Conversation

Notices

1. Embed this notice
   The Nexus of Privacy (thenexusofprivacy@infosec.exchange)'s status on Wednesday, 15-Nov-2023 20:35:34 JST The Nexus of Privacy

   Mastodon and today's fediverse are unsafe by design and unsafe by default – and instance blocking is a blunt but powerful safety tool

   Parts 1, 2, and 3 of "Golden opportunities for the fediverse – and whatever comes next"

   https://privacy.thenexus.today/unsafe-by-design-and-unsafe-by-default/

   Over the course of this multi-part series, I'll discuss Mastodon and the fediverse's long-standing problems with abuse and harassment; the strengths and weaknesses of current tools like instance blocking and blocklists; the approaches emerging tools like #TheBadSpace and #Fediseer take, along with potential problems; paths to improving the situation; and how the fediverse as a whole can seize the moment and build on the progress that's being made; . At the end I'll collect it all into a single post, with a revised introduction.

   This first installment has three sections:

   - Today's fediverse is unsafe by design and unsafe by default

   - Instance-level federation choices are a blunt but powerful safety tool

   - Instance-level federation decisions reflect norms, policies, and interpretations

   #fediverse #mastodon

   • :blobcathug: likes this.
   • AnthonyJK-Admin repeated this.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Wednesday, 15-Nov-2023 20:39:42 JST Sexy Moon

     in reply to
     @thenexusofprivacy thanks for the shout-out!
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     :blobcathug: (jain@blob.cat)'s status on Wednesday, 15-Nov-2023 21:08:04 JST :blobcathug:

     in reply to
     @thenexusofprivacy
     I do have a bunch of critics:
     > Not only that, some of the protections that Mastodon provides aren't turned on by default – or are only available in forks, not the official release. For example:
     
     > - while Mastodon does offer the ability to ignore private messages from people who you aren't following – great for cutting down on harassment as well as spam – that's not the default. Instead, by default your inbox is open to nazis, spammers, and everybody else until you've found and updated the appropriate setting on one of the many settings screens.
     That setting can be dangerous, there is no way if i send someone a DM, that i get a feedback if the specific user actually got the DM or not and therefore it exists the potential to create more conflicts than it needs to.
     
     > by default blocking on Mastodon isn't particularly effective unless the instance admin has turned on a configuration option
     Enabling authorized fetch does not protect as much as the article implies. Inside Fediverse you will always find a way around blocks to get information about a post. The result of having authorized fetch is that people will take screenshots and talk about it like they did without authorized fetch.
     One cant supress that others talk about something, thats not possible. And this Article implies that authorized fetch is made for that.
     
     The consequence of authorized fetch are Screenshots.
     The consequence of screenshots is to disable to watch unauthenticated a public timeline of an instance.
     The consequence of that will be Screenshots of Instances which federates with that specific instance.
     The consequence of that will be that the locked down instance will try to enforce rules on how to handle their posts by the federated instances and using whitelists.
     The consequence of that will be that a federated social network wont work if everyone just uses whitelists.
     
     One simply cant silence others talking about oneself, one simply cant prevent public posts leaking to everyone.
     
     > by default all follow requests are automatically approved, unless you've found and updated the appropriate setting on one of the many settings screens.
     I give the article that tho, one could set this as default, but hey, one doesnt need to blame exclusively mastodon for that, admins can be partially blamed too.
     
     > local-only posts
     nice to have, nothing against it. Maybe one could speculate that it could hurt the network if its the default timeline tho.
     
     > Mastodon supports "allow-list" federation,13 allowing admins to choose whether or not to agree federate with nazi instances; but Mastodon's documentation describes this as "contrary to Mastodon’s mission of decentralization", so by default, all federation requests are accepted.
     that one has a proper explenation why its a bad idea within.
   • Embed this notice
     raf 🟣 (raf@babka.social)'s status on Thursday, 16-Nov-2023 13:33:29 JST raf 🟣

     in reply to

     @thenexusofprivacy

     This is really good. I should add that we should embrace the pluralism of the fediverse. Some instances will likely not be able to ever freely federate with one another even if there is nothing wrong with either community.

     An instance for spiders and an instance for people afraid of spiders won't readily get along. Similarly, a religious instance where nudity is frowned upon and a nudist instance will have different norms.

     That negotiation of norms across instances is crucial for making the fediverse safe and we are all still very bad at it.

