#permissions — Public Fediverse posts

@Jasper Burns

I'd like to see more of that in the fediverse features like events, groups, moderation, different roles, permissions etc. complemented by secure communication!

The Fediverse has literally got just about of this right now. Mastodon doesn't. But the Fediverse does because there's stuff in the Fediverse, as in federated with Mastodon, that has it. And it has had all of this for longer than Mastodon has even existed.

Friendica

Friendica has

• federating events
• groups (which are special accounts)
• private groups
• hidden groups
• moderated groups
• groups with multiple moderators on the same server
• a permissions system
• DMs that are actually private because they're covered by the permissions system rather than just handling who receives a message
• etc.

Friendica is from May, 2010, over five and a half years older than Mastodon.

It was made as an alternative for Facebook right away. It was not meant to be a Facebook clone, though, but better than Facebook while also covering all long-form blogging features.

And Friendica is fully federated with Mastodon. You can follow Friendica accounts from Mastodon, and Friendica users can connect to your Mastodon account from Friendica.

Hubzilla

Hubzilla has

• federating events (in addition to a non-federating CalDAV calendar server)
• groups (which are special channels; Hubzilla calls them "forums")
• various independent options of making groups private that can be combined
• hidden groups, groups with multiple admins/moderators anywhere on Hubzilla or (streams) or Forte
• the second-most advanced permissions system in the Fediverse on three levels (entire channel, individual contacts, content) with 17 different permissions and seven or eight channel-wide permission levels for each
• DMs that are actually private because they're covered by the permissions system rather than just handling who receives a message
• optional additional encryption (only works within Hubzilla)
• optional non-federating articles
• optional planning cards
• optional webpages
• optional wikis
• nomadic (fully portable, decentralised, distributed) identity
• etc. etc.

Hubzilla is from March, 2016, ten months older than Mastodon. It was created by Friendica's creator by rebuilding and repurposing a fork of a fork of Friendica.

It is considered a "decentralised social content management system" that can be just about anything you want it to be because it's so modular. Basically, what's incomplete and unstable at best and an unfulfilled promise at worst on Bonfire has been readily available and rock-solid stable for over 10 years on Hubzilla. And even more on top of that.

Red, the Hubzilla precursor, was the first software to establish nomadic identity, something that Bluesky claims to be in the process of inventing from scratch. And that was as early as 2012.

Hubzilla was the very first software to implement ActivityPub. And unlike Mastodon, Hubzilla implemented ActivityPub by the book and largely still does so.

And Hubzilla is optionally fully federated with Mastodon. In fact, this comment that you're reading right now comes from Hubzilla. Like, you're directly speaking with someone on something that has absolutely everything you wish for the Fediverse to have, and that has had all of it for longer than Mastodon has existed.

(streams), Forte

(streams) and Forte have

• federating events (in addition to a non-federating CalDAV calendar server)
• groups (which are special channels)
• private groups
• hidden groups
• groups with multiple admins/moderators anywhere on Hubzilla or (streams) or Forte
• groups with moderated posting and commenting (as in posts and comments from new members will have to be confirmed by the moderators in order to be visible)
• the most advanced permissions system in the Fediverse on three levels (entire channel, individual contacts, content) with 15 different permissions and three or four channel-wide permission levels for each
• DMs that are actually private because they're covered by the permissions system rather than just handling who receives a message
• nomadic (fully portable, decentralised, distributed) identity
• etc.

(streams) is from October, 2021. It was created by Friendica's creator as a fork of a fork of three forks of a fork (of a fork?) of Hubzilla.

Forte is from August, 2024. It was created by Friendica's creator as a fork of (streams).

Forte was the first software to establish nomadic identity via ActivityPub.

And both are fully federated with Mastodon; (streams) optionally so, but it is by default.

I've made a document with a series of tables which directly compare the features of Mastodon, Friendica, Hubzilla, (streams) and Forte:

https://hub.netzgemeinde.eu/item/0a75de76-eb27-4149-b708-f20b2f79d392

In fact, this document is on the very same Hubzilla channel that I'm commenting from right now.

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #NotOnlyMastodon #FediverseIsNotMastodon #MastodonIsNotTheFediverse #Friendica #Hubzilla #Streams #(streams) #Forte #Calendar #Events #Groups #FediGroups #FediverseGroups #PrivateGroups #Permission #Permissions

@Rob Ricci @caterpillar @Stefan Bohacek @Ericka Simone This is exactly the problem.

