This page, prompted by the #TwitterMigration of late 2022-23, is intended to be a rolling, continually updated collection of legal (and law-adjacent) links and resources for those deploying or administering their own Mastodon instances (servers) open to the public as they scale to tens of thousands of users or more. (As Bluesky goes from an initial platform to a federated AT Protocol, these principles may similarly apply.) There are undoubtedly many superior guides out there from a technical or operational perspective; my focus here is on three broad areas:
- Legal: Legal, compliance, regulatory, privacy (“data protection” in EU parlance), intellectual property (especially copyright, e.g. DMCA safe harbor), online liability (e.g. Section 230 in the US), judicial and legislative developments and threats
- Trust and Safety (T&S): Risk, abuse, harassment, spamming, scams, stalking, threats, phishing, doxxing, violent or hateful speech, dangerous dis- or misinformation, platform manipulation, data security breach, surveillance
- Content Moderation: Involving features of both of the above, as problematic content and misconduct in social media poses threats both to site or platform owner/operators (from a legal/liability perspective) and to the communities themselves (degrading or destroying trust, collegiality, community, signal-to-noise (S/N) ratio, overall value and usefulness)
But first, a brief pep talk courtesy of EFF:
“I worry that people will not want to host instances at all, because they go, ‘this is too scary,’ says Corynne McSherry, legal director at the Electronic Frontier Foundation, a nonprofit focused on civil liberties in the digital world. “But it doesn’t have to be scary.”
OK, now on to the good stuff!