Search

289 results for “thisismissem”

Esk 🐌⚡💜 @[email protected] · 2024-03-02 · 01:33 UTC

and the first vote for @nivenly members is up -> https://hachyderm.io/@nivenly/112019849759608434.
we plan on announcing the "nivenly fedi security fund experiment" later this weekend. preview: pay finders/contributors who find/close high/critical bugs in fedi software. we did a mini proof of concept and sponsored @thisismissem to ship a fix for a critical 9.9 score vulnerability in pixelfed, and now we're ready to expand a bit. more soon!
#nivenly #hachyderm #fedisecurity

#nivenly #hachyderm #fedisecurity
Esk 🐌⚡💜 @[email protected] · 2024-03-02 · 01:33 UTC

and the first vote for @nivenly members is up -> https://hachyderm.io/@nivenly/112019849759608434.
we plan on announcing the "nivenly fedi security fund experiment" later this weekend. preview: pay finders/contributors who find/close high/critical bugs in fedi software. we did a mini proof of concept and sponsored @thisismissem to ship a fix for a critical 9.9 score vulnerability in pixelfed, and now we're ready to expand a bit. more soon!
#nivenly #hachyderm #fedisecurity

#nivenly #hachyderm #fedisecurity
Esk 🐌⚡💜 @esk · 2024-03-02 · 01:33 UTC

and the first vote for @nivenly members is up -> https://hachyderm.io/@nivenly/112019849759608434.
we plan on announcing the "nivenly fedi security fund experiment" later this weekend. preview: pay finders/contributors who find/close high/critical bugs in fedi software. we did a mini proof of concept and sponsored @thisismissem to ship a fix for a critical 9.9 score vulnerability in pixelfed, and now we're ready to expand a bit. more soon!
#nivenly #hachyderm #fedisecurity

#nivenly #hachyderm #fedisecurity
Esk 🐌⚡💜 @[email protected] · 2024-03-02 · 01:33 UTC

and the first vote for @nivenly members is up -> https://hachyderm.io/@nivenly/112019849759608434.
we plan on announcing the "nivenly fedi security fund experiment" later this weekend. preview: pay finders/contributors who find/close high/critical bugs in fedi software. we did a mini proof of concept and sponsored @thisismissem to ship a fix for a critical 9.9 score vulnerability in pixelfed, and now we're ready to expand a bit. more soon!
#nivenly #hachyderm #fedisecurity

#fedisecurity #hachyderm #nivenly
Esk 🐌⚡💜 @[email protected] · 2024-03-02 · 01:33 UTC

and the first vote for @nivenly members is up -> https://hachyderm.io/@nivenly/112019849759608434.
we plan on announcing the "nivenly fedi security fund experiment" later this weekend. preview: pay finders/contributors who find/close high/critical bugs in fedi software. we did a mini proof of concept and sponsored @thisismissem to ship a fix for a critical 9.9 score vulnerability in pixelfed, and now we're ready to expand a bit. more soon!
#nivenly #hachyderm #fedisecurity

#nivenly #hachyderm #fedisecurity
PJ "Vote Green" Coffey @[email protected] · 2023-03-07 · 10:48 UTC

@bydesign
You misunderstand.
The people sharing the transphobic information do not consider themselves transphobic. Their motives are mostly good.
However they are sharing the propaganda and 1. Trans people do not want to look at that shit unexpectedly.
2. Don't spread propaganda. It is effective and it works. That's why it gets used.
Hope that helps!
#DontSpreadFascistPropaganda
@thisismissem

#dontspreadfascistpropaganda
utopiArte @[email protected] · 2025-04-04 · 19:05 UTC

Gathering the people involved till now in this #fediMarket question to create some impulse and general discussion about this topic.
This is not a proposal but some thoughts and unfinished considerations, looking for some input or to become at least some output itself.
As @thomas pointed out there is #flohmarkt, as it looks like coded by @[email protected] .
It has apparently the goal to be all the contrary to a centralized system but aims to be more like a local give away, sales and advertisement platform. Actualy it's not an auction like platform, witch is quite an interesting take. Still looking thru the ccc-Media video presentation trying to get a grip on it. As of now I didn't get the local restriction. Not sure if the restriction is mend to be by IP of the users, the IP of the platform of users or just some kind of instance restriction.
The #GNUtaler discussion in this topic points to the general issue not only about payment but also about the system of trust that can be or could be implemented.
It is and was quite interesting to see how the #ebay concept didn't catch up in Latin America because there was way to much fraud and the only thing that could catch up was some kind of sales platform like #mercadolibre that actually turned out to become some kind of national advertisement platform for professional sellers.
What did tho work in an astonishing way, and let's please leave aside for a moment some issues bitcoin does involve, is the concept #localbitcoins came up with, actually as well as the famous #Silkroad example. Sites that managed to create some kind of trustless exchange. The particularity of localbitcoins tho was that they invented a reference system where people actually even meet each other and backed up their existence by some how proving each others identity. Ultimately the reference and reputation system of localbitcoins, reputation out of completed transactions and comments about them, as well as in person verification, created a functional working environment, something that till today is looking for a match out there.
All these a real critical issues. And perhaps not only for trade but to a certain extent for our #socialWeb, our #fediVerse itself. On one hand we have commercial transactions that can involve fraud and on the other personal information that also can be exposed to fraud and worth. In our decentralized setup this is even somehow more complicated as fraudsters can restart at any given moment from anywhere else, while at the same time reputation on mid and long term should and can matter.
So, what we do have is on one hand the "real me" function implemented for example by mastodon, and on the other we do have the signing capabilities of blockchains themselves. In particular of #electrum wallets, a decentralized wallet system that was created and is implemented not only by bitcoin but a lot more blockchains that want to show off with a real simple decentralized #FOSS wallet system.
To get this straight, this is not about any coin or acquisition of any coin at all, but the simple technical availability of installing a simple long standing proven decentralized FOSS software that has the capability to sign or prove the correctness of any kind of text string. Nobody needs to have a single cent of a coin, or connect to anywhere, to create a wallet and with it a wallet address that than can sign a text. In other words, any wallet address is an ID that can't be impersonated without the respective password.
So, it doesn't matter where for example the ID "bc1qp8xla8me0ykkh5wzrvkjgtdnuma0galep9cedu" as a profile name shows up, or which profile claims to represent the ID "bc1qp8xla8me0ykkh5wzrvkjgtdnuma0galep9cedu", unless it is able to show off with a text, for example:
"I do have access to the signing keys for this ID" signed correctly with that wallet address, that profile could be considered an impostor.
To create show cases for this idea, for this concept, there is on one hand the friendica fediVerse site:
inversion.tupambae.com/
The profile "blockchain" for example uses the just mentioned specific ID:
inversion.tupambae.com/profile…
as some kind of "none human readable address".
Than there is the site:
1dhfsbbdpv4wshuyc6197nymcfeqqk…
The subdomain name itself is a first generation bitcoin address that has been used on the web and even if the capital letter detail is not in use, references are found for example by google.
That site hosts a project profile that again uses a bitcoin #SEGWIT address as an ID:
1dhfsbbdpv4wshuyc6197nymcfeqqk…
Actually the bc1 segwit system is not case senitive, in other words no capital letters in those ID's.
That profile itself is a reference to a mastodon profile that uses it to claim it's "real me" identity as "btc SEGWIT verified":
mastodon.uy/@tierranietos
Again there is not only no need for to involve bitcoins or cents of bitcoins (satoshis) in this. Even bitcoin itself doesn't have to be used, as there are lot's of electrum wallets out there. They do tho only verify texts signed with the same coin wallet. There is for example a #namecoin electrum wallet, a first generation coin invented to create a decentralized URL system, as well as there is for example a #faircoin electrum wallet. Considering all the altcoins created out there, faircoin at least is/was an interesting option that apparently failed to a certain extent due to the intent or claim by some in the community to be tradable on exchanges.
Again, this is not about any coin at all but about the fact that we do have simple unique ID's at hand we can verify and we can use to create reputation and or invent some system of trust and reference on desktop and mobile.
Than there is the consideration of guaranties and identities in the middle that allow escrow as implemented by localbitcoins.
This escrow issue would involve somehow coins/tokens, at least as some kind of guaranty until the transaction is finished. Be it as a general input to prove the seriousness of an involvement, an offer or even a publication. In terms of bitcoin itself, the second level segwit technology allows the creation of circles of trust without even publishing transactions to the main bitcoin #blockchain.
@[email protected]
@[email protected]
@thisismissem @annewalk
@resl @NGIZero