I'm on both Hubzilla and (streams) with multiple channels, and I've been on Hubzilla under various guises for longer than the vast majority of Mastodon users have been on Mastodon. I guess you can say that I know both very well.

I can tell you that the possibilities of Hubzilla's permissions system are staggering. It works on up to three levels: for the entire channel (that's "account" in Mastospeak), for individual connections (that's "followers and followed" in Mastospeak), for individual content (posts and and entire conversations, but also images and other uploaded files and documents).

For example, you can grant or deny permission to

• see your public profile (this requires OpenWebAuth magic sign-on which Mastodon has rejected)
• see your connections (this requires OpenWebAuth magic sign-on which Mastodon has rejected)
• see your public posts in your stream (this requires OpenWebAuth magic sign-on which Mastodon has rejected)
• send you their posts (this means public posts that aren't replies because replies are not posts on Hubzilla)
• like (that's "fave" in Mastospeak; you know, the star), dislike and comment on your posts
• send you DMs
• see your uploaded files (this requires OpenWebAuth magic sign-on which Mastodon has rejected, but this also extends to images and other media embedded into posts, comments and DMs)

All in all, Hubzilla has 18 such permissions, but these are the ones that matter from a Mastodon point of view. They can be granted or denied for your entire channel at seven or eight levels, and if they're denied at channel level, they can be granted for individual connections. Imagine that, on Mastodon, you could allow only certain followers to see your profile and your toots. Or you could only allow certain followed accounts to send you their toots. All of this is reality on Hubzilla right now.

Better yet: You know that you can send toots only to mentioned accounts on Mastodon. Hubzilla exceeds and improves upon this in three ways. First of all, you can send posts to individual connections. Or to a certain privacy group (from a Mastodon POV, that's a list on steroids). Or to a custom selection of individual connections and privacy groups while even being able to exclude certain other connections or privacy groups. This goes way beyond Mastodon's "mentioned = allowed to see".

But this doesn't only define who will receive your post. It also defines who is permitted to see your post.

And: The permissions of a post are inherited by the entire conversation. Comments always have the same permissions as the top post. There's no restricting the permissions in a comment, and there's no relaxing the limitations of a comment. It's impossible to pull other Fediverse users into a private conversation by mentioning them if the top post wasn't targetted at them.

Even better yet: You can allow or disallow comments on individual posts (remember that a post on Hubzilla is only a post if it starts a conversation, not if it's a reply).

On top of all this, Hubzilla's filters are both vastly more powerful than Mastodon's filters and easier to use. Mastodon requires you to set up one new filter for each word that you want filtered. It's always blocklisting. And it's always account-wide.

Hubzilla covers Mastodon's entire filter functionality with one or two text fields. You have one blocklist for the whole channel. And you have an optional extra feature named "NSFW" with its own filter list that generated individual, reader-side content warnings for you. The equivalent of defining a new filter on Mastodon is to add a new line to one of these filter lists. Want to back them up? Just copy-paste them into a text file.

But wait, there's more: Hubzilla also has a channel-wide allowlist. If you only want to see certain content in your stream, you can allowlist certain keywords.

Hubzilla even optionally has one blocklist and one allowlist per connection. Imagine you could filter individual followed accounts on Mastodon.

Hubzilla's filter lists support regular expressions. There is also a "filter syntax" that lets you filter by whether a message is a top post or not, whether a message is public or private, whether it's a repeat (that's "boost" in Mastospeak or "retoot" for those of you who still have Twitter on the brain). The filter syntax even lets you use Boolean operators.

(streams) and Forte are similar. Their permissions are somewhat different (you don't need permissions for wikis and websites if you don't have wikis and websites). The permissions system is vastly easier to use because it's no longer template-based. You can simply switch permissions on and off for your channel as well as for connections. And you can choose to have even more options for reply control.

Again, all this exists in the Fediverse right now. And most of it has existed for longer than Mastodon. Some of this dates back to the earliest days of Friendica in May, 2010.

Unfortunately, next to nobody knows.

For most Mastodon features, the features that Mastodon has are the features that the Fediverse has. If Mastodon doesn't have it, the Fediverse doesn't. Not only is Mastodon the default, but there's nothing that strays from this default. That's why Mastodon users keep wishing for "the Fediverse" to introduce features which Friendica has had for almost 16 years already. Or which Hubzilla has had for over a decade.

