Jerry Bell ​

I just got a newsletter from @haubles that reminded me it's been too long since I've sung the praises of Fastly for the CDN services they provide to infosec.exchange.

I don't generally like to plug things here, but I have to tell you that I've been incredibly impressed by Fastly's service and their people. If you're a developer looking for CDN services, or otherwise in the market for CDN services give Fastly a look since they have a free tier for developers now.

You can find info on their free tier here: http://fastly.com/pricing and the announcement is here: http://fastly.com/instant

This is my monthly reminder to support your fediverse instance - most instances are run by volunteers and paid for with donations or out of the administrator’s pocket. Commercial social media is “free”, but funded by targeted advertising, data mining, etc. The fediverse is “free” for most of us, but far from free to run.

To those of you who support your instance, my thanks. To those who can’t afford it, this place is here for you regardless of your ability to support financially. To those who can, please consider supporting your instance if you derive value from the platform. You can find instructions on donating to your specific instance on your instance’s about page.

And a personal thanks to those who support Infosec.exchange. Y’all are the best

For those on Infosec.exchange, there seems to be an issue with Fastly affecting a portion of our accounts that causes video and picture uploads to fail. If you encounter that problem, please switch to using https://crank.infosec.exchange, which bypasses Fastly. I only recommend people experiencing the issue do that, since Fastly makes accessing the instance much much faster for most people. Apologies for the inconvenience.

Oof. I think I am going to have to limit mastodon.social. The porn spambots out of control

I purged about 200 instances from relay,infosec.exchange that were either no longer resolving or otherwise hadn't had a successful connection in the past week. If you find that you're not connected any longer, give me a shout and I'll unblock your instance from the relay

One of the amazing parts of being unemployed in the US is thinking about health insurance. Now, I’m ok for a while because of COBRA, but I took a look at the healthcare.gov offerings and… wow. It would be close to $4000/month to cover just my wife and I with something similar to what we have now. There are much cheaper plans - in the $1500/month range that, as far as I can tell, are strictly for catastrophic issues, and otherwise don’t really cover anything substantive. Hopefully there are other options when I get to that point.

I've been participating in the fediverse for about 8.5 years now, and have run infosec.exchange as well as a growing number of other fediverse services for about 7.5 of those years. While I am generally not the target of harassment, as an instance administrator and moderator, I've had to deal with a very, very large amount of it. Most commonly that harassment is racism, but to be honest we get the full spectrum of bigotry here in different proportions at different times. I am writing this because I'm tired of watching the cycle repeat itself, I'm tired of watching good people get harassed, and I'm tired of the same trove of responses that inevitably follows. If you're just in it to be mad, I recommend chalking this up to "just another white guy's opinion" and move on to your next read.

The situation nearly always plays out like this:

A black person posts something that gets attention. The post and/or person's account clearly designates them as being black.

A horrific torrent of vile racist responses ensues.

The victim expresses frustration with the amount of harrassment they receive on Mastodon/the Fediverse, often pointing out that they never had such a problem on the big, toxic commercial social media platforms. There is usually a demand for Mastodon to "fix the racism problem".

A small army of "helpful" fedi-experts jumps in with replies to point out how Mastodon provides all the tools one needs to block bad actors.

Now, more exasperated, the victim exclaims that it's not their job to keep racists in check - this was (usually) cited as a central reason for joining the fediverse in the first place!

About this time, the sea lions show up in replies to the victim, accusing them of embracing the victim role, trying to cause racial drama, and so on. After all, these sea lions are just asking questions since they don't see anything of what the victim is complaining about anywhere on the fediverse.

Lots of well-meaning white folk usually turn up about this time to shout down the seal lions and encouraging people to believe the victim.

Then time passes... People forget... A few months later, the entire cycle repeats with a new victim.

Let me say that the fediverse has a both a bigotry problem that tracks with what exists in society at large as well as a troll problem. The trolls will manifest themselves as racist when the opportunity presents itself, anti-trans, anti-gay, anti-women, anti-furry, and whatever else suits their fancy at the time. The trolls coordinate, cooperate, and feed off each other.

