Oleh Diposting pada

After Elon Musk “broke” his Twitter (now known as X) and Mark Zuckerberg released his Threads, there’s been a lot of talk on the internet about something called the Fediverse. Many see it as humanity’s last hope to escape the current social network mess.

In this post, we take look at what this Fediverse is, how it works, what it offers users right now, and what it may change in the near future.

What’s wrong with regular social networks?

Let’s start with why Fediverse is needed in the first place. The main problem with today’s social networks is that they’ve become too closed and self-absorbed (not to mention there are an awful lot of them). Often, you’re not even able to access a significant portion of a social network’s content if you’re not registered on it — and don’t even think about further interactions on the platform.

For example, to like a post on Twitter or leave a comment on a YouTube video, you have to be registered. When it comes to social networks that are part of Mark Zuckerberg’s empire, it’s even worse: without an account, you usually can’t even get acquainted with the content, let alone like it.

The second major problem with social networks is that they don’t really produce anything themselves. Users create all the content on social networks, which the massive and powerful corporations behind the networks then profit from. And, of course, corporations have absolutely no respect for their users’ privacy — collecting an incredible amount of data about them. This has already led to major scandals in the past, and will most likely result in a whole bunch of problems in the future if nothing changes drastically.

The way things are currently organized, there’s another significant risk associated with the complete lack of user control over the platforms that they are, in fact, creating. Let’s just imagine a huge social network, which just happened to play a significant role in global politics, being taken over by a person with rather peculiar views. Its users are left with no choice but to adapt — or look for another platform with a more reasonable owner.

The Fediverse is designed to solve all these problems of conventional social networks: excessive centralization, complete lack of accountability, content isolation, collection of user data, and violation of user privacy.

The theoretical side: what the Fediverse is, and how it works

The Fediverse (a combination of “federation” and “universe”) is an association of independent social networks, which allows users to interact with each other in much the same way as they would within a single platform. That is — read, subscribe/follow, like, share content, comment, and so on.

And each platform participating in the Fediverse is federated itself: it consists of a community of independent servers (referred to as “instances” within the Fediverse).

An essential feature of the Fediverse is therefore decentralization. Each instance within the Fediverse has its owners (who independently create and maintain the server and bear all expenses for its operation), its own user community, rules, moderation system, and often some sort of theme.

The specially designed ActivityPub protocol is used for interaction among all these independent instances. ActivityPub is developed by the organization that specializes in creating common protocols that the internet runs on — the World Wide Web Consortium (W3C).

Mastodon.social is the largest instance of Mastodon, the largest social network in the Fediverse

Anyone can create their own instance within the Fediverse. All you have to do is:

  • Rent or set up a server at home;
  • Install the appropriate server software on it (usually open-source, free);
  • Connect to the internet;
  • Pay for the domain;
  • Create a community, and develop its rules, theme, and so on.


It’s important to note that a significant portion of the Fediverse, at least for now, runs on pure enthusiasm, and sometimes on donations from supporters or some occasional banners. There’s currently no sustainable commercial model here, and it seems that there is no intention to implement one yet.

How the Fediverse works for the average user

From an ordinary user’s perspective, they register on one of the servers that belong to a particular social network that’s part of the Fediverse. Then with this same account they can interact with users from any other servers within the Fediverse network, as if you can use a Twitter account to comment on a YouTube video or follow someone on Instagram. This removes the boundaries between different social networks, along with the need to create separate accounts in each of them.

However, in reality, it’s not as simple as it sounds: Fediverse instances are often quite closed communities, not particularly welcoming to outsiders, and registration can often be inaccessible. Logging into one social network with an account from another is usually not possible at all. Moreover, there’s no way to search across instances in the Fediverse.

So, basically, yes, you can indeed access the content of (almost) any Fediverse user without leaving the instance where you’re registered. You can probably even comment, like, or repost that user’s content, all while staying within the comfort and familiarity of your own instance. But there’s one catch — you need to know the address of that user. And knowing it isn’t so simple because, as mentioned above, there’s no search function in the Fediverse.

Pixelfed — A federated alternative to Instagram

Explaining the Fediverse by analogy

Most people use the analogy of email to explain the Fediverse: it doesn’t matter which server you’re registered with, you can still send an email to anyone; for example, to your mom’s Gmail account from your work address at bigcorp.com. But personally, I think email is not the best analogy here — it’s too simple and uniform. In my opinion, it’s much better to describe the Fediverse in terms of the good old telephone system.

