Sign in Subscribe
fediverse

Embrace, Extend, and Exploit: Meta's plan for ActivityPub, Mastodon and the fediverse

What's Meta up to?

Jon

15 min read
The Meta logo. Below, seven black shadow images of people, all looking at the colorful fediverse logo.
Join the discussion in the fediverse – and on Lemmy!

It's an exciting time in the interconnected web of decentralized social networks known as the "fediverse": Threads (a new social network from Facebook's parent company Meta) is starting to follow through on its plans for connecting to the fediverse.  The initial steps are tiny.  Today, people using Mastodon and other fediverse software can follow a handful of Meta employees on Threads.  But according to Instagram CEO Adam Mosseri they'll be steadily adding more functionality over the next year, eventually including two-way communication.  

As Should the Fediverse welcome its new surveillance-capitalism overlords? Opinions differ! discusses, from the fediverse's perspective the arrival of a company whose business model is built around exploiting people's data without consent – and has history of repeatedly breaking the law and contributing to genocide – is both an opportunity and a threat. Overall, I think that Meta's arrival will catalyze a lot of positive changes in the fediverse. In the last post in this series I'll have some suggestions about how the fediverse can react to increase the chance of positive outcomes. But this post looks at it in the other direction.  

What's in it for Meta?

Today's fediverse has less than 2,000,000 monthly active users – fewer than it had at the beginning of the year. Threads claims to have 100,000,000 monthly active users. Of course, Facebook and Meta have a track record of inflating their numbers (remember the big lie behind the "pivot to video"?), but even assuming they're exaggerating wildly, Threads is still much much larger than today's fediverse.  So why is Meta investing in ActivityPub and showing so much interest in the fediverse?

exploit: verb (used with object)

· to utilize, especially for profit; turn to practical account: to exploit a business opportunity.

· to use selfishly for one's own ends: employers who exploit their workers.

dictionary.com

Here's one way of looking at Meta's strategy:

  1. Embrace ActivityPub, Mastodon, and the fediverse
  2. Extend ActivityPub, Mastodon, and the fediverse with very-usable app that provides additional functionality (initially the ability to follow everybody you're following on Instagram, and to communicate with all #Threads users) that isn't available to the rest of the fediverse – as well over time providing additional services and introducing incompatibilities and non-standard improvements to the protocol
  3. Exploit ActivityPub, Mastodon, and the fediverse by utilizing them for profit – and also using them selfishly for Meta's own ends

Since the fediverse has so many fewer users than Threads, the most obvious ways of exploiting it – such as stealing market share by getting people currently in the fediverse to move to Threads – aren't going to work. But exploitation is one of Meta's core competences, and once you start to look at it with that lens, it's easy to see some of the ways even their initial announcement and tiny first steps are exploiting the fediverse: making Threads feel like a more compelling platform, and reshaping regulation.  Longer term, it's a great opportunity for Meta to explore – and maybe invest in – shifting their business model to decentralized surveillance capitalism.

Before we get to that, though, let's talk about another popular theory about what Meta's up to.

Extinguish isn't the only word that starts with an E

"The Embrace, Extend, Extinguish argument also falls down at the last point for me: Extinguish. This is a tremendous amount of effort that Meta is undertaking to try and… what? Stop the fediverse from growing? Defeat Mastodon, Meta’s mighty competitor? I think both of these goals are extremely small potatoes."

– Gavin Anderegg, Thoughts on Threads and ActivityPub, December 15

There's been a lot of discussion in the fediverse about the risks of Meta embracing, extending and extinguishing (EEE) the ActivityPub standard. It's a strategy that Microsoft and Google are best known for, but Microsoft and Google are far from the only ones who have used the EEE strategy. In fact, Mastodon's success in 2016-8 is a great example:

  • Mastodon initially embraced the OStatus standard that early fediverse platforms used, exploiting it (in the non-selfish sense of the word) to get compatibility with the existing ecosystem
  • Next, Mastodon extended the standard with valuable but controversial improvements like post visibility, and developed its own API for clients which became a de facto standard.
  • Time passed, and Mastodon dropped support for OStatus – which extinguished most adoption of OStatus and OStatus-based software and instances.  

