 running PostgreSQL (with pgBouncer on top) and Redis
1 running 4x Sidekiq processes between 10–25 threads each
1 running Minio for file storage with a 150GB volume
Most of these are new additions since the surge of Internet attention — before that mastodon.social was serving 20,000 users (most of whom were, to be fair, not active the same time) with just the DB server, 2 app servers and 1 Minio server. At the same time, the v1.1.1 release of Mastodon includes a variety of optimizations that at least doubled the throughput of requests and background jobs compared to the first day of going viral.
At the time of writing, mastodon.social is servicing about 6,000 open connections, with about 3,000 RPM and an average response time of 200ms.
Two reasons why organizations should switch to self-hosting social media
Eugen Rochko
Mar 16, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 23,000 users and is growing fast. You can check it out here. If your organization is hosting a Mastodon instance, it is essentially a self-perpetuating brand awareness campaign. When people from other instances talk to or follow your users, they see your domain name all the time, since it is part of their globally unique usernames.
Learning from Twitter’s mistakes
Eugen Rochko
Mar 3, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 22,000 users and is growing fast.You can check it out here. Very early on in the development of Mastodon I’ve decided that centralization and unexpected algorithmic changes were not the only one of Twitter’s problems. Harrassment and tools to deal with it have always been lacking on Twitter’s end.
I follow many talented artists on Mastodon, and over my 2 years of being on the platform I have noticed some common patterns that may help a newcomer find their audience on here, too.
Introduce yourself
A lot of the toots that get shared around widely are artists’ introductions. It may sound odd coming from larger, more faceless platforms like Twitter, but Mastodon communities are more tight-knit, and a new community member saying hello is genuinely appreciated. You may describe who you are, where you come from, link your past work or profiles, and include a few examples of your work. Just like everywhere else, pretty pictures attract eyes.
On Mastodon, you may pin up to 5 posts to the top of your profile. So the introduction post may serve as an additional, permanent piece of information going forward if you pin it.
Fill out your profile
You can upload an avatar and a header image. It is wise to do both, as people tend to ignore posts from accounts with the default avatar, and profiles look a lot prettier with a header image. Avatars can even be animated! Animated avatars will be displayed to users who opted into interface animations, which are off by default for accessibility reasons.
Describe in short who you are. The profile bio may be displayed when pinned posts, such as your introduction, are not, so it makes sense to add some common, important information in both. Here comes the coolest thing, though: Profile metadata.
You get 4 label/content pairs to use however you like. Want to tell people what country you are from? You can do it. You can use them to refer to your significant other, or credit the author of your avatar image (if it’s not you), or to simply link to your other websites. If you have a Patreon, and a Twitch or Picarto channel, that’s where you would put them. Be sure, when posting links, to include the https:// part at the start, or it won’t show up as a link!
Choose focal points
If you’re posting vertical pictures, one of the most unfortunate things that can happen is the crotch crop. Mastodon is available on all sorts of platforms, used across a variety of screen sizes, so thumbnails of your art do not always have the same dimensions. Sometimes, this means the thumbnail shows the less enticing parts of the picture. But there is a solution for that:
When uploading a picture, you may click “crop” to select a focal point on the image. Once that is done, whatever the dimensions of the thumbnail, it will always include the selected area in this visible area.
Use hashtags
This will be familiar to those coming from Instagram, but hashtags are really rather important on Mastodon! Of course, unlike Instagram, there’s another way to discover content: the “firehose”, or the local and federated timelines. They show a slice of the real-time content as it appears. In a way, this means you have a chance of being noticed even if you don’t have any followers yet. But not everyone can keep up with that! Using hashtags allows people to find your art when they’re looking for it. Some of the hashtags that people use are #mastoart, #creativetoots, #photography, #catsofmastodon…
Posting schedule
It may be tempting to dump your entire portfolio straight away, but do not do this! While your posts will always appear on your profile, the presence of your posts on your followers’ home feeds is ephermal, they will be pushed out by newer toots! Consider that people from different timezones are online at different times. It makes sense to post on different days, at different times of day, to draw the most attention.
Do not feel bad about mixing art posts and personal updates. I’ve never seen anyone mind that, on the contrary, people appreciate personality behind the work.
Engage!
Thank people who comment on, fave or boost your work. Look at who boosts and faves other people’s work and follow them to silently introduce them to your work, too. Support other artists on the platform.
How to deal with sensitive media
Mastodon allows you to mark pictures or videos as sensitive, so they’re hidden behind a warning. This is great for people who cannot or do not want to see explicit imagery, but for artists who create primarily that, it can be inhibiting. Art hidden behind a warning is less likely to be noticed on timelines, and you need to be aware of that trade-off. What you can do is mix your explicit and non-explicit art to gain more followers.
There is also an off-by-default preference to always view sensitive media without a warning. You and your followers may wish to enable that.
The development of the next version of Mastodon coincided with the reveal of Vero, yet another commercial social network silo backed by millionaires with a shady past. Vero has struck a chord, at least until people caught on to its background, and it wasn’t just because of its unlimited marketing budget. It has struck a chord because it promised an alternative to Instagram, which started getting progressively worse for creators after being acquired by Facebook.
How to implement a basic ActivityPub server
Eugen Rochko
Jun 23, 2018
Today we’ll be looking at how to connect the protocols powering Mastodon in the simplest way possible to enter the federated network. We will use static files, standard command-line tools, and some simple Ruby scripting, although the functionality should be easily adaptable to other programming languages. First, what’s the end goal of this exercise? We want to send a Mastodon user a message from our own, non-Mastodon server. So what are the ingredients required?
This is an update for my Patreon supporters. It is posted on Medium because of its superiour formatting capabilities.
So, April, huh. A lot happened. I was putting off writing an update on here because I knew I had to go into detail on all the things that happened, and that’s quite a daunting task. Before I dive into things, a couple short notices:
The way I work with the GitHub repository has changed. I no longer work directly on the master branch. I (and other volunteers) work on feature branches. Something can only be merged into the master branch through a pull request that receives a review and approval from at least one trusted contributor. This means that the master branch is a lot more stable, and there is a lot more accountability for who does what and when. However, the master branch is still not a stable enough medium for the (literally) thousands of Mastodon instances running in production. Therefore, we now do actual releases — v1.1, v1.2, v1.2.2 etc. The releases now contain detailed changelogs, linking back to the pull requests in which the changes were made, with a list of all contributors for the release at the bottom. This replaces the changelogs I was publishing on this blog.
With 666 patrons (hah!) individually managing the sponsors list is no longer viable. I will be automating it from the CSV export in Patreon. This means the sponsors list will be using the username you have on Patreon and link to your Patreon profile.
So, April, huh. Twitter changed the reply system, which everybody told them they shouldn’t do, and then removed the iconic egg avatar for new users, and suddenly all of my work of telling people that one day Twitter would do something they didn’t like and they’d need a viable alternative paid off. Mastodon caught on on Infosec Twitter, which is both huge and influential, and (somehow, I do not quite understand how) also French Twitter. France really likes free software and decentralization, as it turns out! Think explosion of users from 20,000 to 42,000 in the span of two days. Most importantly, this offset a wave of press attention, from French journals to tech journals to non-tech journals. I had phone and text interviews with The Verge, Mashable, Wired, Engadget and more. I actually don’t remember exactly, because I chose not to read the resulting (or any) articles for the sake of my mental health. (On the other hand, my mother collected them all). The Mastodon band has playfully acknowledged the project. We also witnessed the birth of a meme of a man not being able to be found by William Shattner.
Did I mention that Pixiv, the Japanese artist gallery company (sort of like deviantArt, but better) has opened its own Mastodon instance, Pawoo.net? They even made their own version of the Mastodon mascot. They have already contributed back some cool performance improvements, as well.
At the time of writing, the Mastodon network includes more than 486,767 users spread out among more than a 1,212 instances. That’s how far we’ve come. But it’s not just that. A lot more people have learned and become interested in Free and Open Software and decentralization. The GitHub repository has seen an absolute explosion of activity, from bug reports and feature requests (550 at the time of writing) to code and translation contributions from the community. Many people started learning Ruby/Rails and JavaScript/React.js to be able to participate. I feel like there is a lot more documentation on how to deploy a Rails application on the Internet than there was before Mastodon.
Success brings challenges. Insane new loads on mastodon.social were reason for multiple optimizations and bug fixes, speeding up performance hotspots by more than two times, as well as exploration of more complicated deployment techniques (e.g. pgBouncer). The hardest challenges are organizational rather than technical. Tending to the bug tracker, support questions, reviewing and merging pull requests is all a huge responsibility and time sink. Furthermore, there are other tasks like communicating the roadmap for the near future, community outreach, and coordinating efforts from contributors that I feel myself ridiculously overwhelmed by. My personal philosophy of “announce when it’s done, promise nothing” may be good for positively surprising people after the fact, but pretty bad for managing a project and people’s morale.
Seeing the Patreon pledge at over $3,000 means a lot to me. First of all, and this has come up a lot, so I feel like mentioning it — Patreon distributes the pledges on 1st of each month. That means I have seen nothing from all the new pledges yet — from last month I received about $700, which was less than my living and hosting costs. So any articles talking about me making a comfortable $3k/mo are a bit premature on that front, and ignore all the past months I was working full-time on less than a living wage. With that out of the way, the new budget allows me more wiggling room in hosting options of mastodon.social, makes my dad worry less about me not working for another company like all the other people, and will hopefully allow me to hire additional staff for the aforemention tasks like project management and community outreach.
On a somewhat related topic, people love fluffy elephant friend, and there were a lot of calls for merchandise. That’s another way the project can be supported financially, with the added benefit of spreading awareness of it. I am still waiting on my artist friend to free up to work on new high-res artwork for t-shirts, but I have published an official sticker with the iconic cutie:
To conclude, here is the list of releases published since my last Patreon update mid-March:
The above links will take you to the detailed changelogs, but here are the most prominent changes summarized:
Direct messages
Avatars now finally hover-to-play
Option to disable all GIF autoplay
Option for confirmation dialogs for boosts
Confirmation dialogs for deleting/blocking/muting
Videos can be expanded
Improved search UI, ability to open remote statuses by pasting their permalink URL into the search
Two-factor authentication now requires one confirmation before activation, recovery codes added
Admin UI for domain blocks has been introduced (and improved in general)
An onboarding modal to greet new users and explain the basics
Localization and translations have been improved and expanded respectively
Various bug fixes, performance improvements and UX polishing
A public road map for the future is being worked on, but it’s safe to say now that the next release will be v1.3 (minor release) and not a patch release due to the amount of new features in the pipeline.
#DeleteFacebook
Perspective from a platform that doesn’t put democracy in peril
It doesn’t matter if you call it a “data breach” or not. The problem is how much data Facebook collects, stores and analyzes about us. You now know how Facebook’s platform was used by 3rd parties to meddle in elections. Now imagine how much more effective it would be, if it wasn’t 3rd parties, but Facebook itself putting its tools to use. Imagine, for example, if Mark Zuckerberg decided to run for president…
#DeleteFacebook is trending on Twitter. Rightfully so. Some say, “even without an account, Facebook tracks you across the web and builds a shadow profile.” And that is true. So what? Use browser extensions that block Facebook’s domains. Make them work for it. Don’t just hand them the data.
Some say, “I don’t want to stop using Facebook, I want them to change.” And that is wrong. Keeping up with your friends is good. But Facebook’s business and data model is fundamentally flawed. For you, your data is who you are. For Facebook, your data is their money. Taking it from you is their entire business, everything else is fancy decoration.
Others will say, “I need Facebook because that’s where my audience is, and my livelihood depends on that.” And it is true. But depending on Facebook is not safe in the long-term, as others have learned the hard way. Ever changing, opaque algorithms make it harder and harder to reach “your” audience. So even in this case it’s wise to look for other options and have contingency plans.
There are ways to keep up with friends without Facebook. Ways that don’t require selling yourself to Big Data in exchange for a system designed around delivering bursts of dopamine in just the right way to keep you hooked indefinitely.
Mastodon is one of them. There are others, too, like Diaspora, Scuttlebutt, and Hubzilla, but I am, for obvious reasons, more familiar with Mastodon.
Mastodon is not built around data collection. No real name policies, no dates of birth, no locations — it stores only what is necessary for you to talk to and interact with your friends and followers. It does not track you across the web. The data it stores for you is yours — to delete or to download.
Mastodon does not have any investors to please or impress, because it’s not a commercial social network. It’s freely available, crowdfunded software. Its incentives are naturally aligned with its users, so there are no ads, no dark UX patterns. It’s there, growing and growing: Over 130,000 people were active on Mastodon last week.
To make an impact, we must act. It is tempting to wait until others make the switch, because what if others don’t follow? But individual actions definitely add up. One of my favourite stories from a Mastodon user is how they were asked for social media handles at a game developer conference, and when they replied with Mastodon, received understanding nods instead of confused stares. Step by step, with every new person, switching to Mastodon will become easier and easier.
Artykuł 11 znany jako „podatek od linków”, według którego umieszczanie odnośników do publicznych stron może być nielegalne, jeżeli zawierają one podgląd zawartości z użyciem tagów OpenGraph umieszczanych tam przez autorów stron. Artykuł 13 postanawia, że wszystkie treści wysyłane przez użytkowników muszą przechodzić przez filtr zawartości, aby wykrywać naruszenia praw autorskich.
W lipcu odbędzie się szersze głosowanie nad tą dyrektywą w Parlamencie Europejskim. Oba artykuły wpływają na sposób, w jaki działa Mastodon. Oto dlaczego musimy się sprzeciwić się ich przyjęciu:
Wykrywanie zawartości nie jest wiarygodne
Znane systemy identyfikacji treści takie jak używany na YohTube często prowadzą do błędnego usunięcia treści. Czasami mogą wykryć cichą muzykę, niesłyszalna dla ludzi lub film grający w tle. Mogą przypadkowo zablokować domenę publiczną lub twórczość przeobrażoną, przy czym nie wykryją już utworów o podwyższonej wysokości lub obróconych w poziomie filmów. Ludzie będą wnosić roszczenia do treści, których nie posiadają, a właściwi twórcy będą musieli udowadniać, że to oni posiadają prawa do wysłania ich. To zaszkodzi wolności wyrażania siebie i pozbawi nas kreatywnej różnorodności.
Już dzisiaj YouTube traci na tym, nawet bez Artykułu 13. Wydaje Ci się, że DMCA i demonetyzacja są złe? Odmowy będą dokonywane w czasie wysyłania, wszędzie.
