Physical (de)centralization of Mastodon servers – after our XMPP scan, we took 1000+ random Mastodon servers and looked at their hosters:
– about 50% of these servers are hosted by only 5 companies in 4 countries
– 26% of servers are hosted in Japan, followed by the USA (24%) and France (23%)
@infosechandbook Don't know how your find your results, but I've the same source (instance.social), and absolutely nothing agree with yours…
Not really accurate in fact…
The results are linked in the post. And as mentioned, we took 1000+ RANDOM Mastodon servers.
@infosechandbook So what's the purpose ? :s
I mean it's random stats, what do you want to show or demonstrate with that ?
The purpose is to show that logically decentralized networks are actually physically centralized. Your data shows the same as the top 7 providers of your list nearly host 50% of 3,345 servers.
@infosechandbook Right, we finally find similar issue… sadly :(
I just find "1k+" a bit too low for having a "real picture" (even if 1k instances is quite a good statistical group). :)
@infosechandbook @Sp3r4z Since consumer-grade ISPs are simply inadequate at hosting large-scale dynamic websites, the bottleneck is the number of good hosting providers. There aren't that many of them in the world. Amazon, DigitalOcean, OVH, Hetzner, Linode. Did you check how these stats compare against a sample of random non-Mastodon websites? I think the results might be quite similar
Yes, this isn't unique to Mastodon/the Fediverse.
We checked 1000+ XMPP servers several days ago (https://mastodon.at/@infosechandbook/102412870082664239) and got nearly the same results.
We also checked Matrix servers (https://gist.github.com/infosec-handbook/ca2650f0e7e49edb70a3d7d81fd20db5), however, we only got 14 domain names, so there are no good statistics here so far.
@infosechandbook Oh no... Mine is on Linode....
@infosechandbook might be interesting to provide this as a parseable format (you're not far from JSON it seems)
@infosechandbook Interesting: Amazon, Microsoft and Google host some Mastodon servers.
Yes, likely via Amazon AWS, Google Cloud, and Microsoft Azure.
> Cloudflare, Inc. hosts 71 Mastodon servers
I have some doubts about Cloudflare hosting any servers at all, the most likely scenario is that they are hosted somewhere else but behind the Cloudflare CDN.
On the other hand, the sample instances are spread over ~160 providers, which seems quite good.
Interesting stats nevertheless 👍
"capitalism.party" hosted on Google. WTF.
@infosechandbook But the thing is, if there is any actual problem with a provider, instance admins could switch to another in a matter of days, and the users wouldn't even notice.
Actually, is it possible to get city names, however, they are based on IP addresses and this information is mostly not so accurate.
At least, there were 16 servers hosted in Finland in our sample, so they could match your criteria.
@infosechandbook I found my server there, which I have at home and there's that it's hosted by my ISP. So I suppose it's about who provides IPs and not about hosting.
It lists the provider of each IP address. In most cases, you can clearly see whether it's an ISP or a server hosting company. For instance, Altnet s.r.o. provides "připojení k internetu" but they don't offer server hosting.
Contrary to this, OVH SAS or Hetzner Online GmbH (companies that are used most often) are well-known server hosting providers.
So, the fact that there are some ISPs on the list doesn't change our findings.
@infosechandbook But even Hetzner doesn't mean hosting automatically, it can be just anti ddos proxy.
@infosechandbook How do you easily identify who hosts a website/service? :)
There are IP lookup tools/API that also provide information about rDNS, autonomous system numbers, and providers.
@infosechandbook any to recommend in particular? :)
There is no specific recommendation. All of these tools basically do the same.
For our script, we used the KeyCDN API: https://tools.keycdn.com/geo#ip-location-finder-api
mastodon.at is a microblogging site that federates with most instances on the Fediverse. Note: This instance will shut down on February 29th, 2020.