The Council Working Group of the ITU is meeting this week in Geneva and I'm attending. As the discussions about the discussions for the 2024-25 internet governance cycle intensify, I'm happy to see momentum build for human rights considerations in technical standards.
The Telecommunication Standardization Advisory Group is the leadership of the standardisation sector, the ITU-T, and the TSAG reported on its work to embed human rights in digital technologies. This work is a priority for the UN, as outlined in several recent outcome documents, including:
- a report from the Office of the High Commissioner on Human Rights A/HRC/53/42 "Human rights and technical standard-setting processes for new and emerging digital technologies," and
- in UNGA resolution A/RES/78/213 "Promotion and protection of human rights in the context of digital technologies."
You can read the TSAG report and how the ITU-T is generating ideas to mainstream human rights, which are starting to gain the necessary traction among States: https://www.itu.int/md/T22-TSAG-240122-TD-GEN-0441/en.
- Civil society organisations in Africa raise concerns about the proposed UN Cybercrime Treaty: https://ipi.media/ipi-and-partners-in-africa-raise-concerns-in-a-joint-letter-about-the-proposed-un-cybercrime-treaty/
- Los Angeles uses new FCC rule to become the first US city to officially define "digital discrimination" at the local level: https://communitynets.org/content/la-leads-way-push-leverage-fccs-new-digital-discrimination-rules-local-action
- Just-published RFC 9490 describes the outcomes of the Internet Architecture Board workshop that discussed the network management techniques needed for even broader adoption of encryption on the Internet: https://datatracker.ietf.org/doc/rfc9490
- Oblivious HTTP has been published as RFC 9458. It is a protocol that uses encryption and a relay to ensure HTTP traffic is more private. The relay cannot read message contents and the service can read content but cannot observe metadata like IP address: https://datatracker.ietf.org/doc/rfc9458
- Niels ten Oever is watching the watchers in 3GPP, "Interrogating the standardisation of surveillance in 5G amid US–China competition": https://www.tandfonline.com/doi/full/10.1080/1369118X.2024.2302991
- From Helen Nissenbaum and co-authors, "No Cookies For You!: Evaluating The Promises Of Big Tech’s ‘Privacy-Enhancing’ Techniques": https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4655228
Don't forget to submit your paper to the Applied Networking Research Workshop, to be co-located with IETF 120 in Vancouver: https://mailarchive.ietf.org/arch/msg/irtf-announce/vxDsbgHYq2BmnQGKCiOSGMCxyBo/
The Fediverse is expanding: Over tapas I caught up with Evan Prodromo, author of Activity Pub, an open standard for publishing and interacting with social media posts. The conversation was a bit like social media consumption– through the lunchtime noise we distilled an essential conversation about life, work and the management of it all. Evan and his co-author Christine Lemmer-Webber’s design of the underlying specification of the fediverse is necessarily light and scalable. And as Evan and I left the restaurant and rounded the corner (and then another corner and then a corridor and then another corner), the moment felt anticipatory of the fediverse registering on an entirely different scale: Meta’s Threads is rolling out interoperation with Activity Pub. And how!
In short, the fediverse let’s users connect and share their content across different social media platforms. And people can interact with that content no matter which platform they use. This federation is enabled when multiple services implement Activity Pub, a W3C standard that specifies the exchanges between a client (website/app) and server, as well as server-to-server exchanges, whenever a user posts content, likes it, reposts it, follows another user, etc. If a server “speaks” Activity Pub with other servers, it is in the fediverse. Platforms that use Activity Pub include Mastodon, WordPress, PeerTube and Friendica.
Threads, somewhat inexplicably, announced when it first launched in the wake of users fleeing Twitter that it would use Activity Pub. Some speculated that Meta would eventually change its mind, but it looked more and more like a possible reality when a help page on Instagram appeared to explain the changes users could expect. Meta engineers are developing Activity Pub integration within an existing platform, moving from the Threadiverse into the fediverse. And there are two metaphorical moving boxes that I want to unpack: Will users “get” it? Will it be… noisy?
