mastinator logo

The Fediverse has some big problems coming.

Mastinator was a automated service that was intended to be used for validating your ActivityPub implementation. Accounts were followed by mastinator and had their public, unlisted, and followers only posts made visible at their inbox.

Firstly let me apologize. I am very sorry for what happened as a result of my actions.
I only hope this was done soon enough to avoid any further harm.

You could follow anyone anonymously without needing an account. While this was technically possible with RSS the Fediverse tends to view this sort of activity poorly, hence this being an implementation that only used ActivityPub itself. Apparently this is not good enough, with the potential to leak information that many would prefer to remain "private" so its being shut down. It was never the intention to hurt anyone through this.

However the fediverse itself needs to wake up to the reality of what is coming. You are no longer a little village where everyone agrees to play by the rules of your acceptable behaviour. You are growing. You are already a city, and growing at a massive rate. A lot of the people joining don't care about your existing agreements, and if they don't already, soon will outnumber you. Addressing technical problems with social solutions, or vice versa usually ends poorly.

ActivityPub/Mastodon/Lemmy are all on the radar of large companies, and many do not give one iota of thought about what they might do to you so long as they get their Mastodon strategy in place. They do want the things you oppose, search, quote retweets, anonymous following, and they are going to get it.

Many of the interactions I had as a result of this, consisted of a lot of shouting and insults, with almost none of them being constructive. In fact, the only reason I am shutting it down is due to one individual actually explaining their fears, why this could be hurting someone and admitting that there might be no solution within the current state of the fediverse. This person and those other individuals deserve praise. Some of you however should be ashamed of yourself.

So why did I create this at all? Well technically, because I could, it was an interesting problem to solve, and I did not believe (certainly naively) that this was going to hurt anyone. It always worked within the rules of ActivityPub and never as it was accused of scraped, crawled, or attempted to impersonate anyone. I tried engaging with people after it was released to allay fears, update copy to help explain things, and improve things where I could. Any question about its working directed at me I answered as best I could. It always felt like something that was fairly useful to developers and perhaps useful to people wanting to try out the fediverse without having to create an account to see if there was any value there. This was done publicly, with someone trying to do better. Will the next implementation do the same? Will anyone be listening?

The current approach of "block block block" is not effective. Even when publicly blocked by hundreds of instances, there were still thousands of toots/posts/notes hitting this system. In addition the current approach of blocking using a hashtag #fediblock is hopelessly inefficient. It took days for the blocks to come in. Imagine how much damage could be done where someone to have a mind to do it. In addition, we live in the age of cheap domains, cheap servers and free TLS/SSL certs. It is not that hard to allow a system like this to work under any domain. You cannot assume that domains, instances or users are an external rate limit, or that instance admins are going to look after things. There are some solutions that would solve this now. Some more palatable than others.

  1. Leave the Federated Systems: Please don't take this as a "get out", it is not intended as such. Consider if you really need to use a federated discussion system. I suspect a lot of communities who migrated to Mastodon did not really consider the implications of what a federated system means. You might be better served by an older style web forum. Turn off public access, and have it be invite only. Very safe, lower hosting costs, very good moderation tools built in, and the ability to block forever.
  2. Consider Turning Off Federation: If you really do want the Mastodon system as your place to hang out, perhaps consider turning off all of the federation. Don’t allow any cross server communication.
  3. Switch to allow-lists: Instead of blocking problematic servers, create your own federation by having an approved allow-list shared between those federated servers. Allow new ones only on consensus.
  4. Verify Every Follow: All Mastodon instances support this, only approve followers after you have vetted them.

Don't want your stuff to be public? I strongly suggest you don't post it publicly. A federated system, by definition is not private. Anyone claiming anything else is asinine, and I think a lot of people have been mislead as to how this all works.

Please do better. The specifications, and implementations need better tools to control things. There also needs to be better education about what people are actually signing up for. They are being promised one thing, it's not the reality they have gotten and the longer this is put off the worse it will be

For those working on their own implementations of ActivityPub, you can still send anything to mastinator. That will still work, although its not being saved anymore, but should error out if you get the format wrong. I may turn on the ability to view those posts once I confirm all the follows are not flowing through the system, but this may take some time. Clearly the ability to follow is a big issue which I genuinely apologize for. I am deeply sorry, first that I implemented it and secondly that it took this long to disable it. If you would like a personal apology you can reach me at I am very willing to admit wrong where it is due as is the case here.