Category: Info Tech

Jay Graber on Billionaire Proofing Bluesky

This is truly the approach we need to social media going forward. Jay Graber:

The billionaire proof is in the way everything is designed, and so if someone bought or if the Bluesky company went down, everything is open source. What happened to Twitter couldn’t happen to us in the same ways, because you would always have the option to immediately move without having to start over.” and “There’s a lot on the road map, and I’ll tell you what we’re not going to do for monetisation. We’re not going to build an algorithm that just shoves ads at you, locking users in. That’s not our model.

There’s a saying they have at Bluesky, “the organization is a future adversary”. Meaning they are building atproto (the AT Protocol bluesky is based on) to be resilient against being locked in and made proprietary by Bluesky itself in the future when or if it is owned by people who are focussed only on monetising the user base and not on what’s best for an open network protocol that serves people. So even the CEO herself (who has majority ownership in the company), wants to build out atproto as an independent network before it can be polluted by the pressure of investors wanting to capitalise.

www.cnbc.com/2024/11/21/bluesky-ceo-jay-graber-says-x-rival-is-billionaire-proof.html

Via Email

Jay Graber Reveals Origins of Bluesky as a Company

Jay Graber had the foresight to get Bluesky out from under Twitter on the basis that “captains can change” and just as Bluesky was separated from Twitter and made into it’s own company, Musk took over Twitter. Musk had no interest in an open source protocol that he wasn’t fully in control of, so Bluesky would have been killed off under Musk.

Watch this interview from Decoderpod

@decoderpod

Bluesky CEO Jay Graber reveals the origins of the company as a project within Twitter and how it survived the takeover by Elon Musk. #bluesky #social #elonmusk #twitter #x #decentralization #socialnetworks

♬ original sound – Decoder with Nilay Patel

Crossposting from WordPress to Bluesky

Matthias Pfefferle has introduced a WordPress plugin that supports crossposting from your WordPress enabled website to a Bluesky account.

You can get the plug in here, or install through your plugin manager within WordPress: https://wordpress.org/plugins/share-on-bluesky/

The plug in is fairly simple with not a lot of explanation. On initial set up I found the field names to be poorly identified and it took a few tries to get the right settings before cross posting could happen. I will explain below exactly how to configure the plugin to get your WordPress posts zipping across to Bluesky.

i) In “Bluesky Domain” you will enter the instance address you wish to cross post to. For 99% of people at the moment this will be https://bsky.social. If you have a different instance, aka an AT Protocol server not managed by Bluesky, you will use the address of that server.

ii) In the Bluesky “Identifier” field, you will enter your username aka the username you use to login to Bluesky or your particular AT Protocol instance.

iii) In the password field you will enter an app password that you generate in your Bluesky settings (or settings of your AT Protocol instance). You can generate the password by going to https://bsky.app/settings/app-passwords and clicking “generate app password”. Once the password is created make a note of it before clicking away, as once created you will not be able to view it again.

NOTE: I have not tested this on a non-Bluesky server instance, so mileage and settings may differ (or may not work). But this is verified working on my installation for Bluesky, using WordPress 6.7.1 and PHP 7.4.33

And it’s as simple as that!

Sample username used below

Twitter Australia Facing Outages

Australian and New Zealand Twitter users found this morning that their twitter access was suffering timeouts and failures posting and loading threads. This is reportedly limited to Australia and New Zealand and not a world wide outage.

Users are facing slow page loads, as well as messages such as the following:

Guardian columnist Van Badham confirms to Twitter user “Kate” that they are also having problems:

Internet services in Australia are otherwise operating normally.

There’s no evidence of a connection yet, but on Christmas Eve, Musk shut down the Sacramento data centre, one of three data centres that serve twitter webpages.

More outage information is available at https://aussieservicedown.com/status/twitter

In case you have been living under a rock, or live in the alternative reality of facebook world, or have a good dose of selfcare and live more in the real world than social media, you will have noticed that twitter is melting down at the moment. Or more precisely, it’s new owner is melting down.

There’s a whole story there so I’ll leave that for another day. But there’s heaps of info online about that if you want to look into it. The upshot is that millions of people have been migrating from Twitter to other social media platforms. A large swathe of those have been attracted to the promises of Mastodon and platforms of that ilk, for the promise of corporate manipulation free social media – no ads, no algorithms, and since the recent Twitter takeover, the appeal of no inexplicable suspensions and arbitrary rule making.

The Fediverse: A Viable Alternative to Corporate Owned Social Media

So firstly let’s address the Pachyderm in the room. Specifically the Mastodon and related Fediverse species. With the imminent demise (some gleefully, if prematurely, predict) of Twitter, people have been flocking to a till now little known social media alternative called Mastodon. Mastodon is the most predominant of a range of social media platforms grouped under the taxonomy of open source interoperable social media platforms. What this means is that members of different platforms can follow, like and share content to and from other platforms that share the same protocol. In practice this would be like if you could follow twitter accounts on your facebook, or share your instagram pics to twitter.

There are a few different protocols but the one that has gained the most ground and has the most mature suite of features is ActivityPub. An example of platforms that use ActivityPub include Mastodon, Pixelfed, Peertube (respectively modelled loosely on Twitter, Instagram and Youtube). Collectively, ActivityPub platforms are called The Fediverse.

Some existing social media and web based companies are also planning to implement ActivityPub which would bring them into the Fediverse: Tumblr, Flickr, Mozilla (so far). There are also plugins to bring your WordPress site into the Fediverse. Then there are a bunch of other smaller platforms. ActivityPub is free and open source and anyone with the skill and inclination can design a platform that utilises ActivityPub.

