Forget the Fediverse, let's build something new

I realise I'm going to be throwing a Molotov into the Fediverse right now, but I think it's time for me to put thoughts to paper about what I really want out of a social media network.

I have a feeling I'm not alone in many of these goals, either.

My qualifications in this space? I've been on Fedi since the beginning, have hacked on Mastodon before, I have abortively made an ActivityPub server, I run an instance, and I was formerly an IRC daemon developer. I certainly am not 100% right on everything, but I at least know more or less what I'm talking about. At least I think I do.

WARNING: I am going to get very political, very opinionated, I am going to talk about the worst people on Fedi a little, there may be some adult language ahead, I assume you all are grown-ups and can deal with it.

This is also going to be a 10,000-mile overhead view and more of an outline than a concrete specification. I believe the best battle-testing of a specification will be in the creation of a piece of prototype software to accompany it.

The problem

Fedi is a toxic environment. It is utterly filled with racists, pedophiles, libertarians (but I repeat myself), tankies, and assorted grifter scum.

And that is because literally anyone can join, and there is little you can do about it.

People are often confused why PoC would choose BlueSky over Fedi. Do you know why?

It's because Fedi has a racism problem no one is willing to confront in a meaningful way. Instead, we'd rather fight amongst ourselves and attack the actors who don't really matter in the grand scheme of things (or who are totally innocent), whilst leaving the real, bona-fide, actual Nazis alone.

I want to change that.

It also doesn't help that ActivityPub is a terrible protocol. It uses JSON-LD, which is incredibly complex on its own, as well as ActivityStreams, which contains so many activities that no one will ever use.

Goal one: it should be fun

I want whatever replaces the Fediverse to be fun. Fedi as it stands is not very fun. There is way too much drama constantly for it to be fun. It feels more like Twitter than it does anything else, and the worst parts of it to boot.

This needs to change. And I believe changing the way it all works is part of it.

It must not just be a fun environment, but a welcoming environment with community spirit. Nazis and assorted scum should never be able to come on the platform. Of course people won't like other people, but I want the bullshit to be kept to a minimum.

I realise zero-drama is a difficult goal to achieve, and perhaps impossible, but I believe if discourse and drama can be kept to a minimum by the way the protocol works, then it will be a net win.

Ending open-world federation

Open-world federation is a fine experiment, but in reality it's a disaster.

Who the Hell thought it was a good idea to allow anyone to just show up to the whole network with a server? Even IRC figured out this model was untenable decades ago. There was once a single IRC network, and then a server linked that allowed anyone to link, and EFNet and separate IRC networks as we know them were born.

We cannot allow servers who are not trusted to join, or at least keep them contained to their own little Hellholes.

We cannot allow Nazis to join. We cannot allow tankies to join. We cannot allow pedophiles to join. We cannot allow freeze-peach people to join. We cannot allow assholes to join. We cannot allow racists to join. You must either respect others or get the fuck out.

We must exclude these people, by design. And the way to do that is to end the ability for them to join in the first place.

At the same time, balance must be struck. People must be allowed to federate. They have to be able to join the network to begin with.


A semi-open world system where someone must vouch for you to join is what I am proposing here. Using some sort of cryptographic attestation should be required saying that “I am, I am vouched for by”. If multiple people attest your server, that's fine too.

Attestations should expire and be revocable. They should be automatically renewed every 90 days, unless the server falls off the network or its keys change.

This brings accountability to the system. If someone repeatedly vouches for Nazis, their attestations can be revoked in the control panel by those who have previously vouched for them. This means if no one is willing to vouch for them, then they are unable to join. Obviously, instances can still be blocked as well. Since the attestations of vouching are signed, they cannot be forged.

It's possible to even go further, and require a certain number of attestations, or refuse to federate with servers who don't have a certain number of attestations. Attesting a server means federating by default, however.

This could fragment the network. But is this such a bad thing? People worry about network fragmentation, but I don't think it's such a bad idea. This idea that we should all be under a big tent singing songs together is ridiculous liberal nonsense. We live in the real world, and not everyone is everyone's friend.

Consensus-based blocking

I believe we can resolve many issues with a consensus-based blocking system. No more blocklists. The community gets to decide what it wants and doesn't want. Obviously, a server can reject a block that has been implemented widely, but there should at least be a queue. Server blocks should be optionally shared with federating servers, and those which reach a certain threshold should be put in a queue for admin review.

Blocking obviously revokes any previous attestations.


Identity should be transferrable, revocable, and owned by the person.

All posts should belong to the person. They need to be transferrable too. Everything about an account should be transferrable, importable, and exportable, on demand, no questions asked.

They should be allowed to use a server like and use that account everywhere on other servers that allow it.

Their identity should be tied to something client-side, like a key, which attests that they are who they say they are, letting them transfer their identity or have multiple accounts with multiple authentication providers, with proof that they are who they say they are.

Obviously, there can be services to back up said identity as well, although then you're worried about trusting them, although, you kind of have to trust any server you're on not to fuck with you anyway.

Said proof could also include signed statements and other counter-signatures, replacing the “blue checkmark.”

To make things simpler and decouple identity providing fully from the act of using a server, I propose assigning the user a unique ID number. This means they'll look like


The thing about social media is that it is inherently a non-private medium. Nonetheless, a better balance can be struck.

I think direct messages should be encrypted with E2E using a scheme similar to Signal's.

Privacy scope should be limited to an actor list with wildcards allowed, and an unlisted tag. *@* is public, but could have the unlisted tag set.

This allows for features like circles as well.

Local groups

Communities are not just global.

There should be local community as well. I visualise a sort of section where it's similar to a federated forum in addition to the usual feed. Maybe something like a federated Reddit? I'm still working this part out.

The protocol

As stated above, ActivityPub has a lot of issues. It's impossible to implement to-spec either, without doing what Mastodon does. Refusing to do what Mastodon does means you're automatically not compatible with it. This is absolutely unacceptable.

What I want to do is likely not achievable within the bounds of the protocol anyway.

I propose using a system based on JSON schema instead. Servers can describe the schema version they use, and any extensions, via a .well-known URI endpoint.

Everything will be JSON. It will be ActivityStreams flavoured, but considerably simplified. YAGNI principles should apply everywhere here.


I don't think any of these problems are insurmountable. I haven't come up with a concrete specification yet, this is all just a 10,000-mile overhead view. I have other priorities at the moment. But I think something similar to this could be viable.

I will likely edit and update this document as time goes on, to incorporate suggested changes, or new ideas I like. Watch this space.

— Elizabeth Myers (Elizafox) Fedi (elsewhere): Tip jar: PayPal || CashApp || LiberaPay