Choice-oriented user agency
One of the central benefits of the fediverse is user choice: choice of service provider and control of settings and preferences, any of which can be changed. However most people on social media haven’t experienced what it’s like to have this choice. For Threads users, the fediverse might seem like a set of new features but it’s really an entire vibe— your social presence from now on is entirely yours.
There are definitely some fun features that hopefully entice people to play more expansively. There’s already been some experimentation in Mastodon with various “instances.” An instance is when you serve Mastodon yourself for yourself but potentially for others, too. You could turn your WordPress blog into an Activity Pub publisher. And your toots or posts or whatever don’t just stay on your site— anyone can see that content from the platform of their choice.
I can see organizations, companies, universities and governments serving platforms because another crucial feature of an instance is bringing your own domain— my handle is @email@example.com. Just like with email addresses, social media handles can become important signifiers of affiliation. Having an @whitehouse.gov handle is a clearer marker of veracity than a checkmark of any colour.
At the same time there are existing features that users have come to expect on social media platforms that will need some additional care and attention as they are migrated into the fediverse. For example, extra special privacy considerations should be made for restricted profiles and how instances allow (or disallow) interactions will matter quite a lot.
And some technical hurdles have helped to revisit some fundamental design choices in social media. For example, quote posts are a challenge to the fediverse because content is both cached on the instances of every viewer and at its origin. At the same time, some users don’t like quote posting. They like not having to tolerate others posting their content alongside context and commentary that they can’t control, at scale.
And did you know that in the Activity Pub standard, content is only exchanged between servers when users initiate that? This is the essential element of balancing scale in Activity Pub’s lightweight specification. It’s also why you can’t view all of the fediverse with simple search from any one instance, which can make research and archival projects more difficult.
Noise: Moderating content, people and now platforms
The biggest news in social media content moderation is instance moderation. Instance moderation already happens to some degree, say when an admin spins down their instance or when other instances “defederate” with another instance. (Again, maybe you intend for your social media platform to exist as an island but with Activity Pub you can still come and go from the mainland if you choose.) How content, behavior and interactions are moderated in the fediverse benefits from the extensive legacy of email spam. In email, spam messages get marked as spam. This is simple but still very hard at scale, which is why we all still get lots of spam. But let’s leave the spam emails and spam posts issue for now.
More interestingly, entire domains can mark other entire domains as spam, too. This is an oversimplification and there exists a whole standards body that meets thrice annually to discuss email spam, because of course there is. Imagine the coordination that must go into defining what are the policies that get domains and service providers “actioned,” what actioned means, and how legit services access remedy.
But, back in the fediverse this looks like: instances block instances, instances block people, people block people, people block instances and people can unblock an instance blocked by their instance. There will need to be mechanisms to communicate with instance admins. Not to mention the cost of moderation to admins in very concrete terms— time and service expenses.
In practice content moderation might happen if an instance doesn’t respect protocol specifications to delete locally cached content. If I delete my post, your instance needs to delete that post from its cache, too. If it doesn’t, this behaviour would be cause for defederation from any number of instances, depending on the policy of those instances. Trust and safety teams already work together and that’s such a great thing because we need those communities of practice to tackle the new and novel problems of abuse in the fediverse.
These are huge changes.
The responsibilities of Meta are now to Threads users, fediverse users and fediverse admins. Meta has hundreds of millions of users, so while their move to the Fediverse now brings the fediverse to many more people that wouldn’t otherwise have “choice-oriented user agency” in social media, they enter at a sizable advantage to dictate terms of engagement. So what happens if Threads doesn’t comply? What, short of regulation, would be needed to harden shared fediverse policy since defederating one instance at a time hardly registers?
In a hopefully ever-expanding universe of federated services, Threads kicked off a terrific discussion about all of the hardest problems, at scale. Meta’s migration efforts, and their relative openness about that process with a diverse group of experts, will eventually help other services migrate, too. (Even Truth Social). I once tried Threads, but I’ve had Mastodon longer and I am eager to follow their rollout and their users from Chris Riley’s @techpolicy.social nerdiverse @mallory.