#fediverse #foss #flohmarkt #namecoin #segwit #blockchain
utopiArte @[email protected] · 2025-04-04 · 19:05 UTC

Gathering the people involved till now in this #fediMarket question to create some impulse and general discussion about this topic.
This is not a proposal but some thoughts and unfinished considerations, looking for some input or to become at least some output itself.
As @thomas pointed out there is #flohmarkt, as it looks like coded by @[email protected] .
It has apparently the goal to be all the contrary to a centralized system but aims to be more like a local give away, sales and advertisement platform. Actualy it's not an auction like platform, witch is quite an interesting take. Still looking thru the ccc-Media video presentation trying to get a grip on it. As of now I didn't get the local restriction. Not sure if the restriction is mend to be by IP of the users, the IP of the platform of users or just some kind of instance restriction.
The #GNUtaler discussion in this topic points to the general issue not only about payment but also about the system of trust that can be or could be implemented.
It is and was quite interesting to see how the #ebay concept didn't catch up in Latin America because there was way to much fraud and the only thing that could catch up was some kind of sales platform like #mercadolibre that actually turned out to become some kind of national advertisement platform for professional sellers.
What did tho work in an astonishing way, and let's please leave aside for a moment some issues bitcoin does involve, is the concept #localbitcoins came up with, actually as well as the famous #Silkroad example. Sites that managed to create some kind of trustless exchange. The particularity of localbitcoins tho was that they invented a reference system where people actually even meet each other and backed up their existence by some how proving each others identity. Ultimately the reference and reputation system of localbitcoins, reputation out of completed transactions and comments about them, as well as in person verification, created a functional working environment, something that till today is looking for a match out there.
All these a real critical issues. And perhaps not only for trade but to a certain extent for our #socialWeb, our #fediVerse itself. On one hand we have commercial transactions that can involve fraud and on the other personal information that also can be exposed to fraud and worth. In our decentralized setup this is even somehow more complicated as fraudsters can restart at any given moment from anywhere else, while at the same time reputation on mid and long term should and can matter.
So, what we do have is on one hand the "real me" function implemented for example by mastodon, and on the other we do have the signing capabilities of blockchains themselves. In particular of #electrum wallets, a decentralized wallet system that was created and is implemented not only by bitcoin but a lot more blockchains that want to show off with a real simple decentralized #FOSS wallet system.
To get this straight, this is not about any coin or acquisition of any coin at all, but the simple technical availability of installing a simple long standing proven decentralized FOSS software that has the capability to sign or prove the correctness of any kind of text string. Nobody needs to have a single cent of a coin, or connect to anywhere, to create a wallet and with it a wallet address that than can sign a text. In other words, any wallet address is an ID that can't be impersonated without the respective password.
So, it doesn't matter where for example the ID "bc1qp8xla8me0ykkh5wzrvkjgtdnuma0galep9cedu" as a profile name shows up, or which profile claims to represent the ID "bc1qp8xla8me0ykkh5wzrvkjgtdnuma0galep9cedu", unless it is able to show off with a text, for example:
"I do have access to the signing keys for this ID" signed correctly with that wallet address, that profile could be considered an impostor.
To create show cases for this idea, for this concept, there is on one hand the friendica fediVerse site:
inversion.tupambae.com/
The profile "blockchain" for example uses the just mentioned specific ID:
inversion.tupambae.com/profile…
as some kind of "none human readable address".
Than there is the site:
1dhfsbbdpv4wshuyc6197nymcfeqqk…
The subdomain name itself is a first generation bitcoin address that has been used on the web and even if the capital letter detail is not in use, references are found for example by google.
That site hosts a project profile that again uses a bitcoin #SEGWIT address as an ID:
1dhfsbbdpv4wshuyc6197nymcfeqqk…
Actually the bc1 segwit system is not case senitive, in other words no capital letters in those ID's.
That profile itself is a reference to a mastodon profile that uses it to claim it's "real me" identity as "btc SEGWIT verified":
mastodon.uy/@tierranietos
Again there is not only no need for to involve bitcoins or cents of bitcoins (satoshis) in this. Even bitcoin itself doesn't have to be used, as there are lot's of electrum wallets out there. They do tho only verify texts signed with the same coin wallet. There is for example a #namecoin electrum wallet, a first generation coin invented to create a decentralized URL system, as well as there is for example a #faircoin electrum wallet. Considering all the altcoins created out there, faircoin at least is/was an interesting option that apparently failed to a certain extent due to the intent or claim by some in the community to be tradable on exchanges.
Again, this is not about any coin at all but about the fact that we do have simple unique ID's at hand we can verify and we can use to create reputation and or invent some system of trust and reference on desktop and mobile.
Than there is the consideration of guaranties and identities in the middle that allow escrow as implemented by localbitcoins.
This escrow issue would involve somehow coins/tokens, at least as some kind of guaranty until the transaction is finished. Be it as a general input to prove the seriousness of an involvement, an offer or even a publication. In terms of bitcoin itself, the second level segwit technology allows the creation of circles of trust without even publishing transactions to the main bitcoin #blockchain.
@[email protected]
@[email protected]
@thisismissem @annewalk
@resl @NGIZero

#fediverse #foss #flohmarkt #namecoin #segwit #blockchain
utopiArte @[email protected] · 2025-04-04 · 19:05 UTC