Mniejsi gracze vs. filtrowanie treści
Choć wielkie platformy społecznościowe takie jak Twitter, Tumblr, Facebook i GitHub będą mogły zainwestować w technologie wymagane do wykrywania naruszeń praw autorskich, inni nie zawsze będą mogli. W Internecie jest wiele innych miejsc: sekcje komentarzy na blogach, fora, imageboardy i oczywiście — serwery Mastodona. Strony prowadzone nie dla zysku, tworzone przez osoby prywatne i małe organizacje nie będą mogły spełnić tych wymogów. Wymaga to nie tylko zainwestowania w technologię, ale i dostępu do bazy treści objętej prawami autorskimi do skanowania.
Może to doprowadzić do powstania nowych dostawców usług filtrujących naruszenia, centralizacji skanowania treści, która nie tylko dodaje do całości kolejny czynnik finansowy, ale też tworzy ogromne zagrożenie dla prywatności zbierając wszystkie wpisy z różnych platform w jednym miejscu. Nie musisz wierzyć w szpiegowanie przez rząd, wystarczy pomyśleć o wyciekach danych takich jak Equifax.
Internet jest nie tylko dla wielkich platform
Często wydaje się, że kiedy UE uchwala regulacje dotyczące Internetu, myślą tylko o wielkich graczach takich jak Facebook, Twitter, Google i Amazon. Kiedy w Niemczech pojawił się „podatek od linków”, Google udało się wynegocjować bezpłatną umowę z wydawcami, ponieważ gdy treści są wykluczone z Google, są w zasadzie wyrzucone poza nawias. Zgadnijcie jednak, kto nie byłby w stanie wynegocjować takiej umowy? Tak, mniejsza konkurencja dla Google.
Podobnie, RODO spowodowało panikę wśród mniejszych stron i usług sieciowych z powodu obawy przed karą pieniężną, powodując wiele wyłączeń stron spowodowanych niepewnością. Nie musieli panikować ci, w których skierowane było to prawo — ci, którzy najbardziej naruszali naszą prywatność. Mogą oni pozwolić oni sobie na zatrudnienie wielu prawników i osób, które pozwolą im na dostosowanie się do nowego prawa.
Naturą regulacji prawnych jest odcięcie mniejszych graczy, co nie zawsze jest złe. Chcesz, aby jakość wody i jedzenia była regulowana, nie chcesz pozostawić tego amatorom. Prywatność w Internecie jest z pewnością ważna, więc wydaje się, że RODO również zajęło odpowiednie miejsce. Jednak takie regulacje umacniają największe firmy na rynku i musisz zapytać siebie — czy konglomeraty, których model biznesowy opiera się na wykorzystywaniu słabości Internetu są czymś, co powinno utrwalić się na zawsze?
Firmy, które osiągnęły sukces w Internecie doszły do tego tylko dlatego, że Internet był zdecentralizowany i każdy mógł pojawić się na rynku bez ograniczeń. Nie uważam jednak, aby osiągnęły szczyt tego, co jest możliwe.
Musimy utrzymać zdecentralizowaną sieć przy życiu i sprzeciwić się Artykułowi 11 i 13.
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network with over 760,000 users. You can check it out here.
The Mastodon project is finally well-represented visually. I always felt like the previous logo did not do it justice. To its credit, it was both an M, and 3 sideways speech bubbles, but it did not scale well and overall it was just a circle. Now, after months of planning and weeks of back and forth with the designer, we have a distinct shape and a distinct font.
Along with the logo, we now have a beautiful homepage for the project itself. The kind of link you can send to someone to show them what Mastodon is without committing to any particular instance — joinmastodon.org
And as all good things come in threes, the landing page distributed along with the software itself — the instance frontpage if you will — has also been refurbished. Now that there is a project homepage to differentiate itself, the instance frontpage puts more effort into presenting a particular instance’s identity, rather than the underlying software. The name and the customizable description have a lot more prominence.
And something that’s been requested since literally day one of the project is finally here too — the frontpage now features a preview of the public timeline (“firehose”, if you will) of the instance, thereby letting you get a taste of what’s inside this hip new social network. Though instances that prefer to stay mysterious can still opt-out of that new feature.
All of the above comes bundled in our 1.5 release. But that’s just the tip of the iceberg. The other cool stuff can be classified into five main categories: quality of life improvements, admin features, mobile experience and accessibility, and other.
Quality of Life improvements:
Previous behaviour of “content warning” and “media sensitivity” being completely separate was confusing to most. This has been simplified. Media can be sensitive without hiding the text, but hiding the text with a content warning will now always hide the media, too.
A new preference setting to always pre-mark media as sensitive on your account.
A new preference setting to opt your public profile out of search engine indexing.
A new preference setting to have the web UI displayed using your operating system’s native font instead of Roboto.
When editing your profile, you now get a preview of your avatar and header. The operating system’s “no file selected” label on file inputs confused people.
The muting feature has been adjusted. Previously it was meant only to hide someone’s toots from timelines, not to hide them from your notifications (e.g. you’d mute a friend who is annoying in general but you want to hear from when they’re talking to you). By popular demand this has been changed to block notifications, too, essentially becoming a stealth-block.
The overview of active sessions is now a lot more accurate, and you can now revoke a session.
The disparity between toots/following/follower numbers on the local instance vs user’s origin instance was also confusing. There was an asterisk next to the numbers with a disclaimer that they may not be accurate, but it was way too invisible. Now, profiles of users who originate from a different instance display a prominent disclaimer with a link to view the full profile.
The character counter now ignores the domain part of user handles, and treats all links as 23 characters long, regardless of how long they are. This removes the unfair penalty of users whose domain is longer, and allows you to not worry about the length of the URLs you are sharing, since they get shortened visually anyway.
Mobile experience and accessibility:
We now have Web Push notifications. It is a method of sending notifications directly to the browser, without having to use a native app (opt-in, of course). It is a relatively new web standard, which more and more browsers are implementing and it blurs the line between mobile website and native app.
The swiping gestures have not only been adjusted to be less sensitive, but are now accompanied by visual feedback — no more accidental swiping between columns.
Another feature making use of an upcoming web standard, which is a bit newer and may not be available in any browsers yet, is the “share” button, which acts like the “share” feature of native apps.
All dropdown menus now open as modal windows on mobile, making it much easier to hit the right item.
Multiple accessibility improvements — too many to list here, but including improved contrasts, screen reader support, and keyboard access.
Admin features:
Admins will now receive immediate e-mail notifications about new reports.
For troubleshooting, admins now have a button to re-subscribe to accounts from a particular domain.
Added a domain block option that does nothing but reject local cache of media files.
The contents of the /terms page can now be customized entirely if you want a different privacy policy than the default one.
Other:
I have previously mentioned that Mastodon is looking to implement a newer federation protocol, ActivityPub, to replace OStatus in the very long term. This protocol itself is a work in progress incredibly close to being done, and I’m working closely with the W3C working group responsible to make sure the needs of the Mastodon project are well met, along with many other developers.
The implementation of a completely new underlying protocol in Mastodon is not easy. It has been an ongoing effort for a couple months, and it is split into stages. With this release, one stage of the implementation is ready — ActivityPub-compatible representations of public data. This is just a first step, but I’m proud of it anyway.
The fight for an ethical, decentralized internet is not over. We have made a significant impact in April, we’ve gotten big in Japan, but we need to keep going! We need a couple more months like April to cement our position in the public perception, to nurture the idea that no, you don’t have to just succumb to surveillance capitalism to hang out with friends and reach an audience. I truly hope that this release is another step in the right direction, in making it easier to convince people to use Mastodon.
I want to conclude this post by giving shout-outs to the people who make the development of this project possible — my patrons. Likewise, to Sorin Davidoi for implementing a huge chunk of the mobile experience improvements. To Dopatwo, for providing me with a steady supply of adorable elephant friends, and to Jin Nguyen, who designed our new logo.
Mastodon now available on DigitalOcean
It always was, but now it takes one click to install
We have published a 1-click install image on DigitalOcean. This reduces the initial time investment in self-hosting Mastodon substantially. You create a new droplet, choose the Mastodon image, and once it boots up, you are taken through an interactive setup prompt.
The only necessary information for the prompt is a domain name (it should already be pointing at the IP address of your droplet!) and credentials to some e-mail delivery service, like SparkPost, Mailgun, Sendgrid, or something similar. Once you enter them into the setup prompt, your brand new Mastodon server boots up, ready to go.
Optionally, the setup prompt can also take Amazon S3, Wasabi or Google Cloud credentials for storing user uploads in the cloud instead of the local filesystem on the droplet.
What you get in the droplet is a standard installation of Mastodon, exactly as if you simply followed installation instructions in our documentation. This means that the documentation already covers everything you might want to know!
Mastodon was first announced to the public through Hacker News, a link aggregator site for programmers, on October 6, 2016. Now we’re celebrating the 2 year anniversary! 🎉
Network growth
From 45 registered users on mastodon.social, the only Mastodon server at the time, the network grew to 1,627,557 registered users on 3,460 servers. That’s not counting people on non-Mastodon servers that are compatible with Mastodon via ActivityPub!
There are a lot of small servers: The median user number per server is 8 people. The biggest server hosts 415,941 accounts. The 3 largest servers combined host 52% of the network’s users, the 25 largest servers host 77% of all users *. This is natural as the largest servers are more known and therefore attract a lot of new people. However, for many people who stick around, they act as gateways, wherein once they learn more about Mastodon, they switch to a different, usually smaller server.
The oldest servers that are still around today are mastodon.social, awoo.space, social.tchncs.de and icosahedron.website.
Most exciting new server growth events:
In April 2017, mstdn.jp was created by nullkal in his apartment. The first Japanese server of Mastodon went viral and saw a growth of tens of thousands accounts within a few days, and served as a catalyst for Mastodon’s popularity in Japan.
In May 2018, after the SESTA/FOSTA laws were passed in the US and forced many sex workers into exile from mainstream social media websites, Assembly Four founded switter.at, a Mastodon server for sex workers. It grew rapidly towards a hundred thousand accounts.
To this day, mastodon.social, mstdn.jp, switter.at, pawoo.net and friends.nico are the largest servers.
Development milestones
From 332 commits by a single developer, the GitHub repository grew to over 6,140 commits by 513 people. Since the start of development in March 2016, 102 versions of Mastodon have been released, beginning with v0.1.0 up to the latest v2.5.2.
4,343 pull requests were merged, and 2,851 issues were closed.
This is what Mastodon looked like in October 2016:
Here is a time table of Mastodon’s most notable features, that is, features that Mastodon is most known for today:
October 2016
The interface becomes responsive for mobile screens
November 2016
Hashtags are implemented
Search for accounts is implemented
Notifications
Marking media as sensitive is added
The “unlisted” visibility setting is added
The publish button is renamed to “toot”
December 2016
The reblog button is renamed to “boost”
Public timeline now excludes boosts and replies
First admin interface is added
Locked accounts are implemented
The “private” visibility setting is added
January 2017
Viewing one’s own favourites is implemented
Remote follow dialog is added
The “boop” sound for notification appears
Content warnings are implemented
Two-factor authentication is added
February 2017
The Streaming API appears
Reporting accounts and toots is implemented
The public timeline is split into “local” and “whole known network”
March 2017
An emoji picker is added
April 2017
The “direct” visibility setting is added
The coyote stops rotating as new GIF autoplay preferences are added
June 2017
The columns in the web interface can be moved, added and removed
Deleting own account is implemented
August 2017
The Mastodon logo is updated
Web Push is implemented, allowing the web interface to receive push notifications
September 2017
The entire Mastodon network is successfully upgraded from OStatus to ActivityPub
Pinning toots is implemented
MySpace Tom lives on as Mastodon begins making new users follow their admin by default
October 2017
Custom emoji are implemented
Alternative text for media attachments is added
Hotkeys in the web interface are implemented
December 2017
Lists are implemented
Invite system is added
January 2018
The e-mails sent by Mastodon become pretty
March 2018
Search for toots is implemented
Account backup download is implemented
Focal point selection for thumbnails is implemented
The frontpage is redesigned
May 2018
Profile metadata can now be customized
Up-to-date privacy policy is included
September 2018
Support for federation relays to improve content discovery is added
Public pages of profiles and toots are redesigned
Featuring friends on public profile is implemented
One piece of coverage stands out particularly as the source of a running joke on Mastodon. Lance Ulanoff from Mashable opened his April 2017 article “Six Reasons Mastodon Won’t Survive” with the words “William Shatner couldn’t find me on Mastodon. This was a problem.” Since then, Mastodon was known as the Shatner-free space, where you are safe to hide from his gaze.
Of course, that article was wrong on many accounts, and severely underestimated Mastodon’s survivability. There were many opinion pieces titled things like “Mastodon is dead in the water” predicting its timely demise. In the end, Mastodon out-survived App.net and Google+, a multi-million dollar project.
Other
Since beginning as a single repository on GitHub, Mastodon has got:
I’m very happy with Mastodon’s accomplishments. Overseeing such a large project has its ups and downs, as it’s impossible to keep everyone happy all the time when people have conflicting desires. Regardless, I consider these to be the two best years of my life, as work on Mastodon is incredibly fulfilling and interacting with all the interesting people on the platform is very fun.
Would I have done something differently if I was starting from scratch now? Mostly, no. I still receive comments about the name “Mastodon” not being suitable, or “toot” being too silly. I wouldn’t change it. I think there is nothing wrong with being less serious, and if it alienates more corporate-minded users, that’s fine. I don’t wake up every day wishing to interact with my favourite brand.
As for the future, development continues: The v2.6.0 version of Mastodon is currently in the works, containing many quality of life improvements, bug fixes, improved administrative tools and a decentralized version of identity verification.
Mastodon has proved itself sustainable and has accomplished a lot in taking a foothold in mainstream consciousness. With more and more people become disillusioned with the tech giants, Mastodon will become ever more appealing. Let’s get to ten million users next.
Mastodon 2.5 is the 100th released version of Mastodon since the project’s inception almost 2 years ago.It brings a variety of improvements to the software, the full list of which is available in the changelog. Public profile page The public areas of the web interface have been redesigned. The color scheme and design is now more consistent with the logged-in interface. The new profile layout makes better use of space for bio text and increases the value of header images.
Mastodon quick start guide
Nico
Aug 27, 2018
So you want to join Mastodon and get tooting. Great! Here's how to dive straight in.
My instance mastodon.social has recently surpassed 43,000 users. I have closed registrations both to have more time to investigate the infrastructure and ensure a good experience for existing users, and to encourage more decentralization in the network (with a wonderful effect — the Mastodon fediverse now hosts over 161,000 people spread out over more than 500 independent instances!)
But providing a smooth and swift service to 43,000 users takes some doing, and as some of the other instances are approaching large sizes themselves, it is a good time to share the tips & tricks I learned from doing it.
