Note: This will probably be the basis for one or more blog posts, but for now it's just an outline to share information and get feedback on. Please leave feedback:

The bulk of this outline is an an example of social threat modeling: looking at threats and what can be done in response. Before we get to that, though, as Erin pointed out in her People in Platforms ATmosphereConf talk earlier this year threat modeling - while important - is only half of the story. How do we turn the situation to our advantage? So let's start there!

Background

Opportunities

  • Broader understanding and adoption of best practices. This is widely needed for all kinds of attacks, not just the US government agencies; see IFTAS' discussion of a Coordinated Pro-Russian Propaganda Network Targeting ActivityPub and ATProto Services, or for that matter the distressingly large number of people on Bluesky amplifying fascist imagery in recent discussions of tattoos.

    • Tactics for dealing with propaganda, trolling, disinfo, information warfare. As Erin says, "Institutions and communities under attack should publish informed guidance for their members on the risks of open networks, and the best way to use open networks’ existing safety features to reduce vulnerability to attacks by state actors, operatives, and freelance harassers."

    • Resources for community moderators - including funding!

    • Applying social threat modeling techniques

  • Connections and shared expereriences with anti-fascist and anti-oppressive communities and people (including moderators, developers, admins, and designers) in the ATmosphere, the fediverses, and whatever comes next.

  • Use cases for driving much-needed progress in software platforms, apps, tools, protocols, and bridges

  • Build momentum for equity-focused decentralization in the ATmosphere and the fediverses (while keeping safety in mind)

Speaking of which, as Erin says

[T]he ecosystems we have today offer plentiful ways for people who care about community self-governance to support the work of building out viable systems for high-context governance and connecting them together, by supporting efforts like Blacksky Algorithms and Northsky Social, which are building AT Protocol-based social networking stacks centering Black and 2SLGBTQIA+ communities, Bonfire Networks, which is building next-generation public-interest networking on the Activity Pub protocol, and A New Social, which is building bridges and migration services that connect people and communities across open networks."

Threats

One common approach to social threat modeling involves starting by looking at the adversary's potential goals and how they might accomplish them. For example, in The White House Joins Bluesky, Laurens suggests that "Their goal for joining Bluesky is to spread the message of terror and fear," and points to several of their early posts as examples; the anonymous adminstration spokesman quoted in Malena Kelly's Inside the Trump Administration's Bluesky Invasion similarly talks about their desire to "reach as many people as possible" with their message. What are they likely to do in aid of that?

And what other goals might they have? For example, today Bluesky is a good source for accurate on-the-ground info about resistance and regime activities in cities like Chicago and LA; several progressive and radical organizers, independent journalists, and media coops are leveraging it effectively. Over time, especially if the platforms grow, the ecosystems could have a lot more impact. That's a potential threat to the regime they'd like to nip in the bud.

So here's a short taxomony of potential threats (in no particular order)

  • Spread propaganda and disinfo

    • Share from large accounts

    • Amplify with network of supporters (bots and humans)

    • Manipulate algorithmic feeds

    • Get people who oppose the regime to help amplify propaganda

  • Surveillance (although Bluesky is almost-all-public, so they can already do a heck of a lot of this without having accounts there)

  • Disrupt Bluesky, AT Proto, and decentralized social networks in general as potential organizing and independent media channels.

    • Psychological impact (chilling affect, loss of friendly space). As Erin said on Bluesky, "DHS on Bluesky is pure psyops"

    • Stochastic harassment and normalizing hate speech.

    • Targeting key accounts, blocklists, labelers -- takedowns, harassment, mass reporting, etc.

    • "Working the refs" to get Bluesky to crack down on speech critical of the regime and/or to allow hate speech

    • Threaten Bluesky PBC to encourage it to become a "controlled opposition" platform (under current or new leadership).

      • Of course they don't actually need any basis for these threats but having accounts active there still might be useful -- for example, Laurens talks about them "daring Bluesky to take action against them, likely hoping to play the victim in whatever drama follows."

Mitigations

TODO: relate mitigations to specific threats (and find unmitigated threats) -- and to opportunities as well

TODO: Restructure to split out details on Bluesky/Blacksky, Mastodon, etc (right now it's all combined which makes it too long) and include links with how-tos. Suggestions for links welcome!

