Platform risk and the fediverse: building the infrastructure you can't be locked out of

In December 2025, Meta restricted access to the Instagram account of Maria Sarungi-Tsehai, a prominent Tanzanian activist who had been documenting alleged human rights violations and organizing anti-government protests. Meta confirmed the action in a statement: it had received a legal order from Tanzanian regulators, and it complied. Sarungi called it state repression laundered through a platform's terms of service. She was right — and the mechanism is the point.

This is the scenario that the 2020 Facebook suspensions of Greenpeace USA and dozens of Indigenous organizations — covered in the first article in this series — foreshadowed but didn't fully complete. Those suspensions were, by Facebook's account, an accident. The Tanzania action was deliberate: a government identified an activist it wanted silenced, issued an order to a platform it knew would comply, and the platform complied. No hack, no infiltration, no dramatic intervention. Just a legal process and a company that made a business decision.

The U.S. pro-democracy movement is not Tanzania. But the mechanism — government pressure on platforms, platforms complying — is not geographically limited. And organizers building their communications infrastructure on platforms that answer to legal orders from whoever holds power in the relevant jurisdiction are building on land they may not always control.

What the fediverse actually is

The word “fediverse” — a portmanteau of “federated” and “universe” — refers to a network of interconnected platforms that all speak a common language. The most widely used version of that language is ActivityPub, an open protocol that lets users on different servers and different platforms interact with each other. Think of it the way email works: you can have a Gmail address, your organization can run its own mail server, and a colleague can use ProtonMail, and all of you can still exchange messages. No single company owns email. No single company can shut it down.

The fediverse works the same way for social media. Mastodon is the most prominent platform built on ActivityPub, but it's not the only one. Pixelfed (photo sharing), PeerTube (video), and Lemmy (discussion forums) all connect through the same protocol. A Mastodon user can follow and reply to someone on a different Mastodon instance, or on Pixelfed, or on any other ActivityPub platform. One protocol, many applications, no central point of control.

This is the structural fact that matters for organizers: no single entity can suspend the fediverse. There is no button to push.

The trade-off that's worth being honest about

Mastodon has roughly 750,000 to 1 million monthly active users as of early 2026, against hundreds of millions on Instagram and billions across Meta's platforms. The fediverse has grown significantly since 2022, but that growth has been wave-driven — surges following Twitter acquisition controversies and Meta policy changes — rather than steady. The mainstream audience your organizing needs to reach is still primarily on platforms you don't control.

That's the real trade-off, and it's worth being direct about it. Federated platforms are not a substitute for mainstream social media reach. They're insurance against losing that reach entirely, and they're where the infrastructure layer of your communications should live.

The strategic frame isn't “leave the centralized platforms.” It's: build your presence on both, with different purposes. Centralized platforms are where you find new people. Federated infrastructure is where you keep your ability to communicate, regardless of what any platform decides.

Bluesky and the AT Protocol: a different kind of portability

Bluesky, which reached over 41 million users by the end of 2025, operates on a different architecture than ActivityPub — the AT Protocol — but pursues a related goal: making your audience portable. On Bluesky, your identity is tied to a Decentralized Identifier (DID), not to a specific server. Your followers follow your DID. If you migrate to a different server, they come with you, because they were never following a server — they were following you. Bluesky describes this as giving users a “passport” for social media: you carry your relationships with you.

In practice, most Bluesky users still depend on Bluesky's own infrastructure — a caveat worth acknowledging, since the portability is architectural but hasn't been widely exercised. But the design principle is meaningful. The at-risk scenario on Bluesky isn't “the company suspends your account and you lose everything.” It's something closer to “you can move if you need to.” That's different from Facebook, where your audience is the platform's asset, not yours.

AT Protocol and ActivityPub aren't interoperable with each other in the way that different ActivityPub platforms are interoperable with each other — but bridging tools are in active development, and the two communities share a federated philosophy even where the technical implementations differ.

What Matrix/Element solves that Mastodon doesn't

Public social media — federated or otherwise — is for visibility. It's where you broadcast, recruit, and build an external audience. It's not where your internal organizing happens.

