Whether you're looking for a way out of the Gulag or just a plan B for the next time you land in Facebook jail, moving from one centralized social network to another won't do you much good. Facebook, Twitter, Telegram, MeWe—they all have the same fundamental flaw. A for-profit corporation sustained by ads will always put growth and engagement above all else, from privacy and mental health of individual users to social cohesion and political stability of entire countries.

The free* software community has implemented an alternative to the competing centralized social networks: Fediverse, an ensemble of federated servers that are independently hosted and run different software but can all interoperate using open standards.

* as in "freedom"

Show thread

Fediverse offers many options. As usual with free software, you're in control, and you're expected to know what you want. Now would be a good time to take inventory of what is it social apps do for you.

But before we get to chats, microblogs, macroblogs, photo sharing, video calls, and other forms of communication, remember that social networks are made of people, and consider the part that creates the network effect: identity.

Show thread

It isn't what you can do on a social network that locks you in, it is the people you know. Maintaining a relationship with someone depends on:

1) discovering ways to connect with them, and
2) being able to trust that you are connecting with the right person.

The flip side of discoverability and authenticity is privacy. Sharing some aspects of your identity with wrong people can open you to harassment, fraud, and other kinds of harm.

Show thread

In centralized social networks, you have to trust a for-profit corporation to verify and protect people's identities. So far, they have failed miserably at both.

In Fediverse, you have full control over how much you reveal about yourself to make people believe that you are who you say you are.

On a scale from "take my word for it" to "strongly connected PGP Web of Trust", I think Keybase strikes the best balance between security and simplicity.

Show thread

To be fair, Keybase is not what you'd call a paragon of freedom and sanity.

You only have to investigate why their desktop client was refused by Debian to find a whole lot of wrong. What it does with GnuPG is a travesty, no wonder they messed up expiration of their own package archive signing key. And the server isn't free software. Tl;dr stay away from Keybase desktop client, cloud file sharing, and teams.

The only reason to put up with this mess is identity management.

Keybase is good for three jobs:
1. Help people find you across social networks. Just give them your Keybase username.
2. Certify that your accounts on other networks are really you and not clones. You do that by posting crypto signatures Keybase generates for you on accounts you control.
3. Secure chat with end-to-end encryption that doesn't require sharing your phone number.

Show thread

For just these jobs, setup is simple:
1. Install the Keybase app on your phone, open it.
2. Create an account.
3. Pick a name. This will be visible and cannot be changed later. If you want a public account, pick something that will make it easy for people to find you. If you need privacy, come up with something new that can't be traced to who you are and where you live.
4. Name your phone (anything to tell it apart from your next phone).

Show thread

5. The app will offer you to enter your phone number and email. Skip it, you can get back to it later (sandwich icon > Your Account).
6. Add a paper key (sandwich > Devices > Add a device or paper key > Create a paper key). That's just a fancy name for account recovery code. Write it down and keep it somewhere very safe that is not on your phone.

That's it, you now have a Keybase account and can start linking your other accounts to it.

Show thread

So, other than discovering and verifying identities of people you know, what is it social apps do for you? Fundamentally, just one thing: meaningful conversations. Everything else is just things you do online, things worth talking about—it is the conversations that connect us.

Show thread

Private real-time conversations are simple: you just use whatever chat app is available to both of you. It should be end-to-end encrypted (so you don't have to scramble when a sensitive topic comes up), open source (so you know it can be trusted), and mobile friendly (so you don't have to run to your computer to read your messages). Keybase satisfies all three; Wire is better if you want insulation from your Keybase identity; Signal is easiest to use if you don't mind sharing your phone number.

Show thread

Public conversations require authenticity and structure. Nobody has time for email threads and nested quotations anymore, the microblogging format has made these skills obsolete. When a long post is diced into paragraph sized chunks, you can reply directly just to the right spot in a thread, with no need for quotes to highlight the context. Easy to move around and scroll through on mobile, easy to branch off sub-conversations, easy to track and reference every comment by its permalink.

Show thread

Mastodon is the most popular microblogging platform in Fediverse, serving millions of accounts across hundreds of instances. You can join the flagship instance mastodon.social, find a smaller one that fits your interests and code of conduct preferences, or start your own instance—the Fediverse equivalent of creating a group.

Show thread

Federation allows you to follow accounts on any Mastodon instance, and even on other Fediverse platforms: the more traditional blog-and-comments Friendica, photo sharing Pixelfed, video sharing PeerTube, etc.

