78

The author examined the distribution of instances in the fediverse. Given that many instances are hidden behind CDNs like Cloudflare or Fastly, the author employed ActivityPub's functionality to discover the actual hosting locations of servers. More than half (51%) of the fediverse is hosted within a single hosting company. The author suggests that the fediverse hosted mostly with a few major providers, deviates from its initial objectives.

all 18 comments
sorted by: hot top controversial new old
[-] mormund@feddit.de 91 points 8 months ago

Not to give any judgement on whether usage of a CDN is good or bad. But I think it is a bad idea to talk about decentralized hosting and decentralized ownership like they are identical. The problem with social media the fediverse is solving isn't that all social media goes down when CloudFlare/Facebook CDN goes down. It's to be independent of one organisation or even person that can ruin the fun for everyone. If CloudFlare bans every instance, the owners are still in control of their DNS names and can just move to another CDN or their own reverse proxy/cache

[-] mypasswordis1234@lemmy.world 2 points 8 months ago

Please see my statement on this matter under @themurphy@lemmy.world's comment.

[-] themurphy@lemmy.world 70 points 8 months ago

Whoever wrote this blog post missed the point in the way the fediverse is decentralised.

It's not about hosting. It's about ownership. And that means hosting can change at any moment. Because no one company decides anything.

That's why we really want the fediverse. Because it's not build for late stage capitalism and monopolies.

[-] mypasswordis1234@lemmy.world 3 points 8 months ago

You're correct; the focal point revolves around data ownership. However, you have to ask yourself, do we actually own the data?

Currently, four major hosting companies dominate the fediversum. Instance owners in practice do not have full control over the physical servers where their data is hosted.

Do you own the disks on which the data is hosted? No! The hosting companies retain that ownership and, can wipe the contents with a mere click.

A regular court order is all it takes, and I question whether every instance is backed up? While some may indeed have backups, they might reside on the very same server. Others, although having backups, may execute the process improperly. Additionally, there are those with partial backups, and the list goes on.

[-] TORFdot0@lemmy.world 21 points 8 months ago

Those companies don't own your backups and can't stop you from moving your instance somewhere else. And if you don't have a backup then it doesn't matter if you are running your instance in a datacenter you built yourself because you can inadvertently wipe the contents with a mere click

[-] towerful@programming.dev 13 points 8 months ago

Anyone concerned with that threat model can host their own instance on whatever hardware they want.
They could have the middleware load balanced over aws/azure/gcp/hetzner/at-home and have load-balanced replicated postgres also running on those hosts.
They could use CDN & threat protection from those cloud providers as well as cloudflare. And really distribute the threat of that situation.
But nobody wants to fork out $$$ every month before they are even scaling to thousands of users, never mind the added complications of middleware from one provider trying to interact with a load balancer on another provider which is forwarding to postgres on a different provider, let alone geographic latencies.
Then trying to manage that, never mind the headache of an update.

But, if that is someones threat model, then they CAN work around it.

Companies owning the actual servers and infrastructure is at the level of enormous scaling (like twitter) or high risk (like banking, even then chances are they are running hardened systems that would be secure on anything).
Most companies will pass that responsibility off to a single provider, and rely on that providers skills/services for uptime

[-] conciselyverbose@sh.itjust.works 5 points 8 months ago

A regular court order won't be granted unless there's very good reason.

And it won't be issued to cloudflare to "delete everything that uses ActivityPub", because that's insane. And would require a bunch of manual engineering work.

And being distributed through cloudflare tells you nothing about where the files are stored. Because they're a CDN.

[-] r00ty@kbin.life 4 points 8 months ago

OVH server owners learned their lesson not to keep their backups on the same hosting provider after the fire a few years ago. The only problem I had was actually getting OVH to give me a new server to restore my off-site backup to!

If you have backups independently of your hosting provider AND your domain isn't hosted with them. The worst they can do is take you down for the time it takes to get a new server elsewhere, restore your data and point your DNS (or CDN endpoint) to your new home.

If you're running a fediverse server and at the bare minimum don't have your database backed up somewhere, then the fault of any takedown is as much your fault as your hosting provider.

Mine is first backed up nightly to a server on another hosting provider, and that in turn is backed up to encrypted cloud backup.

[-] soulfirethewolf@lemdro.id 26 points 8 months ago

I always feel like whenever someone complains about fedi not being fully decentralized because they perceived too many instances as being held under a single place, they miss the point a little bit in terms of prioritizing infrastructure over user governance.

Aside from the potential disasters happening at them, it just really doesn't feel like a problem if most people are hosting an instance on a popular cloud platform. These are companies that are just providing infrastructure, and as long as you aren't trying to abuse their network or spread anything that they consider to be harmful, they won't really care.

Instances operated under Home and business ISPs aren't particularly immune to this either. And can still cut off an instance if they decide to.

[-] GadgeteerZA@fedia.io 17 points 8 months ago

@mypasswordis1234@lemmy.world being behind Cloudflare does not stop an instance being decentralised at all. I have a very small site that I can only afford a little money to host it. Although it is "behind" Cloudflare, it is hosted in the UK. That hosting is decentralised. Without a CDN my instance could not exist unless I had a ton of cash to pay for superfast hosting.

None of this makes my site "centralised".

[-] mypasswordis1234@lemmy.world 1 points 8 months ago

While the hosting location may be decentralized, using Cloudflare introduces a level of centralization in the way Internet traffic is managed. Cloudflare acts as a central point through which all incoming traffic is routed before reaching your decentralized server. This centralization is evident in the fact that Cloudflare controls access to the site, providing security measures, CDN services and acting as a proxy server.

Without Cloudflare, hosting can indeed be decentralized, but the inclusion of this proxy service means that a central entity (Cloudflare) plays a key role in handling and directing traffic. This introduces a level of centralization to the overall service, even if the hosting itself remains decentralized.

[-] BlueEther@no.lastname.nz 8 points 8 months ago

And it will take me all of 60 seconds to turn off cloudflare on my instance I I ever have to and 5 min for TTL on the DNS to expire, bit in saying that I have moved from a small indipendent VPS to a much larger provider for cost saving (Mostly for storage, but also double the core count).

[-] iopq@lemmy.world 12 points 8 months ago

You can change hosting if you still own the domain

[-] smileyhead@discuss.tchncs.de 8 points 8 months ago

I always see ActivityPub as a simple glue to existing model of social media networks.

If we want to decentralize further and further the end goal would be a serverless message format with public/private key cryptography build on something like Yggdrasil or GnuNET network.

[-] kolorafa@lemmy.world 7 points 8 months ago

Just by looking at the biggest instances someone could think that they cover most of the users but I'm positively shocked.

Kudos for the work!

But the summary is missleading.

[-] homesweethomeMrL@lemmy.world 4 points 8 months ago

Is an instance its AZ? It’s SSD? Or its networking? Or its moderation?

this post was submitted on 08 Mar 2024
78 points (100.0% liked)

Technology

59449 readers
2767 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS