Today we're sharing the first in a series of three posts from our leadership team, starting with @mellifluousbox discussing our mission, and priorities for 2026.
-
@benroyce @meowki @iju @ariarhythmic
1. Mastodon's code already includes a setting which server admins can enable to set a minimum age for their server, which will ask for a date of birth to be entered during sign-up. The date of birth is not stored, only checked once. This has been part of Mastodon's code since multiple months now: https://github.com/mastodon/mastodon/pull/34150
2. What they say in the blog is that they will audit the GmbH's own servers, which probably includes an audit of this feature.
3. The interesting stuff is what that "working group" will come up with.
-
@janantos @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron
It's entirely possible to own a credit card and not use it
The point is to solve the problem of age verification without asking anyone's age, and using cc solves that problem
But you also want to solve the problem of addictive personalities who wind up stuck on gambling?
What
You ask far too much
Nothing can function in this world on this level of concern
Scope your concerns to reasonable goals please
@benroyce @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron absolutely. However that time, even if you don’t use it, the credit limit goes negative to your credit score in bank risk assesment.
-
@benroyce @iju @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron absolutely. However that time, even if you don’t use it, the credit limit goes negative to your credit score in bank risk assesment.
@janantos @benroyce @ariarhythmic @mellifluousbox @Mastodon @MastodonEngineering @Gargron
I believe that "credit score drops if you don't use the card" is an US speciality. At least I've never heard of it outside imported TV-shows.
But it's a good point to say that not everyone owns a credit/debit card that works online. Though how many of those people are on Mastodon, is anyone's guess.
-
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox You're trying to deal with defeat before it even happens. Governments DGAF about your Mastodon instance. But they're happy to have you complying in advance.
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
that's not what i said
the point you're making is the point i made to you already:
"of course if you're a small fish doing small fish things, you'll probably be fine for a long time"
that's the real answer
a 20 account mastodon instance will go 10 years before anyone cares about it and age verification. unless someone on your server gains attention of the fascists
then the no age verification will be the conceit to dig on you
-
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
that's not what i said
the point you're making is the point i made to you already:
"of course if you're a small fish doing small fish things, you'll probably be fine for a long time"
that's the real answer
a 20 account mastodon instance will go 10 years before anyone cares about it and age verification. unless someone on your server gains attention of the fascists
then the no age verification will be the conceit to dig on you
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
by the very same token, setting up goddamn shell corporations in foreign countries is not anything a mastodon server with 20 accounts is ever going to do. that was what i was pushing back against: going to absurd contortions to escape the age verification. no one is going to do that
-
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
by the very same token, setting up goddamn shell corporations in foreign countries is not anything a mastodon server with 20 accounts is ever going to do. that was what i was pushing back against: going to absurd contortions to escape the age verification. no one is going to do that
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox If you're a server with 20 accounts, it's probably not open registration anyway. In this case, the main "opsec" you should be doing is not publicly identifying who runs the server and what jurisdiction it's under.
The case I was thinking of is more when you have a medium-sized, semi-open (e.g. by request/invite) instance with maybe 1000 or so users, which suddenly finds itself under threat of a being required to verify ages for its users. If you're not comfortable doing civil disobedience and just refusing to do that, the responsible thing is to restructure ownership outside of the jurisdiction. Whether that involves a "shell company" or real transfer of operations to trusted people elsewhere.
-
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox If you're a server with 20 accounts, it's probably not open registration anyway. In this case, the main "opsec" you should be doing is not publicly identifying who runs the server and what jurisdiction it's under.
The case I was thinking of is more when you have a medium-sized, semi-open (e.g. by request/invite) instance with maybe 1000 or so users, which suddenly finds itself under threat of a being required to verify ages for its users. If you're not comfortable doing civil disobedience and just refusing to do that, the responsible thing is to restructure ownership outside of the jurisdiction. Whether that involves a "shell company" or real transfer of operations to trusted people elsewhere.