Your own accounts on different instances can have different names and privacy settings. You can lock an account to only allow approved followers and make follower-only posts.

Mind that it won't give you the privacy of end-to-end encrypted chat: admins can see everything on their instance.

Show thread

The main point of Mastodon's privacy settings is to protect people from harassment. To that end, it also offers a progressive spectrum of protective measures:
- hide someone's boosts,
- mute (you don't see them),
- mute notifications, too,
- block (they can't see you),
- hide an entire instance.

You can also report bad behavior, and instance admins can ban a user or an entire instance temporarily or completely.

Show thread

There is no protocol for banishing an instance from the entire Fediverse. It is up to every instance to decide what to block, although many probably follow the block list published by mastodon.social. There are two prominent special cases that ended up forking Mastodon software to the point where they are no longer compatible and unable to federate: Counter.Social and Gab.

Show thread

Counter.Social has implemented a draconian set of protective measures, including blocking entire countries known to run disinfo operations, along with thousands of VPN providers. Some major instances such as mastodon.xyz blocked CoSo over this, CoSo founder Jester Actual blocked the entire Fediverse back. On one hand, Fediverse does need stronger defence systems; on the other, country block is a cop-out, VPN block is plain harmful, and isolation turns an instance into yet another dictatorship.

Show thread

Gab claims to stand for freedom of expression, which those familiar with American political discourse will immediately recognize as a "Nazis and white supremacists welcome" dog-whistle. In July 2019 they switched to a forked version of Mastodon and tried to join Fediverse, but were decisively rejected by Mastodon developers, blocked by most instances, and blacklisted by Tusky and Toot! mobile apps.

Show thread

Did I mention that it isn't what you can do on a social network that locks you in, it is the people you know? It's not enough that Keybase and Mastodon give you means to connect and talk with your friends, you won't be able to leave the centralized social networks until you can take your friends with you. We all need a collective breakout plan.

Show thread

We need to build a sustainable safe space where the few of us who are ready to move can work together. Then we gradually scale down our presence in the old networks, engaging our friends there just enough to remind them where to find us, while building and nurturing our new community here, making it a more welcoming and exciting place than Facebook's ranked feed hamster wheel.

Show thread

Your homework for the stage 1 of our breakout plan:
1. Encrypt your phone, set screen lock to password (fingerprint unlock is ok).
2. Install a two-factor authentication app (e.g. FreeOTP or Google Authenticator).
3. Install a password manager (e.g. Bitwarden).
4. Register on Keybase, add a paper key (as described above).
5. Link your public Twitter profile—if you have one—and other identities (e.g. I linked my GitHub) to Keybase.

Show thread

6. Register on mastodon.social (we'll get to our own Mastodon instances later, for now we stick with the flagship).
7. Enable two-factor auth.
8. Link your Mastodon profile to Keybase.
9. Add links to your Keybase and your Mastodon to all your profiles on centralized social networks.
10. Explore settings, read user docs (docs.joinmastodon.org/usage/).

Mastodon UI works well on mobile, tablet, or desktop, but a mobile app may get you smoother experience and longer battery life.

Show thread

@angdraug Holds true for twitter also, with its race for followers and the blue tick fever. Conversations get hijacked, go off tangent and get lost there; hopefully that won't happen here...

@KayKap As @ideasmithy said, cultures are built by people. It us up to us all to keep the culture here from deteriorating, best the tools such as Mastodon can do is make good behaviors easy and discourage abuse with friction.

@angdraug no arguments there! Not only is culture created by people, it is also defended by them. When culture and people come together societies, groups, home & hearths come into existence. And residents fight to defend them @ideasmithy

@angdraug given Keybase is now owned by Zoom, after flirting with yet another cryptocurrency, it might be worth recommending @keyoxide instead. It's open source (so you can self-host it), the proofs are embedded in your GPG key (so as long as it's discoverable - via a keyserver or WKD - you're good). Here's the dev's profile page for example keyoxide.org/9f0048ac0b23301e1 and here's mine: keyoxide.org/michel@michel-slm

@angdraug @keyoxide the relative path would be the same regardless of keyoxide servers and they're generated dynamically, no need to create an account. Most of the proof types Keybase has are supported; the features it doesn't have are mostly non-core like having its own social network.


Show newer

@angdraug could you share the bug number. I am on Debian and usually follow bug reports routinely of stuff I am interested in. I have used pgp so know how to use it and do stuff with it as well as keychains and all. Anyways, gonna read your thread in full, if and when possible, please share the bug number :)

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!