Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://blob.cat/objects/b0b3535b-3aaa-4968-a309-f7ba5f34833d">:blobcathug: (jain@blob.cat)'s status on Wednesday, 15-Nov-2023 21:08:04 JST</a><a href="https://blob.cat/users/Jain" title="jain@blob.cat"><img src="https://gnusocial.jp/avatar/4294-48-20220810062846.webp" width="48" height="48" alt=":blobcathug:" style="position: absolute; left: 0; top: 0;">:blobcathug:</a><div><a href="https://infosec.exchange/@thenexusofprivacy/111410685331053203" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><a href="https://infosec.exchange/@thenexusofprivacy">@thenexusofprivacy</a> <br>I do have a bunch of critics:<br>&gt; Not only that, some of the protections that Mastodon provides aren't turned on by default – or are only available in forks, not the official release. For example:<br><br>&gt; - while Mastodon does offer the ability to ignore private messages from people who you aren't following – great for cutting down on harassment as well as spam – that's not the default.  Instead, by default your inbox is open to nazis, spammers, and everybody else until you've found and updated the appropriate setting on one of the many settings screens.<br>That setting can be dangerous, there is no way if i send someone a DM, that i get a feedback if the specific user actually got the DM or not and therefore it exists the potential to create more conflicts than it needs to.<br><br>&gt; by default blocking on Mastodon isn't particularly effective unless the instance admin has turned on a configuration option<br>Enabling authorized fetch does not protect as much as the article implies. Inside Fediverse you will always find a way around blocks to get information about a post. The result of having authorized fetch is that people will take screenshots and talk about it like they did without authorized fetch.<br>One cant supress that others talk about something, thats not possible. And this Article implies that authorized fetch is made for that.<br><br>The consequence of authorized fetch are Screenshots.<br>The consequence of screenshots is to disable to watch unauthenticated a public timeline of an instance.<br>The consequence of that will be Screenshots of Instances which federates with that specific instance.<br>The consequence of that will be that the locked down instance will try to enforce rules on how to handle their posts by the federated instances and using whitelists.<br>The consequence of that will be that a federated social network wont work if everyone just uses whitelists.<br><br>One simply cant silence others talking about oneself, one simply cant prevent public posts leaking to everyone.<br><br>&gt; by default all follow requests are automatically approved, unless you've found and updated the appropriate setting on one of the many settings screens.<br>I give the article that tho, one could set this as default, but hey, one doesnt need to blame exclusively mastodon for that, admins can be partially blamed too.<br><br>&gt; local-only posts <br>nice to have, nothing against it. Maybe one could speculate that it could hurt the network if its the default timeline tho.<br><br>&gt; Mastodon supports "allow-list" federation,13 allowing admins to choose whether or not to agree federate with nazi instances; but Mastodon's documentation describes this as "contrary to Mastodon’s mission of decentralization", so by default, all federation requests are accepted.<br>that one has a proper explenation why its a bad idea within.</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2330986#notice-4600606">In conversation</a><time datetime="2023-11-15T21:08:04+09:00" title="Wednesday, 15-Nov-2023 21:08:04 JST">about a year ago</time> <span>from <span><a href="https://blob.cat/objects/b0b3535b-3aaa-4968-a309-f7ba5f34833d" rel="external" title="Sent from blob.cat via ActivityPub">blob.cat</a></span></span><a href="https://blob.cat/objects/b0b3535b-3aaa-4968-a309-f7ba5f34833d">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
:blobcathug: (jain@blob.cat)'s status on Wednesday, 15-Nov-2023 21:08:04 JST:blobcathug:
in reply to
- The Nexus of Privacy
@thenexusofprivacy
I do have a bunch of critics:
> Not only that, some of the protections that Mastodon provides aren't turned on by default – or are only available in forks, not the official release. For example:

> - while Mastodon does offer the ability to ignore private messages from people who you aren't following – great for cutting down on harassment as well as spam – that's not the default. Instead, by default your inbox is open to nazis, spammers, and everybody else until you've found and updated the appropriate setting on one of the many settings screens.
That setting can be dangerous, there is no way if i send someone a DM, that i get a feedback if the specific user actually got the DM or not and therefore it exists the potential to create more conflicts than it needs to.

> by default blocking on Mastodon isn't particularly effective unless the instance admin has turned on a configuration option
Enabling authorized fetch does not protect as much as the article implies. Inside Fediverse you will always find a way around blocks to get information about a post. The result of having authorized fetch is that people will take screenshots and talk about it like they did without authorized fetch.
One cant supress that others talk about something, thats not possible. And this Article implies that authorized fetch is made for that.

The consequence of authorized fetch are Screenshots.
The consequence of screenshots is to disable to watch unauthenticated a public timeline of an instance.
The consequence of that will be Screenshots of Instances which federates with that specific instance.
The consequence of that will be that the locked down instance will try to enforce rules on how to handle their posts by the federated instances and using whitelists.
The consequence of that will be that a federated social network wont work if everyone just uses whitelists.

One simply cant silence others talking about oneself, one simply cant prevent public posts leaking to everyone.

> by default all follow requests are automatically approved, unless you've found and updated the appropriate setting on one of the many settings screens.
I give the article that tho, one could set this as default, but hey, one doesnt need to blame exclusively mastodon for that, admins can be partially blamed too.

> local-only posts
nice to have, nothing against it. Maybe one could speculate that it could hurt the network if its the default timeline tho.

> Mastodon supports "allow-list" federation,13 allowing admins to choose whether or not to agree federate with nazi instances; but Mastodon's documentation describes this as "contrary to Mastodon’s mission of decentralization", so by default, all federation requests are accepted.
that one has a proper explenation why its a bad idea within.
In conversationabout a year ago from blob.catpermalink

Public

Embed Notice

HTML Code

Corresponding Notice