   • Embed this notice
     The Nexus of Privacy (thenexusofprivacy@infosec.exchange)'s status on Monday, 27-Nov-2023 23:54:58 JST The Nexus of Privacy

     in reply to

     It's possible to talk about The Bad Space without being racist or anti-trans – but it's not as easy as it sounds

     https://privacy.thenexus.today/the-bad-space/

     Part 3 of "Golden opportunities for the fediverse -- and whatever comes next". See the parent posts for previous installments.

     Contents:

     - Intro

     - The Bad Space and FSEP

     - A bug leads to messy discussions, some of which are productive

     - Nobody's perfect in situations like this

     - These discussions aren't occurring in a vacuum

     - Also: Black trans, queer, and non-binary people exist

     #TheBadSpace

   • Embed this notice
     The Nexus of Privacy (thenexusofprivacy@infosec.exchange)'s status on Monday, 27-Nov-2023 23:54:59 JST The Nexus of Privacy

     in reply to

     • Fediverse News

     Blocklists in the fediverse

     https://privacy.thenexus.today/blocklists-in-the-fediverse/

     Part 2 of "Golden opportunities for the fediverse -- and whatever comes next"

     This installment has five sections:

     - Blocklists

     - Widely shared blocklists can lead to significant harm

     - Blocklists potentially centralize power -- although can also counter other power-centralizing tendencies

     - Today's fediverse relies on instance blocking and blocklists

     - Steps towards better blocklists

     #fediverse #mastodon @fediversenews

     Fediverse Report repeated this.
   • Embed this notice
     :blobcathug: (jain@blob.cat)'s status on Tuesday, 28-Nov-2023 04:47:47 JST :blobcathug:

     in reply to

     • Damon
     @dameoutlaw @thenexusofprivacy
     > This is nonsense, create criticism and offer no solutions simply because someone can screenshot.
     I think you got it wrong, we passed already that stage, it happened, countless times. So to say it is nonsense seems nonsense to me...
     
     > People can legally obtain guns and commit harms so there should be no laws as deterrence nor justice for victims since people can get around things?
     :blobcatgoogly: rarely heard such a stupid comparison. If you really compare guns with online comments then you seem lost to me...
     Lets be realistic, in Fediverse the Law is the Code & Protocols in terms of federation and you will never be able to enforce certain code & protocols, because you cannot control the code of foreign servers.
     
     > If one screenshots then it becomes obvious to others that the person has gone around the block & provided a screenshot.
     If one screenshots or abuse the protocols, that one pretty much doesnt care about your feelings at all, assuming you are the victim in this situation.
     
     > That has societal ramifications. Federation was never meant as so “town hall” thus having allowlist actually
     Of course it has, the result will be drama, as always, as it happens and will happen. And right, a network based purely on Allowlists would not be an alternative to existing ones and you probably wouldn't be here in fediverse, like me.
   • Embed this notice
     Damon (dameoutlaw@mstdn.social)'s status on Tuesday, 28-Nov-2023 04:47:48 JST Damon

     in reply to

     • :blobcathug:

     @Jain @thenexusofprivacy This is nonsense, create criticism and offer no solutions simply because someone can screenshot. People can legally obtain guns and commit harms so there should be no laws as deterrence nor justice for victims since people can get around things?
     If one screenshots then it becomes obvious to others that the person has gone around the block & provided a screenshot. That has societal ramifications. Federation was never meant as so “town hall” thus having allowlist actually

   • Embed this notice
     :blobcathug: (jain@blob.cat)'s status on Tuesday, 28-Nov-2023 05:00:36 JST :blobcathug:

     in reply to

     • Damon
     @dameoutlaw @thenexusofprivacy oh, i got your last sentence wrong since you threaded it :blobcatlaugh:
     
     ok again:
     > Federation was never meant as so “town hall” thus having allowlist actually fits more with the ethos of the Fediverse than simply everyone having relationships with everyone.
     My text never was about everyone having relationships with everyone, it was about it wouldnt be a network with that far reach. You may ask how i proof that? You can just look at the current blocklists... Assuming we would turn around everything, admins would be simply to lazy to accept other instances themself so they would rely on shared allowlists which I can say with certainty that there will be drama. And probably even more than with blocklists.
     You may explain your assumptions further.
     