Gathering the people involved till now in this #fediMarket question to create some impulse and general discussion about this topic.
This is not a proposal but some thoughts and unfinished considerations, looking for some input or to become at least some output itself.
As @thomas pointed out there is #flohmarkt, as it looks like coded by @[email protected] .
It has apparently the goal to be all the contrary to a centralized system but aims to be more like a local give away, sales and advertisement platform. Actualy it's not an auction like platform, witch is quite an interesting take. Still looking thru the ccc-Media video presentation trying to get a grip on it. As of now I didn't get the local restriction. Not sure if the restriction is mend to be by IP of the users, the IP of the platform of users or just some kind of instance restriction.
The #GNUtaler discussion in this topic points to the general issue not only about payment but also about the system of trust that can be or could be implemented.
It is and was quite interesting to see how the #ebay concept didn't catch up in Latin America because there was way to much fraud and the only thing that could catch up was some kind of sales platform like #mercadolibre that actually turned out to become some kind of national advertisement platform for professional sellers.
What did tho work in an astonishing way, and let's please leave aside for a moment some issues bitcoin does involve, is the concept #localbitcoins came up with, actually as well as the famous #Silkroad example. Sites that managed to create some kind of trustless exchange. The particularity of localbitcoins tho was that they invented a reference system where people actually even meet each other and backed up their existence by some how proving each others identity. Ultimately the reference and reputation system of localbitcoins, reputation out of completed transactions and comments about them, as well as in person verification, created a functional working environment, something that till today is looking for a match out there.
All these a real critical issues. And perhaps not only for trade but to a certain extent for our #socialWeb, our #fediVerse itself. On one hand we have commercial transactions that can involve fraud and on the other personal information that also can be exposed to fraud and worth. In our decentralized setup this is even somehow more complicated as fraudsters can restart at any given moment from anywhere else, while at the same time reputation on mid and long term should and can matter.
So, what we do have is on one hand the "real me" function implemented for example by mastodon, and on the other we do have the signing capabilities of blockchains themselves. In particular of #electrum wallets, a decentralized wallet system that was created and is implemented not only by bitcoin but a lot more blockchains that want to show off with a real simple decentralized #FOSS wallet system.
To get this straight, this is not about any coin or acquisition of any coin at all, but the simple technical availability of installing a simple long standing proven decentralized FOSS software that has the capability to sign or prove the correctness of any kind of text string. Nobody needs to have a single cent of a coin, or connect to anywhere, to create a wallet and with it a wallet address that than can sign a text. In other words, any wallet address is an ID that can't be impersonated without the respective password.
So, it doesn't matter where for example the ID "bc1qp8xla8me0ykkh5wzrvkjgtdnuma0galep9cedu" as a profile name shows up, or which profile claims to represent the ID "bc1qp8xla8me0ykkh5wzrvkjgtdnuma0galep9cedu", unless it is able to show off with a text, for example:
"I do have access to the signing keys for this ID" signed correctly with that wallet address, that profile could be considered an impostor.
To create show cases for this idea, for this concept, there is on one hand the friendica fediVerse site:
inversion.tupambae.com/
The profile "blockchain" for example uses the just mentioned specific ID:
inversion.tupambae.com/profile…
as some kind of "none human readable address".
Than there is the site:
1dhfsbbdpv4wshuyc6197nymcfeqqk…
The subdomain name itself is a first generation bitcoin address that has been used on the web and even if the capital letter detail is not in use, references are found for example by google.
That site hosts a project profile that again uses a bitcoin #SEGWIT address as an ID:
1dhfsbbdpv4wshuyc6197nymcfeqqk…
Actually the bc1 segwit system is not case senitive, in other words no capital letters in those ID's.
That profile itself is a reference to a mastodon profile that uses it to claim it's "real me" identity as "btc SEGWIT verified":
mastodon.uy/@tierranietos
Again there is not only no need for to involve bitcoins or cents of bitcoins (satoshis) in this. Even bitcoin itself doesn't have to be used, as there are lot's of electrum wallets out there. They do tho only verify texts signed with the same coin wallet. There is for example a #namecoin electrum wallet, a first generation coin invented to create a decentralized URL system, as well as there is for example a #faircoin electrum wallet. Considering all the altcoins created out there, faircoin at least is/was an interesting option that apparently failed to a certain extent due to the intent or claim by some in the community to be tradable on exchanges.
Again, this is not about any coin at all but about the fact that we do have simple unique ID's at hand we can verify and we can use to create reputation and or invent some system of trust and reference on desktop and mobile.
Than there is the consideration of guaranties and identities in the middle that allow escrow as implemented by localbitcoins.
This escrow issue would involve somehow coins/tokens, at least as some kind of guaranty until the transaction is finished. Be it as a general input to prove the seriousness of an involvement, an offer or even a publication. In terms of bitcoin itself, the second level segwit technology allows the creation of circles of trust without even publishing transactions to the main bitcoin #blockchain.
@[email protected]
@[email protected]
@thisismissem @annewalk
@resl @NGIZero

#fediverse #foss #flohmarkt #namecoin #segwit #blockchain
utopiArte @[email protected] · 2025-04-04 · 19:05 UTC

Gathering the people involved till now in this #fediMarket question to create some impulse and general discussion about this topic.
This is not a proposal but some thoughts and unfinished considerations, looking for some input or to become at least some output itself.
As @thomas pointed out there is #flohmarkt, as it looks like coded by @[email protected] .
It has apparently the goal to be all the contrary to a centralized system but aims to be more like a local give away, sales and advertisement platform. Actualy it's not an auction like platform, witch is quite an interesting take. Still looking thru the ccc-Media video presentation trying to get a grip on it. As of now I didn't get the local restriction. Not sure if the restriction is mend to be by IP of the users, the IP of the platform of users or just some kind of instance restriction.
The #GNUtaler discussion in this topic points to the general issue not only about payment but also about the system of trust that can be or could be implemented.
It is and was quite interesting to see how the #ebay concept didn't catch up in Latin America because there was way to much fraud and the only thing that could catch up was some kind of sales platform like #mercadolibre that actually turned out to become some kind of national advertisement platform for professional sellers.
What did tho work in an astonishing way, and let's please leave aside for a moment some issues bitcoin does involve, is the concept #localbitcoins came up with, actually as well as the famous #Silkroad example. Sites that managed to create some kind of trustless exchange. The particularity of localbitcoins tho was that they invented a reference system where people actually even meet each other and backed up their existence by some how proving each others identity. Ultimately the reference and reputation system of localbitcoins, reputation out of completed transactions and comments about them, as well as in person verification, created a functional working environment, something that till today is looking for a match out there.
All these a real critical issues. And perhaps not only for trade but to a certain extent for our #socialWeb, our #fediVerse itself. On one hand we have commercial transactions that can involve fraud and on the other personal information that also can be exposed to fraud and worth. In our decentralized setup this is even somehow more complicated as fraudsters can restart at any given moment from anywhere else, while at the same time reputation on mid and long term should and can matter.
So, what we do have is on one hand the "real me" function implemented for example by mastodon, and on the other we do have the signing capabilities of blockchains themselves. In particular of #electrum wallets, a decentralized wallet system that was created and is implemented not only by bitcoin but a lot more blockchains that want to show off with a real simple decentralized #FOSS wallet system.
To get this straight, this is not about any coin or acquisition of any coin at all, but the simple technical availability of installing a simple long standing proven decentralized FOSS software that has the capability to sign or prove the correctness of any kind of text string. Nobody needs to have a single cent of a coin, or connect to anywhere, to create a wallet and with it a wallet address that than can sign a text. In other words, any wallet address is an ID that can't be impersonated without the respective password.
So, it doesn't matter where for example the ID "bc1qp8xla8me0ykkh5wzrvkjgtdnuma0galep9cedu" as a profile name shows up, or which profile claims to represent the ID "bc1qp8xla8me0ykkh5wzrvkjgtdnuma0galep9cedu", unless it is able to show off with a text, for example:
"I do have access to the signing keys for this ID" signed correctly with that wallet address, that profile could be considered an impostor.
To create show cases for this idea, for this concept, there is on one hand the friendica fediVerse site:
inversion.tupambae.com/
The profile "blockchain" for example uses the just mentioned specific ID:
inversion.tupambae.com/profile…
as some kind of "none human readable address".
Than there is the site:
1dhfsbbdpv4wshuyc6197nymcfeqqk…
The subdomain name itself is a first generation bitcoin address that has been used on the web and even if the capital letter detail is not in use, references are found for example by google.
That site hosts a project profile that again uses a bitcoin #SEGWIT address as an ID:
1dhfsbbdpv4wshuyc6197nymcfeqqk…
Actually the bc1 segwit system is not case senitive, in other words no capital letters in those ID's.
That profile itself is a reference to a mastodon profile that uses it to claim it's "real me" identity as "btc SEGWIT verified":
mastodon.uy/@tierranietos
Again there is not only no need for to involve bitcoins or cents of bitcoins (satoshis) in this. Even bitcoin itself doesn't have to be used, as there are lot's of electrum wallets out there. They do tho only verify texts signed with the same coin wallet. There is for example a #namecoin electrum wallet, a first generation coin invented to create a decentralized URL system, as well as there is for example a #faircoin electrum wallet. Considering all the altcoins created out there, faircoin at least is/was an interesting option that apparently failed to a certain extent due to the intent or claim by some in the community to be tradable on exchanges.
Again, this is not about any coin at all but about the fact that we do have simple unique ID's at hand we can verify and we can use to create reputation and or invent some system of trust and reference on desktop and mobile.
Than there is the consideration of guaranties and identities in the middle that allow escrow as implemented by localbitcoins.
This escrow issue would involve somehow coins/tokens, at least as some kind of guaranty until the transaction is finished. Be it as a general input to prove the seriousness of an involvement, an offer or even a publication. In terms of bitcoin itself, the second level segwit technology allows the creation of circles of trust without even publishing transactions to the main bitcoin #blockchain.
@[email protected]
@[email protected]
@thisismissem @annewalk
@resl @NGIZero

