Email or username:

Password:

Forgot your password?
Top-level
jz.tusk

@jerry @Crell

I really appreciate your top post - it clarified a lot for me.

I'm a total noob to the Fediverse, so I don't know what core tenet goes against using allow lists as opposed to deny lists. Is there an easy answer you can give me?

23 comments
Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

@jztusk @Crell I think this reply is a very good example of why that would be a problem: mk.aleteoryx.me/notes/9wexilu5

Basically, the fediverse is premised on the idea of many people running their own personal instance, and in adopting an allow-list model, we effectively make it difficult or impossible for these individual instances to participate.

Jaz (IFTAS)

@jerry @jztusk @Crell

Why not both? Some servers can run open federation, some can run allowlist-only, some can run in quarantine-first mode, and over time I'm sure we'll see shared lists, reputation signals, and trusted upstream servers to help manage the onboarding/allowing.

"Disallow all, but allow all servers already allowed by x, y and z" is one way to approach.

Almost none of the asks I've seen are either/or propositions, they are generally admin options to enable or not.

Raccoon at TechHub :mastodon:

@jaz @jerry @jztusk @Crell
@jsit was talking about this the other day, and I keep feeling like I shot this idea down too soon...

social.coop/@jsit/112876102135

...but maybe that would be a good plan for some of these new and small instances, especially the ones that are trying to be safe spaces for minority groups. Get some momentum going, get some connections with other servers, get some contact with other server staffs, maybe eventually open it up.

Yeah, I think a federated whitelist would be a good idea.

Still, I'm looking at how many of these groups making block lists purport to be going after bigotry and harassment or whatever, but then you see them blocking a bunch of queer instances or black instances or something, and I wonder who might actually be trusted with this sort of thing. I can even imagine TechHub and Infosec showing up because someone with list access doesn't like the "techbros" or whatever...

@jaz @jerry @jztusk @Crell
@jsit was talking about this the other day, and I keep feeling like I shot this idea down too soon...

social.coop/@jsit/112876102135

...but maybe that would be a good plan for some of these new and small instances, especially the ones that are trying to be safe spaces for minority groups. Get some momentum going, get some connections with other servers, get some contact with other server staffs, maybe eventually open it up.

Jay

@Raccoon @jaz @jerry @jztusk @Crell The refrain of “allowlists/blocklists are bad because it means you won’t hear from me” misses the point: This is why they are GOOD.

People don’t have a “right” to talk to your instance, this is a privilege that should be EARNED. And the protection of vulnerable people on social media is more important than my ability to make sure they can see my dumb posts.

This is not antithetical to the Fediverse. Choosing which instances to federate with is central to it!

Jay

@Raccoon @jaz @jerry @jztusk @Crell Because I am not among a group that is a frequent target of abuse, I have the privilege of enjoying the benefits of being on an “open” instance without having to worry about the drawbacks. I will probably always prefer to be on an instance that is blocklist-based instead of allowlist-based. But many people do not have that privilege.

Raccoon at TechHub :mastodon:

@jsit @jaz @jerry @jztusk @Crell
> "Because I am not among a group that is a frequent target of abuse, I have the privilege of enjoying the benefits of being on an “open” instance without having to worry about the drawbacks."

But here's the flip side of that, one of the main things that makes people a bit squeamish about this: because you're not a member of a marginalized group, you haven't been on a server that has been brigaded with false reports trying to get the mainstream to block you, and then suddenly find a bunch of other marginalized groups' servers have blocked you without checking up on those reports. This is one of the things we keep seeing between queer fedi and black fedi.

What's to stop a member of one group, bigoted towards another, from getting in here and keeping servers that should be on the list off of it?

It then becomes a question of who will bell the cat: who will take on the responsibility, and thus open themselves up to abuse, of maintaining this?

@jsit @jaz @jerry @jztusk @Crell
> "Because I am not among a group that is a frequent target of abuse, I have the privilege of enjoying the benefits of being on an “open” instance without having to worry about the drawbacks."

