Some day most people are going to understand that “I want to post something visible to everyone in the world EXCEPT these specific people” is not a viable or reasonable or even possible approach to communication, and any attempts to make it work are doomed to failure.
Can we improve the Fediverse Allow-List Model?
Submitted 9 months ago by db0@lemmy.dbzer0.com to fediverse@lemmy.world
https://dbzer0.com/blog/can-we-improve-the-fediverse-allow-list-model/
Comments
sparr@lemmy.world 9 months ago
ryathal@sh.itjust.works 9 months ago
Which is why everyone gets the option to subscribe to exactly what they want to see and block users on top of that. The ability to actively choose an echo chamber is not a good solution.
maegul@lemmy.ml 9 months ago
Great to see the Marco Rogers citation, they really hit the nail on the head about the awkward of the “constant vigilance” approach.
And great ideas too! Something more organised and powerful is sorely needed.
thenexusofprivacy@lemmy.world 9 months ago
A very interesting idea! Actually it seems to me there are two interesting ideas here:
-
endorsements. Something like this (whether it’s from feeler servers or other sources) is clearly needed to make consent-based federation scale. IndieWeb’s Vouch protocol and the “letters of introduction” Erin Shephard discusses in “A better moderation system is possible for the social web” are similar approaches. You could also imagine building endorsement logic on top of an instance catalog like the FediSeer (of The Bad Space) or infrastructure like FIRES.
-
restricting visibility of a boost to servers the original post is federated with. This is something that’s long overdue in the fediverse! Akkoma’s bubble is a somewhat-similar concept; Bonfire’s boundaries might well support this.
ElectroVagrant@lemmy.world 9 months ago
Something else to chip in here in terms of interesting ideas, specifically regarding “protected/limited (leashed?) boost”, there’s some angles to this that the Glitch fork of Mastodon seems near in terms of local only posts and hiding boosts from specific people.
On their own these features don’t amount to what OP’s describing, but I think they may offer some groundwork for ways to work out the “limited boost” idea. Also, the more I think on it, the more I kind of like Leashed/Moored as a description over protected, as I think it more clearly implies controlled reach of posts, but maybe that’s just me.
thenexusofprivacy@lemmy.world 9 months ago
Agreed, and a very good point. “Visible to people on allow-list servers” is very much along the lines of local-only posts (“visible to people only on this server”). I think of it as “scoped” visibility, although leashed or moored might well be a better term.
-
silas@programming.dev 9 months ago
These are some really good thoughts and topics to discuss at this stage in the Fediverse. We must be looking big-picture right now as we move forward. Thanks for pushing the envelope!
ademir@lemmy.eco.br 9 months ago
The blog post:
Looks like someone really kicked the hornet’s nest recently on mastodon by announcing (not even deploying) a Mastodon-BlueSky bridge. Just take a look at the github comments here to get an idea of how this was received.
Plenty of people way more experienced than myself have weighted on this issue so I don’t feel the need to leave my two cents. However I wanted to talk about a very common counter-argument made towards those who do not want such bridges to exist. Namely, that Fediverse already provides the tools towards not having such a bridge be an issue: The allow-list model.
The idea being that if your ActivityPub server by default rejects all federation except towards trusted instances, then such bridges pose no problems whatsoever. The bridge (and any potential undercover APub scrappers) would not be able to get to your instance anyway.
Naturally, the counterargument is that this is way too limiting to one’s reach, and they shouldn’t be forced into isolation like this. Unfortunately the alternative here appears to try and scold others into submission, and this is unlikely to be long term solution. Eventually the Eternal September will come to the Fediverse. If you spent the past few years relying on peer pressure to enforce social norms, then the influx of people who do not share your values is going to make that tactic moot.
In fact, we can already see the pushback to the scolding tactics unfolding right now.
The solution then has to be a way to improve the way we handle such scenarios. Improve the tooling and our tactics so that such bridges and scrappers cannot be an issue.
A lot of the frustration I feel also comes down to the limited set of tools provided by Mastodon and other Fediverse services. A lot of the time, the improvement of tooling is stubbornly refused by the privileged core developers who don’t feel the need to support the needs of the marginalized communities. But that doesn’t mean the tooling couldn’t be expanded to be more flexible.
So let’s think about the Allow-List model for a moment. The biggest issue of an Allow-List is not necessarily that the origin server restricts themselves from the discussion. In fact they’re probably perfectly happy with that. The problem is that if this became the norm, it massively restricts the biggest strength of the Fediverse, which is for anyone to create and run their own server.
If I make a new server and most of everyone I want to interact with is in Allow-List mode, how do I even get in? We then have to start creating informal communication channels where one has to apply to join the allow-circle. Such processes have way too many drawbacks to list, such as naturally marginalizing Neurodivergent people with Rejection Sensitivity Dysphoria, balkanizing the Fediverse, empowering whisper networks and so on.
