AT vs AP

The biggest source of strife right now in the fediverse is not moderation, blocking policies, or anything like that, it's Bluesky starting up with a rival protocol to ActivityPub (the basis of the microblogging network often called Mastodon after its most popular software) called AT, ATproto, or Authenticated Transfer Protocol. Given the hyperpartisan nature of some of the comments about it, that often descend into outright lies, I figured I'd write down a brief summary of what's happening and then explain – as best as I can – the issues with both.

ActivityPub

ActivityPub is the protocol Mastodon is built upon. It's also the basis of Facebook-alternative Friendica, Instagram alternative Pixelfed, and YouTube alternative PeerTube. It's also used for non-social applications such as Lemmy, a Reddit alternative, and as an alternative to RSS by regular blogging platforms like Wordpress. I've even seen it used to manage comments on blogs.

ActivityPub has no centralization at all. Users post to an “instance” (to use the Mastodon term), and the instance then forwards notifications of new content to other instances that subscribe to those users' accounts. Other instances can also pull content from the source instances. Instances can be single user, multi-user, public, private, etc. There are minimal security modes allowing servers that have pulled messages to restrict who views them though technically the modes are voluntary – once you pass a message to a third party, you're always at that third party's whim as far as privacy goes, and the administrator of an instance that hosts a subscriber's account is one of the people you pass that message to.

Mastodon's implementation has some methods for migrating accounts between instances though they're limited to ensuring accounts do not lose followers. Moving to another server means refollowing friends, and your own posts don't move from the older server. In every real sense the account itself does not move, in much the same way that if you move house, you can forward your mail, but you're not going to move the physical building.

ActivityPub is an open standard managed by the W3C, that builds upon previous attempts in the same space including OStatus and even RSS. It rose to prominence during the GamerGate controversy during the 2010s as marginalized groups, particularly LGBT people, fled harassment on Twitter and sought safer spaces. Mastodon was built in that context, and many of the social norms in the larger parts of the Mastodon network reflect a desire to ensure the network remains a safe place. Mastodon itself customizes some protocol features such as implementing a content-warning tag allowing posts to warn potential readers about, for example, descriptions of transphobia (transpeople disproportionately have gender dysphoria, a condition characterized among other things with excessive suicidal depression, so this is a feature desperately wanted in a place intended to be safe. Being told you're hated over and over again is likely to kill you if you have that condition.)

AT Protocol

The AT protocol is a newer protocol designed by Bluesky. Bluesky originally came out of Twitter as a response to the fall-out of Gamergate but in a rather different way. Jack Dorsey, Bluesky's founder, was concerned that Twitter was having to be heavily involved in moderation, and believed social media would be improved if that responsibility was taken away. To that end, he proposed a post-Twitter federated social media platform where such control was nearly impossible. While Bluesky, for the most part, fulfills that vision, Dorsey considers it a failure because Bluesky itself decided to introduce moderation anyway. Turns out trolls and people whose political views and behavior are indistinguishable from trolls actually damage social networks, who knew?

AT breaks up the core network into three types of component, all of which can be supported independently.

Private implementations have been made of both PDSes and App Views. At this stage though only one full Relay exists, Bluesky's own. A group Free Our Feeds intends to change this and create a second, independently run, relay. Relays require a huge amount of resources, as the relays need to store all posts made by all 30M AT accounts, they need to keep themselves updated by querying PDSes, and they need to provide timely responses to queries made by App Views.

End users can migrate their accounts from one PDS to another without any interruption in service or any leaving behind of personal data.

The AT Protocol is intended to be an open standard but is currently managed by Bluesky. They've made noises suggesting they would like an independent foundation to take over the AT Protocol.

Bluesky itself is a benefit corporation – while it's for-profit it's not obliged to maximize shareholder value.

Comparison

Bluesky and Mastodon have different goals in mind which significantly affects their approach and lead to Mastodon considering ActivityPub adequate while Bluesky considered it inadequate.

Bluesky sees the network it creates as being essentially a clone of Twitter but without “censorship” – at least, without the ability to ban people from the service. This means it needs to have good discoverability (good search features, etc), and needs to off-load decisions about moderation to end users. To avoid deviating from these needs it wants the network to not be owned by it – though this reflects its original ideological purpose, not necessarily its current corporate structure. Good companies can become bad ones.

Mastodon sees itself as a social network, a network of people who want to talk to one another and would rather third parties stay out of it. Distributing their content across multiple servers provides resiliency and ensures that rules set by one instance manager are always possible to escape from, but that doesn't mean they want unfriendly people to easily find potential targets of harassment.

Much of Mastodon's limitations indeed are reflected by Mastodon's concerns about the latter. Discoverability is an oft-cited complaint about Mastodon, but it's also limited in terms of engagement. For context about how concerned Mastodon is about harassment: The “likes” (“starred”) feature for example isn't used for anything other than giving the author of a piece a head's up that someone appreciated their work – counts are generally not displayed to anyone but the author. Boosts (the Mastodon equivalent of retweets) are OK, but only a limited number of servers in the Mastodon network support the equivalent of quote tweeting. Rightly or wrongly, Mastodon's governing establishment is concerned quote tweeting may be used to dunk on people and target them for harassment.

