this post was submitted on 29 Jun 2025
295 points (98.7% liked)
Fediverse
20451 readers
196 users here now
A community dedicated to fediverse news and discussion.
Fediverse is a portmanteau of "federation" and "universe".
Getting started on Fediverse;
- What is the fediverse?
- Fediverse Platforms
- How to run your own community
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Since he said that the authenticator is the one that handles the communication & access, I expect banning the person from the authenticator would already automatically prevent anyone using that authenticator (or any other authenticator federating with it) from seeing the content.
As I understand it, the only thing the content provider would do is hosting the data. But access to that data would be determined by the service doing the access control, in the same way current instances are doing it.
Hosting involves removal of content, which is triggered by actions performed by users.
At the moment, if a Lemmy.world user spams CSAM content everywhere, other admins can reach out to the LW admins, they ban the users and purge the content.
In a users/content model, with Lemmy.users and Lemmy.world still being the content, other admins have to reach out to the Lemmy.users instance, get them banned, then to the Lemmy.world admins to trigger the purge of the content on the communities.
On top of that, it is currently recommended to mod from local accounts, as report federation will be fixed in Lemmy 1.0, not released yet: https://github.com/LemmyNet/lemmy/issues/3781
The main part of the "admin burnout" comes from the management of users. There isn't really that much to manage on the content part that isn't linked to users.
Exactly. That means instances would not longer have that responsibility. That would be on the hosting service, meaning less pressure for the instance. Once they ban the user, the content would not be shown, it would be purged from the federating network of that instance, regardless of whether the hosting service actually deletes it or not (but I expect it would be better if the protocol makes it so banning a user sends a notification to the hosting service).
It's more complex than that, at the moment, because the purge also involves mirrored content in other federating instances. The interesting part is that after it's triggered, then the process is pretty much automatic. When purging, Lemmy.world admins don't have to manually go around asking to all the other instances to delete the content. The purge request is currently being notified automatically to instances federating with it. Why would it be any different for a content hosting service?
At that point, the content instances would be merely storage. This model is already possible now, but the vast majority of instances host both users and content, because it is more interesting to have users to build a local community than just being a storage server.
If some admins were interested in only being storage servers, you would see more instances not allowing user registrations, but all the 35th most active instances allow them: https://lemmy.fediverse.observer/list
There have been cases where federation deletion was not processed correctly, so it would add an additional layer of potential issue
As I stated above, it is currently recommended to mod from local accounts, as report federation will be fixed in Lemmy 1.0, not released yet:
What that means is that on top of your Lemmy.user account, you would need a Lemmy.content account that would be able to fully moderate the community as a local account. Users don't like to juggle between different accounts to moderate and participate.
Imho, it comes down to how much you care about the content of the community you are building. The reason I'm in lemmy.ml and not some smaller instance is because of problems like the ones showcased here.
If I could self-host my own content I would not mind being somewhere else. In fact, I'm considering setting up something through brid.gy. The fact that there isn't a separation of the hosting means that if I want to secure my content I need to have my own 1-person instance which is not something the protocol is very well suited for. Plus it's likely most lemmy instances would not federate with it anyway since, understandably, they may prefer an allowlist approach rather than blocklist. The only sane way would be to have the instances have full control of the access as they are now, with storage being in a separate service that can be managed separately, the hosting service.
Would this change at all if there was a hosting service?
I expect you would still be recommended to mod from local accounts (the "authenticator"), even if the content hosting was a separate service. The local account would continue being the primary source of access to the content.. note that having a separate hosting service doesn't mean that the hosting service must be the one managing access to the content from the fediverse.
Quite a few instances are managed by non-profits which are much less prone to service disruptions, like https://fedecan.ca/en/ for lemmy.ca.
Isn't that contradictory with the users - content separation?
That seems contradictory with the previous point. My understanding was that
Is this correct, or am I missing something?
Then I think we had a different understanding. My understanding was something akin to what bluesky does with the PDS, the data service just hosts data and hands it over to the other service which is the one actually doing the indexing of that data and aggregating it into communities. The data of the community might be hosted in the hosting services, but it's accessed, indexed and aggregated through the authentication service.
The access management, the accounts, the distribution of data, etc. that's still in the server managing the federation. That's the way I understood it, at least (I'm not the person that originally started this train, that was @TheObviousSolution@lemmy.ca ).
This allows the content to potentially not be completely lost if an instance dies because it would be easier to carry your data to another instance without losing it. It's the same principle as in bluesky but applied to the fediverse.
Ah, I see. So something like https://activitypods.org/ ?
That would be an improvement indeed, but probably not something we will see any time soon.
There's several solutions, I was just stating the "at least" solution because everything needed for it is already present. You just need to remove functionality depending on the type of service you want to host.