(This post is part of a series about GNU social servers
I want to write an article about some gnusocial instances and would like
to ask you some interview questions.
The article will be an english article on my (mostly) german blog
https://blog.laxu.de about some popular gnusocial instances.
Awesome! Thanks for showing an interest in GNU social :)
I'll note first that I'm the lead developer of the GNU social software.
These are answers that would apply to both quitter.is
- How many characters per queet are possible on your instance?
- Which plugins are installed on your instance?
- Qvitter (the Twitter-like front-end)
- StoreRemoteMedia (to avoid hotlinking to remote servers)
- VideoThumbnails (makes upload your own video files better)
- Do you keep up with the most recent version or are you testing new
versions for a while before using them?
I try the new versions before they're even available! ;) (as I'm a
Users, Stability & Money
Users would like a service, which lasts forever and runs fast and
reliable. Can you tell something about how your service tries to achieve
- How many users does your service have?
I haven't checked, but I don't think the number of users is important.
If anything, I generally recommend running multiple small
- For how long does it exist?
It's been around a little more than a year now, since the Spanish invasion.
- How do you pay for the service? Do you get enough donations, do you
have sponsors or do you pay for it yourself?
I have extremely cheap hardware, internet and electricity costs. Thus I
don't currently need any financial donations for upkeep.quitter.is
is however hosted on a VPS run by (and donated by)
whose owner is an active member
of Umeå Hackerspace (which I usually refer to as being the organisation
I develop GNU social through),
- What do you need to pay for hardware / hosting?
- Are there costs for moderating / maintaining the site?
Only time. Not anything financially relevant. As long as I still have my
low electricity costs etc.
- How do you want to ensure, the service will last (That it can be payed for and there are enough people, who keep it running)?
- How can your users support you? Do you accept donations? Are there other ways to say thank you, like a amazon wishlist or flattr?
I've promoted some of the users of the site to moderators, those that
have been around for some time and I have come to trust.
The larger the site, the more abusive users will come. How do you handle
the moderation on your site?
- How can users report abusive Queets / private Messages?
- How fast can the moderation handle such requests?
- Are you actively moderating the site or just handling reports?
- Do you have specific policies how to react on which type of incident?
Some of the more active users are also moderators.
I have zero tolerance for offensive behaviour and will silence anyone
who acts unrespectfully towards other users (or hateful to various
groups of the population at large).
- Is there a page with the rules for your instance or do you rely on common sense
and notify users, when they are going too far?
states that no sexism, racism, ableism, etc. etc. is allowed. Which is
just putting words describing what "common sense" means ;)
- Can you tell something about the possible consequences for breaking
Generally just silencing. Users who email and explain themselves tend to
get a second chance. But my general idea is that if users misbehave so
seriously that they get reprimanded, they should not be on any of the
instances I run.
Users can always, if they want to, start their own instances and thus I
think it is better to ban bad users and let them put an effort to it if
they really want to continue doing what they were banned for (racial
slur, aggressive behaviour...)
- Do you notify authorities for serious incidents or do you just ban the
users and let the victim report it to the police themself?
There have been cases of annoyed, silenced users who have returned with
new accounts and posted (relatively mild) child pornography. These have
just been continually silenced and a temporary stop in registrations has
been enabled on the sites to prevent them from creating new accounts.
Since they are probably just copypasting images from some darkweb site,
I haven't bothered notifying any authorities since they're just - even
though it's serious matters - playing around.
Moderation to prevent abuse is important, but too much moderation can
hurt a site. Moderating legal but possibly offensive posts may create
chilling effects, where people censor themself to avoid being moderated
or even banned for unpopular opinions.
I don't think the "chilling effects" are as pervasive in the federated
networks as in centralised ones like Twitter. Since anyone can start
their own, fully anonymous node to spread offensive (even illegal)
material, the only chilling effect that you get on a public instance is
a better communication climate.
It's a good thing that people think twice about what they write. If they
still want to write something offensive and inappropriate, they are free
to do so on a platform they take legal and moral responsibility for
- When do you delete possibly offensive tweets?
I delete them when they portray typical sexist or racist in an overly
simplified way that is not in a context of humour etc. As an example,
the "nigga stole my bike" GIFs would be allowed, but an image stating
"this nigga is a bike stealer" (possibly even portraying a real person,
who is probably totally unrelated) would likely be removed.
- When do you warn users?
- When do you temporarily ban users?
- When do you permanently ban users?
When it totally arbitrarily feels appropriate. ;)
- Do your moderators discuss decisions among themselfes or are they
acting on their own?
I've asked them to only silence when it's pretty obvious that
something's really bad about it.
- Do you discuss the moderation with the users?
- How do you avoid, that moderators are biased to their own opinion in
the discussion, which they are moderating?
I ask moderators to ask me if they're unsure in any way. And we can all
join group discussions to get better points of view. Sometimes maybe
there's just some cultural thing that someone hasn't understood, maybe
someone overreacting to certain phrases (which may arise just due to
poor language skills etc.).
- Do you think your users need to think about being moderated before
writing a queet?
- Do you have any rules, which require the users to think beyond common
sense before posting, like avoiding tv spoilers?
No such rules, but there are some memes going around that would probably
require users to think twice before publishing them.
