Policy Proposal: SocialHub Community Values

I love your starting point and the proposed follow-up points of discussion. Thanks for taking the time to help this go further :+1:

In my eyes, given the reasons mentioned by kaniini, devs of the larger AP stacks should really have a chance to participate in the discussion. If we want to move the core of it into the CG meeting (or a meeting afterwards), then informing them and trying to find a date that suits most people is a good idea. Then regarding “them not being more important” of course they do not have vetoing power or such, so if their arguments/ concerns are not convincing to most folks then they won’t be included – with the danger of their withdrawal, as mentioned by kaniini.


… that might be partly true – or at least we’d like it to be – but please slow down your expectations a bit:
This proposal has been posted on February 2, so expecting all stakeholders to have found time to get involved – even to know about its existence – is unrealistic IMHO.
While in most parts of the world it is unlikely for $reasons we all know that folks are just on holiday for this week, I for one do not regularly have a look at SocialHub (sorry). I expect this tu be true especially for other small-project stakeholders, because these projects – and the discussions about its surrounding ecosystem – are only dealt with on a best-effort – time available basis. So speeding this up too much might even affect small projects harder than the larger ones.

Given @aschrijver’s statements, the proposal is really intended as what I understand the word proposal to be, just the set-up of the post might not’ve been optimal.
As I am apparently not the only person mistanking this as a take it or leave it CoC, I urge @system, @how or any other @staff admins to please clarify this in the top post.

Another thing I have not fully understood so far is the scope of this CoC’s validity.
While wanting to enforce it to all communication of people even outside of SocialCG/ SocialHub matters is probably unreasonable and a reach too far – even if we think that’s how nice people should behave anyways –, some of the issues tackled in the document are by concept taking place in non-official channels, e.g stalking.
As we all(?) know, most of Fedidrama happens just in the everyday networks we use, not in this special interests forum. As the document talks about the “[…] foundational concept […] that we all share responsibility for our work environment” I am not sure whether the scope definition is a good fit.

Where do we hinder them?
Feel free to do so. I am already occupied 100% with fighting the enemies of the majority fedi users and my work in the European Parliament. In the second screen with Minister Schulze now.

This proposal has been posted on February 2

But I did not know about a “deadline” !

Another thing I have not fully understood so far is the scope of this CoC’s validity.

Exactly the same.

Thanks for your feedback @kaniini and @schmittlauch

Agreed. We are hoping to have a loose statement of values and trust in the discretion of the chairs and (collectively not individually) forum moderators, rather than try to define a set of hard and fast rules. Because strict rules can always be gamed, and we end up making more problems than we solve. The idea here is to put out a statement that reassures members of this community that they are safe. By this I mean it is usually clear when some software is being used outside of the original developers control or knowledge, and we would not want to punish people simply for that. We are all only humans, and nobody controls the whole fediverse.


Please figure out a less draconian interpretation of this policy because your “most draconian interpretation” certainly does not reflect the intention. If you can find a better formulation, please do.
But if Mastodon developers are here, and Gab developers are not, there is a good reason.
The idea is to prevent hostile disruption, not to chastise AP developers. If you can see it as a statement of good faith, as a positive right (I think this is the issue at play here, that European right and U.S. right come from entirely different places, the latter leading to considering ‘most draconian interpretations’ while the former leading to consider the ‘spirit of the law’), then you might reconsider…

Is this the only change in your revised proposal? I see that you’re shifting the responsibility out of projects. That means we could have a Gab page here, but no-one from Gab could participate. I cannot see how this makes sense. I think a project has some control over their communities: forks or parallel projects only count as your community if you’re happy with collaborating with them. If you exclude them because of their ethics you will have “made a good faith effort to discourage such behaviours.”

Of course. You’re not responsible for people using your software. But you can still make some of them feel they’d rather use another software by refusing to normalize their oppressive presence in your community. That’s the whole spirit of the policy.

This is not a CoC, it’s a policy. W3C CPEC is the CoC. A ‘policy’ is something members of the community need to take a position on. If there’s no agreement, then there’s probably need to clarify both the intent and the text. The scope is the SocialCG and the SocialHub. It may affect the Fediverse positively but we’re not a State with an army, you know.

The ACM ethics board involves “non-discrimination” against… military status, and uses the notion of ‘race’, which, in my book, is racist, since this notion has no basis except in racist literrature. Seriously? Please, tell me to not discriminate Facebook and I’ll be happy to try and understand what it means to do reverse racism and find it acceptable. The W3C CEPC is a bit more progressive IMO.

