Where is all of the fediverse?
blog.benjojo.co.uk

The author examined the distribution of instances in the fediverse. Given that many instances are hidden behind CDNs like Cloudflare or Fastly, the author employed ActivityPub’s functionality to discover the actual hosting locations of servers. More than half (51%) of the fediverse is hosted within a single hosting company. The author suggests that the fediverse hosted mostly with a few major providers, deviates from its initial objectives.

  • My Password Is 1234@lemmy.worldOPEnglish
    419·
    7 months ago

    You’re correct; the focal point revolves around data ownership. However, you have to ask yourself, do we actually own the data?

    Currently, four major hosting companies dominate the fediversum. Instance owners in practice do not have full control over the physical servers where their data is hosted.

    Do you own the disks on which the data is hosted? No! The hosting companies retain that ownership and, can wipe the contents with a mere click.

    A regular court order is all it takes, and I question whether every instance is backed up? While some may indeed have backups, they might reside on the very same server. Others, although having backups, may execute the process improperly. Additionally, there are those with partial backups, and the list goes on.

    • TORFdot0@lemmy.worldEnglish
      18·
      7 months ago

      Those companies don’t own your backups and can’t stop you from moving your instance somewhere else. And if you don’t have a backup then it doesn’t matter if you are running your instance in a datacenter you built yourself because you can inadvertently wipe the contents with a mere click

    • towerful@programming.devEnglish
      12·
      7 months ago

      Anyone concerned with that threat model can host their own instance on whatever hardware they want.
      They could have the middleware load balanced over aws/azure/gcp/hetzner/at-home and have load-balanced replicated postgres also running on those hosts.
      They could use CDN & threat protection from those cloud providers as well as cloudflare. And really distribute the threat of that situation.
      But nobody wants to fork out $$$ every month before they are even scaling to thousands of users, never mind the added complications of middleware from one provider trying to interact with a load balancer on another provider which is forwarding to postgres on a different provider, let alone geographic latencies.
      Then trying to manage that, never mind the headache of an update.

      But, if that is someones threat model, then they CAN work around it.

      Companies owning the actual servers and infrastructure is at the level of enormous scaling (like twitter) or high risk (like banking, even then chances are they are running hardened systems that would be secure on anything).
      Most companies will pass that responsibility off to a single provider, and rely on that providers skills/services for uptime

    • conciselyverbose@sh.itjust.worksEnglish
      5·
      6 months ago

      A regular court order won’t be granted unless there’s very good reason.

      And it won’t be issued to cloudflare to “delete everything that uses ActivityPub”, because that’s insane. And would require a bunch of manual engineering work.

      And being distributed through cloudflare tells you nothing about where the files are stored. Because they’re a CDN.