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
you're not thinking about how this will play out in reality
in reality they will not care if you don't have age verification if you have 5 users or 50,000
but then someone on your server will draw the govt's attention. could be in 10 days. could be in 10 years. only then
and in that moment, i don't care what obfuscation you have that you think will work. it will not work
then absent age verification will be the conceit to go after you
-
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
you're not thinking about how this will play out in reality
in reality they will not care if you don't have age verification if you have 5 users or 50,000
but then someone on your server will draw the govt's attention. could be in 10 days. could be in 10 years. only then
and in that moment, i don't care what obfuscation you have that you think will work. it will not work
then absent age verification will be the conceit to go after you
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox The is absolutely what folks like me are talking about when we say "obeying in advance".
There will ALWAYS be a conceit to go after you if you're a target.
Kissing their asses 10 years in advance hoping it will not happen is a stupid strategy.
You either do the civil disobedience openly, or you mitigate the risks as best you can.
-
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox The is absolutely what folks like me are talking about when we say "obeying in advance".
There will ALWAYS be a conceit to go after you if you're a target.
Kissing their asses 10 years in advance hoping it will not happen is a stupid strategy.
You either do the civil disobedience openly, or you mitigate the risks as best you can.
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
why do you frame this as me kissing fascist ass?
i am talking about effective resistance
you are talking about suicide
the more accurate portrayal here is i am resisting intelligently
while you go up to a fascist and tap them on the shoulder and ask to be shot in the face
the issue here is being smart
it's not good enough in this world to have only a strong heart
you also need a strong mind
-
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
why do you frame this as me kissing fascist ass?
i am talking about effective resistance
you are talking about suicide
the more accurate portrayal here is i am resisting intelligently
while you go up to a fascist and tap them on the shoulder and ask to be shot in the face
the issue here is being smart
it's not good enough in this world to have only a strong heart
you also need a strong mind
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox Making all your users dox themselves or share their biometrics with an face scanning provider quietly affiliated with Palantir is not going to help you at all if you're not targeted, and not going to save you if you are.
All it's going to do is fuel fascism.
If you're not clear on this you shouldn't be running a service of this sort, but leaving it to folks who can make responsible decisions.
-
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox Making all your users dox themselves or share their biometrics with an face scanning provider quietly affiliated with Palantir is not going to help you at all if you're not targeted, and not going to save you if you are.
All it's going to do is fuel fascism.
If you're not clear on this you shouldn't be running a service of this sort, but leaving it to folks who can make responsible decisions.
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
if you look elsewhere in this thread i'm advocating for using credit cards for verification like valve does with steam
so the server doesn't have to deal with ids. they just run a $0 check
additionally, it allows your cc to be attached to your profile, so donations are a breeze
not enough donate. and unless more people do, you and i butting heads here will just all evaporate some day
reality my friend
idealism is for lost fools
-
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
if you look elsewhere in this thread i'm advocating for using credit cards for verification like valve does with steam
so the server doesn't have to deal with ids. they just run a $0 check
additionally, it allows your cc to be attached to your profile, so donations are a breeze
not enough donate. and unless more people do, you and i butting heads here will just all evaporate some day
reality my friend
idealism is for lost fools
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox What are you going to do with existing users who don't have credit cards? And can't get them? Or who have credit cards but whose safety might be put at risk by having their legal identity tied to their account and past writings?
Yes, for capitalist services that are going to obey age verification mandates, they absolutely should be offering "charge my credit card" as an option. I would even pay a one-time $20+ fee for this, anything to be able to continue using the service without submitting to face scanning or ID.
But non-capitalist things like Mastodon instances treating this as a harmless way to obey is NOT a good idea. It will exclude exactly the people we need to be including.
-
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox What are you going to do with existing users who don't have credit cards? And can't get them? Or who have credit cards but whose safety might be put at risk by having their legal identity tied to their account and past writings?