But here's the flip side of that, one of the main things that makes people a bit squeamish about this: because you're not a member of a marginalized group, you haven't been on a server that has been brigaded with false reports trying to get the mainstream to block you, and then...

Raccoon at TechHub :mastodon:

@jsit @jaz @jerry @jztusk @Crell
And this post here also summarizes the big problems we've seen with FediBlock and The Bad Space.

We have people posting marginalized group instances on FediBlock, misrepresenting or exaggerating or even fabricating issues with those instances, and then suddenly finding that like 10% of the network has blocked them because no one is vetting these posts. I recently even appeared on there for attempting to vet some of those posts.

Meanwhile, every issue that The Bad Space has has basically turned into a timeline nightmare for its creators. Yeah, TBS has a problem with the number of instances it calls out for "racism" that no one else can find, and we could always make the argument that they could respond differently, but some people go absolutely insane about the people running it.

With a whitelist it would be even worse, because simply not including a server is doing a very real harm to its connections, and someone is going to answer for that.

@jsit @jaz @jerry @jztusk @Crell
And this post here also summarizes the big problems we've seen with FediBlock and The Bad Space.

We have people posting marginalized group instances on FediBlock, misrepresenting or exaggerating or even fabricating issues with those instances, and then suddenly finding that like 10% of the network has blocked them because no one is vetting these posts. I recently even appeared on there for attempting to vet some of those posts.

Jay

@Raccoon Yes, who decides what to put on an allowlist/blocklist and what are the criteria they use continues to be a fraught problem with no simple solution.

But I was countering the claim a lot of people make that shared allowlists/blocklists in principle -- even if "perfectly curated" -- are antithetical to the Fediverse, which I think isn't true.

Some people bristle at the idea of these lists not because they think they might not be perfect, but because they want a nearly 100% open Fedi.

Raccoon at TechHub :mastodon: replied to Jay

@jsit
I think you're talking about people who aren't in the conversation though: everyone who would be involved in this thread maintains a substantial block list, even if we have different standards for it. No one here is going to suggest a 100% open Fedi.

Our issue is the number of new and marginalized instances that are going to find a chunk of the network cut off by this sort of thing. We want new servers to be made, and we want those servers to thrive, because new servers add new life to the network, and a very important part of both of all of that is that good posts need to be able to spread far and wide and fast.

The Content Must Flow.

How does one create a new marginalized instance in an environment where instances with great content from marginalized groups is going to be cut off from them for however long it takes to get on the list? How do we let people on these new instances know more content will come, and why would they join a server that's blocked off?

@jsit
I think you're talking about people who aren't in the conversation though: everyone who would be involved in this thread maintains a substantial block list, even if we have different standards for it. No one here is going to suggest a 100% open Fedi.

Our issue is the number of new and marginalized instances that are going to find a chunk of the network cut off by this sort of thing. We want new servers to be made, and we want those servers to thrive, because new servers add new life to the...

Jay replied to Raccoon at TechHub :mastodon:

@Raccoon I think maybe part of my confusion is not fully understanding how allowlists work. Can someone on a LIMITED_FEDERATION_MODE instance be *followed by* someone on a non-allowlisted instance?

For instance (heh), limited.example is in limited federation mode with only safe.example in its allowlist.

Someone on unknown.example wants to follow @ user @ limited.example. Can they do this?

#MastoAdmin #FediblockMeta

Raccoon at TechHub :mastodon: replied to Jay

@jsit
As someone who doesn't deal with that directly, I forget that we have options like that. That is a good question, because if that's the case, it changes the nature of how disconnected these instances would be.

Jay replied to Raccoon at TechHub :mastodon:

@Raccoon I have a test instance that I will enable limited federation on.

I would love to know if there are any big instances that do this already.

