Tending to @Bonfire@bonfire.cafe 🔥
Are you still on #Spotify?
Spotify’s CEO Daniel Ek has raised €600M for his new startup, which is developing AI TECH FOR WAR. Ek still owns 9% of Spotify, but has 37% voting control. His net worth went from $2.5B to $10B in the last two years alone, on the back of paying musicians a pittance in royalties.
And don’t forget:
• Spotify spent $250M of your subscription dollars to invite Joe Rogan to spew his disinformation on their platform.
• They’re still trying to embrace and extinguish Podcasts.
• They’re developing in-house, AI-generated “music” so users will play them (royalty-free) instead of music created by humans (who demand royalty).
And now, he’s using his wealth, created by your subscriptions, to fund tech that will use AI to literally murder humans in war.
Stop funding him. Quit Spotify now.
#QuitSpotify#music#ai#militaryTech#techbro
“Spotify’s CEO invests $1 billion into an AI military start-up — and musicians are fuming”
"Men who sell machines that mimic people want us to become people who mimic machines. They want techno feudal subjects who will believe and do what they’re told. We, as people, are being strategically simplified. This is a fascist process."
https://organizingmythoughts.org/some-thoughts-on-techno-fascism-from-socialism-2025/
Well, it’s official: I have been released from my employer and I am now looking for new employment.
I am an Elixir and Ruby on Rails software engineer with a penchant for learning new languages and technologies quickly. I am a keen problem solver and an excellent communicator. I am passionate about building tools with open source software for the good of mankind. I also have a background in electronics and RF mesh networking.
I prefer remote, but would be open to a hybrid position in the Fort Worth, Texas area.
Bonfire's progressive web app is getting cool 🤟
Like, looking at what my hypothetical person 2 thought they were doing -- there is no need for them to assume that is a clean or perfect block, or that there is no way for it to get exposed. Most people who have used blocks in any sort of social platform know that with alt-accounts or friends, or just normal social dynamics, the person they block can find out. That capacity even with that limitation is nevertheless /enough/ for them to want it.
In this case, that still-CAN-be-revealed requires either active testing of each possible block, or very engaged social surveillance.
Which is often discussed, and which people seem to discuss and understand Bluesky's block issue as being qualitatively different than.
@gaditb@icosahedron.website oh yeah they're definitely different! maybe enough that each (or something in between, like showing what boundaries you applied to people who you give permission to) may be desired in different situations or use cases?
I have thoughts re:
"""
From your perspective, those replies disappear, and new ones won’t appear at all. Your instance silently enforces these boundaries by ignoring unwanted interactions, even if the sender’s server is unaware and still allows them to post.
"""
about the concepts of who "owns" (and can curate) the comments section of their post, from whose perspective. (It's never going to be a single person curating/moderating, but I.. think?.. people feel ownership feelings over it nevertheless.)
@gaditb@icosahedron.website yeah that's an interesting line of thinking, I think the authors of these to FEPs have been exploring that: github.com/bonfire-networks/...
Like, if I send to "Hey does anybody have a place I can crash tonight?" to @group--attendees_of_this_hacker_gathering but invisible to @guy_I_dont_trust_to_be_alone_with_but_really_dont_want_to_get_into_a_public_confrontation_about_that_right_now,
is there a chance that @defender_of_that_guy_who_sees_fear_of_him_as_an_attack_on_his_character sees that block in the metadata of the post and starts flaming me about it?
This is a contrived example that I don't have specific experiences I'm translating it from,
and sometimes technical limitations or just "we don't have a better design for that yet" mean that you can't AVOID exposing that, so it's not necessarily "it Must Be Fixed if it reveals this",
just,
(a) finding what intuition might be, and checking the implemented teality against that
(b) exploring what attacks there might be, and knowing where they might be made less post-hoc surprising
e.g.:
https://old.reddit.com/r/BlueskySocial/comments/18ebrhx/blocks_being_public_is_already_leading_to/
@gaditb@icosahedron.website
I think the Bluesky example you linked to is an unfortunate illustration of what happens when we expect technical tools to cleanly solve social problems. Making a blocklist public is obviously egregious, but even private exclusions can be exposed through old-fashioned social interactions. For example, someone casually referencing a post might unintentionally reveal to someone else that they weren't included.