#localbitcoins #fedimarket #ebay #gnutaler #mercadolibre #silkroad
utopiArte @[email protected] · 2025-04-04 · 19:05 UTC

Gathering the people involved till now in this #fediMarket question to create some impulse and general discussion about this topic.
This is not a proposal but some thoughts and unfinished considerations, looking for some input or to become at least some output itself.
As @thomas pointed out there is #flohmarkt, as it looks like coded by @[email protected] .
It has apparently the goal to be all the contrary to a centralized system but aims to be more like a local give away, sales and advertisement platform. Actualy it's not an auction like platform, witch is quite an interesting take. Still looking thru the ccc-Media video presentation trying to get a grip on it. As of now I didn't get the local restriction. Not sure if the restriction is mend to be by IP of the users, the IP of the platform of users or just some kind of instance restriction.
The #GNUtaler discussion in this topic points to the general issue not only about payment but also about the system of trust that can be or could be implemented.
It is and was quite interesting to see how the #ebay concept didn't catch up in Latin America because there was way to much fraud and the only thing that could catch up was some kind of sales platform like #mercadolibre that actually turned out to become some kind of national advertisement platform for professional sellers.
What did tho work in an astonishing way, and let's please leave aside for a moment some issues bitcoin does involve, is the concept #localbitcoins came up with, actually as well as the famous #Silkroad example. Sites that managed to create some kind of trustless exchange. The particularity of localbitcoins tho was that they invented a reference system where people actually even meet each other and backed up their existence by some how proving each others identity. Ultimately the reference and reputation system of localbitcoins, reputation out of completed transactions and comments about them, as well as in person verification, created a functional working environment, something that till today is looking for a match out there.
All these a real critical issues. And perhaps not only for trade but to a certain extent for our #socialWeb, our #fediVerse itself. On one hand we have commercial transactions that can involve fraud and on the other personal information that also can be exposed to fraud and worth. In our decentralized setup this is even somehow more complicated as fraudsters can restart at any given moment from anywhere else, while at the same time reputation on mid and long term should and can matter.
So, what we do have is on one hand the "real me" function implemented for example by mastodon, and on the other we do have the signing capabilities of blockchains themselves. In particular of #electrum wallets, a decentralized wallet system that was created and is implemented not only by bitcoin but a lot more blockchains that want to show off with a real simple decentralized #FOSS wallet system.
To get this straight, this is not about any coin or acquisition of any coin at all, but the simple technical availability of installing a simple long standing proven decentralized FOSS software that has the capability to sign or prove the correctness of any kind of text string. Nobody needs to have a single cent of a coin, or connect to anywhere, to create a wallet and with it a wallet address that than can sign a text. In other words, any wallet address is an ID that can't be impersonated without the respective password.
So, it doesn't matter where for example the ID "bc1qp8xla8me0ykkh5wzrvkjgtdnuma0galep9cedu" as a profile name shows up, or which profile claims to represent the ID "bc1qp8xla8me0ykkh5wzrvkjgtdnuma0galep9cedu", unless it is able to show off with a text, for example:
"I do have access to the signing keys for this ID" signed correctly with that wallet address, that profile could be considered an impostor.
To create show cases for this idea, for this concept, there is on one hand the friendica fediVerse site:
inversion.tupambae.com/
The profile "blockchain" for example uses the just mentioned specific ID:
inversion.tupambae.com/profile…
as some kind of "none human readable address".
Than there is the site:
1dhfsbbdpv4wshuyc6197nymcfeqqk…
The subdomain name itself is a first generation bitcoin address that has been used on the web and even if the capital letter detail is not in use, references are found for example by google.
That site hosts a project profile that again uses a bitcoin #SEGWIT address as an ID:
1dhfsbbdpv4wshuyc6197nymcfeqqk…
Actually the bc1 segwit system is not case senitive, in other words no capital letters in those ID's.
That profile itself is a reference to a mastodon profile that uses it to claim it's "real me" identity as "btc SEGWIT verified":
mastodon.uy/@tierranietos
Again there is not only no need for to involve bitcoins or cents of bitcoins (satoshis) in this. Even bitcoin itself doesn't have to be used, as there are lot's of electrum wallets out there. They do tho only verify texts signed with the same coin wallet. There is for example a #namecoin electrum wallet, a first generation coin invented to create a decentralized URL system, as well as there is for example a #faircoin electrum wallet. Considering all the altcoins created out there, faircoin at least is/was an interesting option that apparently failed to a certain extent due to the intent or claim by some in the community to be tradable on exchanges.
Again, this is not about any coin at all but about the fact that we do have simple unique ID's at hand we can verify and we can use to create reputation and or invent some system of trust and reference on desktop and mobile.
Than there is the consideration of guaranties and identities in the middle that allow escrow as implemented by localbitcoins.
This escrow issue would involve somehow coins/tokens, at least as some kind of guaranty until the transaction is finished. Be it as a general input to prove the seriousness of an involvement, an offer or even a publication. In terms of bitcoin itself, the second level segwit technology allows the creation of circles of trust without even publishing transactions to the main bitcoin #blockchain.
@[email protected]
@[email protected]
@thisismissem @annewalk
@resl @NGIZero

#fediverse #foss #flohmarkt #namecoin #segwit #blockchain
IFTAS @[email protected] · 2024-12-23 · 17:50 UTC
Fortifying the Fediverse: Decentralised Trust and Safety 2024
As 2024 comes to a close, it’s a fitting moment to reflect on a year of collaboration and innovation in trust and safety within the decentralised social web. This year has been one of growth for IFTAS and the fediverse community, marked by new initiatives, partnerships, and tools that strengthen the resilience and inclusivity of federated platforms.
IFTAS Milestones
We began the year with the release of our DSA Guide for Decentralised Services, offering practical insights to help decentralised platforms navigate the EU Digital Services Act. This resource has become essential for community leaders adapting to the latest regulatory requirements. In March, we introduced a suite of Personal Digital Safety Tools from Tall Poppy, designed to help community leaders safeguard themselves against doxing, harassment, and other online threats. This initiative supports the well-being of those at the forefront of creating safe spaces.

In May, we proudly launched IFTAS Connect, a collaborative platform for moderators, administrators, and trust & safety teams. By fostering community-building and sharing resources, IFTAS Connect has become a key tool for improving moderation efforts across the Fediverse. We also introduced FediCheck, a transparency tool that helps users evaluate the policies and safety measures of various Fediverse servers. By making this information accessible, FediCheck empowers service administrators to make informed choices about the platforms they engage with.
In October, our community demonstrated exceptional resilience during a large-scale spam attack on the Fediverse. This collective effort showcased the strength of our network and our ability to address challenges collaboratively.
We welcomed three amazing contributors, Ted Han, Erin Kissane, and Andrés Monroy-Hernández, to our Advisory Board. Their expertise in open-source technology and digital governance strengthens our mission to build safer, more equitable online spaces.
We stress tested our Content Classification Service, starting with tools to detect and combat child sexual abuse material. This marks a significant step forward in equipping moderators with resources to enhance community safety.
We ended the year with the release of our annual Needs Assessment Report, gathering insights from 180+ services hosting over 4.3 million accounts across the open social web. The report highlights key challenges and opportunities, offering actionable recommendations to support moderators and administrators, and will guide our work in the coming year.
The Ecosystem Expands
2024 saw a range of non-profit organisational growth including the launch of the Social Web Foundation, dedicated to enhancing interoperability, safety, and governance across decentralised networks.
As decentralised platforms grapple with the challenges of misinformation and disinformation, Newsmast emerged as a key player in combating these threats. The platform’s proactive approach to content verification and user education has set new standards for maintaining the integrity of information shared on federated networks. Their collaborative efforts with community moderators have been instrumental in promoting accurate and reliable discourse.

