Today we're sharing the first in a series of three posts from our leadership team, starting with @mellifluousbox discussing our mission, and priorities for 2026.
-
@benroyce @ariarhythmic @Mastodon @mellifluousbox None of that contradicts what I said. You don't run it as a citizen or resident of the hostile jurisdiction. You pass ownership to an entity in a safe location, and you put the fronting IP in a safe location. Physical servers can be somewhere else, but shouldn't be somewhere under the hostile jurisdiction unless you're confident there's no trail to them.
@dalias @ariarhythmic @Mastodon @mellifluousbox
if you're already in a safe jurisdiction, yes, get your servers out of a bad jurisdiction, absolutely
but if you're in an unsafe jurisdiction, it doesn't matter where your servers are. if they want to target you, they'll target you, and no amount of obfuscation will protect you from that
of course if you're a small fish doing small fish things, you'll probably be fine for a long time
-
@dalias @ariarhythmic @Mastodon @mellifluousbox
if you're already in a safe jurisdiction, yes, get your servers out of a bad jurisdiction, absolutely
but if you're in an unsafe jurisdiction, it doesn't matter where your servers are. if they want to target you, they'll target you, and no amount of obfuscation will protect you from that
of course if you're a small fish doing small fish things, you'll probably be fine for a long time
@benroyce @ariarhythmic @Mastodon @mellifluousbox You just make it so it's no longer you running it. It's been passed off to an entity legally incorporated someplace else, and your involvement is as a volunteer or contractor working with a foreign entity for which you have no authority to implement the type of "age verification" your government wants them to impose.
-
@benroyce @ariarhythmic @Mastodon @mellifluousbox You just make it so it's no longer you running it. It's been passed off to an entity legally incorporated someplace else, and your involvement is as a volunteer or contractor working with a foreign entity for which you have no authority to implement the type of "age verification" your government wants them to impose.
@dalias @ariarhythmic @Mastodon @mellifluousbox
so let's say i'm in the uk. you expect me to set up in let's say canada
under someone else's name? what? you have those kinds of connections?
nevermind the added cost
also the effort will trigger more interest in you than if you never tried it. when they find out you're just trying to avoid age verification they'll laugh
you think govts aren't used to this kind of intrigue from dealing with crypto/ gambling/ silkroad/ pedophile rings/ etc?
-
@iju @ariarhythmic @mellifluousbox
i have a better idea:
do what valve does
you need a credit card
they run a $0 authorization
*no id docs needed*
the server doesn't deal with sensitive data
even better:
now your cc is attached to your mastodon profile
your cc is right there for donating to the server later
as more people should be doing
snag:
germany doesn't consider a cc legally acceptable
but other jurisdictions do
Steam UK users will now need a credit card to access mature content due to the Online Safety Act
Valve recently put up a new support page, detailing the steps they've taken to comply with the UK Online Safety Act.
GamingOnLinux (www.gamingonlinux.com)
@benroyce @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron it is to utter idea, I don’t want to have amd I know a lot of people who doesn’t want to have credit cards and are completely ok with Debit Cards. 1. There are people who do not want to be formally in debt, 2. There are people who do not want to be formally in higher loan to salary ratio. (Yes when I was asking for mortgage, I got rid of CC, because it was literally increasing my debt to salary ratio even when it is not used, by its credit limits) and as last thing asking gamers (and yes gaming is addictive) when there are games with concept of in game payments for credit card is just wrong. It shall be regulated the same way as online gambling is.
-
@LukefromDC @benroyce @mark @nitrml @meowki @iju @ariarhythmic In case of mastodon you don’t need to possess ID, there are several KYC services, who verifies your customer and issue proof he is eg age verified. And you never posses any ID, CC etc. I would say this will be smaller burden (perhaps even cheaper) that setting whole payment infrastructure.