Even though that's how things worked out, it's not like Mastodon intentionally set out to extinguish OStatus. There were real limitations of the protocol that got in the way of Mastodon providing value to its users, so of course Mastodon extended it – things were somewhat ugly for a while, but Mastodon was bigger than everybody else so most people went along.  And then ActivityPub came along, and it was a better fit or Mastodon's needs, so of course Mastodon adopted the parts of it that made sense (while keeping its own proprietary client API) and dropped OStatus.

The same is true with Google's adoption and then abandonment of the XMPP protocol, which is also often described as EEE. I don't think that's the right way to look at it; for one thing, XMPP is still around, and thanks to adoption by Zoom and others it has hundreds of millions of users – or billions, if you count WhatsApp'a non-standard derivative version. But in any case, whether or not it was EEE, Google didn't go into it with a goal of killing XMPP.  They just wanted to exploit XMPP to address a business problem of making Google Talk successful – and did so, until it wasn't useful to them any more.

So while it'd be kind of ironic if Mastodon’s dominance from EEEing OStatus ended by Meta EEEing Mastodon and ActivityPub – live by the EEE, get extinguished by the EEE – that's unlikely to be Meta's goal at this point. Of course, if and when Meta sees the fediverse as a significant threat, they'll ruthlessly stamp it out.0  

But right now, they've got a huge potential longer-term opportunity to coopt the fediverse as a basis for decentralized surveillance capitalism. It might not work out, of course, but even if it doesn't keeping a neutered fediverse around might still be useful to Meta as long as it's not a threat to their dominance (just as Google subsidizes the Firefox browser). Either way, as Ramin Honary suggests, it's a great opportunity for Enshittification – yet another word that starts with an E!

And in the short term, there's money to be made – and regulators to try to influence – by exploiting the fediverse.

Making Threads feel like a more compelling platform

“I think we might be a more compelling platform for creators, particularly for the newer creators who are more and more savvy, if we are a place where you don’t have to feel like you have to trust us forever.”

– Instagram CEO Adam Mosseri, quoted in Alex Heath's Instagram’s boss explains why he’s taking on Twitter with Threads, July 2023

Twitter's meltdown highlights the risks of basing your online network on a platform run by an untrustworthy corporation – and Facebook and Meta have a loooong and richly deserved reputation for untrustworthiness.  So why should people and brands looking for a Twitter alternative invest the time and energy to rebuild their networks on Threads? Of course some people will fall for "Trust us, it'll be different this time" or "yeah we'll screw you eventually but not for a while," but I agree with Mosseri: savvy people will indeed find it more compelling if the feel like they don't have to trust Meta forever. Whether or not it's ever becomes real, the story that the fediverse will provide an escape path helps with that.

"Eventually, it should also be possible to enable creators to leave Threads and take their followers with them to another app/server."

– Mosseri, on Threads, December 15

How real will the story turn out to be?  It's hard to know. For one thing, Mosseri has said that Threads' current plan is to "explicitly opt in to your content being available on other servers"; while that's good from a privacy and safety perspective, if they follow through it would also mean that creators to leaving won't be able to take all their followers with them.  [If somebody's following you on Threads but hasn't opted in to federation, then when you move to an instance in the real fediverse they won't be following you any more.]  And "eventually" is doing a lot of work in Mosseri's quote. Until "eventually" happens, creators can't actually move any of their followers to the fediverse. So we shall see.

But from Meta's perspective, so what? As Mosseri says, the goal here is to make people feel like they don't have to trust Meta forever. It's a good story, and that by itself has a lot of value at this point. It's getting favorable coverage in the tech press, too. And it'll be easy enough to implement an initial version (Mastodon already has this functionality) as a demo to show progress.