The global telephone system integrates a bunch of different technologies, from rotary dial phones connected to analog switching centers, to smartphones on the cutting-edge 5G network, and from virtual IP telephony numbers to satellite-link communication. For the end user, the technological solution underlying any particular network is completely unimportant. And there can be any number of these networks. They all support a single protocol for basic interaction, making them compatible with each other — you can call any number, whether it’s virtual or satellite.

Similarly, in the Fediverse, whether a platform is primarily text-based, video streaming, or graphic, it can participate in the project and its users can “call” other platforms.

This is how one of the instances of the microblogging platform Pleroma looks. Source

However, the compatibility of telephone networks is far from complete. Each network may have its own special services and features — try sending an emoji to your great-grandmother’s landline phone. And on top of universal addressing (the international phone number format) there are often some local quirks: all those 0s or 00s instead of a normal country code, the possibility of not entering any codes at all when calling within a specific network (such as a city or office network), different formats for recording numbers (various dashes, brackets, and spaces, which can easily confuse people unfamiliar with local rules), and so on.

Again, the same goes for the Fediverse: while its platforms are generally connected and compatible at the top level, the user experience and functionality vary greatly from one platform to another. To figure out how to make long-distance calls perform a certain action on a given service, you often have to delve into the local specifics. It might actually be impossible to “call” certain instances because, while they formally support all the necessary technologies, they’ve decided to isolate themselves from the outside world for some reason.

In general, compared to email, the Fediverse is a much more diverse and less standardized collection of relatively unique instances. But despite this uniqueness, these instances do allow their users to interact with each other to some extent since they all support a common protocol.

Lemmy — one of the Reddit analogs in the Fediverse

The practical side: which services are compatible with the Fediverse now, and which ones will be in the future

Now let’s turn to the practical side of the issue — what social networks are already operating within the Fediverse. Here’s a list of the most significant ones:

  • Mastodon — The largest and most popular social platform within the Fediverse, accounting for about half of its active users. It’s a microblogging social network — a direct Twitter analogue.
  • Misskey and Pleroma — Two other microblogging platforms that attract users with their atmosphere and cozy interface. Misskey was created in Japan, which has ensured its high popularity among fans of anime and related topics.

Misskey — microblogging with a Japanese twist

  • PixelFed — A social networking platform for posting images. It’s a Fediverse version of Instagram but with a focus on landscape photography rather than glamorous golden poolside selfies.
  • PeerTube — A video streaming service. I’d like to say it’s the local equivalent of YouTube. However, since creating video content is so expensive, this analogy doesn’t completely hold up in reality.
  • Funkwhale — An audio streaming service. This can be considered a local version of Soundcloud or Spotify — with the same caveat as PeerTube.
  • Lemmy and Kbin — Social platforms for aggregating links and discussing them on forums. Sounds complicated, but they’re basically federated versions of Reddit.

Of course, these aren’t all the platforms within the Fediverse. You can find a more comprehensive list here.

A glimpse into the global future of the Fediverse

Another service worth mentioning that currently supports the ActivityPub protocol is the content management system WordPress. Some time ago an independent developer created a plugin for WordPress to ensure compatibility with this protocol.

Recently, Automattic, the company that owns both WordPress and Tumblr, acquired the plugin and hired its developer. Meanwhile, at the end of last year, Tumblr also announced future support for ActivityPub. Apparently, Automattic really believes in the potential of the Fediverse. Mozilla, Medium, and Flipboard are also now showing serious interest in the Fediverse.

But the most important — and quite unexpected — development for the federation of decentralized social networks was the promise made by Mark Zuckerberg’s company to add ActivityPub support to the recently launched social network Threads. It’s not yet been specified when exactly this will happen or in what form; however, if or when it does, several hundred million people from Threads/Instagram may suddenly join the existing few million Fediverse users.

What will this sudden popularity lead to? This isn’t such a simple question. Many long-time Fediverse users are visibly concerned about a possible invasion of “tourists”, and how these newcomers — accustomed to the noise of “big” social networks — will impact the communities that have been so carefully cultivated within the project.

