Gregory's Server@Crell it's antithetical to what the fediverse is intended to be, but it is a reasonable solutiion to this problem
|
56 comments
 @teknogrot @jerry "The culture of an organization is defined as the worst behavior its leadership is willing to tolerate." No amount of federation will change that dynamic. @Crell I think it does change it, but not for the better. As @jerry pointed out, the nature of the fediverse can hide the behaviour from some people resulting in a de-facto tolerance of behaviour worse than the leadership (in this case again @jerry) would actually accept, while denying them the tools to do something about it. Federation may actually not be a good idea at all for social media.  @teknogrot @Crell @jerry  @Crell @jerry speaking of the birdsite, before the API got locked down, I spent a fair amount of effort building network analysis tools to proactively identify and block bigots. Turns out assholes like to follow each other. It was deeply satisfying when news about me came out and a bunch of people who had never interacted with me and weren't on any shared blocklists were complaining about being blocked by me. @Crell @ryanc @jerry is it possible to ‘fight fire with fire’ in that when someone identifies that they are receiving harassment a group of individuals- obviously a prearranged group- can be contacted who will respond overwhelmingly to the harassing individual to call them out? Sounds childish when said out loud and may make them dig in further but …..  @ryanc @jerry The spam analogy is very apt, I think, given Fediverse is often analogized to email. And the wild-west-anyone-runs-anything approach is largely a failure there, too. I also used to run a personal mail server. It only worked if I proxied every message through my ISP's mail server. A similar network-of-trust seems the only option here, give or take details. @ryanc @jerry In the abstract sense, we're dealing with the scaling problems of the tit-for-tat experiment dynamics. Reputation-building approaches to social behavior only work when the # of actors is small enough that repeated interactions can build reputation. The Internet is vastly too big for that, just like society at large. @Crell @jerry I do think keyword/regex filters as a quarantine/alert admin thing would be helpful, but as mentioned up thread, part of the problem is people unkowingly joining instances that don't protect their users from harassment and not understanding why that's a problem. The guides saying "instance doesn't matter much" don't help. @ryanc @jerry Yeah, the onboarding experience is definitely still a sore point. Like, I'd like to get my brother or the NFP I work with onto Mastodon, but I don't know what server to send them to. Mine isn't appropriate for them, mastodon.social isn't a good answer, and the alternative is... *citation needed* @Crell @jerry Yeah, I've absolutely no idea what "general but friendly to members of frequently harassed groups" instances exist. This instance is really nice, as I've always been a hacker first and foremost. Yes, I'm queer on several dimensions and open about it, but most of the time I don't want to focus on that.  same same here. run small email server. while i can sympathize with consumer email providers that block-specific only doesn't scale nearly as well as block-all/allow-only-specific, we hit what you say. how do i prove i'm "clean" if i can't send to you. i do think we need to have these discussions, possibly be willing to give up some cherished ideals, but most critically, we need to get those most at risk of abuse involved at every stage in discussion/design/test/deploy. @Crell @jerry I wonder, isn't "creating an instance" a barrier? In the sense that a new troll instance, after some time, should be blocked by most other instances and blocklists. Then they have to set up a new one, and so on, and so on. Also, I guess new people either know people on Mastodon they trust or they go to joinmastodon.org and pick a server. That's kind of an accept-list, no? The barrier to get there is relatively low: https://joinmastodon.org/covenant  @jerry @Crell In the early days of IRC (I wasn't there for it), my understanding was that EFnet was meant to be similar - allow any server to join - and hence their name Eris Free Net. But they've since changed their policy given the risks, and I think that's one of few reasonable approaches. Increasing the friction for everyone sucks, but it disproportionately hurts trolls, so I guess it may be worthwhile? EFNet stands for Eris Free Network. Eris is / was eris.berkeley.edu who got booted from the network for controversial behavior. EFNet was very cliquish and was known as a good old boy’s network. The one thing the developers got right was Glines (Global blocking). I hope you enjoyed this short history lesson.  I really appreciate your top post - it clarified a lot for me. I'm a total noob to the Fediverse, so I don't know what core tenet goes against using allow lists as opposed to deny lists. Is there an easy answer you can give me? @jztusk @Crell I think this reply is a very good example of why that would be a problem: https://mk.aleteoryx.me/notes/9wexilu5kwnb05ot Basically, the fediverse is premised on the idea of many people running their own personal instance, and in adopting an allow-list model, we effectively make it difficult or impossible for these individual instances to participate. Why not both? Some servers can run open federation, some can run allowlist-only, some can run in quarantine-first mode, and over time I'm sure we'll see shared lists, reputation signals, and trusted upstream servers to help manage the onboarding/allowing. "Disallow all, but allow all servers already allowed by x, y and z" is one way to approach. Almost none of the asks I've seen are either/or propositions, they are generally admin options to enable or not.  @Raccoon @jaz @jerry @jztusk @Crell The refrain of “allowlists/blocklists are bad because it means you won’t hear from me” misses the point: This is why they are GOOD. People don’t have a “right” to talk to your instance, this is a privilege that should be EARNED. And the protection of vulnerable people on social media is more important than my ability to make sure they can see my dumb posts. This is not antithetical to the Fediverse. Choosing which instances to federate with is central to it! @Raccoon @jaz @jerry @jztusk @Crell Because I am not among a group that is a frequent target of abuse, I have the privilege of enjoying the benefits of being on an “open” instance without having to worry about the drawbacks. I will probably always prefer to be on an instance that is blocklist-based instead of allowlist-based. But many people do not have that privilege. @Raccoon Yes, who decides what to put on an allowlist/blocklist and what are the criteria they use continues to be a fraught problem with no simple solution. But I was countering the claim a lot of people make that shared allowlists/blocklists in principle -- even if "perfectly curated" -- are antithetical to the Fediverse, which I think isn't true. Some people bristle at the idea of these lists not because they think they might not be perfect, but because they want a nearly 100% open Fedi. @Raccoon I think maybe part of my confusion is not fully understanding how allowlists work. Can someone on a LIMITED_FEDERATION_MODE instance be *followed by* someone on a non-allowlisted instance? For instance (heh), limited.example is in limited federation mode with only safe.example in its allowlist. Someone on unknown.example wants to follow @ user @ limited.example. Can they do this?  @jsit @Raccoon I have a test instance that I will enable limited federation on. I would love to know if there are any big instances that do this already. @jaz @jerry @jztusk I think we collectively need to come to terms with the fact that most people have no interest, desire, skill, or inclination to run their own anything, and will happily make it someone else's problem in return for money, ad data, or just not GAF. Less than 0.1% of people will run their own mail/Fedi/Identity/app/file server. We need to stop making fetch happen. It's not going to happen. @Crell @jerry @jztusk (Back of napkin caveat) Currently seeing one server per 500 accounts. Writ large that's 10M AP servers for 5B accounts. Several hundred million not-WP.com WordPress sites might offer an example. Value-add hosting options abound for WordPress, so it's partially self-hosted insofar as it's somewhat self-managed by tens of millions. Mix of managed, shared, and self-hosting for AP services coupled with a rich plugin framework is how I imagine adoption could be supported. I think it's better to come up with better tooling that lets a small admin set up and maintain their trust relationships, and just make sure that they know that part of running their own instance means spending some time on that. The street buskers in my city take Swipe. That's the model I like  so, quarantining new instances (increased scrutiny / aggressive automatic moderation / keyword flagging) after which they would be put on either block- or allow-lists? this would (theoretically) not preclude small instance participation, and would increase cost/difficulty for bad actors. different instances could have their own metrics/rules for this, as you say giving a variety of perspectives on the new one's behavior then the decisions of known/old/large ones can be weighted by everyone to make their own decisions this leads logically to some kind of web-of-trust / instance-reputation-scoring system down the line. this can be both good and bad, but if surfaced somehow could serve as a direly needed instance selection aid for new users. ie: example.net is aggressively blocking this type of behaviour, but is above average blocked by others on this other metric I *so* want to come up with an "algebra of trust", where we can say "I trust entity X, but only to post", and "I trust entity Y, and anybody they trust too", and let the computer figure out each individual "do I trust A to do B?". I haven't formalized it at all, and there's a risk of being computationally expensive, and someone would have to do the specialization for Mastodon, but I'd love to see it. @jztusk @jaz @jerry You're trying to solve a human problem with math. That is doomed to failure, no matter what the crypto-bros keep selling. All human systems require human maintenance and decision making. Assisted, maybe, but never, ever think you can replace human decision making about human activities. one could make the argument that this would be a machine only enforcing the decisions made by a human, like a very advanced filter The humans set the base rules. Have you ever unwrapped the certificate chain for an HTTPS-transmitted web page? We're doing stuff like this right now, on massive web scale >it's antithetical to what the fediverse is intended to be I believe many see the Fediverse as way to build an alternative that is both safe and open. "No Nazis" is not 100% open, it is opinionated and less-than-fully-open. Safe beats open in the case of nazis, right? Many of these issues come down to which to prioritise, safe, or open? My preference is safety first, open second. Both are good, but sometimes we need to give a little bit on the open to preserve safety.  |
@jerry Sadly, I think the preponderance of evidence suggests that a "wild west libertarian self-organizing environment" (the dream of the early-90s Internet) will devolve into a Nazi troll farm 100% of the time with absolute certainty.
It's a wonderful idea, but doomed.
The barrier to the accept-list could be low (eg, do they have a halfway decent TOS/CoC), but I don't think we have an alternative.
cf: https://peakd.com/community/@crell/why-you-can-t-just-ignore-them