In Bonfire, boundaries aren’t meant to control what others do on their own instance (apart from defining who an activity is addressed to, similarly to BCC with email). They’re more about controlling what reaches you on yours. Since ActivityPub doesn’t yet support strong security features like end-to-end encryption or object capabilities, boundaries are designed as a local-first mechanism. They help shape your experience and interactions rather than enforcing strict rules across the network.
So, in your example, if someone starts harassing you, you can block them, or just silence them or the thread in question. From your perspective, those replies disappear, and new ones won’t appear at all. Your instance silently enforces these boundaries by ignoring unwanted interactions, even if the sender’s server is unaware and still allows them to post.
It’s not perfect privacy or hard enforcement but harm reduction and local autonomy in a messy, federated world...
(I'm not getting thst impression from you, but just in case/to be explicit about my conversational position rather than try to rely on tonal nuances.)
@gaditb@icosahedron.website Don't worry I'm enjoying it, keep em coming!
@mayel (After a certain level of depth to this conversation I hit the wall of being a Fake Geek Girl™ who hasn't actually read @sarahjamielewis 's Queer Privacy or more than a chapter or two of @sarahjeong 's Internet Of Garbage or looked deeply into the work and critiques that @evacide has done over the years or ... .)
@gaditb@icosahedron.website Thanks for the reading materials! 😊
@evacide@hachyderm.io @sarahjamielewis@mastodon.social @sarahjeong@mastodon.social
The actual specific thing with Bonfire set me off on this line of thinking was:
"""
E.g. you can share a post with several circles but only allow replies from a specific circle, or make a post public but invisible to specific people.
"""
"Make this invisible to X, Y, Z" strikes me as something that can requires very nuanced and situation specific careful stepping around disclosure/visibility and trust. (Ranging from "none", e.g. planning a birthday party, to much higher stakes.)
@gaditb@icosahedron.website Good catch! We usually try to explain things in a more comprehensive way than in that short blurb. Specifically in this case, if something it shared publicly there can be no gurantee that they won't see it. For non-public posts there's no guarantee either (because there's no end-to-end-encryption) but there's a better chance, since we distribute it only to the actors who were given permission (in a similar way as BCC in email).
A bit of a longer post to hopefully come (but I AM bad at Task, and currently behind on many things) but I think there's a widespread antipattern in UI presentation of calling a functionality (especially safety functionality) what the user WANTS rather than what it DOES.
I think this is especially... not "dangerous" exactly, but more impactful -- in federated/distributed networks, where there isn't a Single Platform/Owner able to play god with the single database (and with a stronger ability to pretend to play god with every user's endpoint).
Iike, "Delete Message", e.g. I think should be called "REQUEST Delete" -- it relies fundamentally on a basic minimal level of politeness from instances (federated) or individual endpoints (E2E chat).
A lot of these are "request"s, but it gets more obviously complicated when you add it in explicitly.
Like, "block user" -> "request block user".
Who are we Requesting things of? That is, who are we trusting? And who hears of this request?
@gaditb@icosahedron.website great point! This is what's currently shown when you delete a post in Bonfire, I guess we could make it clearer that this:
- deletes it on your local instance
- sends a deletion request to other instances (and to which ones?)