How will the Fediverse cope with these sudden changes? Only time will tell. But one thing’s for sure: the further development and evolution of the Fediverse will be very interesting to watch…


#Fediverse #work

Oleh Diposting pada

Your teacher was right. Spelling counts, particularly to scammers.

Enter the world of typosquatting scams. Also known as URL hijacking, typosquatting scams target internet users who incorrectly type a website address into their web browser.

Scammers have long used typosquatting techniques to capture traffic from those butterfingers moments we all have when typing on our keyboards. And the butterthumbs moments on our phones.

For example, say you type “websiteaddresss dot-com” instead of “websiteaddress dot-com.” More than just a mistake, a mistyped address might land you on a malicious site designed to steal personal information, make money, or spread malware.

The scam sites you might land on vary. Some serve up a screenload of spammy ads. Others host malicious download links, and yet more lead to stores full of cheap, knockoff goods. In other cases, scammers take it up a notch. We’ve seen typosquatting sites evolve into clever copycats of legitimate sites. Some look like real banking and e-commerce sites that they steal traffic from, complete with stolen logos and familiar login screens. With this, scammers hope to trick you into entering your passwords and other sensitive information.

Companies are well aware of this practice. Many purchase URLs with those common misspellings and redirect them to their proper sites. Further, many brands put up anti-fraud pages on their sites that list the legitimate addresses they use to contact customers. Here at McAfee, we have an anti-fraud center of our own.

The fact remains, people make mistakes. And that can lead to risky scam sites. However, you can still avoid typosquatting attacks quite easily.

The big business of typosquatting

For starters, it helps to know that typosquatting is often big business. In many cases, larger cybercrime organizations set up entire flights of malicious sites that can number into the dozens to the hundreds.

Let’s check out a few examples and see just how sophisticated typosquatting scams can be:

“dot.cm” scams

In 2018, researchers found a host of addresses that were registered in the names of well-known sites, but ending in  “.cm”, instead of “.com”. These copycat addresses included financial websites, such as “Chase dot-cm” and “Citicards dot-cm,” as well as social and streaming sites.

Scammers used the .cm sites to advertise promotions and surveys used to collect users’ personal information. What’s more, more than 1,500 of them were registered to the same email address, indicating that someone was trying to turn typosquatting into a serious business.

“dot.om” scams

Similarly, 2016 saw the advent of malicious dot-om sites, that mimicked big names like “linkedin dot-om” and “walgreens dot-om.” Even the interesting typo found in “youtubec dot-om” cropped up. Of note, single entities registered these sites in batches. Researchers found that individuals or companies registered anywhere from 18 to 96 of them. Again, signs of serious business.

Big brand and voice assistant typosquatting scams

Recently, security researchers further found an increase in the number of typosquatting sites. An increase of 10% from 2021 to 2022. These sites mimic popular app stores, Microsoft addresses, services like TikTok, Snapchat, PayPal, and on and on.

Further, scammers have gotten wise to the increased use of personal assistants to look up web addresses on phones and in homes. Typosquatting now includes soundalike names in addition to lookalike names. With that, they can capitalize when an assistant doesn’t quite hear a command properly.

How to protect yourself from typosquatting

No doubt, slip-ups happen when browsing. Yet you can minimize how often with a few steps—and give yourself an extra line of defense if a mistake still slips through.

  • Whether you type in a web address to the address field, or a search engine, be careful that you spell the address correctly before you hit “return”.
  • If you are going to a website where you might share private information, look for the green lock symbol in the upper left-hand corner of the address bar. This indicates that the site uses encryption to secure the data that you share.
  • Be suspicious of websites with low-quality graphics or misspellings. These are telltale signs of fake websites.
  • Consider bookmarking sites you visit regularly to make sure you get to the right site, each time.
  • Don’t click on links in emails, text messages, and popup messages unless you know and trust the sender.
  • Consider using a safe browsing tool such as McAfee Web Protection, which can help you avoid dangerous links, bad downloads, malicious websites, and more.​
  • Always use comprehensive online protection software like ours on your computers and devices to protect you from malware and other online threats.
Introducing McAfee+

Identity theft protection and privacy for your digital life


#Typosquatting #Scams #Work #McAfee #Blog

Oleh Diposting pada

As of the writing of this article, the height of the pandemic seems like a distant but still vivid dream. Sanitizing packages, sparse grocery shelves, and video conferencing happy hours are things of the past for the majority of the population. Thank goodness.