Emelia Smith proposed and led the creation of the ActivityPub Trust and Safety Taskforce, whose first task will be an overview of current state of trust and safety on the Fediverse, followed by work on flags, blocks, and content labelling.
Juliet Shen announced the creation of the Open Source Tooling Consortium at TrustCon, which can both contribute to, and learn from, the open source community building federated social networks.
A New Social was launched to liberate people’s networks from their platforms, leveling the playing field across the open social web – with it’s first project to adopt and expand BridgyFed.
We look forward to collaborating with these and other organisations as the network grows, seeking to reduce duplicative effort and leveraging the energy and commitment all these amazing people are bringing to the table.
Platform Developers
Two FediForum events highlighted a ton of new work in federated platforms.
The Mastodon team is spearheading the Federated Auxiliary Service Provider specification, which is focussed on search and discovery for now but can open up a world of possibilities for trust and safety tooling. Mastodon 4.3 saw improvements in dealing with unwanted content, and Bonfire Networks undertook a range of activities to explore governance and moderation tooling as a foundation of their platform development.
Fediseer continues to be a growing resource for Lemmy and Mastodon administrators, and fedi-safety is a novel tool that can classify genAI CSAM on Lemmy and potentially other services. Pixelfed introduced comment controls and enhanced spam classifiers.
BlueSky introduced Ozone, an innovative moderation tool designed to support moderators in managing their communities. Ozone’s integration of advanced filtering systems makes it a standout contribution to the trust and safety ecosystem, powering several “composable moderation” projects on the Bluesky “ATmosphere” with the notable success of Blacksky, an AT Protocol implementation prioritising the community building efforts of marginalized groups; especially Bluesky’s community of Black users after which the project is named.
Spritely is working on the next generation of decentralised tech, building on co-founders’ Jessica Tallon and Christine Lemmer-Webber’s experience co-authoring ActivityPub.
Research and Writings

Yoel Roth and Samantha Lai published “Securing Federated Platforms: Collective Risks and Responses“, which has become an essential resource for administrators and moderators. The report explores the shared vulnerabilities of decentralised networks and provides actionable recommendations for mitigating risks collaboratively. Its release has sparked important conversations about collective accountability and the role of communities in safeguarding the social web.
Darius Kazemi and Erin Kissane published “Governance on Fediverse Microblogging Servers” – answering the question “What are the most effective governance and administration models in place on medium-to-large sized Fediverse servers?”
Looking Ahead to 2025
As we celebrate the progress made this year, we are energised by the opportunities that lie ahead. Reviewing the 2024 Needs Assessment we see our work expanding moderation tooling and providing new and enhanced resources to further strengthen and scale trust and safety in federated social networks. Wherever possible, we will endeavour to align with projects and participants that are similarly working to create #BetterSocialMedia

We are committed to advancing trust and safety in the federated web. Together, with the continued support of our community and partners, we will build on the foundations laid in 2024 to create safer, more inclusive online spaces.
To support our global community, we are translating our shared labels and definitions into multiple languages. We welcome any and all input in this collaborative effort, submit a few translations today!
Recognising the emotional toll of moderation, we will adopt and adapt resources to support moderators dealing with traumatic content. We aim to offer comprehensive guidance on various regulatory frameworks, including the UK Online Safety Act, to assist administrators and moderators in building toward compliance.
Our comprehensive Moderator Handbook is in the final stages of editing and will soon be available as a valuable resource for both new and experienced moderators. We plan to introduce hash and match services to identify and manage non-consensual intimate imagery and terrorist and violent extremist content, using platforms like StopNCII and GIFCT.
You can track our in-progress and planned activities on our Activity Tracker page.
We thank everyone involved and engaged in strengthening and scaling trust and safety in this exciting landscape, and look forward to achieving even greater milestones together in the coming year.
Support the Social Web
Almost everyone and everything mentioned above is supported by donations. If you believe in an open web that is safe and inclusive (not to mention ad-free and not in the habit of selling your data to the highest bidder) consider signing up for a subscription, or making a donation to any of these institutions and individuals who are working to ensure an open, democratic web for everyone in the world to enjoy. This is just a list of links for people and projects listed above, but there are hundreds more worthy of your support.
#TogetherStronger
- Blacksky
- Bonfire Networks
- Darius Kazemi
- db0
- Emelia Smith (@ThisIsMissEm)
- Erin Kissane
- Fediseer
- Independent Federated Trust and Safety (IFTAS)
- Lemmy
- Mastodon
- Newsmast Foundation
- Pixelfed
- Social Web Foundation
- Spritely Institute
#BetterSocialMedia #TogetherStronger
#bettersocialmedia #togetherstronger
IFTAS @[email protected] · 2024-08-13 · 15:08 UTC
In November of 2022 as millions of people sought alternatives to Twitter, the Fediverse experienced tremendous growth – and with that growth came an increasing number of people asking “how do we scale and support volunteer trust and safety?”. IFTAS was born out of those conversations, beginning with a working group to identify the issues and propose possible solutions, followed by a community survey to gauge the interest and needs of service administrators and moderators, and finally securing funding to kickstart the activities.
As I reflect on a year of activity and plan for what’s next, I’d like to offer my vision for IFTAS, talk about what the broader impact of a federated social web means, examine a few fundamental challenges, and offer ways we can all help safeguard and sustain #BetterSocialMedia.
Over the past year I’ve personally counselled moderators on the front lines of conflict resolution, bigotry, and exposure to traumatic content, and I’ve seen time and again the abuse levelled at people working for free filling the under-appreciated role of moderating human interactions online.
On the other hand, I’ve also had the unmitigated joy of working with a growing number of amazing people who are incredibly energised and devoted to making our online world work better. People who are actively reducing harm, increasing safety, developing new technologies for new problems, authoring guidance for moderators, and watching them come together for the greater good.
At IFTAS we’ve spent the past year building a community of roughly 200 moderators and administrators who are actively sharing best practices and lessons learned. We’ve also built moderation tooling and services, worked with industry and subject matter experts to provide guidance and educational materials, and hopefully we’ve helped reduce harm for our moderators and their communities.
We’ve contracted or provided stipends to two dozen Fediverse supporters and moderators, and we’ve provided personal safety support for 20 at-risk moderators. As we head into year two for IFTAS I am hopeful we and others can continue to advance and elevate the conversation around user safety and moderation support.
Fundamental Challenges
Trust and safety at scale in volunteer-operated services is immediately observable as being underfunded and understaffed. Corporate social media services have the benefit of lawyers, money, and subject matter experts in the myriad harms perpetrated on the internet, from spam to disinformation to hate to copyright issues, the list is long.
A small Fediverse instance operated by a lone admin/moderator cannot possibly be expected to acquire all the knowledge and experience required to mitigate all these issues. Even the largest teams still don’t have the time or resources necessary to manage every conceivable issue.
Here’s just one case in point. Did you know it’s illegal to offer to sell or loan a hard non-flexible plate with three or more sharp radiating points, designed to be thrown in the United Kingdom? What should a moderator do if a user offers such an item for sale or loan? How liable is the instance administrator? Are they even subject to UK jurisdiction? If so, what other items are prohibited in the UK? How about France? Tunisia? India?
IFTAS has a long list of action items that our community has asked for, but I believe there are fundamental challenges that are of top priority and offer some easy wins to move the conversation forward.
While IFTAS can help and is working on each of these, the broader community can also impact each of these, and I will offer some ways we can gather our collective strengths to address these challenges.
In no particular order, let’s explore:
- Federation Management – federation is on by default and highly permissive. New servers immediately connect with thousands of peers, irrespective of their authenticity and suitability, creating easy vectors for abuse and harassment. How can we reduce the opportunity for harm?
- Common Vocabulary – for interconnected moderators and administrators to work together, we need to agree on labels and definitions. What work has been done to create standard terminology, and how might we introduce this to the dozens of platforms and apps available?
- Regulatory Compliance – regulations like the Digital Services Act, age verification requirements, the UK’s Online Safety Act and others are impacting social media providers, and Fediverse instances are not immune. Legal support and protection from illicit content are our moderator’s highest concerns. What can we do to protect ourselves from liability?
- Shared Signals – we federate content, but we don’t federate information about that content. The current state of the art does not help administrators and moderators communicate with each other. Let’s fix that.
Domain Federation Management
The Fediverse is an interconnected network of services federating content with each other, running on open source software, communicating using open protocols. As I write this, we are approaching 30,000 servers visible on the network, up from just under 8,000 in October of 2022 (FediDB).