Mastodon consists of two parts that scale differently: databases, and code. Databases scale vertically. That means, it’s a lot easier and more cost efficient to buy a super beefy machine for your database, than it is to spread the database over multiple machines with sharding or replication. The Mastodon code on the other hand, scales horizontally — run it from as many machines as you want, concurrently, and load balance the web requests, and you’re good.
First of all, where does the load on Mastodon come from?
The act of browsing and using the site requires the user’s HTTP requests to be answered. Every Puma worker (WEB_CONCURRENCY) can answer MAX_THREADS of requests at the same time. If every worker’s every thread is busy answering something, the new request must wait. If it has to wait too long, it is canceled with a timeout. That means, you need more workers and threads to be able to handle a higher request throughput.
Being connected to the streaming API means a constantly open connection through nginx to the streaming API service. The streaming API itself, I do not notice being strained from a high number of connections, but nginx requires a high limit on open files (worker_rlimit_nofile) and a high number of worker_connections to keep the connections up. Thankfully, nginx is quite lightweight even with such high parameters.
Actual activity on the site, like sending messages, following or unfollowing people, and many more things that people can do, all generates background jobs that must be processed by Sidekiq. If they are not processed in time, they start queuing up in a backlog, and it becomes noticeable when a toot you wrote reaches your followers only 1 hour later. That means, more Sidekiq workers are needed to be able to process more activity.
Those are the basic principles of Mastodon scaling. However, there is more.
Each time you scale horizontally, you are putting more strain on the database, because web workers and background workers and the streaming API all need database connections. Each service uses connection pools to provide for their threads. This can go up to 200 connections overall easily, which is the recommended max_connections on a PostgreSQL database with 16GB of RAM. When you reach that point, it means you need pgBouncer. pgBouncer is a transparent proxy for PostgreSQL that provides pooling based on database transactions, rather than sessions. That has the benefit that a real database connection is not needlessly occupied while a thread is doing nothing with it. Mastodon supports pgBouncer, you simply need to connect to it instead of PostgreSQL, and set the environment variable PREPARED_STATEMENTS=false
Simply spinning up more Sidekiq processes with the default recommended settings may not be the silver bullet for processing user activity in time. Not all background jobs are created equal! There are different queues, with different priorities, which Sidekiq works with. In Mastodon, these queues are:
default: responsible for distribution of toots into local follower’s timelines
push: delivery of toots to other servers and processing of toots incoming from other servers, before they are queued up for distribution to local followers
pull: download of conversations, user avatars and headers, profile information
mailers: sending of e-mail through the SMTP server
I have ordered them in the order of importance. The default queue is the most important, because it directly and instantly affects user experience on your Mastodon instance. Push is also important, because it affects your followers and contacts from other places. Pull is less important, because downloading that information can wait without much harm. And finally, mailers — there is usually not that much e-mail being sent from Mastodon, anyway.
When you have a Sidekiq process with a defined order of queues like -q default -q push -q pull -q mailers, it first checks the first queue, if nothing is there, the next one, etc. That is, each thread defined by the -c (concurrency) parameter, does that. But I think you must see the problem — if you suddenly have 100 jobs in the default queue, and 100 in the push queue, and you only have 25 threads working on all of them, there will be a huge delay before Sidekiq will ever get to the push ones.
For this reason, I found it useful to split queues between different Sidekiq processes on different machines. A couple responsible only for the default queue, a couple only responsible for push, pull, etc. This way, you are not getting too much delay on any type of user-facing action.
Another big revelation, though obvious in hindsight, is that it is less effective to set a high concurrency setting on a single Sidekiq process, than it is to spin up a couple independent Sidekiq processes with lower concurrency settings. Actually, the same is true for Puma workers — more workers with less threads work faster than less workers with more threads. This is because MRI Ruby does not have native threads, so they cannot be run truly in parallel, no matter how many CPUs you have. The only drawback is this: While threads share the same memory, separate processes don’t. That means, more separate processes consumes more RAM. But if you have free RAM on your server doing nothing, it means you should split up a worker into more workers with less threads.
The current mastodon.social infrastructure looks like this:
2x baremetal C2M (8 cores,16GB RAM) servers:
1 running PostgreSQL (with pgBouncer on top) and Redis
1 running 4x Sidekiq processes between 10–25 threads each
1 running Minio for file storage with a 150GB volume
Most of these are new additions since the surge of Internet attention — before that mastodon.social was serving 20,000 users (most of whom were, to be fair, not active the same time) with just the DB server, 2 app servers and 1 Minio server. At the same time, the v1.1.1 release of Mastodon includes a variety of optimizations that at least doubled the throughput of requests and background jobs compared to the first day of going viral.
At the time of writing, mastodon.social is servicing about 6,000 open connections, with about 3,000 RPM and an average response time of 200ms.
Inspired by a joke post I decided to go ahead and compile a list of the most shared things on Mastodon in 2018.
Of course, given the federated nature of the platform, this list may be incomplete, as I can only query information known to the mastodon.social server. I’ve also curated the list a little by excluding toots that were asking to be boosted, toots from me and the official Mastodon account, as well as most things that could be considered merely announcements to current users.
After more than a month of work, I am happy to announce the new version of Mastodon, with improved visuals, a new way to assert your identity, and a lot of bug fixes.Verification Verifying identity in a network with no central authority is not straightforward. But there is a way. It requires a change in mindset, though. Twitter teaches us that people who have a checkmark next to their name are real and important, and those that don’t are not.
Mastodon's 2 Year Anniversary
Eugen Rochko
Oct 14, 2018
Mastodon was first announced to the public through Hacker News, a link aggregator site for programmers, on October 6, 2016. Now we’re celebrating the 2 year anniversary! 🎉
Since Mastodon 2.7, it is actually possible to let users sign up through your app, instead of asking them to go to a Mastodon website directly and then return. Let’s go over how this can be done.
Mastodon 3.0 in-depth
Eugen Rochko
Oct 12, 2019
Detailed notes on REST API changes, new deployment options, new admin settings and how to use them
How to migrate from one server to another
Eleanor
Jun 13, 2019
With the sad news that KNZK was shutting down we thought it might be useful for people to have a refresher on the features that Mastodon has built in that make moving instances easy and painless.Backing up Your Data Data export If you are moving to a new instance the first thing you will want to do is to get a backup of all of your data.
Mastodon now available on DigitalOcean
Eugen Rochko
Apr 7, 2019
We have published a 1-click install image on DigitalOcean. This reduces the initial time investment in self-hosting Mastodon substantially. You create a new droplet, choose the Mastodon image, and once it boots up, you are taken through an interactive setup prompt. The only necessary information for the prompt is a domain name (it should already be pointing at the IP address of your droplet!) and credentials to some e-mail delivery service, like SparkPost, Mailgun, Sendgrid, or something similar.
Mastodon quick start guide
Nico
Aug 27, 2018
So you want to join Mastodon and get tooting. Great! Here's how to dive straight in.
Detailed notes on REST API changes, new deployment options, new admin settings and how to use them
Mastodon 3.0
Eleanor
Oct 11, 2019
In this exciting new release: Moving accounts, trending hashtags, private servers and more!
Gab switches to Mastodon's code
Eugen Rochko
Jul 4, 2019
After crowdfunding millions of dollars, social media platform Gab abandoned its own code and switched to the freely available Mastodon software in early 2019 as a way of circumventing Google’s and Apple’s ban on their own app from their app stores, since offering Mastodon’s client-side API would allow any existing Mastodon app to be used to access Gab. We have never had any sympathy for their thinly (if at all) veiled white supremacist platform so that was not a welcome move on our part, however the license that we publish our software under (AGPLv3) allows anyone to use it as they see fit as long as they keep the same license and make their modifications public.
Mastodon 2.9
Eleanor
Jun 14, 2019
The latest release of Mastodon introduces a simplified single-column interface as the new default for new users
How to migrate from one server to another
Eleanor
Jun 13, 2019
With the sad news that KNZK was shutting down we thought it might be useful for people to have a refresher on the features that Mastodon has built in that make moving instances easy and painless.Backing up Your Data Data export If you are moving to a new instance the first thing you will want to do is to get a backup of all of your data.
Introducing the Mastodon Server Covenant
Eugen Rochko
May 16, 2019
To provide a safer experience to new Mastodon users, we are changing the joinmastodon.org server picker
Ten wpis jest tłumaczeniem wpisu Eugena RochkoMastodon 2.7. Proszę o zgłaszanie mi uwag dotyczących tłumaczenia, jeżeli takie wystąpią.
Świeże wydanie Mastodona przynosi długo oczekiwane usprawnienia możliwości poznawania treści i interfejsu administracyjnego, wraz z dużą liczbą poprawek i ulepszeń.
Wydanie 2.7 zawiera 376 commitów od 36 współautorów od 31 października 2018. Aby dowiedzieć się, kto dokonał danej zmiany, możesz przejrzeć plik listy zmian, a jeżeli chcesz zobaczyć kompletną listę autorów i tłumaczy, możesz odnieść się do pliku authors. Oba są dołączone do tego wydania.
Jedną z nowych funkcji jest katalog profilów do którego możesz się zapisać. Katalog pozwala na spojrzenie na najbardziej aktywnych twórców na danym serwerze Mastodona i filtrowanie ich na podstawie hashtagów znajdujących się w ich opisach. Dzięki temu, możesz odnaleźć osoby o podobnych zainteresowań bez konieczności przeglądania publicznej osi czasu, możesz nawet znaleźć osoby warte śledzenia z innych instancji bez konieczności rejestracji i lurkowania!
Poradnik, który widzą użytkownicy po rejestracji został opracowany na nowo. Od teraz, zamiast opisywać szczegóły domyślnego interfejsu, skupia się on na głównych założeniach Mastodona, na których opiera się jego interfejs. Do tego, zawiera kolorowe ilustracje. Poza tym, ładuje się teraz trochę szybciej, ponieważ nie jest oknem modalnym nachodzącym na interfejs, a ładuje się przed interfejsem.
Publiczne strony hashtagów bardziej efektywnie wykorzystują przestrzeń ekranu, układając wpisy w masonry grid, zamiast szerokiej kolumny. Publiczna strona hashtagów nie jest częścią interfejsu używanego przez zalogowanych użytkowników – jest stroną skupioną na niezarejestrowanych przeglądających.
2.7 zawiera nowy system ostrzeżeń moderacyjnychdla Mastodona. Poprzednio użytkownicy dowiadywali się, że ich konto zostało wyłączone lub zawieszone tylko za pośrednictwem ogólnej wiadomości o błędzie przy próbie uzyskania dostępu do konta, a teraz moderatorzy mogą poinformować użytkowników o podjętych działaniach. Nawet jeżeli nie podejmą żadnego działania, mogą oni wysłać oficjalne ostrzeżenie dostarczane wiadomością e-mail, widoczne dla inncyh moderatorów w interfejsie moderacyjnym. Moderatorzy mogą przekazać w tych wiadomościach dowolne dodatkowe informacje. Ponieważ przyczyny takich działań często są podobne, istnieje system pozwalający na zapisywanie szablonów, których mogą używać moderatorzy, zamiast ręcznego pisania takich samych wiadomości za każdym razem.
Oczywiście, ponieważ cięzko jest uogólniać, a niektórych trolli i spamboty najlepiej powstrzymać, kiedy nie wiedzą że zostały powstrzymane, ten system powiadomień może zostać wyłączony w konkretnych sytuacjach.
Interfejs moderacyjny dla kont i instancji również został opracowany na nowo. Konta wyświetlają najważniejsze liczby w prostej do odczytania siatce. Niektóre nieprzydatne informacje zostały usunięte, a takie jak data rejestracji użytkownika lub użytkownik, który wysłał mu zaproszenie zostały dodane. W przypadku kont z innych serwerów, możesz spojrzeć na listę lokalnych użytkowników którzy je śledzą.
Interfejs administracyjny dla znanych serwerów i zablokowane domeny zostały połączone w jedno miejsce. Poza wyświetlaniem liczby znanych kont z danego serwera, możesz dowiedzieć się, ile kont jest śledzonych z Twojego serwera, ile z nich śledzi Twoich użytkowników, ilu zostało zablokowanych lub zgłoszonych i ile miejsca zajmują załączniki multimedialne z tego serwera.
Twórcy aplikacji ucieszą się na wiadomość, że wydanie 2.7 wporwadziło API dla rejestracji. Dzięki implementacji tego API, aplikacje mogą przyjmować rejestracje od ich użytkowników, zamiast kierować ich do przeglądarki. Użytkownik który zarejestruje się przez aplikację wciąż będzie musiał otworzyć potwierdzającą wiadomość e-mail, ale będzie ona zawierała odnośnik, który będzie mógł zostać otwarty przez aplikację, a kiedy konto zostanie zaktywowane, aplikacja będzie już uwierzytelniona i gotowa do działania.
Narzędzie wiersza poleceń przeznaczone do zarządzania serwerem Mastodona – tootctl (wymawiane „toot control”) otrzymało kilka nowych poleceń. Od czasu powstania Mastodona, niektórzy utworzyli strony zbierające statystyki dotyczące znanych im serwerów Msatodona, oczywiście, te liczby zawsze będą się trochę różniły i ciężko jest określić, w jaki sposób są zbierane. Od teraz, możesz skanować sieć Mastodona z własnego urządzenia aby poznawać serwery i zbierać statystyki dot. korzystania z Mastodona używając polecenia tootctl domains crawl.
Po uruchomieniu tego polecenia na własnym urządzeniu, uzyskałem następujące liczby: 2251 aktywnych serwerów Mastodona, 1,882,838 zarejestrowanych użytkowników, 172,041 aktywnych użytkowników i 21,537 nowych rejestracji w pierwszym tygodniu stycznia 2019.
Kolejnym nowym poleceniem jest tootctl accounts follow, dzięki któremu wszyscy użytkownicy serwera zaczynają śledzić określone konto. W ramach przypomnienia, domyślnie użytkownicy Mastodona śledzą swojego administratora, dzięki czemu otrzymują ważne ogłoszenia, oraz zapełnia się ich główna oś czasu. To polecenie przydaje się w rzadkich sytuacjach, kiedy administrator potrzebuje zmienić coś na ich kontach.
Aby dowiedzieć się więcej o poleceniu tootctl, dodaj do niego --help, np. tootctl domains crawl --help
To nie wszystko co zostało dodane w tym wydaniu – jest wiele drobnych usprawnień, takich jak możliwość eksportowania list i zablokowanych domen do pliku CSV, suwak głośności dla filmów, możliwość śledzenia wielu hashtagów w tej samej kolumnie, usprawniona osbługa emoji, lepsze zabezpieczenie przed spamem dzięki sprawdzaniu MX i jeszcze więcej.
Więc chcesz dołączyć do Mastodona i zacząć tootować. Świetnie! Ten artykuł pomoże ci zagłębić się.