OK, if those are their goals, how do we prevent them from accomplishing them -- or at least lessen the impact? Mitigations are generally imperfect, but even so can be helpful (in terms of opportunities as well as threats).

  • Don't amplify propaganda, fascist imagery, hate speech, or disinfo -- not even if you're trying to debunk it.

    • THINK before you post or amplify. Propaganda, disinformation, trolling, etc, encourage you to react emotionally. Take a deep breath and don't react immediately! TODO: update and complete the draft post THINK before you engage or share (DRAFT) which goes into more detail on this -- currently it's mostly content I've previously used in other contexts so it needs work

    • For Bluesky feed and Surf channel creators:

      • apply mutelists and labelers to avoid known sources of disinfo and propaganda

      • manually curate feeds

  • Be conscious of what information you share publiclhy

  • Share and amplify accurate information.

  • Reduce the amount of toxic information you're exposed to.

    • Avoid feeds/channels/hashtags with lots of toxic info

    • Filter

    • Mute (and mute boosts on Mastodon)

      • TODO: list of some other useful Bluesky moderation lists, which can be used for either blocking mor uting

    • Unfollow

    • Use labelers

      • including XBlock Screenshot labeler to avoid seeing most fascist and propaganda images

      • TODO: list of some other useful labelers

    • Block

    • In fedi, defederate from or limit other instances

  • Limit who can easily see your posts and profile.

    • Post visibility (fedi-only)

      • Not available in the ATmosphere

      • Local-only posts can only be seen by people on the same instance, and many fedi platforms support them (but unfortunately not Mastodon)

      • Most fedi platforms support followers-only posts

        • For stronger protection turn on "approve followers" -- otherwise random people can just start following you and see your followers-only posts!

      • Circles allow for more nuanced control but only Bonfire and Frequency support them

      • "Quiet public" and unlisted posts don't appear in Mastodon's search, and Bridgy Fed doesn't send them to Bluesky, but they're still widely visible

    • Don't opt in to Bridgy Fed

      • Or if you've already opted in, opt out by blocking @bsky.brid.gy@bsky.brid.gy

    • Disable visibility to not-logged-in-users.

      • On Bluesky this is just a speedbump

      • In the fediverse this is effective for local-only and followers-only posts; and there are also controls at the instance-level for whether local feed of public posts is visibile to non-logged in users

    • Feed developers: "Ban from TV" functionaliy, preventing some users from seeing the feed.

  • Limit who can interact with your posts

    • Interaction controls: who can reply, quote, send you DMs, etc

    • Notifications

    • Blocking (and instance-blocking on fedi)

      • Blocks on Bluesky are public!

      • Bridgy Fed supports blocking by DMs

    • Deactivate account temporarily

      • Unfortunately "private profiles" don't exist on Bluesky or Fedi but deactivating can be an approximation -- as long as you have other ways to connect with people

Community moderation as community defense

Not sure how to fit this in with the overall structure but it's an important point: community moderation can play an extremely active role in situations like this. As Erin says

"High-context moderation work integrates fully with specific communities to understand their needs and desires. Depending on community needs, it may take off-platform behavior into consideration and employ power analysis in service of community safety and justice. This is the kind of culturally attuned moderation that the fediverse model can and sometimes does enable. It’s also the kind of moderation that Blacksky Algorithms employs and that Northsky Social is working toward in the ATmosphere—and that the AT Protocol was, in theory, built to support."

How can community moderators help? Some initial thoughts ...

Everywhere

  • Educating community about best practices and resources

  • Early warning system and alert community if things are starting to flare

  • Working with other moderators and admins

  • Shareable filters (a la FilterBuddy, although I don't think this functionality exists yet in fedi or the ATmosphere)

Bluesky and the ATmosphere

  • shared moderation lists (mutelists / blocklists)

  • labelers

  • public feeds which filter out toxic content

  • for appviews: default moderation lists, labelers, filters

Fedi

  • defederation and limiting

  • suspending and limiting accounts from instance

  • instance-level keyword filtering (requires custom coding)

  • recommendations for newcomers

  • moderating trending topics