30,000 servers, means at least 30,000 content moderators, with roughly 30,000 definitions of what constitutes inappropriate content. 30,000 servers means connecting with 29,999 other servers that may or may not be well-moderated.
Those 30,000 servers host 14 million accounts. Federating with those servers means giving 14 million people the right to create files on your publicly-accessible hard drive. This is the de facto standard; most instances allow connection unless the administrator blocks a specific domain. It is a reactive proposition, and the more servers that join the network, the more things there are to react to. Moderating one server means moderating the entire network.
The web is used by billions of people, and not all of them have your best interests at heart. The low barrier to entry – download some free software and install it on a cheap web host with a free domain name – means that some servers are operating with the explicit intent to harbour hateful or illegal content, to disrupt the network, or to generally provide a source of troll behaviour.
Consider this statement from one server operator:
Many well-meaning community leaders have started services only to be drowned in a torrent of hate and abuse from users of servers such as the one above, leading many to walk away, scarred, likely never to return. Those who stay to work through the problem are incredulous that the alternative to corporate social media boils down to “connect to anyone and everyone, good luck with that”. I believe this to be unacceptable, unscalable, and easily mitigated. I’d like to see far fewer messages like the one below.
One server administrator at the beginning of a brigading onslaught
Domain Federation: How IFTAS Is Helping
1. We maintain a “Do Not Interact” list, a list of domains we believe expose service providers to harm by hosting and federating illegal content.
2. We monitor the domain blocks put in place by a large proportion of servers, and we hand review the domains that are blocked by at least 51% of those servers. We then create a list of domains we recommend for action, using our CARIAD policy specification.
3. We built and operate FediCheck, a Mastodon-facing web service that can synchronise your server with our lists, saving admins from having to learn about new problem servers, researching them, being exposed to their content, and manually adding the domain to a denylist.
4. For those who have been exposed to traumatic content, we publish wellbeing and post-trauma resources in our Moderator Library.
5. We are working with managed hosting providers to explore how they can offer safety tools to their customers.
A screenshot of the FediCheck web service application
Separately, I advocate for changes to the ecosystem:
1. I believe all federating software should explicitly inform administrators during install that the installed service will federate with a range of servers, some of which host illegal or undesirable content.
2. I believe all federating software should offer the option to start with the denylist currently in place by the software maintainer. For example, Mastodon installers should be able to start their service with the current mastodon.social denylist. This allows software maintainers to offer a list that reflects their own foundational principles.
3. I believe all federating software should have a federation allowlist option, whereby the administrator can opt to only federate with servers they allow. A large number of small communities, family servers, schools and more can benefit from curating the domains they connect with.
4. I believe all federating software that allows importation of domain blocks should allow importation of retractions.
5. I believe all federating software maintainers have a duty of care to the people who download and install their software to educate them about resources they will likely need. One-click installers or managed host providers can be used by non-technical community managers to create an online presence in minutes, unaware of the implications and ramifications of joining a global network of federating content.
6. I believe that a messaging protocol that federates content should also federate metadata about that content. I can federate disinformation, but I can’t federate a trusted flag that a server is operated by a persistent threat actor. I can federate an illegal media object, but I can’t federate a signal that a server is knowingly and willingly hosting illegal content. I can federate a thousand spam messages, but I can’t federate my finding that a given server is being used to send spam.
Domain Federation: What We’re Doing Next
1. IFTAS will continue to support work on shared denylists, labelling services, and we’ll explore open sourcing FediCheck so anyone can run the service and use any upstream provider to help manage their domain federation. My hope is that rings of trust will form, allowing Servers A, B and C to automate the mutual sharing of their denylists, or Server A and B can choose to emulate Server C, or all three can decide that some other list or service is the best one for them, and plug that into FediCheck.
2. FediCheck will be extended to accommodate email domain and toxic IP blocking, using highly trusted sources to further protect administrators, hosts and moderators from interacting with known sources of harm.
3. Over the coming year, I hope to extend CARIAD into an API that can be consumed by other software products, making it a robust source of signal intelligence.
4. I will continue to advocate for safety features that inform and support community managers and service providers so we can continue building a decentralised social web that offers options for everyone to build the community that’s right for them.
Domain Federation: How You Can Help
1. If you are a software developer creating federation software or a supporting app, use prosocial and evidence-based approaches to your development process. Learn from those who have walked the path, talk with safety experts, review extant moderation tooling, and consider Safety by Design. If you are building networking features that connect users of your software to 14 million people, take the anticipated potential harms into account.
2. If you use federated software, talk to the maintainers of your software of choice. Use their preferred feedback channel, and clearly describe the problem and the proposed solutions. Talk to the administrator of your home instance. Ask them if they monitor inauthentic domains.
3. If you operate a server, read our Denylist Resources page. If you have additional resources to add, tell us so we can share your knowledge and experience with others. IFTAS Connect members can share resources to add in the Library discussion forum, or send me a note at @jaz
4. If you can afford to support us, we need to pay people for their time reviewing domains, fixing the bugs and maintaining FediCheck, providing technical support, and creating the next generation of support tools. You can find ways to make a charitable donation at the bottom of this article.
Common Vocabulary
Federating platforms are proliferating, and apps and clients to connect to them are being developed by energetic teams with limited resources, each one needing to reinvent moderation tooling. Reporting workflows, labels, definitions… each platform and each app needs to consider what words to use, how to present them to users, what options to offer content moderators and service administrators.
I believe we can leverage the work performed by the larger trust and safety ecosystem to find a common vocabulary – creating an easy path for developers to ensure they have considered not only what harms their software may expose their users to, but how to robustly codify and act on those harms.
Shared Vocabulary: How IFTAS is Helping
1. IFTAS has adopted the Digital Trust & Safety Partnership Glossary of Terms and uses those as the core labels in everything we do. A great entry point into this vocabulary is our Shared Vocabulary page. We have created a page for each and every label, with links to guidance and resources for each label.
2. Borrowing from the misinformation research landscape, we use the Actor, Behaviour, Content taxonomy to classify each of 34 labels.
3. We worked with DTSP to republish the Glossary as a Creative Commons document, meaning we and you are free to use it in any form. The Glossary is the backbone of our moderator community (IFTAS Connect) and is how we classify content and collaboration in the library and the discussion forums.
4. Our domain denylists use these labels to classify domains, and we use the same labels on our information sharing advisories.
Shared Vocabulary: What We’re Doing Next
1. Now that we’ve obtained the Creative Commons version of the document, we will begin translating the Glossary into as many languages as we can, and maintaining those translations over time if and when the Glossary is updated.
2. We will begin labelling content on Bluesky using our shared label list, and we will work with other developers to consider adopting a standard list.
Shared Vocabulary: How You Can Help
1. If you’re a moderator or service administrator, consider rewriting your server rules to reflect the DTSP common labels and definitions. We have example template rules in our Library for each label.
2. If you’re a developer, consider using the Glossary as a starting point for your reporting workflows, we have some guidance on implementation.
3. If you’re a subject matter expert in any of the labels in our list, reach out if you can offer tools and resources you know of that can help volunteer moderators with their decision making and interventions.
Regulatory Compliance
My concern here is to protect administrators and moderators from liability for their accidental non-compliance, and to offer guidance on basic risk assessment. More and more countries are creating complex requirements for social media providers, and Fediverse servers are liable for the content they carry.
