Threads has begun testing federation over ActivityPub. And they have blocked two important servers I administrate. The first server is the Mostr Bridge. The Mostr Bridge connects ActivityPub and Nostr together, so people can communicate across protocols. The second server is Spinster.xyz, which is arguably the largest independent feminist community online.
It’s also a matter of scale. FB has 3 billion users and it’s all centralized. They are able to police that. Their Trust and Safety team is large (which has its own problems, because they outsource that - but that’s another story). The fedi is somewhere around 11M (according to fedidb.org).
The federated model doesn’t really “remove” anything, it just segregates the network to “moderated, good instances” and “others”.
I don’t think most fedi admins are actually following the law by reporting CSAM to the police (because that kind of thing requires a lot resources), they just remove it from their servers and defederate. Bottom line is that the protocols and tools built to combat CSAM don’t work too well in the context of federated networks - we need new tools and new reporting protocols.
Reading the Stanford Internet Observatory report on fedi CSAM gives a pretty good picture of the current situation, it is fairly fresh:
https://cyber.fsi.stanford.edu/io/news/addressing-child-exploitation-federated-social-media