mastodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance, open to everyone, but mainly English and French speaking.

Administered by:

Server stats:

850
active users

🌌 Periodic overview

🔭 Interests and hobbies
screenwriting.space - a place for storytellers
solarpunks.social - network for
rocketscientists.club - community of artists and performers
sunny.garden - for creators who draw, sculpt, write, design, sing, build
craftodon.social - for everyone who plays
introvert.country

🦈
blahaj.social - for people who own at least 1 IKEA BLÅHAJ

Mastodon hosted on screenwriting.spaceMastodon<b>This instance will close down on November 18th.</b> Until then it is still a place for storytellers.

🌌 Periodic overview

🚄 rail.chat - discussions about long-distance, passenger and freight networks, for economic, environmental and equity benefits

⛺ krems.social - Krems,

🎨 mensmaaktmooi.nl - community for creative thinkers with unconventional mindset who make beautiful things ()

Mastodon hosted on rail.chatRail.chatDiscussing passenger and freight rail, its connections to transit and other non-car options, and the economic, environmental and equity benefits of seamless mobility.

Welcome to all newcomers! 👋

Hopefully, we'll see more themed servers and communities too!

🌌 Some recent additions to the network (1/2):

fediverse.co.za - South

fedisabled.social - for all disabled people

recht.social - focus on topics

sciencemastodon.com - for journalists and scientists

dju.social - German union

Mastodon hosted on fediverse.co.zaFediverse.co.zaMzansi for sho! Mastodon & the Fediverse for Saffers. Just be lekker!

🌌 New themed servers in network (3/3):

techspace.social - for techies and tech-curious people

techhub.social - for passionate technologists

k8s.social - for , container and native enthusiasts

urbanists.social - for people who like , transit, and walkable

bikejam.social - for bike and pedestrian

bahn.social - for enthusiasts

Mastodon hosted on techspace.socialTechspace SocialA friendly server for techies and tech-curious people.

Now new themed communities appear daily. 😃

I don't want to bore you with server posts. 🤔 So I'll occasionally post only about the ones that caught my attention. For anyone interested in all updates, check the source: codeberg.org/fediverse/fedipar

Also, feel free to filter out the *fediworld* tag in your Filter settings, if you wish to mute such "server posts".

Codeberg.orgfediparty:milky_way: A quick look into Fediverse networks -

@lightone

Personally I like berserker.town, and think it needs more mentions.

@lightone I wouldn't recommend mastodon.tech, they started on the wrong foot with the lookalike domain, the different software from the domain, and the active poaching of mastodon.technology future ex-users.

@hypolite Hmm, yes, it does look like they intend to provide a new space for tech topics, when mastodon.technology is gone. I don't think this is necessarily bad. After all, many new servers are for techies. And many nodes that initially start as Mastodon later migrate to Pleroma, Misskey, etc, so the domain is not always helpful. But thanks for the warning, I'll wait before adding this one to the website's list.

@lightone I wish that when you clicked on the links it took you through the app rather than opening a new browser window.

Sometimes we also have to remove many instances from the #FediParty list. :(
codeberg.org/fediverse/fedipar

Instances behind #CloudFlare aren't listed, because there are already hundreds, and this centralises a lot of #fediverse network traffic in #AS13335.

Codeberg.orgfediparty:milky_way: A quick look into Fediverse networks -

@nemobis @adrian @berkay @Demiurgo @gja @lee @lile @miket @nicdex @sayah @seano @tudi @vxst

Ah, because we're using CloudFlare? If so; I don't think any of these CDN providers offers DDoS protection.
Nontheless, thanks for the link. I like the idea behind it.

@nemobis the way it works with CloudFlare is that they act as a DNS for the domain and reverse proxy to the actual web server. Thus the IP of the web server is never exposed (DNS) to the public. The CDN part happens via caching on the POPs, although this can be configured in any way one likes.

@ben Yes, but do you really need it for *all* endpoints, or do you have different priorities? Some seem to be fine with applying a CDN just for the media, while others like mastodon.social use BunnyCDN only for the static assets. The more aggressive configuration is to put it also in front of ActivityPub endpoints, Mastodon APIs and the web interface.

@nemobis if someone is going to DDoS the server, they’ll attack the AcivityPub endpoints or web interface and not the media endpoints, because only the former can cause the whole service to be unreachable. I have not heard of anything comparable to Cloudflare from Europe.

@ben Interesting, I didn't know #Serverius!

#CloudFlare is on a scale of its own, but there *might* be alternatives which are good enough for Mastodon instances. I'd love to read some real-world #MastoAdmin / #FediAdmin experience from people using them.

Unfortunately I suspect that experimentation in this field will blossom only when the first serious attack comes.

@nemobis well, there’s experience with Cloudflare… so, why change anything? 🤷🏼‍♂️

@nemobis @adrian @ben @berkay @Demiurgo @gja @lee @lile @nicdex @sayah @seano @tudi @vxst

Nope, we're not in the EU, we're in the US (don't hold that against us).