Dlaczego musimy sprzeciwić się nowej dyrektywie o prawie autorskim
Eugen Rochko
Jun 25, 2018
Komisja składająca się z członków [głosowała za przyjęciem Artykułu 11 i 13](https://www.bbc.com/news/technology-44546620), które tworzą zagrożenie dla decentralizacji sieci i wolności ekspresji twórczej.
I’ve been writing about Mastodon for two whole years now, and it occurred to me that at no point did I lay out why anyone should care about decentralization in clear and concise text. I have, of course, explained it in interviews, and you will find some of the arguments here and there in promotional material, but this article should answer that question once and for all.
decentralization, noun: The dispersion or distribution of functions and powers; The delegation of power from a central authority to regional and local authorities.
fediverse, noun: The decentralized social network formed by Mastodon, Pleroma, Misskey and others using the ActivityPub standard.
So why is it a big deal? Decentralization upends the social network business model by dramatically reducing operating costs. It absolves a single entity of having to shoulder all operating costs alone. No single server needs to grow beyond its comfort zone and financial capacity. As the entry cost is near zero, an operator of a Mastodon server does not need to seek venture capital, which would pressure them to use large-scale monetization schemes. There is a reason why Facebook executives rejected the $1 per year business model of WhatsApp after its acquisition: It is sustainable and fair, but it does not provide the same unpredictable, potentially unbounded return of investment that makes stock prices go up. Like advertising does.
If you are Facebook, that’s good for you. But if you are a user of Facebook… The interests of the company and the user are at odds with each other, from which the old adage comes that if you are not paying, you are the product. And it shines through in dark patterns like defaulting to non-chronological feeds (because it’s hard to tell if you’ve seen everything on the page before, it leads to more scrolling or refreshing, which leads to more ad impressions), sending e-mails about unread notifications that don’t actually exist, tracking your browsing behaviour across the internet to find out who you are…
Decentralization is biodiversity of the digital world, the hallmark of a healthy ecosystem. A decentralized network like the fediverse allows different user interfaces, different software, different forms of government to co-exist and cooperate. And when some disaster strikes, some will be more adapted to it than others, and survive what a monoculture wouldn’t. You don’t have to think long for recent examples–consider the FOSTA/SESTA bill passed in the US, which turned out to be awful for sex workers, and which affected every mainstream social network because they are all based in the US. In Germany, sex work is legal, so why should sex workers in Germany be unable to take part in social media?
A decentralized network is also more resilient to censorship–and I do mean the real kind, not the “they won’t let me post swastikas” kind. Some will claim that a large corporation can resist government demands better. But in practice, commercial companies struggle to resist government demands from markets where they want to operate their business. See for example Google’s lackluster opposition to censorship in China and Twitter’s regular blocks of Turkish activists. The strength of a decentralized network here is in numbers–some servers will be blocked, some will comply, but not all. And creating new servers is easy.
Last but not least, decentralization is about fixing power asymmetry. A centralized social media platform has a hierarchical structure where rules and their enforcement, as well as the development and direction of the platform, are decided by the CEO, with the users having close to no ways to disagree. You can’t walk away when the platform holds all your friends, contacts and audience. A decentralized network deliberately relinquishes control of the platform owner, by essentially not having one. For example, as the developer of Mastodon, I have only an advisory influence: I can develop new features and publish new releases, but cannot force anyone to upgrade to them if they don’t want to; I have no control over any Mastodon server except my own, no more than I have control over any other website on the internet. That means the network is not subject to my whims; it can adapt to situations faster than I can, and it can serve use cases I couldn’t have predicted.
Any alternative social network that rejects decentralization will ultimately struggle with these issues. And if it won’t perish like those that tried and failed before it, it will simply become that which it was meant to replace.
This article assumes you’ve read my previous two blog posts, here and here. Why not give them a quick read if you haven’t already? To balance out the doom and gloom of an internet wholly under the thrall of corporate interests and fed through single channels devoid of competition, it’s worth being aware of just how pervasive and powerful an idea decentralization is in the 21st century. The structure of things now are remnants of the way things have always been done: we trust in a singular authority to manage everything behind the scenes so that our experience on this side remains seamless.
The Centralization of Power on the Internet
Tremaine Friske
Feb 28, 2018
The online space is dominated by a small handful of companies that command a disproportionate amount of power and influence over the entire online experience, not just social media. So much influence that several of these companies have fundamentally altered many aspects of life offline; often described with the floral language of the privileged as ‘disruptive,’ but more clearly understood in the common tongue as ‘destructive.’’ The five most valuable companies at the end of 2017 were, in order: Apple, Alphabet (the company that owns Google), Microsoft, Amazon, and Facebook.
After more than a month of work, I am happy to announce the new version of Mastodon, with improved visuals, a new way to assert your identity, and a lot of bug fixes.
Verification
Verifying identity in a network with no central authority is not straightforward. But there is a way. It requires a change in mindset, though. Twitter teaches us that people who have a checkmark next to their name are real and important, and those that don’t are not. That delegates a lot of the decision making to Twitter, the authority. Without a central authority, that decision making cannot be delegated. So, how does identity verification work on Mastodon?
The answer is links. If you have a personal website called johndoe.com, and you link from your site to your Mastodon profile, then people know you are the real John Doe – the link appears verified on your profile. This option is accessible to everyone, not just celebrities. Having a verified link does not confer any special features like it does on Twitter. All safety and convenience features are always available to everyone. Some people don’t need or want to have a recognizable and verified identity, and that is valid, too.
Of course the caveat is that people have to trust the linked website to be able to infer the identity. It’s certainly a more useful feature when you have a recognizable website. However, it does also work with Twitter profiles, so you can at least confirm that you are the same person as you are on Twitter, if that’s something you need.
Check the “Edit profile” page for instructions on how to do that!
Direct messages remaster
The direct messages functionality of Mastodon has been remastered. You can now browse your direct messages grouped by conversations with specific people and conversations you haven’t opened will be highlighted, just like you would expect from other services. This should make keeping up with important messages easier.
In-stream link previews
This has been requested for a long time – link previews and interactive players from sites like YouTube and Vimeo will now appear in-stream, and not only in detailed view. Interactive players have a play button which loads the actual content – no third-party scripts are loaded until you press it, so there is no privacy cost to the convenience.
Reports grouping and blocking
For server administrators and moderators, the reporting system has been improved. Reports are now grouped by the target account visually, so even many reports about one person do not obfuscate others. Reports originating from a specific domain can be blocked if they are impractical. All staff members have a way to opt out of notification e-mails about reports. This should greatly reduce the effects of mass-reporting, so moderators can focus on the quality of reports over their quantity.
Command-line tools
The command-line interface for Mastodon, tootctl (as in “toot control”), has been expanded. Many commands were added for managing accounts, generating account backups, and performing various maintenance tasks. For example, to give someone moderator privileges from the command line, you could do:
bin/tootctl accounts modify alice93 --role moderator
To give a username that was previously used by someone who deleted their account to a new person, with a randomly generated password:
The role of mastodon.social in the Mastodon ecosystem
Eugen Rochko
Mar 20, 2019
Can you imagine Facebook closing registrations and saying “Sorry, we have too many users already, you can go sign up on Twitter instead”? And yet, this sort of situation comes up with Mastodon every so often, in regards to the mastodon.social server. You see, Mastodon is decentralized. That means there is no “main” server. If mastodon.social actually disappeared from the face of the Earth, it would not bring down the Mastodon network at all.
Why does decentralization matter?
Eugen Rochko
Dec 30, 2018
Reasons why you should care about how your social network is run and structured
Top 30 most shared Mastodon posts in 2018
Eugen Rochko
Dec 24, 2018
Inspired by a joke post I decided to go ahead and compile a list of the most shared things on Mastodon in 2018.
From Tumblr to Mastodon
Eugen Rochko
Nov 19, 2018
A lot of artists have lost their blogs in the Tumblr purge. Here are 5 reasons why Mastodon is the perfect alternative.
Mastodon's 2 Year Anniversary
Eugen Rochko
Oct 14, 2018
Mastodon was first announced to the public through Hacker News, a link aggregator site for programmers, on October 6, 2016. Now we’re celebrating the 2 year anniversary! 🎉
Why ActivityPub is the future
Eugen Rochko
Jun 27, 2018
We often tout things like “Mastodon is based on open web protocols” as one of its advantages. I want to elaborate why exactly that’s a good thing.
The online space is dominated by a small handful of companies that command a disproportionate amount of power and influence over the entire online experience, not just social media. So much influence that several of these companies have fundamentally altered many aspects of life offline; often described with the floral language of the privileged as ‘disruptive,’ but more clearly understood in the common tongue as ‘destructive.’’
The five most valuable companies at the end of 2017 were, in order: Apple, Alphabet (the company that owns Google), Microsoft, Amazon, and Facebook. each business not only depends on, but commands large parts of the technological landscape. What do all these companies have in common?
Each are worth north of half a trillion dollars
They dictate the online experience, not describe it
They push extremely hard to have a closed ecosystem
They are monolithic, centralized power structures with unimaginable influence
These companies all are attempting to dominate the metaphorical place I generally call ‘the last mile’. This is, in shipping, the distance from the distribution center to your door, but it’s a term that can apply to the space between the content and your computer. If a website publishes news, or videos, or any sort of media at all, these are the companies that work to force it through a portal they own, rather than let you, as a user, leave their experience and go someplace else.
Control of this last mile is something that should be in the hands of people, and not centralized inside a corporate structure. Imagine an internet experience where you could never leave the walls of Facebook, or you couldn’t watch a movie, or a video, or even see a picture, outside of something with a ubiquitous Google logo in the corner.
In a recent article at Splitsider, Sarah Aswell speaks with Matt Klinman about the effect Facebook has had with online comedy and, in a sense, the overall problem it’s had on all forms of media as they occur on the internet. Go ahead and read it; I’ll be right here.
Facebook’s attempt at consolidating the entire internet experience through their initiative internet.org and collaborative partnerships therein are a direct way to deny the developing world the sort of unregulated, unflattened internet experience we take for granted, and are rapidly losing. Imagine more than half the world’s population never experiencing an internet of possibility, of different voices, of free expression, that wasn’t designed to be under the total provisional control of Facebook, including its direct need to control the entire pipeline for publishing all content, monetizing all experiences, and forcing advertising at the user.
Consider what Klinman said:
“Facebook is essentially running a payola scam where you have to pay them if you want your own fans to see your content. If you run a large publishing company and you make a big piece of content that you feel proud of, you put it up on Facebook. From there, their algorithm takes over, with no transparency. So, not only is the website not getting ad revenue they used to get, they have to pay Facebook to push it out to their own subscribers. So, Facebook gets the ad revenue from the eyeballs on the thing they are seeing, and they get revenue from the publisher. It’s like if The New York Times had their own subscriber base, but you had to pay the paperboy for every article you wanted to see.”
Think about Amazon, and it’s attempt to control the commercial, mercantile experience.
Consider every store on Amazon: identical in many ways, with little to nothing allowing one to differentiate from another. The only details highlighted are: cost of item, shipping rates, and is it prime available. It homogenizes the entire experience of purchasing online and drives everyone to a single site to buy. Once it has the only reasonable online space to shop, it takes total control over the vendors, their ability to sell, and can arbitrarily charge people to be able to participate in their space. Just like Facebook and publishers of content.
Amazon’s push to dominate the last-mile of delivery means they would own every part of the pipe: who gets to sell, who sees the products, and when it arrives. It runs shipping competition out of business and privatizes every step under a single brand. If you want to compete on the market, you have to chase prices to the bottom you can survive on, or you’ll be eliminated. Amazon’s goal, like Facebook’s, is to absolutely conquer the space and disallow any competition at all.
Even looking in the recent past, you can see this pattern playing out, over and over. Amazon buys Whole Foods to take over a large segment of physical shelf space for grocery shopping. Social alternatives like Instagram, WhatsApp, Periscope, and more, and bought and folded into a single experience, changed from update to update, until it becomes a homogeneous experience with no discernible difference from the company that owns it.
Centralized control takes away the power of choice, and replaces it with an illusion of selection.
Mastodon is a powerful first start in allowing people to take back their channels of engagement. It gives everyone an opportunity to, in part, diversify their online social universe, and prevent money from being the sole deciding factor in who gets to see, hear, or say anything on the internet.
To get started with Mastodon, go to JoinMastodon.org and pick a place to call home! Use the drop-down menus to help narrow your search by interest and language, and find a community to call your own! Don’t let the fediverse miss out on what you have to say!
This Isn’t About Social Media. This is About Control.
Tremaine Friske
Feb 19, 2018
Human beings, above all else, are storytellers. It’s how we relate to our own past, or personalities, or each other. It’s how to connect with the world around us, make sense of events, and assess values. We rely on stories to function as agents in the world. These stories are often told in-person: “oh, I did this today, I felt like this, then this happened and I was like ‘whoa no way!
Two reasons why organizations should switch to self-hosting social media
Eugen Rochko
Mar 16, 2017
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network server. The flagship instance mastodon.social has over 23,000 users and is growing fast. You can check it out here. If your organization is hosting a Mastodon instance, it is essentially a self-perpetuating brand awareness campaign. When people from other instances talk to or follow your users, they see your domain name all the time, since it is part of their globally unique usernames.
The role of mastodon.social in the Mastodon ecosystem
Can you imagine Facebook closing registrations and saying “Sorry, we have too many users already, you can go sign up on Twitter instead”? And yet, this sort of situation comes up with Mastodon every so often, in regards to the mastodon.social server.
You see, Mastodon is decentralized. That means there is no “main” server. If mastodon.social actually disappeared from the face of the Earth, it would not bring down the Mastodon network at all. But it is one of the biggest servers, meaning that if you look at the registered userbase, it is “effectively centralized”. 300,000 is not a small chunk of 2,000,000, after all.
No other social network has a problem like that, or rather, they would not consider it a problem, at all. But some believe that the Mastodon project should actively enforce decentralization in terms of user distribution, and that presents a unique challenge. Frankly, the only precedent that I can think of, obscure as it is, and on a much smaller scale, is Blizzard’s distribution of World of Warcraft players on different realms.
The challenge lies herein: Since most other social networks are centralized, there is an expectation in people’s minds that “sign up on Mastodon” is equal to “sign up on mastodon.social”. Explaining the difference, the importance of the difference, and making the reader consciously choose a server out of an incredibly wide selection, all within the limited attention span of a just mildly curious person, is not simple.
I have been trying to deal with this issue for most of Mastodon’s existence. There are many benefits from not having everyone use the same server, that I have described in a different article.
There are two dimensions to the problem. One, when a person arrives at the mastodon.social address directly, instead of joinmastodon.org, there is no way to ensure that they sign up somewhere else, you can only ensure that they don’t sign up here. You can close registrations, put up a message linking back to joinmastodon.org. Sorry, we’re full!