     > Isn’t the whole point not to mirror Twitter’s town hall? No, the whole point of the fediverse is to decentralize and you cant build a functional social network without the assumption that every new server is friendly. Feel free to proof me wrong on that.
     
     > Allowlist makes sense & provides users & admin more control.
     Dafuq, how do they provide more control? You are in no way in more control and the current state of the fediverse proves this immensely. Ever saw a Instance which has a Allowlist only and keeps their public posts hidden? If you really find one, you can be sure that their admin is a person which far connections or having some background in the existing fediverse as it is. Otherwise their server would be unknown and they couldnt find other servers to federate with.
     
     > Allowlist is more reflective of how people have relationships in real life.
     Yes, i agree. But your real life has in no way the same properties as a digital network.
     
     > Isn’t the Fedi always going on about consent-based social networking?
     No, it never was, fedi is a privacy nightmare and i hope you realize that rather soon than later
   • Embed this notice
     Damon (dameoutlaw@mstdn.social)'s status on Tuesday, 28-Nov-2023 05:00:38 JST Damon

     in reply to

     • :blobcathug:

     @Jain @thenexusofprivacy fits more with the ethos of the Fediverse than simply everyone having relationships with everyone. Isn’t the whole point not to mirror Twitter’s town hall? Allowlist makes sense & provides users & admin more control. Allowlist is more reflective of how people have relationships in real life. Isn’t the Fedi always going on about consent-based social networking?

   • Embed this notice
     The Nexus of Privacy (thenexusofprivacy@infosec.exchange)'s status on Tuesday, 28-Nov-2023 17:44:44 JST The Nexus of Privacy

     in reply to

     • :blobcathug:

     @Jain Sorry I missed this comment earlier. Thanks for the feedback.

     - agreed that Mastodon's current behavior of just silently ignoring DMs isn't great, I should have mentioned that -- next time I do an edit pass I'll put that in.

     I certainly didn't mean to imply that authorized fetch is made to supress others talking about something. Authorized fetch makes blocking more effective. You're right that there are still holes, and I should probably be clearer about that. But, incremental progress is useful. And instances may well decide they need to lock down and only federate with other locked-down instances, different approaches to social networks work for different people.

     - agreed that admins could change the settings on follow requests -- although I believe it requires customizing code, so not an option for people using hosted installations (and a hassle for everybody else).

   • Embed this notice
     :blobcathug: (jain@blob.cat)'s status on Tuesday, 28-Nov-2023 17:44:44 JST :blobcathug:

     in reply to
     @thenexusofprivacy
     > I certainly didn't mean to imply that authorized fetch is made to supress others talking about something.
     I belive you that, and that is not what i fully meant to imply. That whole topic is a bit more complex to just reduce it to that, and i think you know that too.
     
     > Authorized fetch makes blocking more effective.
     Nah, i disagree. There is literally nothing that one can stop someone to read someones public posts. It might work for the average user, i give you that, but if there is a conflict between certain servers or someone is just curious, there will always be a way to get around authorized fetch.
     Thats what i meant, that what i saw multiple times. Authorized fetch implies a level of "protection" that isnt really there and never was.
     
     > But, incremental progress is useful.
     Yes i agree, in the usual situation thats true. But I would even say that in this context, more damage is being done than problems are being solved. Since authorized fetch is, as far as i know, not a usual feature but something that mastodon invented, how do the countless other softwares out there work with that?
     
     Even the mastodon config page warns about that:
     https://docs.joinmastodon.org/admin/config/
     
     > Unfortunately, secure mode is not without its drawbacks, which is why it is not enabled by default. Not all software in the fediverse can support it fully, in particular some functionality will be broken with Mastodon servers older than 3.0; you lose some useful functionality even with up-to-date servers since linked-data signatures are used to make public conversation threads more complete; and because an authentication mechanism on public content means no caching is possible, it comes with an increased computational cost.
     
     > Secure mode does not hide HTML representations of public posts and profiles. HTML is a more lossy format compared to first-class ActivityPub representations or the REST API but it is still a potential vector for scraping content.
     
     Now back to you:
     > - agreed that admins could change the settings on follow requests -- although I believe it requires customizing code, so not an option for people using hosted installations (and a hassle for everybody else).
     That might actually be. I saw this on a server but idk if this requires patching mastodon. But just to mention, that for example, would be much more helpful for the situation we are talking about.