Yes, for capitalist services that are going to obey age verification mandates, they absolutely should be offering "charge my credit card" as an option. I would even pay a one-time $20+ fee for this, anything to be able to continue using the service without submitting to face scanning or ID.
But non-capitalist things like Mastodon instances treating this as a harmless way to obey is NOT a good idea. It will exclude exactly the people we need to be including.
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox One solution to the ills of verify-by-card, but also a reason I don't think the powers that be will let verify-by-card persist, is that I could just make a credit card with a $0 limit and share the number publicly for everyone to use until the card gets canceled, then repeat or have someone else do the same, until everyone who needs to get verified has done it.
-
@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox What are you going to do with existing users who don't have credit cards? And can't get them? Or who have credit cards but whose safety might be put at risk by having their legal identity tied to their account and past writings?
Yes, for capitalist services that are going to obey age verification mandates, they absolutely should be offering "charge my credit card" as an option. I would even pay a one-time $20+ fee for this, anything to be able to continue using the service without submitting to face scanning or ID.
But non-capitalist things like Mastodon instances treating this as a harmless way to obey is NOT a good idea. It will exclude exactly the people we need to be including.
@dalias @vervain @ariarhythmic @Mastodon @mellifluousbox
so you're advocating for donations, because you're not a fool, and you understand hosting services need to be paid
and at the same time, you're castigating me for asking for credit cards
work through the contradiction you just presented to me and get back to me
-
@ariarhythmic @Mastodon @mellifluousbox
the problem isn't mastodon it's your govt
if mastodon servers don't implement age verification in those jurisdictions that make it law, those servers get shut down by that govt
so you're blaming the wrong entity
are you really asking servers to face legal punishment and then get shut down anyway?
don't get me wrong: be angry
*at your govt*
not mastodon
@benroyce
I’d boil this down to, you can’t solve a social problem with technology. You can mitigate some of its effects but the underlying social parameters are still there. Nothing is going to save us from bad law except good votes.
@ariarhythmic @Mastodon @mellifluousbox -
@benroyce
I’d boil this down to, you can’t solve a social problem with technology. You can mitigate some of its effects but the underlying social parameters are still there. Nothing is going to save us from bad law except good votes.
@ariarhythmic @Mastodon @mellifluousbox@suzannealdrich @ariarhythmic @Mastodon @mellifluousbox
THANK YOU
are you listening, toxic idealists?
-
@suzannealdrich @ariarhythmic @Mastodon @mellifluousbox
THANK YOU
are you listening, toxic idealists?
@benroyce
Also, and I’ll repeat this for those at the back:
Changing the system takes a lot of time and energy. There is no quick fix. The winner will always be the one that is more effective at networking and communication.
@ariarhythmic @Mastodon @mellifluousbox -
@benroyce
Also, and I’ll repeat this for those at the back:
Changing the system takes a lot of time and energy. There is no quick fix. The winner will always be the one that is more effective at networking and communication.
@ariarhythmic @Mastodon @mellifluousbox@suzannealdrich @benroyce @ariarhythmic @Mastodon @mellifluousbox and willing to get their hands dirty
-
@suzannealdrich @benroyce @ariarhythmic @Mastodon @mellifluousbox and willing to get their hands dirty
@macacator @suzannealdrich @ariarhythmic @Mastodon @mellifluousbox
anyone who thinks we can just sing kumbaya and solve all of our problems is a fool
the dirty path always also needs to exist, even just in reference to put fear in the fascist's heart and force them to listen
-
@benroyce @Mastodon @mellifluousbox Compliance with fascist laws is fascism.
@ariarhythmic @benroyce @Mastodon @mellifluousbox Anybody that wants to operate their business in a country has to abide by the laws of that country. It's why Proton has been subpoened and had to hand over logs. It's the whole reason Signal collects as little data as possible, so they don't have anything to give but can still obey court orders. The alternative is for them to just leave that country entirely and abandon users who live there.
