As of March 24, 2024, I *socially* operate out of a single-user* / personal Mastodon instance - shellsharks.social. But how did I get here?
Like many other people who find themselves at least mildly online (or chronically so, as I do), I am a steady user of (a variety of) social media platforms. When Twitter fell, the world of social micro-blogging fractured, with people fleeing across the Internet to a number of platforms, both new and old. For my part, I took up residence on Mastodon, specifically, a cybersecurity-themed instance - infosec.exchange. (I also re-logged into my long dormant mastodon.social account.)
Infosec.exchange was perfect for what I was looking for. I used Twitter mostly as a place to follow others in the infosec/tech industry and infosec.exchange was the choice landing spot for many other disaffected infosec-Twitter refugees. There I re-found my people but also became a more active member of the community, sharing posts, interacting with others, etc… In the time I spent on infosec.exchange (since November 2022 until recently) I acquired a deep interest not only in the possibilities the Fediverse provides but also in the concept of the IndieWeb.
So this move to shellsharks.social is a direct result of the confluence of my newfound loves - the Fediverse & the IndieWeb. What was borne from that is the idea of “IndieSocial”
* shellsharks.social is not exactly single-account, but it is “single-user” (just me)
IndieSocial: Extending the IndieWeb
You can think of the concept of “IndieSocial” as a combination of principles from both the Fediverse and the IndieWeb. Consider a social presence that is…
- Personally owned (the content and server)
- Ad-free
- Decentralized
- Social (duh)
My foray into the IndieWeb has been great success. I’ve leaned into its ideals as much as is technologically (and philosophically) feasible for my statically-generated site. But where it excels at hosting my content and being a centralized, permanent place for my identity & content on the web it falls short in its ability to truly connect me with others in the way a traditional social media platform can. My latest stint on Mastodon / infosec.exchange succeeded in connecting me with others who value what I have to share on my site, but my identity being tied to a handle on infosec.exchange was limiting in that I ultimately did not own my posts nor my branding, and though I do mostly post about infosec stuff, it had a quasi-pigeon-holing effect due to the instance moniker itself (infosec.exchange). I would often see people on Mastodon responding from unique, single-user instances that served as a badge of authenticity and I coveted that. And though no one on the Fediverse could ask for a more thoughtful and capable server owner than those on infosec.exchange, I always wondered would would/could happen if/when Jerry decided to hang it up. More and more I started to think, much like what I’ve captured with my site, I need to own my own social. Only then could I begin to post uninhibited by expectation, allowing myself to be uniquely me.
Two big inspirations for me with regard to the IndieWeb and a web-based identity are Joan Westenberg and Cory Dransfeldt.
Benefits of a Personal Fediverse Instance
Beyond the benefits of Mastodon (and the Fediverse at large), what benefits are there to running your own Fediverse instance?
- A more perpetual, authentic identity on the web, i.e. the aforementioned “IndieSocial”
- Vanity Fediverse handle (e.g. “@shellsharks@shellsharks.social”)
- Branding: For individual creators and business, having a social identity hosted on a domain which has personalized branding is very important.
- Deplatforming resistance: Since you are the instance admin, you can not be deplatformed. Only your ISP or hosting provider could effectively do this and this is quite rare.
- Mitigate localized censorship: On a community instance, admins and moderators can censor your posts.
- Data ownership: As an admin, you have control over data exports and lifecycle.
- Customization: Instance admins can customize the CSS of their site, relays, emojis, trending, etc…
- Spontaneous server death: Instances have died in the past due to database corruption, domain seizure, admin burnout, lack of funding and more. Avoid this by running your own instance.
- Defederation control: Though users on a community instance have a lot of power in self-moderation, some controls for isolation and defederation are only available at the administrative level.
Hosting: Challenges, Choices & Chronology
OK, so I knew I wanted to “own my own social”, and for me, this meant having my own Fediverse server of some flavor (e.g. Mastodon, Akkoma, IceShrimp, GoToSocial, etc…). Because of my affinity for the iOS client Ivory, I decided Mastodon would be the best fit (Ivory only works with Mastodon at this time). From my research I knew Mastodon to be on the trickier & more resource-hungry side of the Fediverse platform spectrum. In terms of hosting, I first had to decide between managed or self-hosted. Masto.host was one managed Mastodon-hosting platform that I heard a lot about and seemed quite reliable so I decided to put a small alt account (@afterdark) there on an instance “shellsharks.social” to test it out. The base tier (“Moon”) was very slow and even with only a single-user with <30 followers and only 1 follow it was achingly ill-performant. I wasn’t terribly impressed but knew by sizing up a tier or two it would likely be better. The ideal situation of course would be to gloriously self-host and administer the entire stack. I learned a few things from having put together some resources on Mastodon instance administration and following along over the last year or so as other instance admins grew their communities. I had some understanding of the architecture of Mastodon, I knew some pitfalls of ActivityPub-based federation and I knew Hetzner was a popular hosting provider to get a cheap, reliable VPS. So with all that, I just went for it.