-
@benroyce @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron it is to utter idea, I don’t want to have amd I know a lot of people who doesn’t want to have credit cards and are completely ok with Debit Cards. 1. There are people who do not want to be formally in debt, 2. There are people who do not want to be formally in higher loan to salary ratio. (Yes when I was asking for mortgage, I got rid of CC, because it was literally increasing my debt to salary ratio even when it is not used, by its credit limits) and as last thing asking gamers (and yes gaming is addictive) when there are games with concept of in game payments for credit card is just wrong. It shall be regulated the same way as online gambling is.
@janantos @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron
It's entirely possible to own a credit card and not use it
The point is to solve the problem of age verification without asking anyone's age, and using cc solves that problem
But you also want to solve the problem of addictive personalities who wind up stuck on gambling?
What
You ask far too much
Nothing can function in this world on this level of concern
Scope your concerns to reasonable goals please
-
@LukefromDC @benroyce @mark @nitrml @meowki @iju @ariarhythmic In case of mastodon you don’t need to possess ID, there are several KYC services, who verifies your customer and issue proof he is eg age verified. And you never posses any ID, CC etc. I would say this will be smaller burden (perhaps even cheaper) that setting whole payment infrastructure.
@janantos @LukefromDC @mark @nitrml @meowki @iju @ariarhythmic
You're talking about decentralized identity
You can see vestiges of that in the project's history
So it looks like they abandoned that
Perhaps because it's not up to snuff yet?
But I don't know, I'm not up to speed
-
@benroyce @ariarhythmic @Mastodon @mellifluousbox You just make it so it's no longer you running it. It's been passed off to an entity legally incorporated someplace else, and your involvement is as a volunteer or contractor working with a foreign entity for which you have no authority to implement the type of "age verification" your government wants them to impose.
@dalias
Thank you for standing up for what is right. It is terrible seeing the excuses. -
@dalias
Thank you for standing up for what is right. It is terrible seeing the excuses.@vervain @dalias @ariarhythmic @Mastodon @mellifluousbox
it's about what works or not
there isn't excuses, there's dealing with reality
if someone wants to be pure and not deal with reality, ok
but the rest of us are trying to deal with the bullshit
and for that, i suppose we're a vast evil
same old toxic idealism, not achieving shit, but sure good at whining
-
@Mastodon @mellifluousbox Mastodon could aspire to replace X in Europe (given the current situation in the U.S. and the state of X). It is urgent that it include translation capabilities for this multilingual region
@pablomuyo @Mastodon @mellifluousbox what do you mean? Libretranslate works well on my instance for translating posts
-
Today we're sharing the first in a series of three posts from our leadership team, starting with @mellifluousbox discussing our mission, and priorities for 2026. Stay tuned this week for more.
Connecting the world through thriving online communities
A message from our Executive Director about Mastodon's vision and mission.
Mastodon Blog (blog.joinmastodon.org)
@Mastodon do not, I repeat DO NOT attempt to implement age verification. You’ll kill the platform. See: Discord.
Decentralised, federated networks are one of the few bastions from which we can fight this. Don’t throw that away.
-
@iju @ariarhythmic @Mastodon @mellifluousbox
looking at the emoji in aria's profile, not knowing if they are trans, but if they are i understand why they feel threatened by id checks
if i were trans i would feel intensely threatened, physically, mortally, by id checks
especially in countries like my like stupid fucking country (the usa)
at the same time:
if i *really* cared about id checks, i wouldn't be attacking the wrong entity
aria's heart is in the right place but their brain is AWOL
@benroyce fuck you, average mastodon dot social user
-
@vervain @dalias @ariarhythmic @Mastodon @mellifluousbox
it's about what works or not
there isn't excuses, there's dealing with reality
if someone wants to be pure and not deal with reality, ok
but the rest of us are trying to deal with the bullshit
and for that, i suppose we're a vast evil
same old toxic idealism, not achieving shit, but sure good at whining
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox You're trying to deal with defeat before it even happens. Governments DGAF about your Mastodon instance. But they're happy to have you complying in advance.