I have seen malicious use of illegal content, both to cause trauma, and to enable the takedown of an unsuspecting server. The Fediverse has seen concerted attacks of computer-generated child sexual abuse material, mass DMCA takedown requests, frivolous GDPR reports, and law enforcement hold requests.
The two resources most asked for by moderators are legal support and CSAM detection. We are working on both.
Regulatory Compliance: How IFTAS is Helping
1. We partnered with industry experts Tremau to co-author the Digital Services Act Guide for Decentralized Services. The DSA is a broad set of rules that apply to any service with users in the European Union.
2. We have a dedicated area for legal and regulatory resources in our community library.
3. We have met with child safety organisations and subject matter experts, and acquired licensed access to hash matching databases to identify illegal media.
4. We have built a working prototype of an opt-in CSAM detection and reporting service for use by Fediverse administrators.
Regulatory Compliance: What We’re Doing Next
1. We are seeking funding to move the CSAM detection and reporting service into production, and hiring additional subject matter experts to evaluate our service and the adjacent resources.
2. We will extend the service to offer hash and match service for non-consensusal intimate images (NCII) and terroristic/violent extremism content (TVEC).
3. We are exploring opportunities to work with legal counsel to provide basic legal advice to Fediverse administrators.
4. We will co-author additional guidance similar to our DSA Guide, to cover the UK’s Online Safety Act and other extra-national online regulations. We are also monitoring age verification requirements and will provide guidance there also.
5. We are talking with law enforcement agencies and legal notice portal providers to create guidance for service providers on how to recognise and respond to a valid legal request.
6. We will create a web service using the Lumen API to enable structured receipt of takedown notices for any Fediverse service provider.
Regulatory Compliance: How You Can Help
This is the most expensive piece of our puzzle, and the most-requested by our membership and the broader community. The CSAM detection service will cost us over $160,000 US this year, the hosting bill for the platform is $1,500 a month, and will increase as we ramp up service.
We are chasing a grant opportunity but we need matching funds.
If you’d like to join IFTAS as a corporate sponsor, please contact us for information on our sponsorship program. If you’d like to contribute personally, see the bottom of this article.
Separately, if you are a service provider or instance admin and you would like to register your interest in using our service, we need to show support for our work to obtain grant funding. Please fill out this short form to let us know you are interested in using our service once it’s available so we can demonstrate to potential funders that we are building something that will be used.
Shared Signals
I have a deep background in healthcare and cybersecurity. Both of these industries have a rich culture of collaboration and sharing, and I want to help accelerate the adoption of similar approaches in the Fediverse.
The Fediverse has 30,000 moderators. Twitter has fewer than 2,000. Meta has 15,000.
We have twice as many content reviewers than Meta.
I’ll say that again.
We have twice as many content reviewers than Meta.
Now, almost none of our 30,000 are full time, very few are paid, and there is little in the way of central guidance or tooling to help any of them with their work. Some are working on their individual instance and see only a fraction of the network, but what if we could find a way to join forces, share the load, and spread the love?
I believe we can harness the power of the Fediverse for the greater good, reducing workload for all moderators, and demonstrating to the world what it looks like when mission-driven communities come together to create the next generation of social media.
Shared Signals: How IFTAS is Helping
1. We have created a structured community for admins, moderators, and subject matter experts to convene and collaborate at our web portal IFTAS Connect. We also operate a set of Matrix chat channels to allow for real-time conversation, and we are adding live conferencing options for one-on-ones and community meetups.
2. We have created the SW-ISAC, an Information Sharing and Analysis Centre (ISAC) for the social web. This channel allows service administrators to share information with trusted partners, and release advisories that everyone can benefit from.
3. IFTAS joined the NGO-ISAC, a cybersecurity community for nonprofits.
Shared Signals: What We’re Doing Next
1. We are monitoring a lot of independent work in the space, most notably ThisIsMissEm’s FIRES project. Where possible, we will directly support the work.
2. We are tracking information sharing activities in the industry, and will continue working with several groups that are exploring broader sharing activities in the social web.
Shared Signals: How You Can Help
1. If you are a large service provider or web host, consider joining the SW-ISAC sharing channel. Contact us for details.
2. If you are a content moderator or run your own Fediverse server, consider joining IFTAS Connect. Our community portal offers groups, direct messages, and discussion forums for sharing and learning from your peers.
Big Picture
Since starting IFTAS, I’ve been yelled at, received obscene and threatening waves of abuse, been accused of working for Big Social, people have taken issue with me being too political or not political enough, and I’ve had to navigate the complexity of building a central resource in a decentralised world.
But I believe in the web, and I am certain that an open social web is worth our collective time and energy. Access to information, personal connections, news, sports, education, comics and games… we as a society owe it to ourselves to build the web we want, the web we need, the web that lives up to its name.
There are no walls on a spider’s web.
We want a web where everyone can participate, where everyone is safe from abuse and harm, where civil society can flourish, where people can meet, learn, share, live, love, laugh.
Our founding grants of $400,000 have delivered everything you see above and a whole lot more, and will keep the lights on throughout 2024, but we need to keep building, keep paying the bills, and keep paying the people doing the work. At some point, I’d like to be paid, too. I’ve been working unpaid full time since this started, and that can’t last much longer. I am supported by my amazing wife who is 100% committed to what we’re trying to do, and without her support none of this would be possible.
We have never asked for money; my goal was to take our founding grants and demonstrate our capability, build trust, and put some wins on the board. I believe we’ve done that. Next we will build toward self sustainability, and my plan is to get there in three years.
So far we’ve helped hundreds of instances and moderators in 30 countries. Our community is asking for legal support, CSAM reporting, spam detection, access to expensive APIs, vicarious trauma counseling and much more. We want to continue working to meet the needs, but we need your help. If you’d like to support IFTAS on our mission to support the people making this happen, please consider making a contribution.
Supporting IFTAS
First and foremost, if you run or moderate an instance, or you can contribute your expertise to our projects, join us. Join IFTAS Connect, share, learn, teach, translate… Your peers need you. Your participation is the most important way to support the mission. The next most important thing you can do is to support your instance, the vast majority cannot cover the bills and we need a strong, vibrant community of servers to make this all work.
Nonetheless, we need to pay the bills.
We are opening up to organisational sponsorship. If you’re interested in partnering with IFTAS, please contact me, we have some great options. If you know an organisation that might be interested in sponsoring us, introduce us.
If you run an instance, make a small one-time donation and let us list you as a supporter. We’d love to show a list of servers that believe in what we’re doing. And keep an eye out for our next Community Needs Assessment, your feedback is how we prioritise what to work on for you.
We will also be soliciting donations from the community. To celebrate our founding support, we will memorialise our early donors on a special page we will keep forever, the IFTAS First 50.
Send a dollar, send ten. We’ll list every supporter. Add your name, your blog, your profile pic, whatever you like. We want to demonstrate broad support for our work, it keeps us all energised and lets our sponsors know we have the support of the community.
If you are able to, make a sustaining contribution to help our monthly expenses. We pay moderators, developers, community managers, and we operate web services that require beefy hosting.
If you have employer matching funds at your job, see if IFTAS is on the list. We are registered with Benevity, tell your co-workers.
As a 501(c)(3) charitable organisation your support is tax deductible in the United States. We accept money, securities, donor-advised funds, cryptocurrency and more, all tax deductible.
If you can, donate today.
To everyone who has supported us this far, thank you. Your time, wisdom, energy, feedback and words of encouragement have sustained us all.
Join me and the incredible team on this journey, support an open social web, and help us as we keep pushing for #BetterSocialMedia.
Diolch yn fawr iawn i chi gyd,
Jaz
https://about.iftas.org/2024/08/13/fediverse-trust-and-safety-the-founding-and-future-of-iftas/
#BetterSocialMedia
#bettersocialmedia
Emelia 👸🏻 @thisismissem · 2026-05-27 · 05:53 UTC