In addition, probably not even 10% of all Mastodon users have ever heard of Hubzilla. Probably not even 1% of all Mastodon users know what Hubzilla can do. And even only the existence of (streams) and Forte is almost entirely unknown outside of (streams) and Forte themselves and Hubzilla.

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #CW #CWs #CWMeta #ContentWarning #ContentWarnings #ContentWarningMeta #Hubzilla #Streams #(streams) #Forte #Permission #Permissions #ReplyControl #ReplyControls #Filter #Filters #MastodonCentricism #MastodonNormativity

Big guns for Tahoe problems: which radical fixes still work?

https://fed.brid.gy/r/https://eclecticlight.co/2025/11/11/big-guns-for-tahoe-problems-which-radical-fixes-still-work/

Explainer: Permissions, privacy and TCC

https://fed.brid.gy/r/https://eclecticlight.co/2025/11/08/explainer-permissions-privacy-and-tcc/

Should you repair permissions?

https://fed.brid.gy/r/https://eclecticlight.co/2025/10/27/should-you-repair-permissions/

@Kellam⚙️Бур This may come as a surprise, but: Nomadic identity is not an abstract concept or a science-fiction idea for the Fediverse.

It is reality. It exists. Right now. In stable, daily-driver software that's federated with Mastodon. And it has been for over a decade.

I'm literally replying to you here from a nomadic channel that simultaneously exists on two servers.

Nomadic identity was invented by @Mike Macgirvin 🖥️ (formerly American software developer of about half a century who has been living in rural Australia for decades now) in 2011 and first implemented in 2012. Almost four years before Mastodon was first launched.

In 2010, he had invented the Facebook alternative Friendica, originally named Mistpark and based on his own DFRN protocol.

Over the months, he witnessed lots of privately operated public Friendica nodes shut down with or without an announcement and the users on these nodes lose everything. He added the possibility to export and import Friendica accounts. But that would only help if a permanent shutdown was announced. It did not protect you against shutdowns out of the blue.

There was only one solution to this problem. And that was for someone's identity to not be bound to one server, but to exist on multiple servers simultaneously. The whole thing with everything that's attached to it. Name, settings, connections, posts, files in the file storage etc. etc., everything.

So in 2011, Mike designed a whole new protocol named Zot around this brand-new idea of what he called "nomadic identity" back then already.

In 2012, Mike forked Friendica into something called Red, later the Red Matrix, and rebuilt the whole thing from the ground up against Zot. Red was the first nomadic social networking software in the world, almost four years before Mastodon.

In 2015, ten months before Mastodon was first released, the Red Matrix became Hubzilla, the Fediverse's ultimate Swiss army knife.

I am on Hubzilla myself. This channel of mine is constantly being mirrored between its main instance on https://hub.netzgemeinde.eu and its clone on https://hub.hubzilla.de. Anything that happens on the main instance is backed up on the clone. I can also log into the clone and use that, and whatever happens there is backed up on the main instance.

https://hub.netzgemeinde.eu could go down, temporarily, permanently, doesn't matter; I still have my channel, namely the clone. And I can declare the clone my new main instance.

Well, Mike didn't stop at Hubzilla and its original version of the Zot protocol. He wanted to refine it and advance it, but in ways that wouldn't be possible on daily-driver software.

Zot went through several upgrades: Zot6 in 2018 (backported to Hubzilla in 2020, along with OpenWebAuth magic single sign-on). Zot8 in 2020. Zot11 in 2021 which had become incompatible with Zot6 and therefore was renamed to Nomad. Today's Nomad would be Zot12.

Also, in order to advance and test Zot, Mike created a whole bunch of forks and forks of forks. Osada and Zap for Zot6 in 2018, followed by another short-lived Osada in 2019. A third Osada, Mistpark 2020 (a.k.a. Misty) and Redmatrix 2020 in 2020 for Zot8. Roadhouse for Zot11 Nomad in 2021. All Osadas, Zap, Misty, Redmatrix 2020 and Roadhouse were discontinued on New Year's Eve of 2022.

The most recent software based on Nomad is from October, 2021. It can be found in the streams repository. It is officially and intentionally nameless and brandless, it has next to nodeinfo code that could submit statistics, and it is intentionally released into the public domain. The community named it (streams) after the code repository.

I also have two (streams) channels, one of which is cloned so far.

The newest thing, and that's what the Friendica and Hubzilla veteran @Tim Schlotfeldt ⚓?️‍? referred to, is nomadic identity using nothing but ActivityPub, no longer relying on a special protocol.