Preventing a single host owning their network is an issue for both. Mastodon's defenses are largely by trying to keep their main instances run by non-profits, encouraging personal server management, and via a certain amount of community suspicion of large social network businesses joining the ActivityPub universe such as Threads or Tumblr.

Bluesky doesn't have the same incentives to avoid allowing a single party controlling the AT Protocol network as Mastodon, given right now it would be that single party, but due to its original ideological founding basis, it nonetheless has tried. By breaking up their system into three independent components, in theory anyone can create a front end to the AT Protocol network that works the way they would want it to work. And this has happened, there are third party front ends to the AT Protocol network currently being used. All, however, are dependent upon Bluesky's own relay, because the incentives to run a relay are low and the cost is extremely high and getting higher by the minute. Superficially, a relay can be created that only indexes a subset of accounts, but doing so will break things if it's intended to be used by general audiences.

Is Bluesky going to take over their network?

We've just endured a decade in which we've seen virtually every service that wasn't awful already (Facebook?) become awful, including:

Not to mention the numerous open source projects that suddenly stopped being open source.

So it's pretty difficult at this point to trust the corporate world that anything good right now will remain decent in the near future. And that means most criticisms of AT protocol revolve around the fact Bluesky is the dominant provider of AT protocol services, that it's corporate (albeit a benefit corporation), and that in theory it could, tomorrow, just restrict access to the PDS and relay under its control and as a result virtually remove all federation.

This would be difficult but not impossible to do in a clean way that doesn't majorly affect Bluesky's own users, but we've the experience of Reddit, X, et al, is that simply abusing your own users doesn't lose them. Of course, Bluesky's user-base is disproportionately made up of people who did just that with X.

An issue rarely mentioned – though I've raised it in the past addressing concerns about Threads involvement in the Fediverse – is that there's not as big an incentive to close off federation as people think. Generally those concerned about it point at XMPP, the instant messaging system that once joined Google Talk, Microsoft Messenger, and AIM, together in a single network, as an example of where federation was offered and then mysteriously taken away. And that's a great point but where are any of those services today? Defederating didn't make Google or AOL more powerful, it killed interest in chat systems altogether.

In Bluesky's case, removing federation would immediately force many of their users to look for alternatives to Bluesky. And it wouldn't bring in any new users – those cut off by BS's actions would be angry at Bluesky, they'd either stick with the remaining network if it's still viable, or leave. There's also a good reason not to do it – currently if someone just doesn't like Bluesky, they can leave but still remain in contact with their friends by moving to a compatible service provider that they do like. If, on the other hand, Bluesky defederates, and someone leaves for reasons unrelated to Bluesky's defederation, they can't remain in touch, and their friends have good incentives to follow them.

That does not mean Bluesky wouldn't do it. The experience of the last ten years isn't just that corporations do not mind abusing their own customers, employees, and so on, if they think it'll make more money, but that they're comfortable tanking their own companies if their ideology prevents them from seeing that it'll cause mass defections.

All in all the fears of defederation by Bluesky are based mostly on the fact corporate America sucks right now, and you can't even predict that a company will not do something that's definitely going to harm it.

And to be fair, I can't argue against that. I can argue it's not in Bluesky's best interests, and I can argue the protocol itself makes that harder, which it does, but not impossible. But until we have multiple relays, and multiple large front ends to the AT Protocol network, it's going to be impossible to argue that Bluesky can't do it and not see it as absolute suicide to do it.

(As an aside, the obvious thing, and something Bluesky can do because of its status as a public benefit corporation, would be to break itself up into three identical companies each with 1/3 of the user base and their own relay, plus a fourth non-profit foundation to oversee the protocol's development. If it really believes in what it's doing, this is the most obvious way in which it can reassure the community its serious.)

Is Mastodon also susceptible to takeovers?

Mastodon's developers, also responsible for the mastodon.social instance, recently reorganized themselves as a non-profit, to make sure development going forward remains in line with Mastodon's goals. This doesn't mean things can't change but Mastodon's own developers at this point are aligned with the federation vision, as can be proven by the fact that Mastodon is fully federated.

The major threats that are oft-cited are outsiders. Both Tumblr's (vaporware) announcement of ActivityPub federation, and Threads' actual federation, have been sources of controversy within the Mastodon community. Both would introduce a massive number of people to the Mastodon community, a group they could take back.

The counter to this is that they're very unlikely to encourage many users to move from their existing platforms to their own before turning off federation, and an equal number of users is likely to use the federation as an off-ramp to a more friendly environment if they don't like the bland corporate spoon-fed environment of, for example, Threads.

In the end Mastodon's ability to be taken over requires a hostile actor attract a huge proportion of the user base to use its own instance – and not just introduce new users to Mastodon but take users away from other instances. It seems improbable, but stranger things have happened.

Takeovers are not a good idea

I said this in the Bluesky section but I'll say it again. Defederating a network harms the company defederating it. XMPP didn't merely die when it was defederated, the platforms that implemented instant messaging using it died as a direct result.

Defederating does not mean you attract the users who were using other servers before you defederated. They don't like. They hate you. They're not coming.

But the people on your service that were communicating with them? They're likely to leave too.

Again, I raise this not because this means it won't happen, but because if cooler, saner, heads prevail at a company that's considering this, they'll avoid doing it.