I want to instead suggest an alternative hybrid approach: The Feeler network. (provisional name)
The idea is thus: You have your well protected servers in Allow-List mode. These are the servers which require protection from constant harassment when their posts are spread publicly. These servers have a few “Feeler” instances they trust on their allow-list. Those servers in turn do not have an allow-mode turned on, but rely on blocklist like usual. Their users would be those privileged enough to be able to handle the occasional abuse or troll coming their way before blocking them.
So far so good. Nothing changes here. However what if those Feeler servers could also use the wider reach to see which instances are cool and announce that to their trusted servers? So a new instance appears in your federation. You, as a Feeler server, interact with them for a bit and nothing suspicious happens, and their users seem all to be ideologically aligned enough. You then add them into a public “endorsed list”. Now all the servers in your trust circle who are in allow-mode see this endorsement and automatically add them to their allow-lists. Bam! Problem solved. New servers have a way to be seen and eventually come into reach with Allow-List instances through a sort of organic probation period, and allow-listed servers can keep expanding their reach without private communications, and arduous application processes.
Now you might argue: “Hey Db0, yes my feelers can see my allow-list server posts, but if they boost them, now anyone can see them, and now they will be bridged to bluesky and I’m back in a bad spot!”
Yes this is possible, but also technically solvable. All we need to do is to make the Feeler servers only federate boosted posts from servers in allow-mode, to the servers that the ones in the allow-list already allow. So let’s say Server T1 and T2 are instances in allow-list mode which trust each other. Server F1 is a Feeler server trusted by T1 and T2. Server S1 is an external instance that is not blocked by F1, but not yet endorsed either. User in F1 boosts a post from T1. Normally a user in S1 would see that post by following that user. All we need to do is to change the software so that if F1 boosts a post from T1, the boost would only federate towards T2 and other instances in T1’s allow-list, instead of everyone. Sure this would require a bit more boost complexity, but it’s nothing impossible. Let’s call this “protected boost”.
Of course, this would require all Apub software to expose an “Endorsement” list for this to work. This is where the big difficulty comes from, as you now have to herd the cats that are the multitude of APub developers to add new functionality. Fortunately, this is where tools like the Fediseer can cover for the lack of development, or outright rejection by your software developer. The Fediseer already provides endorsement functionality along with a full REST API, so you can already implement this Feeler functionality by a few simple scripts!
The “protected boost” mode would require mastodon developers to do some work of course, as that relies in the software internals which cannot be easily hacked by server admins. But this too can potentially just be a patch to the software that only Feeler-admins would need to run.
The best part of this approach is that it doesn’t require any communication whatsoever. All it needs is for the “Feeler” admins to be actively curating their endorsements (either on the Fediseer, or locally if it’s ever added to the SW). Then all allow-list server has to do is choose which Feelers they trust and “subscribe” to their endorsement list for their own allow-list. And of course, they can synchronize or expand their allow-list further as they wish. This approach naturally makes the distributed nature of the Fediverse into a strength, instead of a weakness!
Now personally, I’m a big proponent of the “human touch” in social networks, so I feel that endorsement lists should be a manual mechanism. But if you want to take this to the next level, you could also easily set up a mechanism where newly discovered instances would automatically pass into your endorsement list after X weeks/months of interaction with your user without reports and X-amount of likes or whatever. Assuming admins on-point, this could make widely Feeler servers as a trusted gateway into a well protected space on the fedi, where bad actors would find it extraordinarily difficult to infiltrate, regardless of how many instances they spawn. And it this network would still keep increasing each reach constantly, without adding an extraordinary amount of load to its admins.
Barring the “protected boost” mode, this concept is already possible through the Fediseer. The scripts to do this work already exist as well. All it requires is for people to attempt to use it and see how it functions!
Do point out pitfalls you foresee in this approach and we can discuss how to potentially address them.
db0@lemmy.dbzer0.com 9 months ago
But…why? I don’t have a paywall o.O
ademir@lemmy.eco.br 9 months ago
I meant to make it easier… I can remove if you want it to.
halm@leminal.space 9 months ago
Sounds like you might have something specific in mind? Please elaborate.
can@sh.itjust.works 9 months ago
halm@leminal.space 9 months ago
Duh, mea magna culpa. Thanks!
haui_lemmy@lemmy.giftedmc.com 9 months ago
I just stumbled across this post after reading this exact post earlier today while updating my lemmy instance… Absolute genius idea imo. I also promoted your instance somewhere today since I think your values are spot on. Keep up the good work.
Blaze@reddthat.com 9 months ago
Very interesting post, thanks for sharing
originalucifer@moist.catsweat.com 9 months ago
it would be nice to have everything federate everywhere, but small instances just dont have the resources. its untenable for the small scale.
ryathal@sh.itjust.works 9 months ago
It would make more sense to not just pull everything by default and let instances control how much federated content they want locally and rely on the owner instance to provide the rest on demand.