Conversation

Notices

1. Embed this notice
   silverpill (silverpill@mitra.social)'s status on Wednesday, 05-Feb-2025 02:54:01 JST silverpill

   • tesaguri 🦀🦝

   @helge

   >It can't be the patchwork approach promoted by Mastodon, see fep-5feb

   A more advanced mechanism was proposed in FEP-268d, which addresses FEP-5feb shortcomings.

   cc @tesaguri

   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Wednesday, 05-Feb-2025 03:22:57 JST silverpill

     in reply to

     • marius

     @mariusor Search consent seems to be different enough to justify a new property. But when dealing with crawling we may indeed use standard properties. For example, there is FEP-7502: Limiting visibility to authenticated actors, where a new magic collection was proposed, similar to Public. I can imagine using magic collections for various purposes: for indicating unlisted (quiet public) posts, or for indicating public-but-not-for-crawlers posts.

   • Embed this notice
     marius (mariusor@metalhead.club)'s status on Wednesday, 05-Feb-2025 03:22:58 JST marius

     in reply to

     @silverpill is there some glaring thing I'm missing? I fail to believe that nobody really thought of this simplest way to handle ACLs.

   • Embed this notice
     marius (mariusor@metalhead.club)'s status on Wednesday, 05-Feb-2025 03:23:00 JST marius

     in reply to

     @silverpill does anyone justify in their FEPs _why_ there is a need for additional properties when ActivityPub provides multiple ones in the form of the To, Bto, CC, BCC recipients, and of the Audience one?

     These form a perfect basis for access control lists and I haven't seen anything that convinced me that it's not enough combined with OAuth2 tokens for C2S and HTTP-Signatures for S2S.

   • Embed this notice
     silverpill (silverpill@mitra.social)'s status on Wednesday, 05-Feb-2025 06:40:29 JST silverpill

     in reply to

     • marius

     @mariusor Yeah, I also don't like un-enforceable permissions, and I am not offering such solutions to users of my software. Just brought those FEPs up because other people on fedi were discussing crawlers today.

   • Embed this notice
     marius (mariusor@metalhead.club)'s status on Wednesday, 05-Feb-2025 06:40:31 JST marius

     in reply to

     @silverpill so I'm not missing anything, just people wanting to overcomplicate things. Sigh.

     Consent is not a thing that should be encouraged through non server-side enfored mechanisms because (as we can see plenty today) bad faith actors care not about such things.

     Therefore a flag on an actor/object is useless because it requires that crawlers obey it, and again, they can not be trusted to do that.

     In my opinion offering this as a solution to end-users is just snake oil.