The other dimension is when people arrive at joinmastodon.org, as is expected. It has a large, filterable list of Mastodon servers ready to accept new members, that people are supposed to scroll through to find the one that will fit them. Here, you can just hide mastodon.social from the list, to not make it an option for people to choose. Problem solved!
But…
These solutions solve one problem, while creating another.
When you close registrations and put up a link to go somewhere else, the reality of the situation is that there will be a non-zero amount of people who will just drop out and lose interest at that point. And if they don’t, and they navigate through the link to joinmastodon.org? Choice is difficult. Most Mastodon servers out there are themed around specific interests or identities. You’re in academia? scholar.social. You’re a photographer? photog.social. Video games? elekk.xyz. But what if you don’t feel like you belong in any particular category like that? Twitter didn’t force you to decide on your interests upfront. General-purpose servers seem to be a rarity. And even the ones that are around, not all of them have the benefit of having “mastodon” in the domain name.
It does feel like the growth of the fediverse slows down when mastodon.social is unavailable.
It is a hard call to make. I have closed and re-opened registrations on mastodon.social multiple times in the course of its history. There is definitely a danger in effective centralization, and I am for example worried about GMail’s hegemony in the e-mail ecosystem. But I also believe that growth is key to the network, as it won’t be able to compete with centralized alternatives otherwise. A musician won’t ask themselves if every of the 4,000 servers has an equal number of users, they will pick the network where they see the best perspective to reach fans or make connections with fellow musicians.
It’s worth mentioning that many people who are now running large and active Mastodon servers have started with a mastodon.social account. It is the easy choice to sign up on without knowing anything else, and it is much easier to educate someone on Mastodon about decentralization, than say, educate someone who lost interest in Mastodon because they were turned away and went back to Twitter.
Today, I am re-opening registrations on mastodon.social after nearly three months. I don’t know if I’ll always be able to keep them open, or if someone will come up with more effective ways of onboarding new users, but this here is an explanation for the past and the future of why it is such a contested topic.
After Apple has delisted the Tumblr app from its store citing a large amount of adult content on the site, artists and other creators are reporting having their blogs deleted, and are now looking for alternatives. Before choosing another commercial solution like Twitter, let me outline why Mastodon is the better choice:
1. Mastodon has a flexible approach to adult content. Unlike Tumblr and Twitter, your entire account isn’t either safe-for-work or not-safe-for-work. Each individual post can be marked as not-safe-for-work, with the media attachments conveniently hidden behind a spoiler until you choose to view them. You as a viewer can, of course, opt in to skip the spoilers automatically. Bonus round: You don’t need to be logged in to view sensitive content.
2. Artists have more control over how their art is displayed. Different screens and apps may show thumbnails in varying sizes, so to ensure that the thumbnails make sense and show the most appealing parts of the picture, you can set a focal point on each uploaded image. No more unfortunate crotch thumbnails! The thumbnails also have a lot less quality loss compared to e.g. Twitter.
3. Mastodon offers extensive customization options for your profile. Along with the expected custom display name, avatar, header image and “about me” text, you can set up to 5 featured posts at the top, and up to 4 custom link or text blurbs. For example, a link to your Patreon, your commission status and your preferred pronouns. But that’s not all – you can promote your friends or accounts you’re a fan of by endorsing them so they are featured on your profile in a random rotation.
4. Mastodon is decentralized. Why does this matter? Because if you host your own Mastodon server (as you easily can, it’s open source and there’s even hosting providers specifically for it!), literally nobody except yourself has control over your posts. No more getting deleted off Tumblr. Of course, not everybody is interested in running their own server, but it still matters – you can use a server that somebody you personally know runs, or that a community that you trust runs.
5. Mastodon is not commercial. It doesn’t track your every move. It doesn’t interrupt your home feed with ads and promoted posts. It’s just you, and people you choose to follow. Because of its decentralized nature, individual servers are smaller and cheaper than Twitter or Tumblr as a whole, and can be maintained with earnest crowdfunding rather than advertising/marketing schemes.
And last but not least, Mastodon is big, and getting larger, approaching an audience of 2 million users spread over 2,000 servers. If that sounds convincing to you, navigate to the server picker and select the “I am an adult content creator” option to see a list of servers you could sign up on.
With the release of our Android app on the Play Store we are now present on the both major mobile platforms. The apps are gaining overwhelmingly positive reviews, some even going so far as to claim that our onboarding is smoother than any other social media platform’s; our iOS app is rising through the ranks of top social networking apps on the App Store; and for the first time in Mastodon’s history, server admins are seeing ever increasing numbers of new sign-ups from mobile apps instead of the web interface.
We hope the trend continues now that people can easily find the app and sign-up by simply searching Mastodon on their app store of choice, and now that Mastodon can take advantage of the app stores’ own discovery features.
We’ve put a lot of care and resources into developing these apps, counter-acting the stigma that open-source projects do not prioritize ease of use and visual design by working with world-class UX designers that had prior experience working on major commercial social networks. As a result, we have apps that are extremely slick and visually pleasing and do not look out of place on their respective platforms.
This is an opportunity to take a closer look at some of the design considerations.
Onboarding
One of the challenges of Mastodon adoption is the onboarding process, because it’s not enough to capture a person’s desired username and e-mail and let them create an account, which is what people are used to from major websites; instead, you need to first choose a Mastodon server where you will make the account (comparable to e.g. choosing an e-mail provider). The implications of choosing the server are primarily in who is the entity responsible for the server, what moderation policies they enforce, what language and jurisdiction they operate in, and which domain name will be part of your username.
We approached this problem with a multiple-step sign-up flow that begins with choosing a server, then requires to agree to summarized moderation policies of the server, and finally goes on to the more familiar username, e-mail and password form. We maintain our own directory of servers that people submit to us after agreeing to some basic rules that guarantee data and user safety and quality of service; those are the servers we display on the first step by default. Still more consideration has been given to how to display them.
Our user studies have shown that retention drops off dramatically if the user has to wait for moderator approval before being able to log in (exception being experienced Mastodon users who are already invested in the network and know exactly what they are getting into by requesting an account from an invite-only server); people lose interest and never login even after being approved. Therefore we do not show invite-only servers in the app, focusing instead on the ones that allow people to get started immediately.
The determining factor in a user’s experience on a server is the number of other active users on the server. All discovery features are ultimately powered by user activity, and the first user on a server would have to do a lot of exploration off-site (through word of mouth, browsing other servers, or other channels) to fill their home feed. But cultivating a decentralized social network, we do not want power to concentrate on just a few ever-growing servers. Therefore, rather than simply putting the most active servers on the top, our algorithm pushes medium-sized servers higher.
We also provide a search field that allows inputting the server domain directly.
The last step in onboarding, after the user has confirmed their e-mail address, they are presented with the options to follow a selection of accounts popular on the server that predominantly post in the user’s language, or to head to the explore tab to look at what’s trending on the server.
Discovery
While designing the official apps we got an opportunity to reconsider some Mastodon features. The federated timeline, also known as the public timeline, firehose, or “whole known network”, is a view into a Mastodon server’s real-time database of public posts; and the local timeline is that, but filtered by only posts originating from your Mastodon server. While some people came to rely on those tools, there were multiple reasons against including them in the apps.
The federated timeline has too high of a signal vs. noise ratio to be effective as a discovery tool. Due to the way Mastodon pulls down content to provide more detailed profiles and conversations, the federated timeline becomes unmanageable on servers of all sizes, even single-user ones. Unsurprisingly, most content is not actually worth looking at, and in some cases, actively undesirable.
This real-time view into everything that’s published on the server is a platform for all sorts of abuse that can only be stopped after the damage has been done. Normally, if someone posts spam or nudity, it would not be seen by anyone but themselves. Local and federated timelines instantly turn that into an issue affecting everyone. This puts extra strain on moderators.
With Apple and Google historically holding apps accountable for content users can access through the app, even when the app could be reasonably classified as a browser, showing unfiltered content is a ticking time bomb for the app’s presence on the major app stores. Especially considering our goal of attracting new users, those users are of-yet less invested in Mastodon as a platform and less likely to use in-app reporting and blocking tools instead of giving up on the app.
Another consideration for the local timeline specifically is that it detracts from Mastodon’s core functionality. Let’s say you explain that Mastodon lets you follow anyone regardless what Mastodon server you are on, their posts will be in your home feed, so you can sign-up anywhere or even self-host. But then you have to add that actually, there’s a feature that is the total opposite of that, that you have to be on a specific server to see it so you will need multiple accounts.
The local timeline is a centralizing force, as it puts pressure on people to sign-up to a specific server to get the experience they want, rather than being able to get that experience from any account on the network. It’s like if GMail started allowing people to send e-mails that are only visible if you have a GMail account. Google would love to do that, and GMail users might even have reasons to want it to happen, but it would be terrible for e-mail.
So if not local and federated timelines, then what?
We offer a new explore tab that highlights, among other things, currently popular posts. It is a much more efficient way to find interesting content and follow users on Mastodon without scrolling through many low-quality posts and unfamiliar languages. All data that Mastodon uses for calculating rankings is locally sourced so it’s heavily skewed towards things that are popular on your server, and everything goes through your server’s moderators before appearing on the explore tab, making it much less prone to abuse.
We also have a vision of a new feature to replace local timelines: groups. We imagine a group as a place with an actually separate timeline that you can post to, without the post also going out to the public, your profile, and your followers’ home feeds. This timeline could be made visible for group members only. You could join it from your account on any other server, thus alleviating concerns of infrastructure centralization while giving people everything they’ve ever wanted from local timelines. We’re set to complete this feature this year.
Going forward
We are not done! While the apps support all core functionality of Mastodon, there are still missing features like lists, pinned posts, new post notifications (“bell icon!"), editing, phrase filters management and so on that will be gradually added as we continue development. Plus the aforementioned groups feature in Mastodon itself!
If you could edit tweets
What’s new in Mastodon 2.4
A fresh new release of the federated social network software is here, and while the primary focus of it has been on fixing bugs and improving performance, it brings a couple of notable new features to the board.
Delete & Redraft
There are legitimate reasons why social media platforms rarely, if ever, have an editing function. In an environment where content spreads like wildfire in a matter of minutes, you could easily conceive of nefarious misuses such as creating a post about something agreeable and positive, and, once it reaches critical mass, changing the content to something malicious.
Credit where credit’s due, people have come up with a compromise a long time ago. For example, the Better Tweetdeck browser extension includes an edit function that essentially takes the contents of a tweet, deletes the tweet, and pre-fills the compose screen with the old contents ready for editing.
Mastodon has adopted this Delete & Redraft function, with a slight change that allows us to avoid re-uploading the media altogether, so we can re-use it directly.
Hide network
You can find out a lot about a person by looking at who that person associates with. Some people are more vulnerable to this than others, like dissidents, activists and people from persecuted groups.
In a social network, associations are important for other purposes, too. Finding good content by looking at who your friends follow, or confirming that an account is not a bot or sockpuppet by looking at who follows them. Still, Mastodon now has an option to hide who you follow and who follows you from your profile.
Of course, that isn’t perfect — the people you follow, and the people who follow also have profiles… But it’s at least a small obstacle to unsolicited data collection.
Language filtering
Language filtering is vastly improved. When we released the feature, our community only had a handful of languages, and the language detection algorithm had a high rate of wrong guesses, which meant it was safer to err on the side of opting out of unfamiliar languages, rather than limiting your timelines to some particular language. Nowadays, Mastodon is extremely diverse, so the average person who speaks only their native tongue would have to go to the preferences screen and tick more than 20 boxes just to see only toots that they would understand. That’s obviously not how it should be.
We’ve added the ability for people to select a default language for their toots to override automatic detection (therefore reducing false positives) and we turned the opt-out system around into an opt-in one. Now, on the preferences screen, you only need to tick the boxes of the languages you want to see.
Friend finding
The biggest challenge of any social network is, unsurprisingly, the “network effect”. It becomes more useful the more people that you care about are on it. Another one is surfacing interesting content, which is tangentially related, but a topic for another article/release.
We are adding a more prominent link to “Find Twitter friends” to the UI. The tool in question is called the Mastodon Bridge: By having people sign in using their Twitter account and their Mastodon account, we can create a mapping between the two, and by checking the Twitter friend data, we can tell people who of their friends is on Mastodon, with a convenient “follow all” button.
There is a very common pattern where people would say to follow them on Mastodon, either on Twitter, Facebook, or another platform that was their primary. People who would listen to that would have to find a server, sign up, then find the person in the UI and finally follow them. We’re adding a new feature to roll all of that into one action: You can now create personalized invite links. Send the invite link to your old friends and followers, and they will be able to sign up on the same server as you and automatically follow you straight away. (Please mind that invites have to be enabled by your server admin — some have reasons not to allow that. Look out for the “Invite people” link in the UI, as it appears when the function is enabled)
Ten wpis jest tłumaczeniem wpisu Nico pt. Mastodon quick start guide. Dziękuję Wojtkowi za dokonanie poprawek w moim tłumaczeniu. Proszę o zgłaszanie mi uwag dotyczących tłumaczenia, jeżeli takie wystąpią.
Więc chcesz dołączyć do Mastodona i zacząć tootować. Świetnie! Ten artykuł pomoże ci zagłębić się.
Zacznijmy od podstaw. Czym jest Mastodon?
Mastodon jest platformą mikroblogową podobną do tych, które możesz już znać, takich jak Twitter. Nie jest jednak scentralizowana — jest to sfederowana sieć działająca w sposób podobny do e-maila.
Tak jak w przypadku e-maila, wybierasz swój serwer i — niezależnie od tego, czy jest to GMail, Outlook, iCloud — gdziekolwiek się zarejestrujesz, wiesz że będziesz mógł/mogła napisać wiadomość do wszystkich, jeżeli znasz ich adres.
Wyraz „instancja” jest często używany przez użytkowników Mastodona do określenia serwera.
Oznacza to, że nie ma tu jednej, bezwzględnej firmy kontrolującej to wszystko, akcjonariuszy, centralnego zarządzania i targetowanych reklam których wszyscy mamy dosyć, są tu tylko osoby wzajemnie udostępniające sobie rzeczy, które chcą wzajemnie udostępniać.
Gdzie mogę się zarejestrować?
Pierwszą rzeczą którą musisz zrobić jest wybór serwera. Jest to dodatkowy krok w porównaniu do stron takich jak Twitter i Tumblr, ale nie jest to tak trudne, jak się wydaje.