The point of giving a time limit is exactly to draw attention on the topic and clarify things. That includes debates and amendments. But experience shows that such a policy could well be postponed indefinitely and this is not what we want. Instead we want to make a statement and get past it. It’s unfortunate that the main point of the proposal be side-stepped by details out of scope of the proposal. If you think the policy is against you, I certainly misunderstood your politics, @kaniini. Let’s find ways to clarify that developers are not responsible for downstream usage, but also that community members flagging instances, users, or calling a developer to do something about their downstream attitudes be actionable: if a developer is called upon that, for example, his new contributor is part of an organization promoting racism, then he should do something about associating with them, because this is in his reach.

This topic seems a bit fast. Please refrain from repeating yourselves, take time to respond, and leave space for other people to intervene.


Thank you

for clarifications and taking the time!

The reason Gab never came here is because they didn’t care about ActivityPub in the first place. They just wanted access to Mastodon’s ecosystem of apps.

From the perspective of somebody who has poured thousands of hours of time into ActivityPub, this requires risk analysis. When you are analyzing a proposal for risk, you must assume the most draconian interpretation possible: hope for the best, prepare for the worst.

I would rather determine what presences are tolerable in my community based on my own judgement instead of having people who are not part of my community making the decision for me. I have already drawn the lines in the sand I am comfortable with, but this policy proposal, as presently stated, would require a different posture.

Like with software licenses, we cannot assess risk based on what the current moderation team says their interpretation of the policy is – we must go by what the actual statement says.

Please limit the scope of this proposal to interactions with SocialCG only. If the intention is to meddle in how downstream projects run their communities, then when compared to the value of this community, non-participation is more fruitful.

We are adults, capable of making appropriate decisions for our communities, we do not need the threat of SocialCG expulsion as part of that process.

For the Web and the Social Web to be healthy, a wide variety of political views must be tolerated. No, this does not mean that we need to tolerate white supremacy or nationalism, or even work with those who do, but it does mean that we need to respect the boundaries of downstream projects.

Lets look at a hypothetical situation.

Say KiwiFarms downloads and installs your fediverse software for their instance, and then they find a problem with the software and open a bug. Under this policy, as presently stated, fixing the bug, or really doing anything other than banning them from the bug tracker, would count as collaboration, and the developers would then be in violation of the policy.

This is a problem because while KiwiFarms might have hit the hypothetical bug, other users are as well.

What if it is a security bug that is harming users? Should we wait until a different user reports the bug? What if they include a patch? Should we reject the patch and waste time writing a new one in a way that they cannot claim copyright on?

Why does SocialCG feel it is appropriate to force projects to evaluate these questions? If we are forced to evaluate these questions, the answer becomes clear: replace SocialCG with something else that does not force us to evaluate these questions.

The original point I was making here is that the ACM ethics board provides due process, meaning that the accused has the right to defend themselves from the allegations made against them. This protects everyone involved from abuse, and is something lacking in most of these policies, including this one.


I find the fact that you find that distasteful concerning. In many countries, marginalized people wind up joining the military because they are poor and joining the military allows them to build a career and thus gain upward mobility. To discriminate against a person simply because they chose to take what options were available to them for upward mobility is disturbing, especially when, again, at least in the US, the military is the primary path for upward mobility for those living below the poverty line.

It’s not against my politics personally, but it is against my philosophy towards the scope and role of SocialCG as steward of ActivityPub. I believe, strongly, that ActivityPub is for all who want to use it (including Gab), and that this position results in a strong, robust, democratic Social Web.

Does SocialCG have an obligation to promote the software created by those platforms? Of course not, but honestly, should SocialCG be promoting any software at all?

Fight nazis in the streets, not by conscripting developers into fighting them for you.

In the first part of this sentence, you agree that developers are not responsible for downstream instances, but then (emphasis added) claim that the root of my concern is a legitimate scope of the proposed policy statement. You cannot have it both ways.

See the previous KiwiFarms scenario.

As “contributor” is not defined, we must assume that end-user bug reports (possibly with patches) are contributions. I want to write code and merge patches, not do background checks on potential contributors’ political beliefs.

Society has become hyper-polarized, and this proposal and everything leading up to this proposal are a result of that. It is important to think about why this has happened if we wish to champion an open, democratic Social Web, which is my primary interest, not litigation of a contributor’s personal beliefs.

If I determine I don’t want to collaborate with someone, I am capable of making that determination without SocialCG telling me who I can or cannot collaborate with.

If the scope is SocialCG and SocialHub, then why does it matter who uses or contributes to the downstream project?

Another hypothetical situation.

Say Gab comes back and reimplements ActivityPub, and then finds a security flaw in the way ActivityPub is specified. Should SocialCG ignore this report because it came from Gab?