- Where does inacceptable behaviour start on your instance?
(bad opinions expressed in a serious manner / flame wars / trolling / insults / haressment / serious threats)
As soon as personal insults show up, I think it's gone too far. It's
better to just shut up and ignore someone instead of calling them names.
- What are your moderators doing with reports for queets in heated discussions, which are strictly speaking not breaking a rule, but offending other users in the discussion?
Offensive, derogatory queets are against the rules :)
- How are you moderating queets from other gnusocial instances?
Silencing, but I will probably implement some sort of mute functionality
or some better kind of "sandboxing".
Backup & Privacy
Some instances have plugins for backup, others don't have this option.
What options do you provide for your users? How do you handle the
privacy of your users?
- Can your users export their data (queets, private messages)?
Yeah, the GNU social API lets users traverse the timeline to download
queets. Private messages aren't easily downloadable but will probably be
removed (and XMPP promoted for that instead).
- Is there a way to import this data or data from other gnusocial instances?
my instance. I don't support the liberal idea of an identity
that can move around. I think the instances should be democratically run
as an organisation and you can either join or not, not join and then
threaten to move the account.
(just posting a message "I'm over here now" and pointing to another
instance is good enough I think).
- Do you have backups for your server, i.e. in case of hardware failure?
Yes, for at least once every 24 hours or something.
- Can your users delete their account?
Yes, but only if they request it. I will have to make the deletion
process a bit more interactive before I want to allow users to be able
to delete themselves. (something like verifying through email or other
things that can't as easily be done by someone who just sat down at your
- How long does it take for the data to be deleted completely (i.e. disappear from any backups)?
Generally a matter of seconds, minutes for larger accounts. Extremely
large (previously active) accounts might take even longer.
- Do you retain any data after deletion, i.e. to as proof for abusive behaviour, to enable recovery of the deleted account or to prevent others from reregistering the account name?
Just the ordinary backups, which are deleted sequentially. I think
there's backed up data for about a week back or something. I wouldn't
bother recovering an accidentally deleted account though.
- Do you ever read private messages? Under which circumstances would you
do so and would you inform the users afterwards?
Yeah. But I recommend XMPP and have enabled everyone to be able to log
in using their GNU social credentials with an XMPP client to
firstname.lastname@example.org and email@example.com respectively. They can then add my
accounts firstname.lastname@example.org and email@example.com (or my human account
firstname.lastname@example.org) to talk more privately.
- How are you protecting the data (i.e. is the server hard disk encrypted)?
No, but as with all GNU social instances the passwords stored are salted
hashes with, from the top of my head, SHA-512 ($6$ for crypt()).
- Does your site use HTTPS?
- Did you configure more security options like a HSTS header?
It is pretty common that people post copyrighted images on social media,
which can get them into trouble*. A smaller site may have problems to
get accused of the violation itself instead of the user.
How do you handle copyrighted content and law enforcement requests?
- Do you inform your users about rules for posting copyrighted images / texts?
already care about that wouldn't care if I stated it in rules. I mean,
the law is the law and not related to the instance itself.
- Do you try to actively moderate copyright violations or do you take down content only on request?
Only on request, but that hasn't happened yet.
- What would you do, when you receive a DMCA notice or a similiar request in your country?
DMCA notices are irrelevant in Sweden.
I'd probably remove it if it wasn't actually licensed freely. But the
request would have to be extremely well defined and I would only remove
content if I was absolutely sure that the request sender actually has
I'd probably start off with sending an email back demanding a handling
fee though, so I can put time into investigating the matter at hand. If
they don't reply to that, I'll assume they're just copytrolling :P
- What do you do about images violating personality rights of people in the image?
This is much more serious than copyright. If the material is not already
widespread I would immediately take action against spreading personally
identifiable material where the individual is assumed not to want that
information being spread.
- How would you handle requests for the EU "right to be forgotten" law?
Accounts can be deleted, but federated notices of course can't. If the
request is sent in regard to a user's notice content rather than about a
user account itself, I'd refer to contacting that user instead of me as
a service provider.
- Did you think about getting a national security letter?
I'm not sure what this would mean? :)
Can you tell something about how you run the website?
- What hardware are you using?
- quitter.es: Old hardware from a super computer cluster. Nothing fancy.
- quitter.is: Baseline VPS on https://tranquillity.se
- What software (i.e. operation system, etc.) are you using?
Debian GNU/Linux, lighttpd, MariaDB, PHP-FPM.
- Does the server just run gnusocial or are you using it for other things as well?
A couple of wikis, some minor owncloud instance etc. Nothing being used
even nearly as much as the GNU social instances.
- Is your server very busy with the instance?
When thousands of new users show up, yes :)
- Why should users choose your instance?
They shouldn't! They should start their own. But if they would, it's
because I want a climate that doesn't create any aggression, even if
it's perhaps at the expense of limiting what people can write.
- Do you want to tell anything else?
Thanks for doing this kind of survey! It's good to make administrators
think twice about what and how they run servers.
Copyright is also an issue btw, we just haven't had to deal with it yet.
Everything is licensed CC:by on my instances, so it's a direct copyright
violation to post anything that's not already that liberally licensed
(unless you hold the rights yourself).