If you don't know about injection testing, you should! So many ecosystems and tools will usually spin up a node.js server per test/suite to the use a fetch/http based test against it.
Why's this bad?
Because you're paying the cost of requesting to the kernel "hey, create this server and listen on some port, and give me that port", then every request is also a network connection that has to be spun up, written to and read from, and then torn down, server also needs to be torn down afterwards. These all go through many layers (runtime, operating system, kernel, etc)
Those layers are all separately tested by the operating system, so you can assume they work. What you want to test is your application logic: if I do this I get response blah
So why not just stub out the request & response channels & test with something like what a real client will use?
Switching a large suite from the typical setup to request injection testing will dramatically speed up your tests.
light-my-websocket does for WebSocket servers what light-my-request does for HTTP servers.
(Yes, I know WebSockets are technically tunnelled over HTTP, I was involved back when they were being standardised in like 2009-11)
Emelia 👸🏻 @[email protected] · 2026-05-26 · 22:36 UTC

Hey Australian friends, please sign this petition, I'd hate to loose my legal identity because of some bigots.
https://track.equalityaustralia.org.au/-/m/view-online?k=EWVxdWFsaXR5YXVzdHJhbGlhAGbWph4bYxzNzc0AEGoVLDSihm1sN3t6NxGtDGbfxrnhOuCfk1bWUA&rg=au
Edit: if you want the exact link it is: https://equalityaustralia.org.au/hands-off-our-protections/
It is a petition by Equality Australia, writing or calling your MPs directly is also totally fine and encouraged!
#LGBTQ #transRightsAreHumanRights #australia

#lgbtq #transrightsarehumanrights #australia
Emelia @[email protected] · 2026-05-05 · 02:07 UTC

This track means so much to me, even though it's sometimes hard to listen to. But also can we talk about #girli being on the freaking @[email protected] show??!! youtube.com/watch?v=3trS...

'Slap On The Wrist' By girli |...

#girli
Emelia @[email protected] · 2026-03-29 · 20:45 UTC

Actually, here, let's f-----g go! — github.com/bluesky-soci... We can just build things. #atmosphereconf #atprotocol #atproto #customfeeds

Implement generic feeds lexico...

#atmosphereconf #atprotocol #atproto #customfeeds
Emelia @[email protected] · 2026-03-28 · 15:35 UTC

yeah, that's why I thought it worth asking. I'd probably make it a witness list, though witnesses could also publish their own records that pair with the witnessing. So: record.witnesses = [{ service: didString#Service, sig: $bytes }, ...] Allowing a record to be witnessed by multiple services.

#bytes
Emelia 👸🏻 @[email protected] · 2026-02-21 · 01:30 UTC

In which, Blaine Cook ( @blaine ) explains "What is OAuth?" in the framing not of standards and specifications, nor in technical terms, but instead in this framing:
> “What I need is to understand why it is designed this way, and to see concrete examples of use cases that motivate the design”
https://leaflet.pub/p/did:plc:3vdrgzr2zybocs45yfhcr6ur/3mfd2oxx5v22b/
#oauth #oauth2 #oidc

#oauth #oauth2 #oidc
Emelia @[email protected] · 2025-11-18 · 12:54 UTC

Going to take some nausea medication & try to eat some breakfast before heading to #ATProtoBerlin — forgive me if I'm a little off today, I'm having a rather rough day today.

#atprotoberlin
Emelia @[email protected] · 2025-11-18 · 04:04 UTC

Not sure how much of #ATProtoBerlin I'm going to make.. it's currently 11pm (NY time, 5am Berlin) and I'm still up because my stomach's being terrible 😩😣

#atprotoberlin
Emelia 👸🏻 @[email protected] · 2025-11-14 · 22:28 UTC

Also just recording the demo video for FediMod FIRES, and now I've just gotta edit it because video production, y'know.
Might be available in the next few days, we'll see.
#FediForumFriday

#fediforumfriday
Emelia 👸🏻 @[email protected] · 2025-11-14 · 18:23 UTC

Okay, cool, an update today: I met up with a friend and we discussed how to build a conformance test suite for the FIRES protocol, and that's now going to be built as a collaboration between us.
First external contributor, yay!
#FediForumFriday

#fediforumfriday
Emelia 👸🏻 @[email protected] · 2025-11-14 · 13:25 UTC

A little #FediForumFriday update: I've released a few versions of FIRES over the past week, each shipping a new feature:
- Support for importing into datasets from existing files
- Support for exporting datasets to mastodon compatible files (including a retraction list)
- Installer script for easy deployment (still testing & not ready for production)
- Various UI fixes
I've also a demo server live that I've shared with a few folks on the implementation side.
I'm exploring a few things:
- Typescript SDK for consumers
- Non-public Datasets
- Delta support for snapshots (if you don't care about all the individual changes)
- Additional administrative UI (account management, access token management)
- *Maybe* HTTP Message Signature based authentication for non-public datasets (stretch)
I'm also toying with a few major design changes, but that's a bit TBD, since I'd want to drop picocss at the same time, and improve the admin panel in general.
I'm trying to figure out exactly what I want in the 1.0.0 release, and also have some production readiness stuff to do.
https://fires.fedimod.social

#fediforumfriday
Emelia 👸🏻 @[email protected] · 2025-10-23 · 09:56 UTC

Lieferando workers are on strike starting today, fighting for employee status, instead of being sub-contractors per the EU's Platform Workers Directive:
Strike fund: https://ko-fi.com/lwcbln
#lieferando #strikeaction

#lieferando #strikeaction
Emelia 👸🏻 @[email protected] · 2025-09-19 · 11:08 UTC

AT Proto gets a lot of things right in their OAuth profile, which is also similar to the OAuth profile from Solid OIDC (which added on User Managed Access & required OIDC instead of just OAuth)
Essentially you want to be able to safely send a token that identifies you to potentially untrusted servers & not have that access token compromised. That's what DPoP gives you essentially.
#fediforumfriday

#fediforumfriday
Emelia 👸🏻 @[email protected] · 2025-09-08 · 19:10 UTC

Also, npm now supports trusted publishing: https://docs.npmjs.com/trusted-publishers
This means you don't need a static token in your CI/CD configuration anymore.
#npm #npmattack

#npm #npmattack
Emelia 👸🏻 @[email protected] · 2025-09-08 · 19:08 UTC

Pro-tip for npm: rather than using a classic access token in your ~/.npmrc file, generate a granular access token that only has read permissions.
That way if something does compromise you, they only get access to the read token and cannot publish on your behalf.
#npm #npmattack

#npm #npmattack
Emelia @[email protected] · 2025-09-05 · 00:09 UTC

Oooh! Awesome! @caseycalvert.bsky.social is going to be in Berlin for #PornFilmFestival (thanks to #CornTelethon for letting me know!)

#pornfilmfestival #corntelethon
Emelia 👸🏻 @[email protected] · 2025-09-04 · 14:07 UTC

Hey y'all, It's #CornTelethon today! Who's joining the stream? https://www.corntelethon.com/
#SFW #porn #AdultIndustry #comedy

#corntelethon #sfw #porn #adultindustry #comedy