Long-form content in Bonfire: Part 1
Indeed, we have FEPs that either directly address the UX issues mentioned in your post, or could be parts of final solutions:
The Sin of Overwhelming Complexity: Instance Selection Paralysis
- https://codeberg.org/fediverse/fep/src/branch/main/fep/61cf/fep-61cf.md
- https://codeberg.org/fediverse/fep/src/branch/main/fep/ae97/fep-ae97.md
The Sin of Remote Interaction Purgatory: Federation Gymnastics
- https://codeberg.org/fediverse/fep/src/branch/main/fep/07d7/fep-07d7.md (withdrawn; https://fedilinks.org is a similar proposal)
- https://codeberg.org/fediverse/fep/src/branch/main/fep/3b86/fep-3b86.md
The Sin of DM Disasters Waiting to Happen
Some FEPs talk about limited visibility posts and private groups:
- https://codeberg.org/fediverse/fep/src/branch/main/fep/171b/fep-171b.md
- https://codeberg.org/fediverse/fep/src/branch/main/fep/db0e/fep-db0e.md
The Sin of Ghost Conversations and Phantom Follower Counts
Synced conversations:
- https://codeberg.org/fediverse/fep/src/branch/main/fep/1b12/fep-1b12.md
- https://codeberg.org/fediverse/fep/src/branch/main/fep/171b/fep-171b.md
- https://codeberg.org/fediverse/fep/src/branch/main/fep/76ea/fep-76ea.md
- https://codeberg.org/fediverse/fep/src/branch/main/fep/f228/fep-f228.md
The Sin of Invisible Discovery: The Content Mirage
The Sin of User Discovery Hell
I think ActivityPub relays could be used to solve those problems:
- https://codeberg.org/fediverse/fep/src/branch/main/fep/ae0c/fep-ae0c.md
Thanks for compiling that list! We've opened a few issues with FEPs to investigate: github.com/bonfire-networks/...
@jonny@neuromatch.social @strypey@mastodon.nzoss.nz @tchambers@indieweb.social @moshidon@floss.social @pre@boing.world
Has anybody built a UI for browsing longform writing over #ActivityPub?
@jsit@social.coop we're working on it right now 😊
🔥 Bonfire Install Party #1 – Get your fediverse instance running!
Join us this Friday at 15:30 UTC for our first Bonfire Install Party!
A casual peer-led session where we’ll set up Bonfire instances together, ask questions, and tackle challenges in real time.
This session will focus on deploying Bonfire using Co-op Cloud — our recommended method, especially for fresh servers. Whether you’re ready to install or just want to follow along and learn, you’re welcome.
What to expect
• Hands-on walkthrough of live deployment using Co-op Cloud
• Real-world troubleshooting and debugging — we’ll learn together
• Shared note-taking to improve our documentation and install guides
• Help shape better tools and recipes by trying them out in the wild
• A no-pressure, collaborative learning environment
What to bring
Ideally:
• A domain or subdomain
• A publicly-accessible server (VPS, dedicated, or local) with SSH access
• DNS configured for your domain
• Your curiosity and questions!
Not ready? That’s fine too — join to watch, learn, and prep for next time. No experience required.
Please note the time is 15:30 UTC, you can see what that means in your timezone using this link and add the event to your calendar using the Actions dropdown menu.
🚀 Our first online install party is happening!
Join us this Friday to set up your own Bonfire instance 🔥
We’ll focus on setting up an instance with @coopcloud, answer questions, and support each other along the way.
📅 Friday 27 June at 15:30 UTC
📍 Details: https://mobilizon.libretic.fr/events/c0c0b536-5216-412b-a277-1dadead06997
🔥 Want to start your own Bonfire instance?
We’re hosting online install parties, come set up your server alongside others! Bring your questions and curiosity, we’ll figure it out together and support each other through the process.
✅ Ideally have a (sub)domain + server with DNS set up, or just follow along and take notes.
📆 Vote on possible dates/times: https://crab.fit/bonfire-install-parties-394649
📩 Sign up to be notified: https://mailchi.mp/a601c2e1e132/bonfire-install-parties
🌐 Can you help translate Bonfire into your language?
We’re looking for translators and bilingual folks to help localise Bonfire extensions and UI into as many languages as possible — especially before the 1.0 release!
No coding needed — just a love of words.
🔥 Join here: https://app.transifex.com/bonfire/bonfire/
P.S. You can also help by translating this very message and/or sharing it! The more communities we reach, the more accessible Bonfire becomes. 🌍💬
@yala@degrowth.social thanks for the feedaback! we're just doing different tests with federating long-form articles, suggestions welcome...