A couple of things seem to be missing from diaries about #TruthSocial. I think every mention of TFG’s site should mention Mastodon and the Fediverse, and the ramifications of how that effects the platform.
Truth Social is a copy of Mastodon, but what is Mastodon?
Firstly, Truth.Social is a fork of Mastodon. Mastodon is an open-source Twitter-like replacement, running on the #Fediverse. The Fediverse is a collection of federated apps that work together. The Fediverse lets you get away from a closed for-profit world run by sociopaths. So, you may be using a for profit app that bombards your eyeballs with ads to pay venture capitalists… or you could try an amazing Fediverse alternative:
- Twitter/X => Mastodon (Microblogs.)
- Instagram => Pixelfed (Pictures & photos.)
- Youtube => PeerTube (Video.)
- Reddit => Lemmy (Link aggregation.)
- GoodReads => BookWyrm (Social book ratings.)
- and lots more!
These new services, being built by nerds in their spare time. The run the gamut of usefulness from amazing to ‘kinda janky’. Even though they are volunteer efforts, most of them work amazingly well compared to their venture-capitalist counterparts. However, by using the Fediverse versions, you avoid ads, and they do not track you through algorithms. They are not (and can’t be) owned by billionaires.
The benefit is, I can use my Mastodon account to follow PeerTube videos, and they show flawlessly. I can also follow photographers on Pixelfed. Pixelfed uses images only, but my account there will display image posts of Fediverse users that I follow. They all work together, and anyone can contribute. It runs on a protocol, like the web and email, so it can never be taken over and walled off for profit.
They are free to use, but all of them are open source licenses. So anyone can build their own. Which has benefits and detriments.
TFG’s team took the Mastodon code, legally, but...
Well, TFG’s team took the Mastodon code (legal) and built their own social media (legal) with blackjack and hookers. (Also legal.) However, if you copy it and release it, you *must* also release your source code. (Uh-oh.)
The blessing and the curse to Truth Social is: Mastodon is under an open license. Anyone can copy it! However, if you copy it, you must post your own code. Well, Trump’s group didn’t want to share, and denied that they even copied it, despite the being obvious. But the “truth” came out.
The nerds at Mastodon can’t stop who uses the code, but they can go after people if they modify the code, and then do not release the code for others to see. Mastodon threatened to sue.
By copying the code, MODIFYING IT, and then not sharing it, Truth Social violated Mastodon’s license for a while, denying it the whole time. Not wanting to be sued, Truth Social gave up and posted the code publicly.
It’s probably worth noting that Truth Social does not federate with any other apps. You can’t get to Truth Social from Mastodon, nor follow anyone, or vice versa. So, all the federation above does not work to or from Truth Social. That’s probably a good thing!
TFG’s team does not patch its code very regularly
I know you’ll be shocked to learn that “the best people” running a toxic right-wing social media site are not the best people. They took the code, and stripped out the federation. That was the easy part. However, anyone that’s taken the most basic of computer security class would would tell you: Over time, vulnerabilities show up. They need to be patched, ASAP.
In July 2023, Mastodon discovered and rapidly patched a severe vulnerability which would allow any media to be overwritten, and remote code to be run.
It would seem that, despite Mastodon doing the heavy lifting and writing the bugfixes 8 months ago, that nobody at Truth Social has bothered to implement those patches and others. I know you’re probably as shocked as I am to hear that the engineers at Truth Social are incompetent at their jobs. If their source code is to be believed, they have not patched anything since June 2022. Or… maybe they are indeed patching them, but not in compliance with their open-source license AGAIN.
Either way, that’s not great for a social media platform. One way, you’re incompetent at computer security and your whole site is a ticking time bomb. The other, you’re incompetent at software licensing, and could get sued for that. Another ticking time bomb.
I’m betting they haven’t patched it. That takes actual work, with an actual person that you would pay an actual salary. If you want to predict a hypothetical choice for Trump’s people, pick the cheapest and incompetent solution. So, pay nobody and ignore it.
However, if left unpatched, the vulnerability would allow a clever hacker to pretty much ruin everyone’s day that uses the site. Not that I’m wishing that on anyone. Especially not during the IPO. Because that would be bad.