Tak jak w przypadku e-maila, twój identyfikator zawiera serwer na który się logujesz. Na przykład, zarejestrowałem się na mastodon.social, więc aby o mnie wspomnieć, wprowadź @nico@mastodon.social w swoim wpisie. Nie jest to tak nieporęczne jak się wydaje, ponieważ interfejs użytkownika nie wyświetla nazw serwerów, gdy nie są one przypadnie (np. wyświetlając konwersacje) i dodaje je, gdy są potrzebne (np. gdy odpowiadasz na wpis użytkownika innego serwera), więc nie jest to problem którym powinieneś(-naś) się przejmować.
Jeżeli to, o czym chcesz, rozmawiać mieści się zwykle w jednej kategorii (mogą być to gry wideo, sztuka, programowanie, fikcja lub cokolwiek innego), dobrym pomysłem może być wybranie serwera, który skupia się na związanej z tym zawartości — będzie łatwiej nawiązać kontakty i znaleźć podobne osoby. Dla niektórych serwer jest czymś jak sąsiedztwo lub miejsce spotkań, gdzie większość rozmów skupiona jest na jednym temacie.
Możesz wyświetlać wszystkie publiczne lokalne wpisy utworzone przez użytkowników twojego serwera na tak zwanej „lokalnej osi czasu”.
Jeżeli nie zamierzasz skupić się na jednym temacie, prawdopodobnie chcesz wybrać ogólnotematyczny serwer. Niezależnie od tego, możesz znaleźć przydatne narzędzie do wyboru serwerów na joinmastodon.org.
Nie panikuj! Będziesz mógł/mogła rozmawiać z osobami z innych serwerów niezależnie od tego, który wybierzesz. Pamiętaj, to tak jak e-mail — możesz na przykład wysłać maila do swojej mamy na jej stare konto na WP ze swojego GMaila.
Słowo „Fediwersum” (ang. „fediverse”, „federation” + „universe”) odnosi się do sieci serwerów Mastodona i innego kompatybilnego oprogramowania, którego użytkownicy mogą wzajemnie ze sobą konwersować.
Po upływie czasu, możesz uznać, że chcesz założyć konto na innym serwerze, chcąc przenieść swoje główne konto lub utworzyć drugie konto dotyczące określonej cząstki siebie. Jest to normalna rzecz w Fediwersum i nie ma czym się martwić. Ludzie przywykli tu do widoku wpisów tego typu raz na jakiś czas:
Poznaj swój serwer
Poświęć chwilę przed rejestracją, aby przejrzeć zasady wybranego serwera i upewnić się, czy pozwala na publikowanie treści, które chcesz tam zamieszczać.
Wpisy na Mastodonie są nazywane „tootami”, co jest onomatopeją ogłosu wydawanego przez słonie.
Pod polem rejestracji znajdziesz odnośnik do strony zasad. Jest nim prawdopodobnie przycisk „Dowiedz się więcej” pod „Administrowana przez”. Na innych stronach, zasady znajdują się w stopce, podpisane jako „O tej instancji”. Możesz też wprowadzić prawidłowy adres URL w pasek adresu przeglądarki, zawsze ma on format taki jak https://mastodon.social/about/more.
Strona zasad informuje też, kto jest właścicielem/administratorem serwera. Większość serwerów jest skonfigurowana tak, że po rejestracji zaczynasz śledzić administratora, tak jak kiedyś Toma na MySpace. Jest to świetne, ponieważ wiesz, do kogo możesz się zwrócić gdy napotkasz jakiś problem i możesz otrzymywać ogłoszenia dotyczące serwera (np. gdy oprogramowania zostanie zaktualizowane), jest to też dobry sposób na poznanie osoby, która zarządza serwerem, z którego korzystasz.
Administratorzy są bardzo przyjaznymi osobami, które zwykle opłacają serwer z własnej kieszeni, więc dobrze jest poznać ich tak, jakby byli właścicielami mieszkania, które wynajmujesz. Wielu z nich przyjmuje dotacje, aby pokryć koszty utrzymania serwera, więc jeżeli możesz pomóc, będzie to docenione.
Wydaje mi się, że znalazłem(-am) nowy dom!
Przejdź na stronę główną swojego serwera i wprowadź swoją nazwę użytkownika i hasło w formularzu rejestracji. Musisz użyć adresu e-mail, który będziesz musiał(a) potwierdzić, zanim otrzymasz możliwość zalogowania.
Następna rzeczą którą powinieneś(-naś) zrobić jest zmiana zdjęcia profilowego, przejrzenie strony ustawień (i powrót tam po mniej więcej tygodniu korzystania z Mastodona, aby poprawić swoje doświadczenie) i przygotowanie do przedstawienia się.
Wartymi uwagi ustawieniami są: uwierzytelnianie dwuetapowe zwiększające bezpieczeństwo konta, domyślnie wyłączone automatyczne odtwarzanie GIF-ów, język w którym umieszczasz wpisy o języki które chcesz wyświetlać na lokalnej i globalnej osi czasu i osiach czasu hashtagów (domyślnie widzisz wpisy we wszystkich językach).
Hashtagi są ważnym elementem Mastodona. Są one jedyną częścią tootów, którą możesz wyszukiwać. Jeżeli chcesz zostać znaleziony(-a) przez osoby zainteresowane fotografią, najlepiej uwzględnić we wpisie hashtag #photography.
W przypadku hashtagów zawierających wiele słów, używaj „camel case” #JakWTymDobrymHashtagu zamiast tak #jakwtymgorszymhashtgu ze względu na dostępność.
Jako pierwszy wpis, dobrym pomysłem jest przedstawienie się pod hashtagiem #introductions i umieszczenie informacji o sobie, swoich zainteresowaniach i tym, o czym będziesz rozmawiać na Mastodonie. Jest to świetny hashtag do przeglądania, możesz znaleźć dużo nowych osób w sieci i wielu z nich może się tobą zainteresować.
Krótkie oprowadzenie po interfejsie webowym
Mastodon oferuje wiele aplikacji, zarówno na urządzenia mobilne jak i przeglądarkę z nie musisz używać standardowego interfejsu. Jeżeli oczekujesz prostszego rozwiązania, wypróbuj Pinafore
Standardowy interfejs Mastodona składa się z wielu kolumn zamiast jednego strumieniami Możesz przenosić i usuwać je, aby dostosować go do swoich potrzeb.
Strona główna zawiera wszystkie tooty od osób które śledzisz w kolejności chronologicznej. Są to osoby z twojego serwera i pozostałych, jeżeli tylko je śledzisz. Niektóre osoby nie chcą, aby podbicia były widoczne w tej kolumnie, chcą widzieć tylko autorskie wpisy śledzonych. Aby je ukryć, naciśnij przycisk ustawień w prawym górnym rogu kolumny.
„Podbicie” jest synonimem „retweeta”/„udostępnienia” na Mastodonie.
Powiadomienia służą do tego, co wskazuje nazwa. Znowu, dotyczą one całego Fediwersum. Przycisk ustawień (prawy górny róg) zawiera liczne opcje dotyczące tej kolumny. Możesz na przykład wyłączyć dźwięk „boop” towarzyszący nowym powiadomieniom.
Lokalna oś czasu jest aktualizowanym na żywo strumieniem wpisów wszystkich użytkowników twojego serwera. Na wielu serwerach, szczególnie tych mniejszych, jest to miejsce wokół którego wszystko się toczy. To jak rynek na mieście lub pokój na Slacku. Możesz odpowiadać tam osobom z jest to świetnie miejsce do poznawania ludzi.
Oś czasu federacji jest widokiem na wszystkie publiczne wpisy z całej sieci o których wie twój serwer (łącznie z lokalnymi). Najczęściej pojawiają się one tam, jeżeli któryś użytkownik twojego serwera śledzi ich autora. Ta kolumna aktualizuje się bardzo szybko. Ustawiam w tej kolumnie widok wyłącznie wpisów z zawartością multimedialną, ukrywam podbicia i otrzymuję nieustający strumień głupkowatych selfie, świeżych memów i sztuki.
Możesz też przypiąć kolumnę z hashtagiem który cię interesuje — po prostu znajdź tej hashtag i wybierz „Przypnij” w ustawieniach kolumny.
Korzystanie z ostrzeżeń o zawartości
Jedną z najlepszych funkcji Mastodona jest przycisk „CW” w miejscu gdzie tworzysz tooty. Kliknięcie go tworzy pole ostrzeżenia o zawartości pozwalające na umieszczenie informacji, czego dotyczy wpis (np. stan psychiczny, polityka, sprośne wpisy, nagość), aby osoby które nie chcą widzieć tego rodzaju wpisów mogły je ominąć. Jest to też oczywiście dobre rozwiązanie na spoilery treści książek i filmów.
Powszechną praktyką jest umieszczanie +, - i ~ w ostrzeżeniu o zawartości aby określić, czy zawartość ma wydźwięk odpowiednio pozytywny, negatywny czy mieszany.
Moja rada jest prosta: jeżeli nie masz pewności, czy wpis wymaga CW, nadaj mu CW. Ludzie doceniają to, a nadmierna ostrożność i szacunek wobec innych nie skrzywdzi nikogo.
Możesz też użyć CW, aby streścić dłuższy wpis. Niektórzy używają go do puent dowcipów. Może znajdziesz inne zastosowania dla tej funkcji. Baw się dobrze.
Dlaczego musimy sprzeciwić się nowej dyrektywie o prawie autorskim
Eugen Rochko
Jun 25, 2018
Komisja składająca się z członków [głosowała za przyjęciem Artykułu 11 i 13](https://www.bbc.com/news/technology-44546620), które tworzą zagrożenie dla decentralizacji sieci i wolności ekspresji twórczej.
Ten wpis jest tłumaczeniem wpisu Eugena RochkoMastodon 2.7. Proszę o zgłaszanie mi uwag dotyczących tłumaczenia, jeżeli takie wystąpią.
Świeże wydanie Mastodona przynosi długo oczekiwane usprawnienia możliwości poznawania treści i interfejsu administracyjnego, wraz z dużą liczbą poprawek i ulepszeń.
Wydanie 2.7 zawiera 376 commitów od 36 współautorów od 31 października 2018. Aby dowiedzieć się, kto dokonał danej zmiany, możesz przejrzeć plik listy zmian, a jeżeli chcesz zobaczyć kompletną listę autorów i tłumaczy, możesz odnieść się do pliku authors. Oba są dołączone do tego wydania.
Jedną z nowych funkcji jest katalog profilów do którego możesz się zapisać. Katalog pozwala na spojrzenie na najbardziej aktywnych twórców na danym serwerze Mastodona i filtrowanie ich na podstawie hashtagów znajdujących się w ich opisach. Dzięki temu, możesz odnaleźć osoby o podobnych zainteresowań bez konieczności przeglądania publicznej osi czasu, możesz nawet znaleźć osoby warte śledzenia z innych instancji bez konieczności rejestracji i lurkowania!
Poradnik, który widzą użytkownicy po rejestracji został opracowany na nowo. Od teraz, zamiast opisywać szczegóły domyślnego interfejsu, skupia się on na głównych założeniach Mastodona, na których opiera się jego interfejs. Do tego, zawiera kolorowe ilustracje. Poza tym, ładuje się teraz trochę szybciej, ponieważ nie jest oknem modalnym nachodzącym na interfejs, a ładuje się przed interfejsem.
Publiczne strony hashtagów bardziej efektywnie wykorzystują przestrzeń ekranu, układając wpisy w masonry grid, zamiast szerokiej kolumny. Publiczna strona hashtagów nie jest częścią interfejsu używanego przez zalogowanych użytkowników – jest stroną skupioną na niezarejestrowanych przeglądających.
2.7 zawiera nowy system ostrzeżeń moderacyjnychdla Mastodona. Poprzednio użytkownicy dowiadywali się, że ich konto zostało wyłączone lub zawieszone tylko za pośrednictwem ogólnej wiadomości o błędzie przy próbie uzyskania dostępu do konta, a teraz moderatorzy mogą poinformować użytkowników o podjętych działaniach. Nawet jeżeli nie podejmą żadnego działania, mogą oni wysłać oficjalne ostrzeżenie dostarczane wiadomością e-mail, widoczne dla inncyh moderatorów w interfejsie moderacyjnym. Moderatorzy mogą przekazać w tych wiadomościach dowolne dodatkowe informacje. Ponieważ przyczyny takich działań często są podobne, istnieje system pozwalający na zapisywanie szablonów, których mogą używać moderatorzy, zamiast ręcznego pisania takich samych wiadomości za każdym razem.
Oczywiście, ponieważ cięzko jest uogólniać, a niektórych trolli i spamboty najlepiej powstrzymać, kiedy nie wiedzą że zostały powstrzymane, ten system powiadomień może zostać wyłączony w konkretnych sytuacjach.
Interfejs moderacyjny dla kont i instancji również został opracowany na nowo. Konta wyświetlają najważniejsze liczby w prostej do odczytania siatce. Niektóre nieprzydatne informacje zostały usunięte, a takie jak data rejestracji użytkownika lub użytkownik, który wysłał mu zaproszenie zostały dodane. W przypadku kont z innych serwerów, możesz spojrzeć na listę lokalnych użytkowników którzy je śledzą.
Interfejs administracyjny dla znanych serwerów i zablokowane domeny zostały połączone w jedno miejsce. Poza wyświetlaniem liczby znanych kont z danego serwera, możesz dowiedzieć się, ile kont jest śledzonych z Twojego serwera, ile z nich śledzi Twoich użytkowników, ilu zostało zablokowanych lub zgłoszonych i ile miejsca zajmują załączniki multimedialne z tego serwera.
Twórcy aplikacji ucieszą się na wiadomość, że wydanie 2.7 wporwadziło API dla rejestracji. Dzięki implementacji tego API, aplikacje mogą przyjmować rejestracje od ich użytkowników, zamiast kierować ich do przeglądarki. Użytkownik który zarejestruje się przez aplikację wciąż będzie musiał otworzyć potwierdzającą wiadomość e-mail, ale będzie ona zawierała odnośnik, który będzie mógł zostać otwarty przez aplikację, a kiedy konto zostanie zaktywowane, aplikacja będzie już uwierzytelniona i gotowa do działania.
Narzędzie wiersza poleceń przeznaczone do zarządzania serwerem Mastodona – tootctl (wymawiane „toot control”) otrzymało kilka nowych poleceń. Od czasu powstania Mastodona, niektórzy utworzyli strony zbierające statystyki dotyczące znanych im serwerów Msatodona, oczywiście, te liczby zawsze będą się trochę różniły i ciężko jest określić, w jaki sposób są zbierane. Od teraz, możesz skanować sieć Mastodona z własnego urządzenia aby poznawać serwery i zbierać statystyki dot. korzystania z Mastodona używając polecenia tootctl domains crawl.