For internal coordination, the federated alternative is Matrix, an open protocol for encrypted messaging that works something like email for team communication. The most widely used application built on Matrix is Element. Your Matrix identity follows the same pattern as a Mastodon handle: it includes both your username and the server it lives on (@username:server.org). That server can be run by your organization, by a trusted host, or by anyone — and federation means Matrix users on different servers can still communicate with each other.

The security properties matter here too. Matrix conversations are end-to-end encrypted by default. No company can be subpoenaed for messages it doesn't have. No platform can revoke your access to conversations that live on your own server.

Matrix has gained significant adoption among organizations with serious digital sovereignty requirements — it's in use across European governments, adopted by Germany's national healthcare federation, used by the International Criminal Court after the Trump administration's sanctions disrupted the court's Microsoft-dependent infrastructure. These aren't organizations with casual security concerns. They chose Matrix because they need communications infrastructure that no outside party can shut down or access.

For an organizing network operating under active suppression, that's the relevant reference class.

Ghost as the publishing layer

The same logic applies to publishing. Substack is a centralized platform — it can ban publications, change monetization terms, or face regulatory pressure in the same way any centralized platform can. Ghost, by contrast, is open-source software you can self-host. When you publish on a Ghost instance you control, you own the content, the subscriber list, and the delivery infrastructure. No one can take that from you.

For organizers who have been building newsletters on centralized platforms, this is the same argument as email list ownership: the relationship with your readers is only as durable as the platform that mediates it, unless you own the infrastructure. Ghost's RSS and email delivery capabilities also mean your content feeds naturally into the fediverse through ActivityPub — Ghost instances can federate with Mastodon and other ActivityPub platforms, so your newsletter subscribers and your fediverse followers can converge on the same owned publishing layer.

The “both/and” strategy

The practical framework here isn't a migration plan — it's a redundancy plan. Most of your audience is on centralized platforms, and you should be there too. But your organizing infrastructure shouldn't depend on those platforms remaining available, cooperative, or indifferent to your politics.

Here's how to think about the layers:

For public reach: Maintain your presence on Instagram, Facebook, and wherever your audience is. Also build and maintain a presence on Mastodon and Bluesky. When Meta suspends your Instagram account, you need somewhere to direct people — and that somewhere needs to already exist and already have an audience.

For internal coordination: If your organization is using Slack or WhatsApp for internal organizing, build a parallel Matrix/Element presence. You don't have to migrate everyone immediately. But you need a functional fallback that people have already used at least once, because the moment you need it urgently is not the moment to be explaining how to set up a new app.

For publishing: Own your subscriber list. If you're on Substack, export your list regularly and maintain a backup delivery mechanism. If you're building a new publication or newsletter infrastructure, Ghost is worth the additional setup cost.

For your contacts and relationships: This is the subject of the first article in this series, and it remains the most critical: your contact database needs to live somewhere you control, not in a CRM whose terms of service can be revised or whose access can be revoked.

Migration readiness, not migration

The failure mode to avoid here is the one that's already happened to too many organizations: the platform changes, the suspension comes, and there's no backup. The organizers who survived the 2020 Facebook suspensions intact were the ones who had email lists they owned, secondary communication channels that already existed, and audiences they'd been building on multiple platforms.

The goal isn't to be on the fediverse instead of Instagram. It's to be on the fediverse before you need it to be your primary channel — so that if that moment comes, it's a transition rather than a crisis.

Build the backup while the primary still works. That's not a contingency plan. That's what infrastructure looks like.

Tools at a glance

Mastodon — Federated microblogging on ActivityPub. Find a public instance or host your own. Use for public-facing movement communication and as a destination when centralized platforms fail. joinmastodon.org

Bluesky — AT Protocol-based platform with 41+ million users. Strong audience portability by design. Currently the best federated option for reach alongside infrastructure resilience. bsky.social

Matrix/Element — Federated, end-to-end encrypted messaging for internal coordination. Self-hostable. The right alternative to Slack or WhatsApp for sensitive organizing conversations. element.io / matrix.org

Ghost — Open-source publishing platform for owned newsletters and publications. Self-hostable, ActivityPub-compatible, RSS-native. The right alternative to Substack for organizers who need to own their publishing infrastructure. ghost.org

This article is part of Building a Movement, an eight-part series on digital infrastructure for the pro-democracy movement.