|
Top-level
 βThe recent confirmation that release 4.3 still won't make it easy for new instances to start with a blocklist that protects people from the nazis and TERFs that are active on the fediverse is a good exampleβ Yeah, because I closed the pull request for that a) because the code was an absolute mess, b) because one-time imports of moderation data are really terrible & only at all useful for DNI lists. That's why I'm working on FIRES with NLNet funding. 44 comments
"Rochko's decision last year to change the signup process to default new users to mastodon.social highlights one aspect of the conflict of interest hereβ But you don't even want those who are signing up to the flagship instance by downloading the official app, let's be honest here. That or you expect them to install & operate fediverse software whilst not knowing anything about the fediverse? Again with "Mastodon's integration with Threads", it's quite literally Threads wants to use ActivityPub and publish & receive messages with compatibility with Mastodon (and Misskey/Forkeys) That's legit it. There ain't no "integration" beyond speaking the same protocols the same way, as the protocols were designed to enable.   @PeterLG @thisismissem This thread doesn't connect to anything for me, what is she talking about? Out of context many things she says (like "you don't want those users anyway, be honest") sound incredibly shitty. @Natanox @PeterLG I've decided to not link to the original article. It's not particularly hard to find. But as for that quoted comment, the same group that derides Mastodon for the change of the default instance in their official apps, is the group that wants "small fedi" where people are excluded unless they know someone who runs a server or know how to deploy a Server themselves. They explicitly want mastodon to be hard for "normies" to use to retain their ideals for what it should be @thisismissem @PeterLG So I assume you're talking about this one. https://privacy.thenexus.today/mastodon-hard-fork/ I see who you're arguing against. Still, Mastodon's decision to strengthen centralization by leading everyone to the same instance isn't something worth defending in my eyes. @thisismissem @PeterLG Nothing speaks against a simple registry assistant, however it doesn't have to be just one server either. Users could literally be asked about their hobbies once with known good instances being automatically picked by your choice. Instead now the existence of the "official Mastodon" as well as "those others" is communicated, which is just awful and not in the spirit of the Fedi at all. @Natanox @PeterLG βknown good instances" is extremely hard to define, because different people have different needs & safety requirements. It's just like people going βgoogle mastodon -> mastodon.social -> sign upβ Perhaps the language could be changed, but when the software's reputation is built on people's first experiences, there does need to be some control over that experience, and the instances list just wasn't working, with some of them just *disappearing* @thisismissem @PeterLG Build a proper board with some oversight then, making sure every server provides the same level of safety and quality. But don't just slowly centralize itβ¦ that is and will always be the wrong approach. @thisismissem Within days of setting up a new instance and interacting with people on other instances using ActivityPub, I saw a data scrape of my public toots and CDN assets occur. I think it's reasonable that an organization that profits from user data will survey this social network graph of people existing outside their walled gardens. @bear "I saw a data scrape" by who, and are you sure it was a scrape? There's a misnomer that activitypub is push-only, this is incorrect & you will actually see a LOT of GET requests retrieving data from your server. Do you have authorized fetch enabled? It can help somewhat. Most fediverse User-Agents also advertise where they're from. @thisismissem Within the first week of operating an instance, I suddenly saw a walk of all of the CDN assets, including cached media from other instances. At first I assumed it was some kind of index, but I was able to corroborate this action by reviewing nginx logs. I did not see an uptick in Sidekiq. As a new admin, I wasn't sure how to gather more information to understand what would cause a 1:1 serving of GB of media from my CDN I had just set up. @bear read requests in ActivityPub won't necessarily correlate to an increase in sidekiq jobs (unless it's to verify the reader's signatures, but even that is generally done in the request/response lifecycle) As for a walk of your CDN, were there any user agents or IP addresses popping in the logs to indicate a crawl? Some fediverse clients behave in varying ways (proxying requests, requesting additional data, etc), so patterns would be important here. @thisismissem Good to know, regarding no increase in Sidekiq activity. I guess I still have a lot to learn. π What I recall from that moment was that everything stood out like a spike in the CloudFront dashboards. Within a short time window it looked like every asset was touched. I remember it being hard to determine who the client was, but that it looked like one client. @bear there are some fediverse software projects that'll try to backfill posts when they become aware of a user, perhaps it's this gone awry and is a bug instead of a bad actor? Though, also, Jortage is gaining popularity, which is an alternative to storing all the content yourself. βWill Mastodon's upcoming release 4.3 provide more tools for admins [...] ?β Who do you expect to be writing these tools? The one full-time developer on the codebase who maintains backports of security bugs to 3 different versions of Mastodon, whilst y'all scream "quote posts now!!"