This was not Mike Macgirvin's idea. This came from @silverpill, the creator and developer of the microblogging server application Mitra. He wanted to make Mitra nomadic, make it resilient against server shutdown. But he didn't want to port it to Nomad. He wanted to achieve it with nothing but ActivityPub.

So he hit up Mike. The two came to the conclusion: This is actually possible. And they began to work on it. Amongst the results were several FEPs coined by silverpill.

This time, Mike did not create another fork to develop nomadic identity via ActivityPub. He did it all on the nomadic branch of the streams repository while silverpill did his part on a special development branch of Mitra.

In mid-2024, after enough sparring between (streams) instances, between Mitra instances and between (streams) and Mitra, Mike was confident enough that his implementation of support of nomadic identity via ActivityPub was stable enough. He merged the nomadic branch into the dev branch which ended up being merged into the stable release branch in summer.

Now, at this point, (streams) didn't use ActivityPub for nomadic identity. It still used the Nomad protocol for everything first and foremost, including cloning. But it understood nomadic identity via ActivityPub as implemented on experimental Mitra.

However, while it worked under lab conditions, it blew up under real-life conditions. At this point, (streams) had to handle so many different identities that it confused them, and it couldn't federate with anything yet.

In mid-August, while trying to fix the problem, Mike eventually forked the streams repository into Forte. It got a name again, it got a brand identity again, it got its nodeinfo back, it was put under the MIT license again.

But most importantly: Any and all support for Nomad was ripped out, also to get rid of a whole number of IDs, namely those for Nomad-actually-Zot12 and for Hubzilla's Nomad-actually-Zot6. Forte only uses ActivityPub for everything. And so, Forte also had to fully rely on ActivityPub for nomadic identity, cloning and syncing.

For almost seven months, Forte was considered experimental and unstable. For most of the time, the only existing servers were Mike's.

But on March 12th, 2025, Mike Macgirvin released Forte 25.3.12, the first official stable release of Forte. This is what Tim wrote about. Because this actually made it into Fediverse-wide news.

Not because it's nomadic. Nomadic identity has been daily-driven for over a decade now.

But because it uses ActivityPub for nomadic identity. Which means that you can theoretically make any kinds of Fediverse software nomadic now, all without porting it to the Nomad protocol first.

For the future, Mike and silverpill envision a Fediverse in which one can clone between different server applications. A Fediverse in which one can have one and the same identity cloned across multiple servers of Mastodon, Pixelfed, PeerTube, Mitra, Forte, Mobilizon, Lemmy, BookWyrm etc., all with the same name, all with the same content and settings (as far as the software allows; you will certainly not be able to clone your PeerTube videos to Mastodon and Lemmy).

Even if you don't intend to clone, it will make moving instances and even moving from one software to another dramatically easier.

If you're concerned about your privacy, let me tell you this:

Hubzilla's privacy, security and permissions system is unparalleled in the Fediverse. Except for that on (streams) and Forte which is another notch better.

I can define who can see my profile (my default, public profile on Hubzilla where each channel can have multiple profiles).
I can define who can see my stream and my posts when looking at my channel.
I can define who can see my connections (Hubzilla, (streams) and Forte don't distinguish between follower and followed; they aren't Twitter clones).
I can define who can look into my file space (individual permission settings per folder and per file notwithstanding).
I can define who can see my webpages on Hubzilla (if I have any).
I can define who can see my wikis on Hubzilla (no shit, I've got wikis on my Hubzilla channel).

On Hubzilla, I can define individually for any of these whether it's

• everyone on the Internet
• everyone with a recognisable Fediverse account
• everyone on Hubzilla (maybe also on (streams); anyone using ActivityPub is definitely excluded here)
• everyone on the same server as myself (AFAIK, only main instances of channels count here, clones don't)
• unapproved (= followers) as well as approved (= mutual) connections
• confirmed connections
• those of my confirmed connections whom I explicitly grant that permission by contact role
• only myself

There's a whole bunch more permissions than these. And they all have seven or eight permission levels (depending on whether the general non-Fediverse public can be given permission).

On (streams) and Forte, I can define whether things are allowed for

• everyone on the Internet (where applicable)
• everyone with a recognisable Fediverse account
• all my approved connections
• only me myself plus those whom I explicitly grant that permission in the connection settings

Yes, connection settings. Hubzilla, (streams) and Forte give you various ways of configuring individual connections, much unlike Mastodon. This includes what any individual connection is allowed to do.

