Separating Moderation Tooling from Open Social Software / Third-party Moderation Software & You

/2026-04/session/6-b/

Topics:

Convener: Emelia Smith (@thisismissem@hachyderm.io, @thisismissem.social)

Participants who chose to record their names here:

Johanna B
Jim DeLaHunt (@jdlh@mstdn.ca)
Manton Reece (@manton@manton.org)
Matthias Pfefferle (@pfefferle@mastodon.social)

Summary

Lots of open source trust and safety tooling is starting to exist, but we need standard mechanisms for getting data into and back out of software. We could use proprietary APIs like Mastodon’s Admin API or Mastodon’s Webhooks, but that doesn’t really work well for the rest of the Fediverse.

Fediverse Auxillary Service Providers, or FASPs, are probably the direction the Fediverse is moving in to provide integration points. Moderation is best performed with data over time, rather than data at present, an account can be benign until it isn’t. There are patterns in data over time that we can detect and respond to. e.g., accounts are very often signed up, matured through posting fairly benign content (links to news sites, AI generated content, memes, etc), and then they get activated and weaponised into spam or misinformation or harassment networks. Data over time, or event streams, can help us detect these patterns of actors, content, and behaviors.

Platform/Tool names mentioned:

How do we get data into tools?
- Proprietary APIs like Mastodon’s API or Webhooks: https://docs.joinmastodon.org/admin/webhooks/
- Standard Webhooks? https://www.standardwebhooks.com/
- Event streams? (kafka, queues, etc)
- Fediverse Auxillary Services? https://github.com/mastodon/fediverse_auxiliary_service_provider_specifications/
Honeycomb
- not trust and safety specifically but observerability (o11y), where as system admins we work with events in order to understand what our systems are doing. In sysadmin world, this is through Open Telemetry: https://opentelemetry.io/
- Mastodon supports Open Telemetry to understand how it’s doing for system admins.
- The same concept of events applies to moderation software, where we work with events on actors and content in order to understand whats happening in our social communities over time.
Roost Tools - Robust Open Online Safety Tools
- https://roost.tools/
- https://roost.tools/blog/launching-roost-a-letter-of-gratitude/
- https://roost.tools/blog/meet-coop-v-0/
- https://roost.tools/blog/introducing-osprey-v1-0-open-source-infrastructure-for-real-time-abuse-mitigation/
- Discord Chat: https://discord.gg/T2GVfUEU5 — very active trust and safety community!
- Coop:
  - Originally a Software as a Service company, Roost acquired their IP and opensourced it
  - Documentation: https://roostorg.github.io/coop/index.html
- Osprey:
  - Originally built at Discord, then donated to Roost
  - Powers moderation for many Atmosphere (bluesky, etc) projects
  - Documentation: https://roostorg.github.io/osprey/index.html
- HMA
  - Technically a project at Facebook, but organised by Roost now
  - Perceptual hashing and matching to find CSAM, NCII, TVEC, etc
  - https://github.com/facebook/ThreatExchange/
  - https://github.com/facebook/ThreatExchange/tree/main/hasher-matcher-actioner
  - New website coming soon!
- FediMod FIRES
  - https://fires.fedimod.org/
  - Fediverse Intelligence Replication Endpoint Server
  - A protocol and reference server implementation for storing and distributing moderation advisories and recommendations over time for the Fediverse.
  - Originally proposed in September 2023, funding came through September 2024, implemented over 2025.
  - Example public server: https://fires.1sland.social/
  - Two lines of commands to install and then it should manage itself for updates.
    - https://fires.fedimod.org/manuals/reference-server/
- Blacksky’s moderation & community tools:
  - Acorn:
    - https://acorn.blacksky.community/
    - https://blackskyweb.xyz/introducing-acorn-community-infrastructure-that-grows-with-you/
    - Discussed at ATmosphereConf: https://atmo.rsvp/p/atmosphereconf.org/e/2E9XG1b
  - Polis / Assembly:
    - https://assembly.blacksky.community/
    - https://compdemocracy.org/Polis/
    - Helps the community decide what to do, democratically.
- Good accounts to follow (yes, all the above are on bluesky, but most should be bridged):
  - Dr Kay Coghill: https://bsky.app/profile/drkalyncoghill.blacksky.team
  - Scoiattolo: https://bsky.app/profile/scoiattolo.mountainherder.xyz (does a lot with Osprey specifically)
  - Mike Masnick: https://bsky.app/profile/masnick.com (techdirt)
- Learn from others:
  - ATmosphereConf, the global AT protocol community conference, March 2026, Vancouver, BC, Canada
    - https://atmosphereconf.org
    - Videos for almost all talks are now available! Lots of talks on moderation, trust and safety, building interoperable software, etc. https://ionosphere.tv/talks
- IFTAS.org, of course - info & resources libraries
  - https://about.iftas.org/trust-safety-services/iftas-community-library/
    - Related DTSP: https://dtspartnership.org/glossary/
- Mastodon is working now on Fediverse Auxilary Service Providers
  - https://blog.joinmastodon.org/2026/04/sovereign-tech-agency-funding/
  - €614k to do so from Sovereign Tech Fund
  - FASPs:
    - Originally for https://www.fediscovery.org/
    - Set of specifications: https://github.com/mastodon/fediverse_auxiliary_service_provider_specifications/
- ActivityPub Trust & Safety Task Force
  - https://github.com/swicg/activitypub-trust-and-safety
  - Applied for NLNet Funding November 2025, waiting for response
  - We need your help!

Questions

Availability and usability (and how-to!) for Moderators (I suspect this list will be questions, not answers)

Moderators - how do we integrate tools operationally into our domains?
- Probably through FASPs seems to be the direction the Fediverse is going in.
… without incurring many more work responsibilities on top of what we can’t handle?
- FASPs can be either software as a service, or self-hosted.
Costs for a community?
- Depends on the size of the community and your specific needs.
What is the result of the event analysis? Automated action, report to instances, notifications via external?
- Coop & Osprey can integrate with other software to take automated actions or interact with your existing fediverse software (some development work required to integrate by early adopters)
Policies and actions - intersects with queries and brainstorming on developing community governance. Is the tech community-driven, or does the tech define how the community can govern?
- This is up to you, Polis can help you define policies democratically
- Can also be internal to your governance structures, depending on your own risk appetites.
Do AP based hosts - not necessarily only Mastodon - have options for pro-active opts, or do we wait until the activity is on our instances?
- TBD, we need to define the integration points.
- Theoretically you could write a proxy that catches inbound and outbound activity and hands that off to moderation software to assess before forwarding out to the fediverse or into your software.
Will we need to address community concerns over an externality “reading our content”? What are the real vs. imagined exposures to participants?
- All content posted to public servers can be theoretically read by server admins, they are the ones taking the risk to provide a service to you. Just because I can’t see your DMs on Mastodon in the moderation tools (unless reported), doesn’t stop me looking in the database for that information as your admin.
- Different servers can define what policies work for them, e.g.,
  - Maybe they do automated scanning, but human review for all actions.
  - Maybe they auto action CSAM but not other reports.
  - Maybe they feel they don’t need to use any automated tooling.
  - Once you reach a certain size, automation is all but required in order to effectively moderate, you pretty much can’t avoid it, unless you keep your community extremely small and limit federation.
  - Sampling of automated actions can also help keep that tooling on-track and honest: https://github.com/roostorg/coop/issues/329
If you want privacy, use end to end encrypted software like Signal.