Distributed Social Networks and Federation: Why They’re Important For Privacy and Online Safety

Distributed Social Networks and Federation: Why They’re Important For Privacy and Online Safety

A truism as old as the modern media age is that if you’re not paying for a service, then you’re not the customer, you’re actually the product. It started with radio, moved on to TV, and has never been truer than now, somewhere in the peak of social media. This is not always the case, as some free services are hosted as a public work, and you can tell because those services always need and are asking for money to keep running. (I’m looking at you, Wikipedia! The NPR of the internet...) However, it’s unfortunately true that in most cases these services are actually harvesting and selling your data left and right.

Targeted advertising is an unfortunate blight upon the web, and it’s not going anywhere soon, it seems. Social media offers a novel escalation of the form of marketing, because it can produce immense networks of data linking individuals, values, locations, and tendencies. It may not have cloned your brain in some direct-to-video sci-fi way, but in all currently technologically feasible ways, especially those salient to marketers, your mind is now a pattern ready for anyone with enough money to buy access to.

This may seem dystopian, cynical, or even unnecessarily dark. And, honestly, to some degree that is the intention. Social media has wormed its way into our lives so subtly that even those actively trying to inform the public on its effects are sometimes unable to sound appropriately alarming. However, the ills of social media (especially certain social networks here remaining nameless--be sure to follow us on Facebook, Twitter, and YouTube BTW!) have been well-covered elsewhere, and we at Sabai are not generally the sorts to just want to alarm people. We usually like to have solutions.

And in one sentence: the solution to the social media problem is distributed, federated social media networks.

How Do They Work

As with any great elemental synthesis, there are two essential features to these: a splitting and a joining, differentiation and integration.


The first part is the distributed model. Normally when you sign into any online service, it’s a bit of a colossus, where everyone comes to one place, digitally speaking, to interact. All your data is under one organization, controlled by the same people, subject to the same rules, and vulnerable in all the same ways. These centralized models are so bad at security that even large services often try to splinter data so that a breach of one shard of that data doesn’t compromise all of it. But it doesn’t have to be that way. Instead, you could get to choose where your data is, who controls it, what rules it’s subject to, and even be able to move it should you get tired of that home. This is how distributed social media works.

A person or a group can set up what’s called an instance, which may just be a single running machine or could be a group of machines running in tandem with the same parameters. This instance is an island of data, and users can choose to house their data in this instance or any other with the same social media program. These instances communicate with each other, forming a larger web, so that users from different instances can still interact. However, a single user’s data is still in their home instance.

When a user from instance A shares a photo with instance B, A and B exchange some special protocols that either allow B to store temporary copies of that photo, or a P2P key for accessing that data in A, or share an elaborate locking mechanism--the details vary immensely depending on the specific program. But the point is that a user’s data stays where that user can control it. The user even has the option of setting up their own instance. Where data is housed is no longer a decision made by a massive business where money puts its fingers on the scale of decision making.

Instances do take money to run, naturally, and some are either funded by the developers who maintain the projects, some by members of the instance, some by secondary funding through other sales, and so on. But these social media networks are generally designed as FOSS with the principle that the program is for the user, not for the service provider. This is turned on its head from the typical social network, which is typically engineered so the service provider can extract value from user interaction on its platform. Most networks are designed to be very different from typical social media, with no support for ads or marketing, for instance.

Readers who have been online long enough may remember those halcyon days when you had to specifically subscribe to something or seek it out to get updates, rather than having every other piece of content put before you be an ad attempting to suss out your wants and needs. Remember chronological order in posts? You can have that back on these platforms.


The second part of these new social media programs is federation. Federation is when unique parts work together. In the case of distributed social media, this Federation has a secret sauce: a protocol known as ActivityPub. Now, AP is not magic, and some distributed social networks have issues implementing it (more on that later), but it is pretty neat. ActivityPub is a W3C standard that allows different social media platforms to communicate. Imagine natively sharing your Facebook posts on Twitter, or freely posting images from your media host as if those images were on the platform you’re sharing them on. Obviously posting content from one social media provider on another isn’t amazing, as you can already do that with links, which most sites will do what’s called oneboxing where content from the link you post is retrieved in a snippet appropriate for inclusion in the stream of posts. However, ActivityPub allows content from that other site to appear natively instead, no onebox needed.

There are some details in implementation that I’m leaving out here, but the important part is that using this common protocol allows social media sites running entirely different server programs to communicate directly with no translation required.

Collectively the services that make use of ActivityPub (and some that don’t) are known as the Fediverse. This includes:


A distributed social media network similar to Facebook. (It does not yet implement AP, but may eventually.)


A microblogging (ie, Twitter-like) platform.


Another friend-based network for sharing statuses, pictures, and the usual social media fare.


Video-based distributed hosting.


Social music sharing.


Blogging (similar to Tumblr)


Blogging (similar to Wordpress)

GNU Social

The free/libre software social networking platform.


A content agnostic framework for building social media networks; includes sophisticated privacy controls.

GNU MediaGoblin

It has the best name. Publish any media: video, audio, images.

There are a lot of these, but I tried to give the most popular and mature ones in use. These are all FOSS based on open standards.

Privacy & Online Safety

Being FOSS, supporting federation, and giving users control of data alone are nifty features, but these social networks provide features that go beyond the typical user-as-product social network. Normally one might be able to block users or groups, filter content with keywords or hashtags, and set permissions (some of which may have gotten more and more arcane and baffling, no naming names here…) amongst other things.

Federation introduces some new tricks. Instances can police their own content just like any other social media, and they set their own instance-wide rules on content. They can also ignore whole instances, and users can also blacklist instances. This allows instances to maintain some actual standards for content, allows users to interact with other instances by choice, and also allows a group of instances to freeze out a bad-faith instance whose purpose is to promote meritless content.

This is very different from, say, Twitter, where every user is in the same pool.

These projects also support different kinds of distributed encryption, P2P messaging with end-to-end encryption, asymmetric keys, and other features that will probably never come to something like Tumblr.

Additionally, large companies like Facebook and Amazon are very cozy with other large organizations, in particular law enforcement. For this reason, data can be and often is shared with no warrant required. While this may not trouble some users, it is a direct violation of the Fourth Amendment, and certainly represents a breach of trust on the part of service providers. Incidents where these networks have either directly sold data or where data was harvested from them are far too common.

But on top of intentional disclosure there is accidental. You can’t throw a brick through the internet without hitting a few data breaches every month or so. The sheer amount of user data exposed in this way is breathtaking from a security viewpoint. However, knowing where and how your data is stored gives you some power to determine its security, and federated networks are not the monolith that something like Facebook represents.

So, if you’re looking for a new step to enhance your security, if you have a VPN service, home VPN access through a Home Server, you’re using a password manager and securely generating unique, strong passwords for every service, and you’re wondering if there’s a new tool you can add to your belt that isn’t a tinfoil hat, you should consider trying distributed social media. It’s pretty awesome.

Oct 9th 2020 David Thomas

Recent Posts