Press "Enter" to skip to content

Mastodon is not Decentralized

With allegations of censorship and political affiliations of every social network flying all around, decentralization has become the holy grail. Mastodon is picking up steam among the Indian Twitter junta as Supreme Court lawyer Sanjay Hegde’s Twitter account was recently suspended showing a lack of transparency on Twitter’s part. Sanjay moved to this new haven for free speech, Mastodon, which was the tipping point for many Indian Twitter users to create an account and showcase their Mastodon handles.

Mastodon claims to be a decentralized social network that is censorship-free. It works just like Twitter with terminology changes. But the major differentiator is its claim of being independent of authority due to its open-source self-hosted nature. It was started by Eugen Rochko, a German software developer in 2016. 

Prominent media persons, journalists, and influencers recently tweeted with their Mastodon handle. These are some of the smartest people I know on Indian Twitter. So this warranted a background check. While the crypto community, with a $250 billion market cap, is still quite far from a decentralized haven, how is it possible that a social network project claimed to have achieved it? So I did some background and realized it is not decentralized at all.

What is decentralization?

Decentralization is when no one, an individual or a company, is in control of a platform or a network. This includes the code repository – because that is where the algorithms for censorship originate, servers – so it can not be turned off, or user data – which can be used by a malicious party or a government to identify and pursue you for your thoughts. There should be no CEO who can be subpoena-ed, the servers cannot be located within the geographical boundaries of a nation, and no administrator or user should be able to delete any data or suspend any account.

True decentralization requires the whole network to be trustless. We should not have to trust someone for the network to run. Without this the whole point is moot. Should I trust Jack Dorsey or Eugen Rochko? A decentralized tech would say no one. If I need to trust my bank, government, server’s service provider, logo copyright holder or the guy who runs my Facebook group to allow the network to function, it is not trustless.

Mastodon’s model

Mastodon’s model is essentially open-sourcing the code of a social network that replicates Twitter’s functionality, operating many instances on many servers and communicating with each other. But that doesn’t make it decentralized. Let us look at the flaws here.

Mastodon is not a protocol. It is a model arranged to decentralize Twitter to an extent. The smallest unit here is an ‘Instance’. Every user has to join one Instance. This is their primary environment. Instances also talk to each other. This is called Fediverse. 

Instances can be started and operated by anyone on a server – usually a Virtual Private Server (VPS) or Amazon AWS. These instances depend on servers and the owner of each instance has complete control of the servers. The owner of the instance has immense power. They can decide whether to allow someone to join, to moderate the content. The Instance owner can also read user’s messages including their “private” messages.

Instances also require a domain to work on. While the data may be encrypted, an instance can still be blocked by the government by blocking a particular domain name.

Security

Each Instance also stores all the user data on this server making it only as safe as the set up of the server. Apart from the owner’s access, if this server is compromised, data from this Instance could be compromised.

Misaligned incentives

Since Instances require servers to run, they cost money. The funding for these is bound to come with strings attached. It is possible to crowd-fund a VPS for a limited time. But then, each member needs to derive enough value from it that they are willing to contribute over a long period of time. If only a few of them contribute, the instance, for all practical purposes, is controlled by them. 

Creation of middlemen

The introductory video conveniently ignores the fact that not everyone can own or host an Instance. It requires substantial technical expertise to install one. I am assuming it will also require frequent code upgrades and server environment setup/optimization. This makes the instance owner an intermediary with substantial control. 

While it is clear that instances can communicate with each other, it is unclear whether messages will have redundant storage on other Instances or not. If not, there is a single point of vulnerability. A government has control if the owner of the Instance resides in their jurisdiction or if the servers are located in the country.

Centralization of management

Mastodon will comply with German and French law, and that there is some objectionable content that won’t be allowed on Mastodon.social, the Instance owned by Mastodon’s 26-year-old founder. This sounds logical to a common man. But as someone studying true decentralization, I say this is just censorship of what the Founder and his government don’t like. 

Mastodon’s code may be open-source but the only way a contributor’s code can be accepted is if Rochko or one of the ‘three or four people other than him’ as he describes them accept it. Others have access to the code ‘in case Rochko gets hit by a bus’. This implies he can change the code anytime, thereby affecting the algorithm, making it exactly like Twitter or Facebook. Twitter was very simple when it started. They began ‘optimizing’ the feed only after gaining momentum. 

While the code may be open source, the entire thing is run by a company that needs to be trusted. This is against the core principles of decentralisation. The only reason no government in the world was able to “ban” Bitcoin is that there is no company running it, no CEO to subpoena or no servers to shut. A company will always have to comply with the local law. Registering a for-profit company for such an endeavor also raises questions about Rochko’s motives. The project that claims ‘no corporate surveillance’ in their Twitter bio is run by a for-profit corporation.

Decentralized Utopia

A decentralized social network cannot yet exist because many factors need to align and many technological challenges need to be addressed. The base layer for such a platform has to be a truly decentralized protocol. Once this protocol is completely decentralized, God-fearing people will build apps to filter child pornography and deliver sanitized content to users. Or give users the freedom to be restricted or wander as they please. 

A truly decentralized network – whether it is Bitcoin or a social network of the future – will have its trade-offs, just like every piece of technology ever invented since the wheel. The trade-off for a truly decentralized censorship-free network is that you will have Holocaust deniers and Flat earthers and those who worship Flying Spaghetti Monster. Because it is truly free for everyone. It will be used for every purpose one can imagine, just like with the Internet we got the Dark Web.

Right now, as Mastodon exists, it is completely controlled by the law, your Instance owner and Eugen Rochko as much as Twitter.