What has emerged, in my view, on the fediverse is a concentration of trolls onto a certain subset of instances. Most instances do not tolerate trolls, and with some notable exceptions, trolls don't even bother joining "normal" instances any longer. There is no central authority that can prevent trolls from spinning up fediverse software of their own servers using their own domains names and doing their thing on the fringes. On centralized social media, people can be ejected, suspended, banned, and unless they keep trying to make new accounts, that is the end of it.

The tools for preventing harassment on the fediverse are quite limited, and the specifics vary between type of software - for example, some software like Pleroma/Akkoma, lets administrators filter out certain words, while Mastodon, which is what the vast majority of the fediverse uses, allows both instance administrators and users to block accounts and block entire domains, along with some things in the middle like "muting" and "limiting". These are blunt instruments.

To some extent, the concentration of trolls works in the favor of instance administrators. We can block a few dozen/hundred domains and solve 98% of the problem. There have been some solutions implemented, such as block lists for "problematic" instances that people can use, however many times those block lists become polluted with the politics of the maintainers, or at least that is the perception among some administrators. Other administrators come into this with a view that people should be free to connect with whomever on the fediverse and delegate the responsibility for deciding who and who not to block to the user.

For this and many other reasons, we find ourselves with a very unevenly federated network of instances.

Wit this in mind, if we take a big step back and look at the cycle of harassment I described from above, it looks like this:

A black person joins an instance that does not block m/any of the troll instances.

That black person makes a post that gets some traction.

Trolls on some of the problematic instances see the post, since they are not blocked by the victim's instance, and begin sending extremely offensive and harassing replies. A horrific torrent of vile racist responses ensues.

The victim expresses frustration with the amount of harassment they receive on Mastodon/the Fediverse, often pointing out that they never had such a problem on the big, toxic commercial social media platforms. There is usually a demand for Mastodon to "fix the racism problem".

Cue the sea lions. The sea lions are almost never on the same instance as the victim. And they are almost always on an instance that blocks those troll instances I mentioned earlier. As a result, the sea lions do not see the harassment. All they see is what they perceive to be someone trying to stir up trouble.

...and so on.

A major factor in your experience on the fediverse has to do with the instance you sign up to. Despite what the folks on /r/mastodon will tell you, you won't get the same experience on every instance. Some instances are much better keeping the garden weeded than others. If a person signs up to an instance that is not proactive about blocking trolls, they will almost certainly be exposed to the wrath of trolls. Is that the Mastodon developers' fault for not figuring out a way to more effectively block trolls through their software? Is it the instance administrator's fault for not blocking troll instances/troll accounts? Is it the victim's fault for joining an instance that doesn't block troll instances/troll accounts?

I think the ambiguity here is why we continue to see the problem repeat itself over and over - there is no obvious owner nor solution to the problem. At every step, things are working as designed. The Mastodon software allows people to participate in a federated network and gives both administrators and users tools to control and moderate who they interact with. Administrators are empowered to run their instances as they see fit, with rules of their choosing. Users can join any instance they choose. We collectively shake our fists at the sky, tacitly blame the victim, and go about our days again.

It's quite maddening to watch it happen. The fediverse prides itself as a much more civilized social media experience, providing all manner of control to the user and instance administrators, yet here we are once again wrapping up the "shaking our fist at the sky and tacitly blaming the victim" stage in this most recent episode, having learned nothing and solved nothing.

I found a bug in writefreely (used on infosec.press) that prevents blogs from being displayed in certain circumstances. The issue has to do with, of all things, capitalization.

Roses are red
Violets are blue
I can’t do anything about the elections
SO LOOK AT MY ORCHID.
LOOK AT IT!

#bloomscrolling

(Medien: 1)

I find it interesting that around 90% of spam account signups on Infosec.exchange use a gmail address to register. Now, that’s partly biased because I’ve blocked most of the junk email services that allow creating email addresses without needing to sign in or register, so I don’t know what it would look like if those were permitted, however it must be quite efficient for people to create large numbers of gmail accounts.