Mastodon admins: remember that your threat model is now based on the people who have chosen to make their home in your instance. If that includes Saudis or Chinese people critical of their governments, Turkish journalists, any kind of diplomatic personnel, military aerospace engineers... their threats are now your threats.
@http_error_418 @rysiek great point.
Moving from a centralized platform with 100,000,000s of users to a federated platform with 10,000s of instances changes the defense posture dramatically.
I expect we’re going to need new ways to share threat information, mitigate vulnerabilities, and coordination with national authorities. Seems fine for now… but we’re still running under the radar and the clock is ticking.
> Moving from a centralized platform with 100,000,000s of users to a federated platform with 10,000s of instances changes the defense posture dramatically.
Both in bad and good ways though. Compromising a single admin or techie with production access (*cough* 
*cough*) is no longer enough to get full access to all user accounts, for example.
@http_error_418
@rysiek absolutely. It’s not a simple change and I doubt any of us understand the full implications yet.
Pro: people are isolated from problems at other instances
Con: each instance has way less defensive resources than a centralized platform
Big tech companies struggle to defend the human rights of their global customers against political pressure and cyber attacks from nation state actors. Small teams self-hosting open source software as a hobby are far more vulnerable.
> Big tech companies struggle to defend the human rights of their global customers against political pressure and cyber attacks from nation state actors. Small teams self-hosting open source software as a hobby are far more vulnerable.
I feel it is way more nuanced than that. There's safety in numbers. "Great, we can pressure this instance to kill that account, but what do we do with the 19k other instances?"
@PeterBronez to me, one of *the reasons* why Big Tech companies struggle with that is because they are big and monolithic. The pressure points are well-defined. A government knows what buttons to push to get what they want.
With thousands of small instances, each has different pressure points and differently shaped buttons. Taking lingo from "Seeing like a State", fedi is not as "legible" to governments as Big Tech companies are!
@rysiek @PeterBronez @http_error_418
I wonder whether BigTech values being more legible or less legible, and whether this has changed over last 5~10years. (By "values" I mean "behaves so as to optimize for" for lack of better observable thing. Even if companies were actually entities that had consistent-ish values, actions would be a trailing indicator of those values by years.)