By the time the (incomplete) functionality is implemented, Threads will presumably have been further extended with additional functionality beyond what's available elsewhere, so creators will lose even more if they try to move. And while Meta could potentially make it as easy to use as possible and ensure that most or all of your information gets transferred ... they might well decide that's not in their business interest, and they'd rather use the fediverse selfishly for their own ends. So it's not clear how many people will actually take advantage of this functionality. Oh well, that's the fediverse's problem, not Meta's.

Reshaping regulation

"I’m also excited about our commitment to join the Fediverse and support the ActivityPub protocol. At our scale, it’s an incredibly exciting technical and regulatory challenge."

– Gergely Orosz, Building Meta’s Threads App, September 2023
"[L]ooking forward to  ... [w]orking with experts to figure out how we can reshape regulations that are built for closed systems, and adapt them to more open ones"

Rachel Lambert, Director of Product Management at Meta, December 14

Meta's under pressure from regulators all over the world – and their long-term strategy of breaking the law, stretching out the process, and then paying fines as a cost of doing business is getting increasingly expensive. A billion here, a billion there ... that's just pocket change for Meta, but newer EU laws have much bigger fines, and penalties like bans on using personal data for targeting ads and "algorithmic disgorgement" are potentially existential threats. But regulations can be influenced, and Meta – like other Big Tech companies – spends a lot of time and money working to shape regulations to their advantage.

Embracing ActivityPub and the fediverse gives Meta the opportunity to portray themselves as evolving and advocating for what's best for open systems, not just their own business. Working with the fediverse gives them the opportunity to get people who are usually critics, and have a long history of working on independent social networks and open systems, to say that at least in this area Meta's changed and are working collaboratively on a system that gives everybody more freedom.

Not only that, the story that (eventually) people will be able to leave Threads and take their audiences with them potentially gives Meta a counter to anti-trust regulators concerned about market dominance. For that matter, just as Microsoft subsidized Apple for a while in the 1990, and Google subsidizes Firefox to give the illusion of a competitive browser market, Meta may well find the very existence of the fediverse useful enough to support.

Of course, there are ways in which regulations do need to evolve to adapt to open systems. Meta (and other large incumbent surveillance capitalism companies) will try to use this selfishly to reinforce their dominance. Maybe the fediverse "influencers" working with Meta will do the right thing even at the expense of their professional interests. Then again, maybe they'll just wind up repeating Meta's talking points, or hold off on criticizing Meta's position. Time will tell.

"The European Union is coming down hard on Meta, demanding all sorts of interoperability as part of its Digital Services and Digital Market Acts. By implementing a bona-fide W3C interoperability standard as part of a new app, Meta can signal both cooperation with the EU authorities, while delaying opening its core business as long as possible."

– Fedierse influencer Johannes Ernst, in Why would Meta implement ActivityPub? 1½ reasons are compelling, another is not, June 2023

The EU's interoperability requirements are a concrete example of how this could play out in practice. The Digital Market Act (DMA) includes requirements from six large "gatekeepers" – including Meta – on core platform services including social networking, and specifically requires interoperability of messaging services. Threads' integration with ActivityPub wouldn't address the messaging interoperability requirements (which apply to Messenger and WhatsApp), but as Ernst describes could still be very useful for Meta to give regulators the impression that they're moving in that direction.  

And as EFF's The EU Digital Markets Act’s Interoperability Rule Addresses An Important Need, But Raises Difficult Security Problems for Encrypted Messaging describes, the current regulations really do create some real issues. Meta and other gatekeepers will no doubt continue to push to weaken them, so as well as being able to use the Threads/ActivityPub integration to pretend they're acting in good faith, there's a lot of value in getting fediverse influences somewhat more likely to be on their side.

Decentralized surveillance capitalism

From Meta's perspective, one of the advantages to exploiting the fediverse to make Threads feel like a more compelling platform and to reshape regulation is that they can get a lot of mileage without investing much. They've got a great story, and maybe that's enough. If their early experimentation runs into problems – or if other things take priority – they can slow down the pace, blame the current state of ActivityPub or the fediverse, and come up with another story.  And with a little more thought, it's easy to see other ways Meta could exploit the fediverse without a significant investment.