A “new normal” society is adapting to today’s working culture. The work landscape changed significantly since 2020, and it might never return to what it once was. In 2022, workers spent an average 3.5 days in the office per week, which is 30% below the prepandemic in-office average.1

The work-from-home movement is likely here to stay, to the joy of employees seeking a better work-life balance and flexibility; however, some responsibility does fall upon people like you to secure home offices to protect sensitive company information.

To make sure you’re not the weak cyber link in your company’s security, make sure to follow these three tips for a secure home office.

1. Lock Your Screen, Stow Your Device

When you’re not physically in front of your work computer, best practices dictate that you lock the screen or put your device to sleep. No matter how much you trust your family, roommates, or the trustworthy-looking person seated next to you at a café, your company device houses all kinds of corporate secrets. A stray glance from the wrong person could put that information’s secrecy in jeopardy. Plus, imagine your cat walking across your keyboard or a toddler mashing your mouse, deleting hours’ worth of work. Disastrous.

Then, when you’re done with work for the day, stow your device in a secure location, preferably a drawer with a lock. Even if your work computer is 10 times faster and sleeker than your personal laptop, keep each device in its designated sphere in your life: work devices only for work, personal devices only for personal activities.

2. Secure Your Home Wi-Fi

Wi-Fi networks that are not password protected invite anyone off the street to surf on your network and eavesdrop on your online activities. A stranger sneaking on to your home Wi-Fi could be dangerous to your workplace. There would be very little stopping a stranger from spying on your connected work devices and spreading confidential information onto the dark web or leaking company secrets to the media.

There are a few steps you can take to secure your home office’s internet connection. First, make sure to change the default name and password of your router. Follow password best practices to create a strong first defense. For your router name, choose an obscure inside joke or a random pairing of nouns and adjectives. It’s best to omit your address and your real name as the name of your router, because that could alert a cybercriminal that that network belongs to you. Better yet, you can hide your router completely from strangers and only make it searchable to people who know the exact name of your network.

For an additional layer of protection, connect to a virtual private network (VPN). Your company may offer a corporate VPN. If not, signing up for your own VPN is easy. A VPN encrypts the traffic coming in and going out of your devices making it nearly impossible for a cybercriminal to burst into your online session and see what’s on your screen.

3. Take Your Security Training Seriously

The scenarios outlined in your company’s security training may seem far-fetched, but the concepts of those boring corporate videos actually happen! For example, the huge Colonial Pipeline breach in 2021 originated from one employee who didn’t secure the company’s VPN with multifactor authentication (MFA).2 Cutting small corners like disabling MFA – which is such a basic and easy-to-use security measure – can have dire consequences.

Pay attention to your security training and make sure to follow all company cybersecurity rules and use security tools as your IT team intends. For example, if your company requires that everyone use a password manager, a corporate VPN, and multi-factor authentication, do so! And use them correctly every workday!

Secure Home Office, Secure Home

These tips are essential to a secure home office, but they’re also applicable to when you’re off the clock. Password- or passcode-protecting your personal laptop, smartphone, and tablet keeps prying eyes out of your devices, which actually hold more personally identifiable information (PII) than you may think. Password managers, a secure router, VPNs, and safe browsing habits will go a long way toward maintaining your online privacy.

To fill in the cracks to better protect your home devices and your PII, partner with McAfee+. McAfee+ includes a VPN, safe browsing tool, identity monitoring and remediation services, a password manager, and more for a more secure digital life.

In one global survey, 68% of people prefer hybrid work models, and nearly three-quarters of companies allow employees to work from home some of the time.3,4 The flexibility afforded by hybrid work and 100% work-from-home policies is amazing. Cutting out the time and cost of commuting five days a week is another bonus. Let’s make at-home work a lasting and secure way of professional life!

1McKinsey Global Institute, “How hybrid work has changed the way people work, live, and shop”

2The Hacker News, “Hackers Breached Colonial Pipeline Using Compromised VPN Password”

3World Economic Forum, “Hybrid working: Why there’s a widening gap between leaders and employees”

4International Foundation of Employee Benefit Plans, “Employee Benefits Survey: 2022 Results”

Introducing McAfee+

Identity theft protection and privacy for your digital life


#Future #Work #Impact #Technology #WFH