You don’t have to design your own platform though to run your own social media service. Most of the platforms are open source and free; for example anyone can install their own Mastodon server. A Mastodon server (or pixelfed, hubzilla etc) is called an ‘Instance’, and is the end user’s ‘home’ on the Fediverse; when you join the Fediverse, you choose an instance to sign up to.

Anyone on any instance that uses ActivityPub can talk to, follow and be followed by anyone on any other Instance. There’s one caveat here; because anyone can run an instance, and because some instances operate under rules and moderation practices that other instances find questionable, an instance may decide to ‘defederate’ from a given instance. For example Trump’s social media network Truth.Social uses the ActivityPub protocol. In fact, it’s a Mastodon instance. However almost all other Mastodon and ActivityPub platforms have defederated Truth.Social.

So while most Instances are part of a global federation, there are examples of Instances which been excluded from this general federation. For most intents and purposes, most people in refuge from Twitter joining Mastodon or other ActivityPub instances will be fine with not having access to the few defederated instances.

Because there are many providers of Instances, none of which rely on any central authority, the network is decentralised. Communities can grow up around a given Fediverse instance without any corporate oversight, without ads or ad targeting, and without algorithms dictating who’s posts you see. Communities can manage their own moderation. Communities can federate with as many or as few other Instances as they like. They can potentially federate only with Instances that share common goals or interests. Or they can federate with everyone.

There is still room for improvement in ActivityPub and the many available platforms. Maybe something will take over Mastodon as the most popular Fediverse platform. But for now the pachyderm is leading the charge.

So How Does One Get Involved in the Fediverse?

I will follow up this article with an in depth explanation of how to join the Fediverse and what to expect when you do. But short answer is, join an instance that roughly matches your interests.

These two are a good place to start if you are keen to get going. However I advice doing some research first (or wait for my next article) before leaping in:
If you want a twitter like interface, try Mastodon: https://joinmastodon.org/#getting-started
If you want an Instagram like interface try Pixelfed: https://pixelfed.org/servers

Good luck, and happy hunting!

Privacy and Security – Summary and Guideline for Further Research

An example of a Telecom Data Centre. Licensed under GFDL 1.2 via Wikimedia Commons.

Privacy

Metadata – what does it capture:

  • IP address endpoints on http traffic, but not https.
  • GSM MetaData – who you called/texted and when/where.
  • Public wifi hotspots not required to collect metadata.
  • https mail is secure from metadata protection except —>
    Five eyes agreement (Share intelligence – US UK NZ CANADA and AUST)
    Not secure if you email a non-https email account.
  • Metadata DOES NOT INCLUDE your content on Facebook, however obviously public shared data is available to anyone, and private or friends only data is available through PRISM (see below).

Subpoenas
Information held by Australian service providers, and sometimes international services can be subpoenaed. Example, copyright cases.

https://www.getup.org.au/campaigns/digital-freedom-and-privacy/go-dark-against-data-retention/go-dark-against-data-retention

National Security Agency

NSA have several mechanisms for tracking/collecting data.  The main methods are Internet Backbone interception and PRISM

  • Internet Backbone:
    AT&T, Verizon, Sprint have all provided NSA access to their networks.  This means NSA can monitor and collect data going across those provider’s networks.   NSA have also been caught out intercepting routers enroute from manufacturer to customer and inserting software backdoors.  This means they can log any traffic that crosses that router once it is in operation.
  • PRISM. PRISM is a surveillance system that provides backdoor access to several main service providers.  It allows NSA agents to access data held on users of those services.   Known members of PRISM include:
    Facebook
    Yahoo (who fought it in FISA court but lost)
    Microsoft (and outlook.com)
    Apple
    Google
    AOL
    http://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet
  • FISA Court. – sometimes supports NSA, sometimes limits it.  FISA is the Foreign Intelligence Surveillance Court.  FISA is responsible for authorising or blocking NSA surveillance operations.

 

Security (Solutions)

Warrant Canary

Like a canary used by miners, if the canary dies, there is a gas leak.  Canaries will die from gas before humans, so a dead canary is advanced notice for humans of a gas leak.  Likewise, a warrant canary is a statement regularly updated by a provider indicating they have not been subject to a government warrant.  If the statement is out of date or missing, it means the company has been subject to warrant, and therefore your data held by the company may no longer be secure.

Warrant canaries are issued because warrant requests usually legally require the company not reveal that they are subject to a warrant.

https://www.eff.org/deeplinks/2014/04/warrant-canary-faq

TOR

Web browsing anonymity. IP address obfuscation. Slow, and can’t be used for torenting since torenting breaks the anonymity. Outbound nodes can be compromised.

https anywhere improves security by ensuring all traffic is encrypted.

VPN – Encrypts traffic between the user and the vpn proivder
VPN providers can be subpoenaed – look for vpn that doesn’t keep ip address logs.
Free vpn versus paid – pros and cons – Free VPN providers are less secure, unknown.  Large providers are more secure, but more likely to be subject to warrant.

https://www.torproject.org/projects/torbrowser.html.en

Private chat/call/email

Wickr – goes through central provider but end to end encryption – they don’t know what you are sending.
Wick use Warrant Cannaries.

RISEUP – https secure email. Not encrypted at provider, but provider is trustworthy. They can still be subpoenaed. Riseup use a Warrant Canary.
https://help.riseup.net/

TextSecure, now Redphone – recommended by Snowden – encrypted, but some metadata can leak.

Skype – encrypted, but can be captured if Skype has been subject to warrant (whereas wickr data is fully encrypted end point to end point). Also meta data is leaky. No warrant canary – owned by MS so part of PRISM

All above chat/call methods rely on third parties