But if they decide it makes sense to invest more, a decentralized approach could work out really well for Meta. Put the current fediverse to the side, and imagine a future of decentralized surveillance capitalism, where "Meta's fediverse" filled with instances run by brands, politicians, celebrities, influencers, and non-profits – all doing harvesting data on Meta's behalf, allows Meta to avoid responsibility and liability2 but continue to profit from hate groups, disinformation, and white supremacy.

How cool would that be?  (For Meta, that is.)

The leaked information from Meta discussing "win/win monetization" partnerships with fediverse instances fits in well with this direction, most obviously with revenue share from ads, subscriptions, video-on-demand, and merchandise sales. Disney and the LA Lakers could offer premium options (and target ads) to fans! Alex Jones, the Krassenstein brothers, and other grifters could milk their base and sell supplements even more effectively than on Xitter! Since Threads doesn't plan to focus on news, it's a great opportunity for Fox News, OANN, and Breitbart! That sure sounds like something that would appeal to Zuckerberg – and to Threads' early adopters like Steve Bannon, Donald Trump Jr. and Libs of Tik Tok.3  

And as Don Marti points out, most targeted advertising revenue comes from a relatively small percentage of users.  So Meta can also encourage less-lucrative users to migrate to instances hosted by non-profits or volunteers – potentially "a workable alternative to pay or consent when that legal trick fails to hold up in court."  It's got success written all over it!

Similarly, from a moderation perspective, there really is a lot for Meta to like about a decentralized approach. For one thing, it outsources the costs – and heat from regulators – of dealing with people and organizations that are especially expensive to moderate. And if Meta actually does want to do a better job on moderation, a decentralized approach – allowing different countries and cultures to establish their own norms on different instances – is potentially complement to their current strategy of combining discriminatory and inaccurate AI and exploiting low-paid outsourced moderators.

Of course I'm glossing over quite a few details here, and maybe Meta will decide to stick to good ol' centralized surveillance capitalism for the time being. Even if they do decide to shift to a decentralized model, ActivityPub today isn't yet a good basis for that kind of system. As fediverse influencer Evan Prodromou points out, Meta will have a delicate balance participating in standards without taking over. So they may well wind up having to extend the protocol. Oh noooo!!!!! I'm sure they hate that idea!  

In the longer term, they may decide that ActivityPub doesn't make sense for this more ambitous direction – just as Google initially adopted XMPP for Google Talk and then ditched it.  But then again if they can help ActivityPub evolve in a way that works for them, they might well keep it.  Google's embrace-and-extend strategy with gmail continues to use the SMTP protocol, and Chrome continues to support HTML, so I could certainly imagine Meta sticking with a surveillance capitalism-friendly ActivtyPub.

How will the fediverses respond?

Meta's gonna do what Meta's gonna do. As There are many fediverses -- and a lot of people will prefer them to Threads discusses, reactions to Meta are likely to cause a schism in the fediverse. mastodon.social and other large instances, along with fediverse influencers like Prodromou, are currently eager to be part of "Meta's fediverse".  Many others, including the signers of the anti-Meta fedipact, will wind up in one or more "free fediverses" that don't federate with Threads.

How will the different regions of the fediverse respond to Meta's embrace, extend, and exploit strategy?

That's a good question, and one I'm going to save for the second part of this series. A few sneak previews:

Since Mastodon is dominant in today's fediverse, and Mastodon gGmbH CEO Eugen Rochko is an unabashed supporter of Meta, a top priority for the free fediverses is to eliminate their dependencies on Mastodon. This is long overdue for other reasons as well: Mastodon's innovation has been extremely slow ever since Rochko drove away early queer and trans contributors in 2017-8, and other fediverse platforms like GoToSocial, Akkoma, Bonfire, and Streams are much better designed from a privacy and safety perspective.  Rochko's parroting of Meta's talking points will hopefully add momentum to – and lead to more adoption and funding of – of these other products, as well as a long-overdue well-funded hard fork (variant) of Mastodon that prioritizes privacy, safety, and local communities. Current Mastodon forks like Glitch-soc and Hometown are great starting points. The best time for a hard fork was six years ago ... the second-best time is now!