Po uruchomieniu tego polecenia na własnym urządzeniu, uzyskałem następujące liczby: 2251 aktywnych serwerów Mastodona, 1,882,838 zarejestrowanych użytkowników, 172,041 aktywnych użytkowników i 21,537 nowych rejestracji w pierwszym tygodniu stycznia 2019.
Kolejnym nowym poleceniem jest tootctl accounts follow, dzięki któremu wszyscy użytkownicy serwera zaczynają śledzić określone konto. W ramach przypomnienia, domyślnie użytkownicy Mastodona śledzą swojego administratora, dzięki czemu otrzymują ważne ogłoszenia, oraz zapełnia się ich główna oś czasu. To polecenie przydaje się w rzadkich sytuacjach, kiedy administrator potrzebuje zmienić coś na ich kontach.
Aby dowiedzieć się więcej o poleceniu tootctl, dodaj do niego --help, np. tootctl domains crawl --help
To nie wszystko co zostało dodane w tym wydaniu – jest wiele drobnych usprawnień, takich jak możliwość eksportowania list i zablokowanych domen do pliku CSV, suwak głośności dla filmów, możliwość śledzenia wielu hashtagów w tej samej kolumnie, usprawniona osbługa emoji, lepsze zabezpieczenie przed spamem dzięki sprawdzaniu MX i jeszcze więcej.
Mastodon is a free, open-source federated social network spanning over 800,000 users spread across more than 2,000 servers.
Mastodon v1.6 is here, and it is the first Mastodon release which fully implements the ActivityPub protocol. ActivityPub is a new federated messaging protocol developed by the World Wide Web Consortium (W3C) which aims to fix the shortcomings of past standards like OStatus.
Mastodon is one of the first platforms, and certainly the first major platform to implement this new standard and prove it in the wild. It was a natural upgrade for our project, as we long ago reached the limits of what OStatus was capable of. And what we needed was better privacy, better defaults, better cryptographic verifiability, and better distribution mechanisms.
This protocol is also very flexible in what it allows you to express and it is naturally extensible as it is based on JSON-LD. Besides allowing Mastodon to fully and reliably exchange the data it currently needs to exchange, it also has a lot of potential for future developments in the area of distributed identities and end-to-end encryption.
Servers which support this new protocol will use it in version 1.6. OStatus is still available as a full-fledged fallback.
Here are some of the juicier highlights from this release:
1. We’ve improved the integrity of distributed conversations. Up until now, the only server which had a full view of a conversation was the server of the conversation’s starter, as all responders sent their replies to it. But the servers of the responders or followers had only an incidental view of the conversation conversation; to get a full view, one would have to either follow the other responders, or get a reply from the conversation starter. Now, the server that receives the replies forwards them to followers’ servers as long as they are public. This means that when opening the conversation view on a different server, it will be as complete as on the origin server. This is especially helpful to those who run single-user instances, as they are the least likely to have already been following all responders.
2. Another feature, which is small, but has a big UX effect, is that we can finally fetch account statistics from remote profiles (total toots, number of followers, etc.), as there is now a standardized way of expressing this using ActivityPub. Technically this is not a big deal, but it did confuse new users when they saw someone from another server with a seemingly empty profile, when in reality it had thousands of toots and followers.
3. Speaking of profiles, this release brings you redesigned public profile pages, as well as the ability to pin certain toots on them to be permanently displayed. By default, stand-alone toots are displayed, and there are now tabs for toots with replies and toots with media.
4. The function of getting embed codes for toots is now more accessible — through a button in the web UI, and not just through the OEmbed API. The look of the embedded view has also been refurbished, and an optional script has been added to ensure the embeds have the correct height. I am excited to see Mastodon content appear on other websites.
5. To improve the experience of brand new users, we’ve added something in the old tradition of MySpace Tom — except instead of following some central Tom, new accounts will start off following their local admins (this can be adjusted by the administrator). That way, on your first login you are greeted with a populated home timeline instead of an empty one.
All in all, this release is all about filling the gaps in the server-to-server layer, improving content discovery and first time experience of new users, and making it easier to share Mastodon content.
Big shout-out to Chris Webber, Puck Meerburg, and Unarist specifically, and to the W3C Social Working Group in general for helping put everything together.
Mastodon is free, open-source software. The development is crowdfunded through Patreon and Liberapay. The source code is available on GitHub. General information and a list of instances is available on joinmastodon.org
My name is Eugen Rochko and I’m the creator of Mastodon, a free, open-source federated social network with over 760,000 users. You can check it out here. The Mastodon project is finally well-represented visually. I always felt like the previous logo did not do it justice. To its credit, it was both an M, and 3 sideways speech bubbles, but it did not scale well and overall it was just a circle.
April post-mortem
Eugen Rochko
Apr 25, 2017
This is an update for my Patreon supporters. It is posted on Medium because of its superiour formatting capabilities. So, April, huh. A lot happened. I was putting off writing an update on here because I knew I had to go into detail on all the things that happened, and that’s quite a daunting task. Before I dive into things, a couple short notices: The way I work with the GitHub repository has changed.
It doesn’t matter if you call it a “data breach” or not. The problem is how much data Facebook collects, stores and analyzes about us. You now know how Facebook’s platform was used by 3rd parties to meddle in elections. Now imagine how much more effective it would be, if it wasn’t 3rd parties, but Facebook itself putting its tools to use. Imagine, for example, if Mark Zuckerberg decided to run for president…
#DeleteFacebook is trending on Twitter. Rightfully so. Some say, “even without an account, Facebook tracks you across the web and builds a shadow profile.” And that is true. So what? Use browser extensions that block Facebook’s domains. Make them work for it. Don’t just hand them the data.
Some say, “I don’t want to stop using Facebook, I want them to change.” And that is wrong. Keeping up with your friends is good. But Facebook’s business and data model is fundamentally flawed. For you, your data is who you are. For Facebook, your data is their money. Taking it from you is their entire business, everything else is fancy decoration.
Others will say, “I need Facebook because that’s where my audience is, and my livelihood depends on that.” And it is true. But depending on Facebook is not safe in the long-term, as others have learned the hard way. Ever changing, opaque algorithms make it harder and harder to reach “your” audience. So even in this case it’s wise to look for other options and have contingency plans.
There are ways to keep up with friends without Facebook. Ways that don’t require selling yourself to Big Data in exchange for a system designed around delivering bursts of dopamine in just the right way to keep you hooked indefinitely.
Mastodon is one of them. There are others, too, like Diaspora, Scuttlebutt, and Hubzilla, but I am, for obvious reasons, more familiar with Mastodon.
Mastodon is not built around data collection. No real name policies, no dates of birth, no locations — it stores only what is necessary for you to talk to and interact with your friends and followers. It does not track you across the web. The data it stores for you is yours — to delete or to download.
Mastodon does not have any investors to please or impress, because it’s not a commercial social network. It’s freely available, crowdfunded software. Its incentives are naturally aligned with its users, so there are no ads, no dark UX patterns. It’s there, growing and growing: Over 130,000 people were active on Mastodon last week.
To make an impact, we must act. It is tempting to wait until others make the switch, because what if others don’t follow? But individual actions definitely add up. One of my favourite stories from a Mastodon user is how they were asked for social media handles at a game developer conference, and when they replied with Mastodon, received understanding nods instead of confused stares. Step by step, with every new person, switching to Mastodon will become easier and easier.
This article assumes you’ve read my previous two blog posts, here and here. Why not give them a quick read if you haven’t already? To balance out the doom and gloom of an internet wholly under the thrall of corporate interests and fed through single channels devoid of competition, it’s worth being aware of just how pervasive and powerful an idea decentralization is in the 21st century. The structure of things now are remnants of the way things have always been done: we trust in a singular authority to manage everything behind the scenes so that our experience on this side remains seamless.
Twitter is not a public utility
Eugen Rochko
Mar 3, 2018
Isn’t it a bit strange that the entire world has to wait on the CEO of Twitter to come around on what constitutes healthy discourse? I am not talking about it being too little, too late. Rather, my issue is with “instant, public, global messaging and conversation” being entirely dependent on one single privately held company’s whims. Perhaps they want to go in the right direction right now for once, but who’s to say how their opinion changes in the future?
Mastodon 2.5 is the 100th released version of Mastodon since the project’s inception almost 2 years ago. It brings a variety of improvements to the software, the full list of which is available in the changelog.
The public areas of the web interface have been redesigned. The color scheme and design is now more consistent with the logged-in interface. The new profile layout makes better use of space for bio text and increases the value of header images. Prominent follow buttons ensure that even people new to Mastodon understand quickly what they can do on it.
But that’s not all: The public pages now also display reply, favourite and boost buttons that open a remote interaction dialog that can take you back to your home server where you can actually interact with the toot from your account. That’s a lot simpler than having to copy & paste the toot permalink into your server’s search bar!
The other thing on the new profiles: You can choose to feature some of the people you follow on your profile, to be displayed in random order as a sort of recommendation to anyone who is visiting it. Your favourite cat owners, important voices or your associates, it’s up to you. Like the MySpace Top 8 without the “top” and the “8”, or even more like the WordPress blogroll.
Some of the smaller changes: The number of replies to toots is now stored and displayed so you can know straight away if a question you see has already been answered or if a lively discussion is happening. Mastodon now accepts MOV videos from iOS, and larger video files in general, and is smarter about resizing images.
Administration and moderation
For those who moderate Mastodon servers, a new dashboard provides an overview of important weekly numbers such as new sign-ups, user activity and liveliness. The number of e-mail notifications generated from reports has been reduced: reports for the same person do not generate a notification if one of the reports is currently unresolved. Additionally, you can now disable report notifications for yourself.
Suspensions in Mastodon are a harsh measure: You no longer have to fear misclicking and suspending the wrong person with a new confirmation screen that tells you how many toots and followers the suspension will affect before asking you to re-type the name of the account to make sure you didn’t click on the wrong one.
But that’s not all: The temporary account lock-out function has been made available to moderators as a softer, and completely reversible alternative to suspensions.
Deployment and scaling
For those who run Mastodon servers, the database schema has been adjusted to reduce disk write operations and CPU load of PostgreSQL. And for those who need to scale big, support for read-replicas is now baked into the software: it’s just a matter of changing configuration.
A new command-line interface is supposed to make working with Mastodon from the terminal easier, in place of the clunky rake tasks system. For example, there is a new way to import a pack of custom emojis. Let’s say we have an archive stored under /home/alice/Downloads/hackerman.tar.gz with the hackerman set of letter emojis saved as PNG files like a.png, b.png and so on, it could be imported with:
This will create custom emojis in Mastodon with shortcodes like :hacker_a: that will not clutter up the emoji picker but will be autocompleted.
Federation relays
If your Mastodon server does not have enough activity to be interesting to new users, that chicken-and-egg problem can now be solved by subscribing to a so-called federation relay. Federation relays are separate servers that act as a, well, relay between participating Mastodon servers, that is, every participating server receives every public toot from every other participating server.
It has to be mentioned that the core design of Mastodon where a server receives only toots from users it follows, rather than all toots from any one server, is more scalable long-term. However, servers that don’t yet follow a lot of people can often feel like ghost towns, and federation relays fix that.
A fresh new release of the federated social network software is here, and while the primary focus of it has been on fixing bugs and improving performance, it brings a couple of notable new features to the board. Delete & Redraft There are legitimate reasons why social media platforms rarely, if ever, have an editing function. In an environment where content spreads like wildfire in a matter of minutes, you could easily conceive of nefarious misuses such as creating a post about something agreeable and positive, and, once it reaches critical mass, changing the content to something malicious.
The Mastodon Spring Creator’s Release
Eugen Rochko
Mar 14, 2018
The development of the next version of Mastodon coincided with the reveal of Vero, yet another commercial social network silo backed by millionaires with a shady past. Vero has struck a chord, at least until people caught on to its background, and it wasn’t just because of its unlimited marketing budget. It has struck a chord because it promised an alternative to Instagram, which started getting progressively worse for creators after being acquired by Facebook.
With the sad news that KNZK was shutting down we thought it might be useful for people to have a refresher on the features that Mastodon has built in that make moving instances easy and painless.
Backing up Your Data
If you are moving to a new instance the first thing you will want to do is to get a backup of all of your data. Thankfully this process is painless with the Data Export tab under the “Import and Export” page. Here you can download your followers list, your muted users list and your blocked users list.
Keeping users safe is one of our top priorities and we highly recommend that anyone moving instances backs up their muted and block lists. We’ve made this as straightforward as possible to ensure that moving instances is a seamless experience and free from having to block those accounts that you do not want to see or interact with.
On this page you can also download a copy of your archive that can be read by any ActivityPub software. This archive includes all of your posts and media. So even if the instance that you are moving from shuts down, as is the case with KNZK, you will still have a copy of all of your posts!
Importing Your Data
Once you have backed up the data that you wish to bring over to your new account (we recommend all of it!) it’s easy to import these into your new account under the “Import” tab of the “Import and Export” page!
Here you will simply select the type of data that you are importing and then choose the CVS file that you exported earlier before hitting upload! The CVS files are by default clearly labeled with what kind of data they contain to make it easier to know which file to upload. Depending on your new instances size and the size of the lists that you have imported it will take a few minutes for all of the new data to be properly imported. When the data has finished upload your home TL should look like it did before!
Announcing the Move
As a final step in moving your account, something you may want to do is to let people know that you have moved your account to a new instance! Scrolling to the bottom of the “Appearances” tab of the Profile edit page you will find the option to announce that you have moved accounts under the helpfully titled “Move to a different account” header! What this will do is make it so that when people visit your old profile it is grayed out and people are redirected to your new account.
Moving instances is painless and straightforward with Mastodon and we’re happy to have developed tools that give users the greatest possible control over their own data while also keeping them safe!
In the future we are planning to expand the account migration functionality beyond a mere redirect message. The system will support notifying followers of the move and have them automatically re-follow the new account, with safety precautions. Stay tuned!
Since Mastodon 2.7, it is actually possible to let users sign up through your app, instead of asking them to go to a Mastodon website directly and then return. Let’s go over how this can be done.
First, not all Mastodon servers accept new users. If you perform a request to GET /api/v1/instance, you will see this in the boolean registrations attribute.
To proceed, your app must already be registered / self-register with the given server, and obtain a “client credentials” grant, which is an API access token that is not connected to any particular user, just to your app. The app must have the write:accounts (or above) scope.
As a refresher, given that you have already registered the app to get a client_id and client_secret, to obtain a “client credentials” grant, you just have to perform a POST /oauth/token request with the params grant_type=client_credentials, your client_id and client_secret, and scope=write:accounts (or whatever scopes you need).
You then need to collect the following information from the new user:
username
email
password
You must ask the user to agree to the server’s terms of use and privacy policy, and record that agreement in the boolean agreement param. The URLs for the terms and privacy policy are /about/more and /terms so you can just let the user open them in a browser, or render them in a web view. If you know what the user’s language is, you can pass that information in the locale param (but make sure the locale is something Mastodon supports, otherwise the API request will fail with a HTTP 422 error).