I think it is important to consider how mixing politics into a technical community might be harmful for the technical output of a technical community.

If we find ourselves rejecting security reports or useful technical discussion simply because it came from a pariah, then we are ultimately harming the marginalized people the policy is trying to improve the safety of, by exposing them to security issues due to ignoring them because they came from a pariah.

Unfortunately the proposal as presently stated is not a collection of positive rights, but instead a collection of obligations for project managers to consider carefully.

If the idea is to publish a diversity statement, then publish a diversity statement, not a policy statement which imposes undue burden on projects which are already struggling with manpower issues.

In this sense, you can do that by writing a statement such as:

ActivityPub is a critical protocol facilitating interoperability in a diverse network of participating instances. Accordingly, as stewards of ActivityPub, SocialCG affirms that all are welcome to a technical community free of harassment. We recognize that disparities are present in the technical industry at large and strive to build a more open, inclusive and democratic Social Web. This means that behavior from participants which is not aligned with this statement is unwelcome. In those scenarios, SocialCG reserves the right to remove access to SocialCG resources.

The last thing I would like to say is that policies as the proposed policy is presently stated are formulated with good intentions, but then ultimately become utilized (due to their vagueness) against marginalized people that other stakeholders disagree with.

The USA Patriot Act was created to enable investigation and criminal prosecution against supporters of the Al Qaeda terror organization. However, in reality, most uses of the USA Patriot Act involved surveillance of anti-war protestors or people related to anti-war protestors.

It is important when formulating policy to consider how people down the road may abuse that policy to their own ends.

As presently stated, this policy extends guilt-by-association (and thus the possibility of punitive action) to project developers who have no actual control over what end-users do. It is possible to achieve the goals of the policy statement by rewriting it in a way that does not impose this obligation on downstreams. Doing so is critically important if SocialCG is to be seen as the legitimate steward of ActivityPub.

If this policy goes into force without substantive rework, please delete my account at that time.

@kaniini, I find myself once again in agreement with most of what you say, and I have argued in similar direction in other conversations.

From my understanding everyone is in agreement (but anyone pls chime in if they see it differently) that the effort to ‘provide community safety and ensuring community health’ - part of which in form of a policy, CoC, diversity statement, or whatever we agree it to be - is indeed scoped exclusively to SocialCG, SocialHub and affiliated sites plus repositories.

I’ve also argued that - though technology is not neutral, and this community not entirely apolitical - we should try to be as neutral as possible, but with clear values and boundaries than cannot be crossed (without consequences, moderation action, etc.)

Because after all - and this may also need to be better defined - we are a community hub that exists for the purpose of:

  1. Evolving ActivityPub / Fediverse technology standards and practices, and the adoption of these by developers.
  2. Discussing / researching / improving / advocating Fediverse culture, social structure and new appliances.

(I know that most people currently in this community joined on the premise of point 1. Positioning is open for discussion, OT here)

Now as for the reason of some of the points in the policy that led to most discussion. A not-so-hypothetical case (because it happened) where the project of a member itself led to controversy, multiple people expressing concerns and one other leaving the community (but returning when seeing this effort).

Think of a case where the imagery used in the project itself (e.g. project logo, opengraph images + description, names used, etc.) does not conform to community values. So by even pasting a link into a forum post one would cross the line.

(I think in the particular case that we dealt with, it was debatable whether the action was warranted, but notwithstanding that fact people were feeling really uncomfortable / unsafe. So action was taken)


I forgot to mention that related to point 2. above, an example of discussion within scope of SocialHub imho is a topic I created yesterday, namely: Improving fediverse culture and social behavior. The various tracks to achieve this improvement boil down to technical solutions and advocacy approaches.

1 Like

The problem is that while the intent is that the policy statement be scoped to projects affiliating with SocialCG, it is phrased in such a way that projects are responsible for their downstream users, which they have no control over.

Mastodon can’t control the fact that counter.social, Gab and dozens of alt-right instances use their software.

Pleroma can’t control the fact that KiwiFarms, Spinster, and dozens of alt-right instances use their software.

The policy statement as presently required would require Mastodon and Pleroma to reject all forms of contribution from those groups, including security-impacting bug reports, lest falling in violation of the policy statement, and thus being exposed for punitive actions from the SocialCG admin team.

This is completely absurd, but it is how the policy statement is worded, and as a result concern trolls will demand it be applied that way.

Until and unless there is explicit recognition of the boundary between SocialCG and project autonomy, I will not agree to this policy statement and I encourage all other developers to also reject it.