-
Today we're sharing the first in a series of three posts from our leadership team, starting with @mellifluousbox discussing our mission, and priorities for 2026. Stay tuned this week for more.
Connecting the world through thriving online communities
A message from our Executive Director about Mastodon's vision and mission.
Mastodon Blog (blog.joinmastodon.org)
@Mastodon @mellifluousbox @Gargron Project leaders should commit now to never poison the codebase with this stuff. If individual servers want to implement invasive age-checks (or have to in order to satisfy their local laws), that's up to them, but do not allow such things to fracture the Fediverse. Commit now to never allowing features such as blocking federation to/from non-age-verified servers.
-
@benroyce @meowki @iju @ariarhythmic
1. Mastodon's code already includes a setting which server admins can enable to set a minimum age for their server, which will ask for a date of birth to be entered during sign-up. The date of birth is not stored, only checked once. This has been part of Mastodon's code since multiple months now: https://github.com/mastodon/mastodon/pull/34150
2. What they say in the blog is that they will audit the GmbH's own servers, which probably includes an audit of this feature.
3. The interesting stuff is what that "working group" will come up with.
-
@janantos @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron
It's entirely possible to own a credit card and not use it
The point is to solve the problem of age verification without asking anyone's age, and using cc solves that problem
But you also want to solve the problem of addictive personalities who wind up stuck on gambling?
What
You ask far too much
Nothing can function in this world on this level of concern
Scope your concerns to reasonable goals please
@benroyce @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron absolutely. However that time, even if you don’t use it, the credit limit goes negative to your credit score in bank risk assesment.
-
@benroyce @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron absolutely. However that time, even if you don’t use it, the credit limit goes negative to your credit score in bank risk assesment.
@janantos @benroyce @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron
I believe that "credit score drops if you don't use the card" is an US speciality. At least I've never heard of it outside imported TV-shows.
But it's a good point to say that not everyone owns a credit/debit card that works online. Though how many of those people are on Mastodon, is anyone's guess.
-
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox You're trying to deal with defeat before it even happens. Governments DGAF about your Mastodon instance. But they're happy to have you complying in advance.
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
that's not what i said
the point you're making is the point i made to you already:
"of course if you're a small fish doing small fish things, you'll probably be fine for a long time"
that's the real answer
a 20 account mastodon instance will go 10 years before anyone cares about it and age verification. unless someone on your server gains attention of the fascists
then the no age verification will be the conceit to dig on you
-
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
that's not what i said
the point you're making is the point i made to you already:
"of course if you're a small fish doing small fish things, you'll probably be fine for a long time"
that's the real answer
a 20 account mastodon instance will go 10 years before anyone cares about it and age verification. unless someone on your server gains attention of the fascists
then the no age verification will be the conceit to dig on you
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
by the very same token, setting up goddamn shell corporations in foreign countries is not anything a mastodon server with 20 accounts is ever going to do. that was what i was pushing back against: going to absurd contortions to escape the age verification. no one is going to do that
-
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
by the very same token, setting up goddamn shell corporations in foreign countries is not anything a mastodon server with 20 accounts is ever going to do. that was what i was pushing back against: going to absurd contortions to escape the age verification. no one is going to do that
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox If you're a server with 20 accounts, it's probably not open registration anyway. In this case, the main "opsec" you should be doing is not publicly identifying who runs the server and what jurisdiction it's under.
The case I was thinking of is more when you have a medium-sized, semi-open (e.g. by request/invite) instance with maybe 1000 or so users, which suddenly finds itself under threat of a being required to verify ages for its users. If you're not comfortable doing civil disobedience and just refusing to do that, the responsible thing is to restructure ownership outside of the jurisdiction. Whether that involves a "shell company" or real transfer of operations to trusted people elsewhere.