Hubzilla uses so-called "contact roles" for that, presets with a whopping 17 permissions to grant or deny for any one individual connection. That is, what the channel generally allows, a contact role can't forbid.

(streams) and Forte still have 15 permissions per contact, but they lack some features which Hubzilla has permissions for. These permissions can be set individually for each connection, or you can define permission roles that cover all 15 permissions to make things easier.

Okay, how about posting in public vs in private? And when I say "private", I mean "private". It's "private messages" on Hubzilla, (streams) and Forte, not "direct messages".

Hubzilla, (streams) and Forte let you post

• in public
• only to yourself
• only to your connections ((streams) and Forte only; Hubzilla requires a privacy group with all your connections in it for this)
• to all members of one specific privacy group (Hubzilla)/access list ((streams), Forte); that's like being able to only post to those on one specific list on Mastodon
• to everyone to whom one specific non-default profile is assigned (Hubzilla only)
• to a specific group/forum (I'll get back to that later)
• to a custom one-by-one selection of connections of yours

Now, let's assume I have a privacy group with Alice, Bob and Carol in it. I send a new post to only this privacy group. This means:

• Only Alice, Bob and Carol can see the post and the conversation.
• Alice can reply to me, Bob and Carol.
• Bob can reply to me, Alice and Carol.
• Carol can reply to me, Alice and Bob.
• Nobody else can see the post. Not even by searching for it. Not by hashtag either. Not at all.
• Nobody else can see any of the comments.
• Nobody else can comment.

If one of them was on Mastodon, they'd see my post as a DM, by the way, and they could only reply to me. But that's Mastodon's limitation because it understands neither threaded conversations nor permissions.

Or how about reply control? This is something that many Mastodon users have been craving for quite a while now. Hubzilla, (streams) and Forte have them. Right now. And they work. They have since 2012.

Hubzilla optionally lets me disallow comments on either of my posts. Users on Hubzilla, (streams) and Forte won't even be able to comment; they won't have the UI elements to do so. Everyone else is able to comment locally. But that comment will never end up on my channel. It will never officially be added to the conversation. And at least users on Friendica, Hubzilla, (streams) and Forte will never fetch that comment from my channel as part of the conversation, i.e. never at all.

(streams) and Forte can go even further with all available options. They can disallow comments like Hubzilla. But in addition, they can allow only the members of one particular access list to comment, regardless of who can see the post/the conversation. On top of that, comments can be closed at a pre-defined point in the future. And then you even have a channel-wide setting for how long people can comment on your posts.

Oh, and there's even a setting for who is generally permitted to comment on your posts. And you can additionally allow specific connections of yours to comment on your posts.

Lastly, I've already mentioned groups/forums. Like, you know, Web forums or Facebook groups or subreddits or whatever. Like Guppe Groups on a mountain of coke and with moderation and permission control and optionally private.

Hubzilla has them, and it has inherited them from Friendica. (streams) has them. Forte has them. They're basically channels like social networking channels, but with some extra features. This includes that everything that's send to a group/forum as what amounts to a PM is automatically forwarded to all other members.

On Hubzilla, a forum can be gradually made private by denying permission to see certain elements to everyone but its own members (= connections): the profile, the members, what's going on in it. Depending on what you want or do not want people to see.

On (streams) and Forte, you have four types of forums:

• public, and members can upload images and other files to the forum channel
• public, but members cannot upload images and other files to the forum channel
• like above, but additionally, posts and comments from new members must be manually approved by the admin(s) until their connections are configured to make them full members
• private, non-members can't see the profile, non-members can't see the connections, non-members can't see what's going on in it, but members can upload images and other files to the forum channel

In addition, on all three, a group/forum channel can choose to hide itself from directories. This is always an extra option that's independent from public/private.

What we have here is the most secure and most private Fediverse software of all.

And, once again, at its core, this is technology from 2012. It pre-dates Mastodon by almost four years.

Finally, if you want to know how Hubzilla and (streams) compare to Mastodon: I have made a number of tables that compare Mastodon, Friendica, Hubzilla and (streams).

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Mastodon #Mitra #Friendica #Hubzilla #Streams #(streams) #Forte #ActivityPub #Zot #Zot6 #Zot8 #Nomad #NomadicIdentity #Security #FediverseSecurity #Privacy #FediversePrivacy #Permissions