In the short term, instance admins planning on joining "Meta's fediverse" face three critical decisions:

  • whether or not to justify their decision to their users – and if so, how.
  • whether to turn on authorized fetch.  If they don't, people on their instance who try to block Threads won't actually be protected – their posts can still federate to Threads, where hate groups can interact with the and Meta can track the data and use it to refine their AI models and ad targeting. But even though other more privacy-conscious fediverse platforms like GoToSocial turn on authorized fetch by default, Mastodon's documentation warns against using it (there's a significant performance it), so mastodon.social and other large instances don't currently enable it.
  • what, if anything, will lead them to revisit their decision to federate?  Once people are used to following accounts on Threads – and see it as part of why they've chosen the instance – the costs of blocking Threads are higher (hmm I wonder if that's part of the reason Threads is introduce functionality so slowly?) so now's the time to think about this. hachyderm.io's detailed post is a good model, although obviously each instance will come up with its own criteria.

Stay tuned for more!  

To see new installments as they're published, follow @thenexusofprivacy@infosec.exchange or subscribe to the Nexus of Privacy newsletter.

Notes

0 As Jason says as part of an excellent thread about a company he refers to as ECorp

"[K]illing platforms before they get too big is Ecorp's whole thing. It's what they do.

In fact, ECorp kept an early detection system built on a VPN acquisition that specifically targeted small start ups.

Remember that VPN for kids ECorp launched to the App Store? Then later got caught slurping data? The app one pundit called "vampiric"? Yeah, same thing. It was hunting for small apps with momentum."

I have no idea who this pseudonymous ECorp might be but for some reason Jason included a link to a Wall Street Journal article on How Facebook Squashes Competition From Startups and later in the thread to the Kill Zone paper that also mentions Facebook (who changed their name to Meta in hopes that people would forget about Cambridge Analytica and the genocide in Myanmar) so I figured I might as well include it in a footnote.

1 I can't stress strongly enough how good a call Threads' current plan for users to opt in to federation is this is from a privacy and safety perspective -- in fact, I really wish other fediverse platforms would emulate it. Mastodon probably won't, alas; in response to the news about Threads' plans, Mastodon BDFL (Benevolent Dictator for Life) Eugen Rochko restated his opposition to consent-based federation. Anil Dash has famously talked about the importance of the expectation of consent in the fediverse, but I guess Rochko didn't get the memo. How ironic is it when Meta appears to understand consent better than open source alternative? And Mosseri did note that the decision is "somewhat controversial within the Mastodon community", so they might change their mind. We shall see. In any case, two things can be true at once: even though it's a good decision by Meta from a privacy and safety perspective if they follow through on their current plans, it also means the story they're telling isn't true.

2US privacy laws largely exempt "service providers", as long as they follow the instructions of whatever entities they're providing a service to. Update, April 2024: IAPP's cheat sheet on the newly-proposed American Privacy Rights Act (APRA) highlights how many of the bill's requirements don't apply to service providers. And, APRA exempts "small businesses" whose revenue is under $40,000,000 / year and process covered data of less than 200,000 people! So relatively-small for-profit fediverse instances wouldn't be subject to pesky legal requirements like only using the data for permissible purposes or getting opt-in consent for sharing or selling sensitive data ... and Meta wouldn't either, as long as they're acting as a service provider. Win/win!

3 In fact, speaking of Bannon and his pals, since far right social networks Gab and Truth Social are built on ActivityPub, if Threads opens up two-way federation as planned later this year they'd have a golden opportunity to try to build on the Trump campaign's successful work with Facebook on digital voter suppression in 2016, the "Stop the Steal" and coup planning in 2020, and QAnon conspiracy theory as well as Libs of Tik Tok and Moms for Liberty's work. What could possibly go wrong?

Update log

Ongoing: typo fixes, wording clarifications, etc.

April 15 2024: add footnote on service providers

December 2023: original version