A few months ago I released the Defederation Investigator, a tool to verify the federation status of Lemmy instances. With this new update, I’ve expanded it to support multiple Fediverse softwares, including:
- Mastodon
- Misskey
- Mbin
- Pleroma & Akkoma
- Friendica
This works both ways: you can verify which Mastodon (et al) instances have defederated your Lemmy instance, as well as check the federation status of an instance running any of the supported softwares.
Like most of my works, this tool is FOSS and available on my team’s GitHub.
Limitations
Many microblogging platforms, Mastodon included, offer admins the possibility of hiding their blocklists from the public. As it turns out many instances have chosen this approach, so the available information can be pretty limited at times.
Also, this update has increased the pool of instances from a couple hundred to over 2 thousand, so query times have increased significantly. You can reduce them by deselecting some softwares from the query page (hint: most fedi instances are Mastodon ones, so by deselcting them you’ll cut out over half of the pool).
What about Kbin?
To my knowledge, Kbin doesn’t share its federation status through an API like most softwares do. Furthermore, given recent events, I have little faith in the Kbin project. Instead, I chose to support its community driven fork: Mbin.
What about Peertube and Pixelfed?
I tried looking through their API docs and wasn’t able to find any endpoints sharing either federation or defederation statuses. If anyone is familiar with any of these softwares and has any ideas on what to do to retrieve such information feel free to contact me, I’d love to add support for both.
What about …?
Want more softwares? Feel free to propose them. I’d like for this tool to support as many projects as possible.
Wouldnt it be smarter to query the blocked list on the backend like once a day instead of doing thousands of requests in users browsers?
Like @iso@lemy.lol said, can’t query from the backend if there is no backend :)
It’s all serverless, so this is as good as it gets.
Thank you for this great tool!
Is there a way I could use this to find a Lemmy instance that let’s me interact with desired instances? For example:
- I want to participate in Instance A, B, and C.
- A has defederated from B and C
- can I generate a list of instances that let’s me interact with A, B, and C? Then I’ll move my account there.
Thank you!
Yeah sure. Assuming you are only targeting Lemmy instances (other softwares make this a bit more complicated), A “can interact” with B if:
- A hasn’t blocked B
- B hasn’t blocked A
- Neither A nor B are on allowlist. If either is on allowlist, it must have explicitly added the other one to its allow list (this is very uncommon, the only big instance using allow lists is hexbear.net)
So, to verify this, you could query the Defed Investigator with the instances you care about, one at a time. Only select the softwares you care about (likely only Lemmy) to make the query faster. Say you wanted to verify the compatibility between
lemmy.world
andsh.itjust.works
(just making an example). Go to https://defed.xyz/check?name=sh.itjust.works&software=lemmy- ✔
lemmy.world
doesn’t appear in the “Instances defederated from sh.itjust.works” (this means .world hasn’t blocked SJW) - ✔
lemmy.world
doesn’t appear in the “Instances defederated by sh.itjust.works” (this means SJW hasn’t blocked .world) - ✔
lemmy.world
doesn’t appear among the “Instances not allowing sh.itjust.works” (this means .world isn’t on allowlist or, if it is, it has explicitly allowed SJW. Again, this is very uncommon)
Also make sure the instance you are looking for isn’t among the “Instances that returned errors”, of course.
Nice tool!
0 defederated, 1 federated (lemmy.world) and 2091 errors?
Not quite, lol.
Some errors will happen, that’s inevitable, CORS is a bitch, but if you are getting that many I’m going to make an educated guess and assume there’s something wrong with either your device or your connection.
Tested my local instance, lemmy.world was the only one that returned as federated to programming.dev
Ah so you were querying
programming.dev
? In that case I got:
0 defederated from; 3 not allowing; 111 defederated by and 462 federatedWhere are you running it from? Because… it works on my device.
Apologies, it was a mistake on my end. Tried it again and noticed uBlock going wild. It was blocking every website except for lemmy.world which was globally whitelisted in my settings.
Uh interesting. Did you have any fancy custom configuration? Maybe you were blocking all requests to other hosts or something like that? I also have ublock origin and it didn’t give me any troubles.
Nothing fancy, I simply block all third party content unless it’s whitelisted.
Oh my God. This is really, really, REALLY bad. I know this looks like a useful tool but extending this to software that isn’t lemmy is going to make the rest of the fediverse enraged. Tools like these are used as active harassment vectors. Theres a reason why the other fediverse instances that make these tools are affiliated with kiwifarms. Seriously please consider disabling non-lemmy software interaction immediately!
I’m sorry could you please elaborate on why the rest of the Fediverse would be enraged, or how this could be used for harassment? I don’t think I follow. I’ll admit, I only interact with the Fediverse through Lemmy so maybe there’s some dynamics of the Masto-sphere I’m not picking up.
My understanding is that Mastodon admins can choose to hide their
/domain_blocks
endpoint to either outside users or even to all non admins. (source), and as a matter of fact almost a thousand of the 1700 Mastodon instances I’m querying already do so, so really I can only get the federation status of the few hundred that remain.I think the admins that prefer not to show their defeds, in fear of harassment, are already hiding them, so it should be ok for me to query the remaining ones.
There are aspects of the wider fediverse culture that is ignored on lemmy, and thankfully its lack of interoperability has helped it avoid trouble (for now). I’m really not sure how to explain to you how it could be used for harassment as it requires a bit of detailed background to how the wider fediverse functions and its history and I don’t really know if it would convince you if I did explain it in enough detail. Just because data is publicly scrape-able doesn’t mean it’s acceptable to do so.
Well of course I can’t guarantee that I would be convinced, even after hearing that but explanation aside
Just because data is publicly scrape-able doesn’t mean it’s acceptable to do so.
Isn’t it? If, an instance admin, has the possibility of hiding some data to the public and refuses to do so, it’s either:
- Because they are fine with the public accessing it
- Because they are ignorant and unaware of such a feature, which I honestly don’t think is an acceptable excuse (after all users have entrusted this person with their data, ffs)
At the end of the day what I am doing is nothing more than what any user could do by checking the “Moderated servers” section of the about page of any Mastodon instance.
I’m sorry but I’m really am not seeing the logic behind your point.
Do you know what kiwifarms is? Just curious.
I didn’t, up until yesterday night when you mentioned it. Had a quick Google search and read the wikipedia page, holy fuck there’s some sick people out there. But I still fail to see how defed.xyz could help them doxx or otherwise harass people.
I don’t want to be the author of software used for harassment, obviously, but I don’t think you could use my tool for that, even if you wanted to.