I created my Hetzner account, initialized a decently spec’ed VPS, I got my SMTP relay configured through Sendgrid, set up a Backblaze R2 bucket for block storage, fronted through Cloudflare and then hammered through the official Mastodon installation steps (paired with some other installation guides I came across). I knew it wasn’t a simple install, but it seemed straight-forward enough. I ran through the installation wizard but despite my confidence, things started to awry. Somewhere between the server-side install config and the SMTP-relay config something wasn’t working. I wasn’t receiving my confirmation email to log into the Mastodon admin account I created. I bypassed this little issue by manually activating the account on the back-end using tootctl. So now I’m in my sparkly new instance! But wait, nothing appears to be federating and I am unable to search for or find any other accounts! I searched around for a bit on Google for any clues as to what might be happening but after an hour or so decided to shut it all down and try a different path. Interestingly, after I started deactivating some accounts and tearing down the VPS infrastructure I noticed the emails finally making it through the SMTP relay! I also have a theory that federation/search was borked because I had not properly set up the object storage connection.
So where did I turn? I needed something at least slightly more turnkey. DigitalOcean has advertised a “one-click” droplet for Mastodon hosting that seemed appealing and for a moment I considered going that route. But, it still required a fair bit of set-up including hooking up a SMTP relay, object storage, etc… Oh and it was 4-5x the cost (at least) of going back and figuring out how to do it with Hetzner. It was moments after I created the DigitalOcean account and started thinking more about it when I decided to just scale up my existing shellsharks.social instance on Masto.host and evaluate whether it could handle an account with activity on the order of what I typically see with my main shellsharks account on infosec.exchange.
Masto.Host Trial Period: Issues & Observations
Masto.host is incredibly easy to get started with, scale up/down or stop using entirely. As such it was a simple decision (in the end) to trial my main account with it. After sizing up my existing shellsharks.social instance from the Moon to Star tier it didn’t take long for me to see that it would be plenty beefy for an account of my size. Since the pricing is plenty all-inclusive (you don’t need to futz with object storage, SMTP relays, CDNs, etc…), with all underlying server management handled entirely by Masto.host, I was pretty sold on the idea of moving there. Though the instance itself seemed more than performant, I did encounter a number of other things worth mentioning…
- A few notes on Masto.host itself…
- It is scary easy to get signed up and started with an instance with your choice domain…
- Pricing, imo, is very fair. Once you add up all the various costs of self-hosting you really don’t save much from a price perspective by going elsewhere. For what you save in time, I think it’s very worth it.
- Support is lightning quick and very helpful.
- Managing your instance via the Masto.host admin panel is extremely simple. Really not that much to tweak.
- Media storage allottment gets gobbled up pretty quick. I’m at 70% after only a few days. Will have to report back to see how I can manage this into the future…
- Federation is a tricky beast and I definitely could not explain how it works. What I can say is that on any Mastodon account, your view of the world/Fediverse is not necessarily 100% complete. On larger instances you will likely see more comments and have access to more accounts than you will on a smaller, “less federated” instance. As such, when viewing user accounts from my personal instance I have only limited information that gets pulled in. I see avatars, follow/follower counts and lists and some posts but likely do not see all of them.
- To address this shortfall, I can typically go to their account directly on their server via my client’s in-app browser, scroll through their posts and if there’s one I want to engage with, copy the link to the post and search for it directly within my Mastodon client. This 99% of the time will allow me to view the post directly and engage.
- I occassionally will have a performance hiccup, i.e. something loading slow, but after few days using my account pretty heavily I’d say it’s fine 99.9% of the time. As an example, notifications (likes, replies, boosts) all come in super fast!
- One thing I really enjoyed being on infosec.exchange was the Local feed. It was a great place to farm interesting accounts, find one-off posts to engage with, etc… Luckily, Mastodon still allows me to peruse local feeds and as such it is easy enough for me to continue scrolling it and just respond via my new account instead. Ivory doesn’t yet allow me to browse remote local feeds but what I can do is peruse the infosec.exchange local feed on my old infosec.exchange account and just reply from my shellsharks.social account via the account-picker.