? The Managing Director of the project? He's busy having to wrangle US law to get a non-profit because y'all wouldn't fund the project without getting that tax kickback. (Cont) (Cont) The part-time CTO? Surely him, because he's not busy with long term tech debt, writing FEPs & grant applications, and trying to coordinate releases & work priorities. Like seriously, who do you think is doing the work here to build better admin tools? I've not been able to do much for Mastodon, because my donations have remained below β¬1000/mo. I simply can't afford to contribute much. βMeta's plans to offer automated moderation tools to fediverse adminsβ You know these are opt-in tools being proposed, where Threads/Meta is willing to leverage it's engineering org to provide tooling to help the fediverse in some way, right? You don't have to use said tools, you can just ignore them. Like, Renaud's proposal has nothing to do with Threads or Meta saying "hey, we've moderation tools we could maybe open up if you want them" In fact, his proposal is still at the stage it was last year (much like FIRES), because we had to wait for funding. And it certainly isn't favouring Meta, just enabling anyone who wants to build more advanced, possibly automated tools, for enhancing moderation teams. It's a direct reaction to those demanding spam tooling.  @thisismissem as I posted last night... the conspiracy theories and other speculations are (as you rightly pointed out in this thread) exhausting! https://macaw.social/@andypiper/112350599989018985 @andypiper yeah, only, as now mentioned in that article at the end, I thoroughly rebuked it in this: https://medium.com/@thisismissem/why-a-hard-fork-of-mastodon-isnt-the-way-b37aecfe5c86  @thisismissem This is a seriously disingenuous crop to do and not explicitly disclaim what you did and why.  @thisismissem full poll results are here: https://infosec.exchange/@thenexusofprivacy/112294665652523312  @thisismissem Regardless of what they offer... many of us don't want anything to do with Meta. Or Twitter. It's a poisoned chalice as far as many of us are concerned.  @tamitha @thisismissem right and part of this is that it's incredibly frustrating to see how immature the never-threads people are on so many levels They just can't be pleased And their ideas and asks are so disjoint from reality as far as current staffing and funding. So it's just... So... Exhausting. Because they don't understand how open source development and maintenance works. And I think MissEm does. @risottobias @tamitha it's also 100% okay to not take software anyone offers. Whether that's from Meta or what I work on at IFTAS. But there's certainly things we can all learn from others. e.g., I've some Ideas for improving moderation in mastodon & pixelfed, directly inspired by Software I've seen elsewhere for moderation purposes. @thisismissem @risottobias @tamitha Learning from each other is good. Yet we still have to keep in mind that Meta is, as a whole, an abusive and outright dangerous company no matter how nice those who work there are. Those who make the calls are not. I shall be damned if those tools Meta will offer can be self-hosted without any legal or technical catch to them. @Natanox @risottobias @tamitha short answer is "we don't know" regarding those tools. @thisismissem @risottobias @tamitha That is technically correct. That doesn't mean one should give Meta even a slither of trust about anything. If they want to contribute tools by making them Open-Source and self-hostable with a proper license like AGPL, sure. However doing or accepting anything else with/from Meta would just be ridiculously ignorant at this point. @Natanox @risottobias @tamitha for what it's worth, Meta has already been opensourcing tooling for trust and safety, e.g., https://github.com/facebook/ThreatExchange/ The algorithms from which power StopNCII.org to my knowledge. @Natanox @thisismissem @tamitha already open sourc'd lol.  @thisismissem Hi! New Mastodon administrator here. I'm not sure you're looking for my feedback but yes, I do want to limit my interaction with toots while seeing a wider variety of toots. I eventually found a relay to subscribe to specific tags for local and country-level politics. Since then I've set up filters and have started to curate a followers list from that. The single, small and community instances are valid. Consent in communication is important to me while surveying public toots. @bear and what if those people don't consent to you seeing their posts? Many relays lack consent, some even break the safety model by including the entire post in the Announce activity. So when your posts go through a relay to who knows who, is that in line with the consent model that's touted around the fediverse? That's the problem: you can't get all the content without bypassing someone's consent unless you follow them. @thisismissem I wonder about this. Relays are hard for me to understand in the concept of ActivityPub. I still have basic questions about them, like, if I subscribe to a relay am I sending them all of my public toots? Am I just receiving? Without thinking about relays, I expect public toots to be discoverable. The only consent I can control are toots coming from my instance. Which is why I'm not allowing other users without first having some kind of service agreement in place. @thisismissem Also, thank you for taking the time and energy to reply. I know that you said earlier that you are tired of these conversations, and I hope I'm providing some value in return. @bear yes, interacting with a relay is bidirectional. When you add a relay, your instance does a follow, the relay then accepts that follow and follow's your instance back, and that starts all public activity going to the relay. That is, you're consenting to receiving amplified content, and to being amplified to others. @thisismissem Thank you! I may turn those relays off when I find the accounts I want to follow. Really enjoying ActivityPub and what it enables, so far. |
Gregory's Server
The whole small vs big instances argument is also exhausting, you're somehow wanting consent with federation and every interaction, but expect your instance to be slurping up data from other instances such that your small instance isn't "quiet".
Where's that consent model again?
(And there's ongoing work by a and others around replies collections & the management of them, as to ensure you can request full reply trees)
#mastodon