Raccoon at TechHub :mastodon:

@jaz @jerry @jztusk @Crell @jsit
It also occurs to me that this can't be run by the instances using it, because they won't be able to see new instances to whitelist, which means you're going to need a few large servers to be the "Canary in the coal mine" for these instances. I feel like Tech Hub, with our somewhat squeamish block policies, could be a really useful server here, and I'd be happy to help maintain such a list.

What I think we need is some framework for how this list is put together and maintained, without too much overhead. We would need to account for the fact that such a list needs to be absolutely huge, and that while it should prioritize safety, there is an ethical obligation to get as many servers on it as possible.

As I told Jsit, it might be useful for someone to make this list now, just so we can see what it looks like.

@jaz @jerry @jztusk @Crell @jsit
It also occurs to me that this can't be run by the instances using it, because they won't be able to see new instances to whitelist, which means you're going to need a few large servers to be the "Canary in the coal mine" for these instances. I feel like Tech Hub, with our somewhat squeamish block policies, could be a really useful server here, and I'd be happy to help maintain such a list.

Larry Garfield

@jaz @jerry @jztusk I think we collectively need to come to terms with the fact that most people have no interest, desire, skill, or inclination to run their own anything, and will happily make it someone else's problem in return for money, ad data, or just not GAF.

Less than 0.1% of people will run their own mail/Fedi/Identity/app/file server.

We need to stop making fetch happen. It's not going to happen.

Jaz (IFTAS)

@Crell @jerry @jztusk (Back of napkin caveat)

Currently seeing one server per 500 accounts. Writ large that's 10M AP servers for 5B accounts.

Several hundred million not-WP.com WordPress sites might offer an example. Value-add hosting options abound for WordPress, so it's partially self-hosted insofar as it's somewhat self-managed by tens of millions.

Mix of managed, shared, and self-hosting for AP services coupled with a rich plugin framework is how I imagine adoption could be supported.

jz.tusk

@Crell @jaz @jerry

I think it's better to come up with better tooling that lets a small admin set up and maintain their trust relationships, and just make sure that they know that part of running their own instance means spending some time on that.

The street buskers in my city take Swipe. That's the model I like

maybenot

@jaz @jerry @jztusk @Crell

so, quarantining new instances (increased scrutiny / aggressive automatic moderation / keyword flagging) after which they would be put on either block- or allow-lists?

this would (theoretically) not preclude small instance participation, and would increase cost/difficulty for bad actors.

different instances could have their own metrics/rules for this, as you say giving a variety of perspectives on the new one's behavior

maybenot

@jaz @jerry @jztusk @Crell

then the decisions of known/old/large ones can be weighted by everyone to make their own decisions

this leads logically to some kind of web-of-trust / instance-reputation-scoring system down the line. this can be both good and bad, but if surfaced somehow could serve as a direly needed instance selection aid for new users.

ie: example.net is aggressively blocking this type of behaviour, but is above average blocked by others on this other metric

jz.tusk

@jaz @jerry @Crell

I *so* want to come up with an "algebra of trust", where we can say "I trust entity X, but only to post", and "I trust entity Y, and anybody they trust too", and let the computer figure out each individual "do I trust A to do B?".

I haven't formalized it at all, and there's a risk of being computationally expensive, and someone would have to do the specialization for Mastodon, but I'd love to see it.

Larry Garfield

@jztusk @jaz @jerry You're trying to solve a human problem with math. That is doomed to failure, no matter what the crypto-bros keep selling.

All human systems require human maintenance and decision making. Assisted, maybe, but never, ever think you can replace human decision making about human activities.

maybenot

@Crell @jztusk @jaz @jerry

one could make the argument that this would be a machine only enforcing the decisions made by a human, like a very advanced filter

jz.tusk

@Crell @jaz @jerry

The humans set the base rules.

Have you ever unwrapped the certificate chain for an HTTPS-transmitted web page? We're doing stuff like this right now, on massive web scale

Go Up