- Search, which honestly is of varying usefulness even on the largest of servers (i.e. infosec.exchange / mastodon.social), is effectively useless on my personal instance unless I have a direct link to exactly what I am looking for. This has improved over the last few days a bit, but I still wouldn’t rely on basic search on my personal instance to find anything useful.
A Look at shellsharks.social & the Future
So yeah, I’m @shellsharks@shellsharks.social now. Yay!
The migration process from infosec.exchange was pretty good, definitely a bit scary but it was mostly a success. I had a little under 1600 followers to migrate and only had 20-30 of those not get moved over after it was all said and done. This seems to be an issue with hitting a rate-limiting wall either with my server or infosec.exchange. Fortunately, I can re-initiate the move in 30 days and migrate over the straggling followers. I had some questions about how account moves worked but this post sums things up pretty well.
I had considered using my “shellsharks.com” domain as my Mastodon instance but after some thinking, decided that shellsharks.social would be best. First, it is a social account, so having the social TLD makes perfect sense. Second, I was concerned about traffic that might be generated due to noisy ActivityPub federation calls which would be directed at shellsharks.com which is sitting on Github Pages and perhaps not ready for that level of traffic.
The biggest downside of having made this move, and using Masto.host is no longer having the Glitch-soc capability which allowed me to have posts that exceed 500 chars in length. This said, I’ve sorta decided that if I can’t get my point across in 500 characters, it might be worth making a note or blog post on my site and then sharing a link to that instead. This is part of the spirit of the IndieWeb after all!
In the future, I’d like to retry self-hosting. So much of the Fediverse is hosted by Hetzner so I would probably choose that as my VPS provider. I’d like to go with a Docker-based install, for easier management and technological gratification. In fact, there is a lot of things I’d like to self-host in the future (e.g. RSS, bookmarks, blog, etc…). I may even have some ideas for a community-style server, but that’s a ways away.
The world of social media has in some ways gotten so much larger while at the same time somewhat more disconnected as people have spread out across the various platforms of this era. But things have been set in motion to bridge these divides and bring people together once more. In a near future where those of us in the traditional Fediverse can interact with those on Threads, or on BlueSky, or on Nostr, or wherever, I really liked the idea of establishing my unique, forever-social-identity within the Fediverse.
Regardless of where I am now or where I go in the future, you should always be able to @ me on the Fediverse by @’ing @[whatever]@shellsharks.com. Through the magic of Webfinger, this will redirect ActivityPub messages to my current main Fediverse account. Cool stuff!
Many thanks to Masto.host for making this possible and so painless!
Accounts
Here’s a quick breakdown of the accounts I have planned for shellsharks.social and how I’ll be using them.
- shellsharks@shellsharks.social - My main account.
- afterdark@shellsharks.social - Late-night sillies, shit-posting, meta-commentary.
- Site@shellsharks.social - I am considering standing up an account that simply posts updates that are made to the site.
- mike@shellsharks.com - Reserving this name in the event I want to migrate my “general” account from mastodon.social.
Thanks to infosec.exchange
I know this post is about where I am now, but I think it’s worth waxing poetic about infosec.exchange for a minute. It was afterall, the incubator in which I became such a proponent of the Fediverse, learned so much about the IndieWeb and where I met literally 100’s of cool like-minded tech and infosec people. If you are in infosec (especially), I can’t recommend a place to be social more than I would recommend infosec.exchange. Though there are some other infosec-related servers out there, (and they are in their own right great) there is no comparison to infosec.exchange. Jerry Bell, the owner, admin and proprietor of infosec.exchange (and a ton of other Fediverse properties) is (and I’ve said this so many times over the last year+) mind-bogglingly attentive, extraordinarily compassionate, technologically gifted (I mean his ability to run so many Fediverse servers blows my mind), and honestly seems like a really nice person (I’ve not had the pleasure of meeting him). He’s created a very welcoming space and is always looking at how to improve server performance and keep the community happy and engaged. It is so great in fact, that I still fully scroll the infosec.exchange Local feed multiple times a day to find new things to engage with and new people to follow. My old account (though it has a moved-to/redirect) is still there and you can peruse my year+ worth of posts if you wanted to see how much fun I had in that time. (Alternatively I have turned my toot archive into a scrollable page.)