@miket We don't. :D Though instances outside the EU are likely still subject to the GDPR.
blog.riemann.cc/projects/masto

Even if you don't want to use an EU-based service, isn't there something other than CloudFlare?

~rriemann · Mastodon Privacy Policy GeneratorBy Robert Riemann

@nemobis
I don't really see a reason to switch since Cloudflare provides everything I'm looking for including DDoS, DNS, Zero Trust, CDN, and a host of other services at minimal cost. I've had no issues with CloudFlare and my other websites are also there. I'm always willing to look at other vendors, but they'd have to be really compelling to even consider them.

@nemobis I'd like to follow up on this- the people you are seeing in this list most likely aren't using CloudFlare as a CDN- they are using it as a reverse proxy. For example, masto.nyc runs off a k8s cluster in my home but the reverse proxy is essential for ddos mitigation and hiding my home IP. I don't think this at all un-decentralizes the network (but I also don't think it would apply if I actually used their CDN).

@nemobis We are not really using Cloudflare as CDN, instead we use it as reverse proxy to route traffic faster between our server in EU and our users in Chile. I don't know another provider that serve us like that and also to be in our very limited budget

@lile Yes I understand. The exclusion from the list is not a moral judgement or anything. It's wonderful that you're running an instance for Chile!

In the future you might outgrow CloudFlare's usefulness, in which case articles like ashfurrow.com/blog/migrating-f may turn useful.

If you want to consider alternatives I'm happy to help research them, just name your requirements and budget. I see gcore.com/web-security but I didn't try it.

#OpenCollective can be useful to raise funds.

Ash FurrowMigrating From CloudflareRunning a Mastodon instance requires at least one thing: a server somewhere to run the code and store media uploads. Since media upload storage is a common burden for servers, many solutions exist for upload storage. Mastodon can optionally be configured to upload media somewhere else. I use an AWS S3 "bucket" for…

@nemobis @adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi @vxst

Can you explain the reasoning behind not wanting a lot of traffic behind one network? It make sense in the case of Tor (I run a Tor node), but for Mastodon I'm not sure I understand why?

My reasoning for keeping it: Cloudflare is way more than just CDN. It's a reverse proxy, DDOS and threats protection (WAF), and geo-cache (CDN) all in one. I will never find all these services for that price elsewhere.

@nicdex That's precisely the reason it's a threat. :)

@nemobis Sorry, not trying to be rude, but that answers nothing. Since you cannot provide a rationale for this, I will keep using Cloudflare.

@nicdex @nemobis @adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi

I really don't think I understand. Of course, there could be a danger of being moderated by a single point of power, but we site administrators are human beings, not scripts. If something like this happens, we can always migrate from cloudflare to another CDN, or no CDN at all. It's not something that can't be reversed.

@nicdex See lostinlight's answer at
codeberg.org/fediverse/fedipar .

@vxst You can do something if you know about it, but being behind CloudFlare means that you're delegating to them the day-to-day decision whether your content deserves to be served to users. Sometimes users will hit walls without you knowing anything about it. (I'm sure there are workarounds but we cannot reverse engineer how people are using CloudFlare.)

@adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi

Codeberg.orgAllow instances behind CloudFlare IP spaceRe: https://mamot.fr/@nemobis/109451228071367333 Instances behind CloudFlare are removed due to the following: >Instances behind #CloudFlare aren't listed, because there are already hundreds, and this centralises a lot of #fediverse network traffic in #AS13335. ### TL;DR: I'd like to propose CloudFlare instances are allowed, instead of removed. As of right now, CloudFlare is the primary choice when it comes to DDoS protection and IP masking through their free Reverse Proxy product. Take, for example, my instance. I host an instance on a k8s cluster running on a home server. Without a reverse proxy, I would have no redundancy against DDoS attacks and anyone could know my home's IP address- raising enormous security or privacy implications. This infrastructure component is essential for smaller isntances that haven't scaled to some sort of cloud worker yet. CloudFlare is almost certainly used specifically for this reason across most instances- and even if the company's offering were a popular option for object storage, I don't see why using a popular CDN would de-centralize the network. I can see how this argument can be made for hosted Mastodon services (masto.host, toot.io,etc), but CloudFlare doesn't even provide enough services to host the Mastodon service by itself. If I were to do a fully CloudFlare-hosted Mastodon instance, the most it could offer is the Reverse Proxy and object storage for attachments. I have additional details on the current [Cloudflare instances](https://framagit.org/-/snippets/6784/raw/main/2022-12_fediverse_hosters.txt) (such as <10 even use the CDN service), but I'd still like to open this up for further discussion.