Thank you. Yes, this point has been clearly made. I feel it needs no further repeating, only improving.

the policy will enter into force after a week ( February 9, 2021 )

I think the first step should be to make it one more week.
Apart from making clear about

downstream users

personally I will talk about technical improvements too tomorrow with some others.
Remember what
said in SocialCG:
“so when you as an admin were peering with another instance you are showing your set of values, and if that other instance believes that they are sharing those values, that instance can peer with you”
If we would have a minimum set of values like human rights, I think, it could help technical.


The current matter concerns the scope of the proposal: it’s about what we want within the SocialCG and the SocialHub, e.g., to avoid having the #software category reaped with software supporting alt-tech values that we do not share ; it’s about making this space uninviting for people whose political views are to step on other people’s heads. It is not about chastising software developers whose software is serving such communities. But it’s definitely about not having here people who encourage such unwanted values that are both contrary to the W3C CEPC and an ethics respectful of others.

scope of the policy

I do see a problem with strictly limiting the scope of this to SocialCG and SocialHub comunications. Because the linked W3C CoC lists some unacceptable behaviour that’d be impossible to regard when exclusively focusing on this platform.
One example is stalking: When one participant is stalking another person, that obviously does not only happen on this forum. But being stalked somewhere else still makes this space unsafe if their stalker is allowed to be in the same community.
Similarly, playing polite here while throwing racist or TERF slurs to members of this community via other channels is also something I find hard to accept – in the long term, this causes marginalised people to leave while their adversaries are staying.

Striking the balance in such a way that people do not bring in their nitty-gritty personal minor conflicts is challenging, indeed. But as part of this policy is understanding how stalking, racial slurs and similar are not just personal issues, I think that’s doable.

responsibility for downstream project interactions

While I advocate for not restricting the scope of the policy too narrowly (see above), I suggest to restrict its reach somewhere else:

@kaniini’s concerns about weaponised downstream liability sound reasonable to me, so I suggest that by default a project is not immediately liable for actions of or interactions with non-project members.
I suggest to combine this with an idea similar to the liability restrictions of hosting providers or with a good samaritan clause (disclaimer: I’m neither a lawyer not from the anglosphere of jurisdiction). When interacting with external users, bug reporters, or contributors, good faith and naivety of the project members is assumed in case the entity they are interacting with is in violation of this policy here. Once they have been made aware of the problematic entity of who they’re dealing with – the allegations need to be substantiated of course – then the decision of whether to continue this interaction or not becomes their liability.

transparency of moderation decisions

As we just have seen, discussing the legitimacy of moderation decisions is hard to do when it is not even clear what had happened.
So in spirit of transparency, I suggest that some especially strong moderation decisions need to be published in a summarised and anonymous form afterwards.

Example: account deleted/ project rejected because of clear ties to the QAnon myth, which is in violation of our policy on racism and violence.

These are some ideas for improvement. Once they have been discussed, I am willing to put them into actual policy phrasing.


This is precisely the reason I chose to leave Pleroma – it became obvious we weren’t all playing on the “same team.” So it made sense to step out of the way and do something else.

I agree that a boundary should be set there. As participants in SocialCG, we should all be playing on the same team, and not slagging each other outside of the work environment. So hard +1 from me on that front.

Mostly this, but what if the evil entity is reporting a legitimate bug (say, a security bug) that impacts all users of the software? Should they be disallowed from doing so?

I might not personally like authors of certain fediverse software, but if they reported bugs to me, I would want to fix those bugs so that everyone benefits.

So I think the appropriate boundary is whether a problematic entity possesses commit rights to the software: users involved in a project which is affiliated with SocialCG must abide by the policy statement during the period of that engagement or the affiliation will be terminated.

This is a concrete and most importantly objective boundary that does not impose any undue burden on a downstream.

pinned this post globally
reason: It concerns all socialhub users and should be immediately visible.
It would otherwise go below the fold of the main stream.

The policy statement as presently required would require Mastodon and Pleroma to reject all forms of contribution from those groups, including security-impacting bug reports, lest falling in violation of the policy statement

I agree that this interpretation is absurd, and not what was intended. I’d like to continue to work on the wording to avoid this interpretation in future. This was kind of what I was trying to capture with “good faith”, but obviously needs to be clearer. Thanks again for the feedback, all in this thread.

1 Like

@Sebastian invited me to post my views as a user of the Fediverse after I replied to his post pointing to this proposal and discussion.
Is this proposal signing intended just for ActivityPub developers or end users too?
Either way I object to it. Namely that distasteful behaviour seems to only be considered a problem when vulnerable groups are the victims. Shouldn’t everyone have the benefits of a kind community, not just a few?

1 Like