2025 0425 Conflating access and community considered harmful

There’s a trend for open source social projects to provide access to a network of communities through infrastructure controlled by a single community. This is a bad idea.

A niche-famous example is the 2022 acrimony between journalists Mike Pesca and Parker Molloy on https://journa.host. Both users were banned from the server for legal behavior that is allowed in other communities, which expelled them not just from the journa.host community, but deleted their entire Mastodon identities and the archives of their previous posts.

Access through community

Mastodon is the most widely-known example of this practice. Servers are responsible for the user’s entire account and identity: I’m @micahrl@mastodon.social, and the @mastodon.social part indicates that https://mastodon.social is my server. I agreed to mastodon.social terms of service, and if I break the rules, a mastodon.social admin could ban my account, deleting my Mastodon identity. Through mastodon.social, I can interact with users on most other fediverse server-communities, like @internetarchive@mastodon.archive.org, which is hosted elsewhere. My identity, and access to the broader Fediverse, is through mastodon.social.

Mastodon advocates for the server-community, by suggesting in its documentation that users find servers that align with their interests and values, and building into the software the local timeline, which is populated only with posts from the server each user joined. There are hundreds of public servers, and while some are general purpose, many are focused on specific software, a distinct region of the world, certain cultural interests, and so forth. These can be very broad or very specific.¹

Matrix is another federated social network that uses its own protocol. It supports primarily real time text, voice, and video chat. The Matrix foundation runs the matrix.org server which it admits is the most popular choice, but encourages users to choose another on its hosted services page. In Matrix the conflation of access and community is more pronounced: servers offer user accounts (identity/access) and host chat rooms (community), both suffixed with the server’s TLD like @server.example. Third party servers seem rarer than in the Fediverse, but those that exist are almost always focused on a particular social community.

Restrictive norms

The norms in a community are and ought to be more restrictive than those of other services, like identity.

Consider other identity/access and community pairs:

The service providers have very generic rules, prohibiting mostly illegal and widely-disliked behavior². These communities often have very specific social rules, which are important for the community’s cohesiveness and longevity. In order for rules to serve their pupose, they must go beyond the rules that are already part of the service provider and the broader society, otherwise, there are no boundaries that separate the community from the society.³

This is why individual communities are the wrong place to provide access. A community has to have rules that don’t make sense for everyone to follow, so it is the wrong layer to provide access for everyone to use.

We understand this in other realms. Most people do not rely on their place of employment for their primary email address, so that losing their job doesn’t also prevent them from logging in to their bank or talking to their grandma.

By analogy, consider the American doctrine of the separation of church and state. The norms of the church should be more restrictive than the laws of the state. Church is community; state is more fundamental infrastructure that includes identity. It’s good for the church to enforce rules that not everyone can follow; it’s good for citizens that excommunication does not imply deportation.

Effects

Banning users affects:

• Post history. Posts may be made permanently unavailable both to the public and to the banned user.
• Secondary membership. Users may be members of private communities apart from the one that provided them access to the network, and when their account is banned, their access to those secondary communities is blocked as well.
• Continuity. Once a user is banned, they have no opportunity to advertise a new identity from their banned one.

The effects of these bans mean that users, especially users of niche servers, are evaluating the social norms of the conversation they’re having and of the community that gives them access to that conversation — reifying context collapse. Users will lose access to a wide range of communities accessible on all of Mastodon when they violate niche norms of the community that happens to host their identity.

A major criticism of centralized social media is that it’s one set of norms enforced on the entire world; whatever values are common among upper-middle class young professionals in California and New York tend to become reflected in the administrative policy of the social media companies they work for.

Decentralized social media has designed itself into a similar situation.

Partial defenses

Users who fear the banhammer might use one of two opposing strategies:

1. Join a server-community with as wide as possible a membership, hoping for as expansive as possible a set of norms that will overlap with theirs. Because rules used to protect a community must be more restrictive than those in broader society, it follows that a very large community will have the most generic rules.
2. Find a server-community that matches their values in many dimensions, hoping to find norms that match theirs as close to 100% as they can. A user aligned in interests, politics, morals, experience, and culture will find rules intuitive and easy to follow.

The weakness of the first strategy is inherent in the value proposition of federation itself: if a single server was a good place for all ideas, why bother with the technical complexity of federation at all? Some things just aren’t a good fit for mainstream communities, and it’s good that we have a place for them. Also, the Mastodon community explicitly discourages it: At various points in the past, the flagship mastodon.social instance has actively dissuaded users from signing up on it, has paused registration to force this, and has requested users avoid it in the official documentation. This is still the advice of the wider Mastodon community today.

The second strategy is great if you can get it. The problem is that while there are lots of servers, server count increases linearly while the intersection of personal interests increases combinatorially. Most people just won’t be able to find a server that aligns with them on many dimensions.

Neither of these strategies are any use once you’ve already been banned.

Proposals

What should we do instead?

1. Design for single user instances from the ground up. While imperfect, a healthier single-user instance story would give users another option, a sort of extreme version of defense strategy #2 above. Let this contrain larger design, rather than the other way around. A hypothetical Fediverse protocol that could be hosted on a static site would lower the barrier of entry considerably.
2. Provide users with cryptographic control of their identity. Separate a user’s identity proof from the host of their content. Allow users to advertise a new account without cooperation from the host of their old account, and let them keep membership in private groups when they migrate between accounts.
3. Place control of a user’s posting history with the user, not the server. Servers are useful places to offload media storage, especially for video, so this can be tricky. However, even a mobile phone can keep approximiately infinite text posts approximately forever. Rely on federation to retrieve larger media like images and text. And build clients that can keep a high fidelity local archive, even if they’re only used on the desktop by power users.
4. Disentangle DNS from a post ID. Links should not go dead if a user is banned from one server and reappears on another with all their posts.