@nemobis @nicdex @adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi

The problem is that CF is the only usable route provider for us. By using page rules to turn off security, we believe it's accessible anywhere, even Tor exits. Most of our users live in China, and to maintain stable access, they have to use a VPN to bypass the GFW. Other services, like AWS GA, will route data from Tokyo to Oregon before it goes to Hong Kong, one of the most popular VPN locations.
(1/2)

@nemobis @nicdex @adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi

We are building this site to fight against the CHINESE GOVERNMENT's ban on free speech; we have to use the most effective way so that the people in China can actually access it. The forbidden of free speech is a fact in China. We do not have the luxury to consider "possible" tech dominance as long as we can turn off the security feature by hand.
(2/2)

@vxst Thanks. What this tells me is that probably the maintainers of the #FediParty list are not the best people to recommend instances to people behid the GFW. It would be great to see an alternative list focused on that (extremely difficult) task.

Is there any way to help test other providers to see whether they can be an alternative to CloudFlare for your needs?

@nemobis
Most VPNs are hosted in “CN2” network, which is designed for U.S. websites targeting Chinese customers. So it has excellent links to China, and, the U.S. internet.
The problem is that most routing providers treat those IPs as if they are in U.S., which they are not. CF’s Argo can get the right route(from Hong Kong to Japan), but others go around the global. We will need accelerators with CN2 IP optimization, which to my knowledge only CF has.
(1/2)

@nemobis

Chinese government is banning medical support for transgender people last week. There is already more than one people I know suicided due to conversion therapy enforced by law enforcement. I have the duty to provide most accessible services and information to us, there are real lives behind it.

I'm escaping honor killing due to my MtF identity myself, and I know firsthand sometimes accessibility issues means life and death to us. It’s the most important thing for our site.(2/2)

@nemobis @vxst @adrian @ben @berkay @Demiurgo @gja @lee @lile @miket @sayah @seano @tudi
I have review the github issue answers.

I know and understand the potential risks related to using CF, but IMHO the risks are outweigh by the benefits it has for my instance.

Like any decisions, I will revisit this in the future and re-assess, but for now I keep using CF.

Please do not contact me again on this subject.

@nemobis @nicdex @vxst @adrian @ben @berkay @Demiurgo @lee @lile @miket @sayah @seano @tudi

You definitely can know about it. Cloudflare isn't making decisions on "if your content deserves to be served to users" its deciding "are these users legitimate non-bot traffic" and giving you the ability to tweak thresholds and see what/who is blocked and when.

@nemobis Why would what AS fediverse traffic comes from matter at all?

@gja As a matter of general principle, some people see the fediverse as something intended to be decentralised. Routing a large part of the traffic through the same network increases centralisation.

On a practical level, in general, concentration of traffic simplifies the deployment of #TrafficAnalysis / #TrafficCorrelation de-anonymization attacks.
zenodo.org/record/7395561

ZenodoPosterTor is the most popular anonymity network in the world. It relies on advanced security and obfuscation techniques to ensure the privacy of its users and free access to the Internet. However, the investigation of traffic correlation attacks against Tor Onion Services (OSes) has been relatively overlooked in the literature. In particular, determining whether it is possible to emulate a global passive adversary capable of deanonymizing the IP addresses of both the Tor OSes and of the clients accessing them has remained, so far, an open question. In this paper, we present ongoing work toward addressing this question and reveal some preliminary results on a scalable traffic correlation attack that can potentially be used to deanonymize Tor OS sessions. Our attack is based on a distributed architecture involving a group of colluding ISPs from across the world. After collecting Tor traffic samples at multiple vantage points, ISPs can run them through a pipeline where several stages of traffic classifiers employ complementary techniques that result in the deanonymization of OS sessions with high confidence (i.e., low false positives). We have responsibly disclosed our early results with the Tor Project team and are currently working not only on improving the effectiveness of our attack but also on developing countermeasures to preserve Tor users' privacy.

@nemobis So basically fediverse.party is projecting their idea that the Fediverse should be like a blockchain because decentralization somehows matters?

@gja I have no idea what this has to do with the blockchain.

@nemobis Decentralization is irrelevant for the Fediverse. By this logic should delist AWS, GCP, Hetzner hosted instances as well.

@nemobis I'd put money that more instances are running in AWS than are using Cloudflare.

Masto.host's post isn't germane since Cloudflare isn't hosting these instances, just doing DDOS protection or CDN.

But yeah, you might want to update your 'goals' to include 'attempting to foist my silly personal axe to grind against cloudflare on other instance operations'

@lightone I'm new to the Mastodon app. Although I have registered this account 3 years ago, I've hardly ever used it. How can I follow these instances so that their posts appear in my feed?

@dani You can't follow a whole server. The concept here is to follow people, so if you're interested in certain community servers, go to their /Explore page in your browser, look through posts from various users of that server and you can then follow someone to see their posts in your timeline. For example, explore Astrodon server content: astrodon.social/explore This applies to any Mastodon instance.

Mastodon hosted on astrodon.socialExplore Astrodon - The Astro CommunityDiscover users based on their interests

@lightone okay, thanks for the explanation

@dani @lightone incase you dont know, to follow someone the easiest way is copy @name@url.com or url.com/@name and paste it into your mastodon search field (either in a mobile app or desktop browser) and click search and then their profile shows up for you and you can click follow