Egregoros

Signal feed

API Docs
Timeline

Post

Remote status

Context

3
Phantasm

Phantasm

@phnt@fluffytail.org remote
Open link
Trusting Trust in the Fediverse

A very long blog post about the various "safety and privacy" features that got added over the years to ActivityPub and how useless they can be in the eyes of users unaware of the inner workings.

There's nothing really new I talk about, but it is a long explanation of my reasoning behind why I don't take "features" such as signed fetches and interaction consent seriously. What can be considered "new" to most, is the last section of bypassing signed fetch enforcement without impersonation, which I talked about probably twice over the years.

https://evilmaid.net/blog/trusting-trust-fediverse/index.html

(If there are styling issue, tell me. I've written the CSS from scratch, and I suck at it.)
Julian Fietkau

Julian Fietkau

@julian@fietkau.social remote
Open link

@phnt Great post, thanks. I'm in the process of drafting a FEP for GTS interaction policies (collaborating with the team, since they said they weren't going to submit one), so the criticism is useful.

I can't say it's shifted my thinking on the feature much, but then I am in the technical weeds. I think of interaction policies as a way to declare & federate filters, so benevolent and willing servers can play along with them.

This is my current draft for the FEP summary, does it sound sensible?

Phantasm

Phantasm

@phnt@fluffytail.org remote
Open link
@julian I think it accurately describes what it does, or at least tries to do. So in that way, I think it is very sensible.

My main issue with the extension besides it being rather complicated, is that I think users aren't aware of what it can't do. It's not apparent to users that it effectively hides interactions that happened from them in GTS, nor that it may not work as advertised. For the latter, a user has to click on the link in GTS settings, and only at the end of the section does it mention, that it is done solely on best-effort basis. You summary is upfront about it, which I think is a good thing.
Replying to @phnt@fluffytail.org
Julian Fietkau

Julian Fietkau

@julian@fietkau.social remote
Open link

@phnt I think I follow, yeah.

The flipside to that is it arguably takes two to have an interaction. If I write a post replying to yours, and you don't see it (whether because of an interaction policy or an account mute), the only meaningful difference between โ€œhidingโ€ and preventing interactions is that I don't get to know that I'm invisible to you.

But since current fedi platforms assume reply delivered = reply accepted, if we want reply controls, we need to break that assumption eventually.

Replies

4
Replying to @julian@fietkau.social
Julian Fietkau

Julian Fietkau

@julian@fietkau.social remote
Open link

@phnt Of course the difference between a mute and an interaction policy is that others can use the latter to replicate the effects. So people on servers that honor them might have a different view of a thread compared to servers that don't.

However, as best as I can tell, that isn't a weakness of the GTS approach, but applicable to any attempt to introduce reply controls into a network without them. So we're either coping with that or giving up.

Agreed that it needs good UI and explanation.

Replying to @julian@fietkau.social
Phantasm

Phantasm

@phnt@fluffytail.org remote
Open link
@julian It isn't a weakness of GTS that the network is the wild west and might not honor their extension, they can't really do much about it. Same with any extension in ActivityPub really. I find it kinda sad that we are implementing extensions to reduce the social aspect of a social media protocol though.

That said, if projects like NodeBB gain more traction, reply controls might be a good way to control things like thread locks, or thread reply controls in a federated way. In that way, I think this is a good extension in that specific context.
Replying to @phnt@fluffytail.org
Replying to @julian@fietkau.social