If the GET /api/v1/instance API has returned a true approval_required attribute, there is an additional piece of information you should ask from the user: reason. Because the user’s sign-up will be reviewed by the server’s staff before being allowed, you must give the user an opportunity to describe themselves and why they should be allowed onto the server.
You must then submit those params to POST /api/v1/accounts (authenticated with the app’s access token). You will need to handle a potential HTTP 422 response from the API in case the user has entered invalid information (like an already taken username).
On success, what you will receive in return will be an access token, identical to what you would get from a standard OAuth authorization procedure. The access token allows your application to use the API of the server on behalf of the registered user.
However, the token will be inactive until the user confirms their e-mail. The link in the confirmation e-mail will actually redirect them back to your application when possible. Of course, if staff approval is required, the token will remain unusable until the account has been approved.
Trying to use an inactive access token will result in a HTTP 403 error.
The latest point release of Mastodon adds a small new feature that might have a significant impact on all adult content creators on the platform. The feature has a fancy, memorable name: Blurhash. But first, let’s talk about how adult content works on Mastodon.
Mastodon allows you to put content warnings on posts. These can be textual, hiding the text content, for example if you want to talk about spoilers or something uncomfortable for other people. Images and videos can be hidden as well, even while leaving the text visible. When the images and videos are hidden, you only see a black box where they would be, that can be clicked to show them.
Beyond providing visual protection against say, co-workers looking over your shoulder to see something inappropriate on your screen, Mastodon also does not load said images or videos at all until you choose to unhide them, which helps if it’s important that inappropriate content is not stored in your browser’s cache. But there is a drawback. Every post with hidden media looks the same. They all blend together. Especially in public timelines, which provide a stream of all public posts that people use to explore Mastodon outside of their friend circle. As a result, posts with hidden media usually get less interactions.
Here comes Blurhash. Developed by Dag Ågren, who is behind the popular iOS app for Mastodon, Toot!, it is an algorithm that compresses a picture into a short string of letters. The string is so small that there is no problem with saving it in the database, instead of as an image file, and conversely, sending it along with API responses. That means that string is available before any image files are loaded by the browser. You can see where this is going… When you decode the string back into an image, you get a gradient of colors used in the original image.
So little information is transmitted through blurhash that is is safe to display even if the underlying content is inappropriate, and the resulting gradient is pleasant to look at. Even more importantly, it’s different for each image, making posts with hidden media look different from each other, which should hopefully increases their chances of getting noticed. But that’s not all! Even for posts where images and videos are not supposed to be hidden, it provides a pleasant placeholder while the much heavier image files are loaded by the browser.
If you would like to use Blurhash in your project, there is a Ruby port on RubyGems and a JavaScript port on NPM. More are to be published by Dag Ågren in the future!
In this release: Polls, new tools for managing followers, new frontpage design, new admin features, Keybase integration, and more
Mastodon now available on DigitalOcean
Eugen Rochko
Apr 7, 2019
We have published a 1-click install image on DigitalOcean. This reduces the initial time investment in self-hosting Mastodon substantially. You create a new droplet, choose the Mastodon image, and once it boots up, you are taken through an interactive setup prompt. The only necessary information for the prompt is a domain name (it should already be pointing at the IP address of your droplet!) and credentials to some e-mail delivery service, like SparkPost, Mailgun, Sendgrid, or something similar.
The profile directory is a way to discover users who want to be discovered. To fetch the profile directory, access GET /api/v1/directory with the possible params local (boolean) and order (new or active). Pagination is accomplished using offset and limit params.
Trends
Hashtags that are used more than usual (and above a small minimal threshold) are “trending”. To fetch trending hashtags, access GET /api/v1/trends. Only 10 results are returned maximally but you can request fewer with limit param.
Managing featured hashtags
Users can feature hashtags on their public profile, which allows visitors to easily browse their public posts filed under those hashtags. These cannot yet be arbitrarily retrieved through the API, but there is now an API for managing the featured hashtags of the current user:
GET /api/v1/featured_tags to retrieve current user’s featured hashtags
POST /api/v1/featured_tags to create a new featured hashtag, specified by the param name
DELETE /api/v1/featured_tags/:id to delete a featured hashtag
GET /api/v1/featured_tags/suggestions to retrieve the user’s 10 most commonly used hashtags
A featured hashtag contains the attributes id, name, statuses_count and last_status_at.
Timeline position markers
Apps can now synchronize their position in certain timelines between each other. Currently these are the home timeline and the notifications timeline. The web UI already implements this API and will save its position when closed.
To retrieve a map of markers with timeline names as keys, access GET /api/v1/markers . You must specify the desired timelines with the array param timeline. This is a slightly unusual structure in Mastodon’s REST API so it deserves an example:
To create a new marker, pass a map to POST /api/v1/markers with timeline names as keys (home and/or notifications), and an object containing the last_read_id for each timeline. Essentially, you pass it something like this, either encoded as JSON or using nested form/query params:
{
"home": {
"last_read_id": "567..."
}
}
Hashtag autocomplete
If you are using the GET /api/v2/search API for showing the user autocomplete for hashtags, you can now pass the exclude_unreviewed boolean param to limit the results to only those hashtags that have been looked at by the server’s staff. This is a way to reduce junk and harmful results.
Sign-up API in approval-required registrations mode
You can now pass the reason param to POST /api/v1/accounts, containing the user’s reason for wanting to join the server, which is useful when the server is in approval-required registrations mode. You can detect when that mode is active by the approval_required boolean attribute returned from GET /api/v1/instance (in conjunction with the registrations boolean attribute).
Custom emoji categories
New attribute category on custom emojis returned from GET /api/v1/custom_emojis contains a string with which emojis are supposed to be grouped when displayed in a picker UI.
Displaying user’s own votes in polls
New attribute own_votes on polls contains an array of the user’s choices (as indices corresponding to the options array).
New search syntax support
When ElasticSearch is enabled, you can use the following syntax to fine-tune your search:
Surround keywords with double quotes (") to search for the exact phrase
Prepend a keyword (or phrase) with minus sign (-) to exclude it from results
It should be noted that the default operator has been changed from “and” to “or”, so by searching for “foo bar” you will get results that contain both “foo” and “bar” at the top, but also those that only contain “foo” and only contain “bar”. For this reason, there is also another new operator, the plus sign (+) which you can prepend to a keyword or phrase to make sure the results definitely contain it.
Health check
There is now GET /health endpoint for the web process which you can use with a monitoring service. The endpoint measures not only that the web process responds to requests but can successfully connect to the database and the cache as well.
New deployment settings
Reply-to header on e-mails
If you want e-mails to be sent with a reply-to header, i.e. redirecting replies to those e-mails to a particular address, use the new SMTP_REPLY_TO environment variable. Mind that the reply-to header on moderation warning e-mails is set to the contact address configured in the admin UI.
Secure mode
Normally, all public resources are available without authentication or authorization. Because of this, it is hard to know who (in particular, which server, or which person) has accessed a particular resource, and impossible to deny that access to the ones you want to avoid. Secure mode requires authentication (via HTTP signatures) on all public resources, as well as disabling public REST API access (i.e. no access without access token, and no access with app-only access tokens, there has to be a user assigned to that access token). This means you always know who is accessing any resource on your server, and can deny that access using domain blocks.
Unfortunately, secure mode is not fully backwards-compatible with previous Mastodon versions. For this reason, it cannot be enabled by default. If you want to enable it, knowing that it may negatively impact communications with other servers, set the AUTHORIZED_FETCH=true environment variable.
Whitelist mode
Taking a step further than the secure mode, whitelist mode is meant for private servers. Our aim here are educational uses, such as schools and universities, where Mastodon could be used to provide a safe learning environment. When whitelist mode is enabled, no page is available without login, and any incoming or outgoing federation is ignored except for manually whitelisted domains. Domains can be whitelisted in the federation part of the admin UI. When whitelist mode is enabled, secure mode is also enabled.
To enable whitelist mode, set the WHITELIST_MODE=true environment variable. Please mind that this option was not designed for being switched on on already running servers. To clean an existing database of content that is not whitelisted, run tootctl domains purge --whitelist-mode
Because whitelist mode essentially creates a silo, not unlike Twitter, Facebook, and other centralized services, we do not recommend running public servers in whitelist mode.
New command-line tools
Please mind that if you find any of the below descriptions insufficient, you can always append --help to whichever command you’re interested in and receive the most detailed information about the usage of that command and the available options.
Parallization and progress
Commands that used to accept a --background flag for Sidekiq-based execution have been changed to instead support a --concurrency (or -c) flag specifying the number of threads to use for parallel execution.
Instead of printing dots to signal progress, real progress bars are now displayed, with the number of processed items and estimated time to completion.
Cleaning up old link preview cards
To remove thumbnails from older link preview cards, run tootctl preview_cards remove, specifying age with --days just like for media removal.
Re-downloading removed media attachments
If you need to re-download media attachments, run tootctl media refresh. You can either re-download media attachments from a specific --status, from a specific --account, or from an entire --domain.
Re-counting counters
Sometimes various counters in Mastodon get out of sync with reality. To fix account counters (e.g. followers, following, toots), run tootctl cache recount accounts. This should not take very long. To fix status counters (e.g. reblogs, favourites, replies), run tootctl cache recount statuses. This may take a lot longer.
New admin UIs
Trends
Hashtags will not trend without your approval. Whenever a hashtag is beginning to trend, you receive a notification e-mail asking to review it. You can disable those e-mails from your personal e-mail notification preferences. You can disable the trends feature altogether from admin settings. Or you can choose to auto-approve hashtags instead, which may be suitable for trusted communities.
The hashtags area in the admin UI has been updated. When looking at hashtags that are pending review, you can approve or reject them in batches. From individual hashtag view, you can control whether the hashtag can trend, whether it can appear on the profile directory and in searches, or whether it can be used at all. You will also see which servers you know about are contributing how much to that hashtag’s usage to help you determine whether to let it trend or not.
Including reported toots in warning e-mails
If you want to perform an action or warning against a user related to a report, you can choose if the toots that were in that report should be included in the e-mail the user will get about that action or warning. This will provide more clarity to the user about how they broke your rules.
Table of contents on about page
The about page of your server will now auto-generate a table of contents based on the structure of your extended description HTML. It is recommended to have a h1 tag, which will not be reflected on the table of contents, to give the entire page a title, then h2 and h3 tags for the different sections. Make sure your HTML is valid, otherwise the table of contents may not work as expected.
Public and private domain blocks information
You can now add comments to domain blocks. Private comments are for other staff members only. From the admin settings, you can choose if domain blocks should be disclosed publicly or to logged-in users only, or not at all. If you choose to disclose them, they will appear on the about page, below your extended description. You can use the public comments to give public reasons for your decisions.
Custom emoji categories
The custom emojis area in the admin UI has been updated. You can now assign emojis to custom categories and perform batch actions on them such as copying, deleting, or unlisting.
Spam checks
When a user mentions someone who isn’t following them and it’s not a reply to something directed at that user, their message is run through a simplistic spam check which detects repeating messages. When spam is detected, a new report is created automatically. If that was a mistake, you can mark the report as resolved and it will exempt that user from future spam checks. You can disable the spam check feature from admin settings.
Since Mastodon 2.7, it is actually possible to let users sign up through your app, instead of asking them to go to a Mastodon website directly and then return. Let’s go over how this can be done.
Mastodon 3.0
Eleanor
Oct 11, 2019
In this exciting new release: Moving accounts, trending hashtags, private servers and more!
Inspired by a joke post I decided to go ahead and compile a list of the most shared things on Mastodon in 2018.
Of course, given the federated nature of the platform, this list may be incomplete, as I can only query information known to the mastodon.social server. I’ve also curated the list a little by excluding toots that were asking to be boosted, toots from me and the official Mastodon account, as well as most things that could be considered merely announcements to current users.
One of the ways Mastodon sets itself apart from current-day Twitter is its API-first approach (every function available through the web interface is available through the API, in fact, our web client is just an API client that runs in the browser). A third-party app ecosystem contributed in large part to Twitter’s success at the beginning, with many innovative features like retweets coming originally from unofficial apps, and it is serving a similarly instrumental role for Mastodon. It is great that Mastodon users can choose from a variety of apps with distinct approaches to user experience.
However, there is a gap in this ecosystem, illustrated best by the amount and frequency with which new users ask us where to find the “Mastodon” app, why there is no “Mastodon” app, and when we will release a “Mastodon” app. Irrespective of our efforts of promoting third-party apps at every turn – from joinmastodon.org, from the web interface, from the frontpage of every Mastodon server – the lack of an app that carries our name in the app stores trips up newcomers.
This hampers our chances of converting people browsing app stores for a few reasons: We’re less likely to get on trending lists even when Mastodon is in the spotlight, since people either fail to find a native app or are split between multiple ones; most if not all contemporary third-party Mastodon apps do not prioritize first-time user onboarding, with many not offering sign-up functionality; and while it is fair that some of the apps are paid and not free, somebody looking to try out a new social network is not going to take the chance on their credit card.
That is all to say, we need an official Mastodon app that is free to download and that is specialized in helping new users get started on the platform. The end-goal is also to reach feature-parity with the web interface and spearhead new API features. The more new users we can successfully convert to Mastodon, the bigger the pool of potential users for all third-party apps will be, and if app developers are motivated to implement previously missing features to stay competetive, all the better.
We will focus on developing an official, open-source iOS app first. I have compiled a roadmap of features that a Mastodon app ought to have, with the first milestone being a Minimum Viable Product which we could get out on the App Store by summer. I am teaming up with engineers from Sujitech, who have a long history with the fediverse, and UX designers from the NYC agency Lickability, whose track record includes iOS apps for Meetup and the New Yorker.
The work begins on February 8, 2021.
To help offset the costs of this undertaking, I have created a new milestone on Mastodon’s Patreon profile. If you’ve got a business, you can now sponsor Mastodon directly without going through Patreon, with much smaller processing fees and tax-compliant invoices. Thanks to everyone who is already sponsoring Mastodon, and stay tuned for updates!
It’s Mastodon 3.3 time 🎉 We’ve got security fixes, performance fixes, new moderation tools and quality of life features!
Mastodon 3.2
Eugen Rochko
Aug 2, 2020
The new Mastodon release brings you a much better audio player and improved support for different audio and video formats, as well as some additional security mechanisms.The audio player has been completely reworked to have a more eye-catching design. It will extract album art from the uploaded audio file automatically, or allow you to upload a thumbnail of your own choosing to be displayed in the center. Dominant colors from the artwork or thumbnail will then be used to give the player a unique look.