Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • Ada
    link
    fedilink
    English
    3111 months ago

    That doesn’t work for vulnerable minorities. Manually filtering each shitty person after you step in their shit gets old. Coupled with the fact that not shutting down shitty people just means more shitty people are likely to turn up.

    It’s not sustainable

    • Max-P
      link
      fedilink
      English
      3411 months ago

      I think in this context it’s meant on a technical level: as far as the fediverse is concerned, there’s not a whole lot instances can do. Anyone can just spin up an instance and bypass blocks unless it works on an allowlist basis, which is kind of incompatible with the fediverse if we really want to achieve a reasonable amount of decentralization.

      I agree that we shouldn’t pretend it’s safe for minorities: it’s not. If you’re a minority joining Mastodon or Lemmy or Mbin, you need to be aware that blocking people and instances has limitations. You can’t make your profile entirely private like one would do on Twitter or any of Meta’s products. It’s all public.

      You can hide the bad people from the users but you can’t really hide the users from the bad people. You can’t even stop people from replying to you on another instance. You can refuse to accept the message on the user’s instance, but the other instance can still add comments that don’t federate out. Which is kind of worse because it can lead to side discussions you have no way of seeing or participate in to defend yourself and they can be saying a lot of awful things.

      • @ChaosAD
        link
        English
        010 months ago

        You can’t make your profile entirely private like one would do on Twitter or any of Meta’s products.

        Even those are not private.

    • @[email protected]
      link
      fedilink
      English
      1611 months ago

      It’s the unfortunate reality. Social networks simply cannot in offer privacy. If they were upfront about it, then people could make rational decisions about what they share.

      But instead they (including Mastodon) pretend like they can offer privacy, when they in fact cannot, resulting in people sharing things that they would not otherwise share.

      • Ada
        link
        fedilink
        English
        1511 months ago

        It’s not as black and white as you make it. The options aren’t “perfect security” and “no security”.

        The option that most people that experience regular harassment want is “enough security to minimise the shit we have to deal with to a level that is manageable even if it’s imperfect”

        • @[email protected]
          link
          fedilink
          English
          511 months ago

          While you’re theoretically right, we’ve seen in practice that nobody really offers even the imperfect privacy you describe, and on decentralized systems it only becomes harder to solve.

          A Facebook style centralized network where you explicitly grant access to every single person who can see your content - is as close as we can get. But nobody is trying to make that kind of social network anymore, because there isn’t much demand for it.

          If you want a soapbox (Twitter/mastodon/bluesky, Reddit/Lemmy/kbin, Instagram/pixelfed, YouTube/toktok/peertube) then privacy is going to be a dream, especially if decentralized.

          • Ada
            link
            fedilink
            English
            311 months ago

            Vulnerable folk are looking for community, not a soap box. The goal is to connect with other folk whilst being as free as possible from harassment.

            It’s absolutely possible to achieve that without perfect privacy controls.

            • @[email protected]
              link
              fedilink
              English
              411 months ago

              Privacy and being free of (in-context) harassment aren’t the same thing. Your posts can all be public but your client can filter out any harassment, for example.

              If the goal is privacy so that people who aren’t in the community don’t know that you’re in the community, and don’t know what the community is even talking about, I’m skeptical that it’s practical. Especially for a decentralized network, I think that the sacrifices needed to make this happen would make the social network unappealing to users. For example, you’d need to make it invite only and restrict who can invite, or turn off any kind of discovery so that you can’t find people who aren’t already in your circle. At that point you might as well just use a group chat.

              • Ada
                link
                fedilink
                English
                611 months ago

                Privacy and being free of (in-context) harassment aren’t the same thing.

                They’re related. Often, the ability to limit your audience is about making it non trivial for harassers to access your content rather than impossible.

                If the goal is privacy so that people who aren’t in the community don’t know that you’re in the community

                That’s not the goal. The goal is to make a community that lets vulnerable folk communicate whilst keeping the harassment to a manageable level and making the sensitive content non trivial to access for random trolls and harassers.

                It’s not about stopping dedicated individuals, because they can’t be stopped in this sort of environment for all the reasons you point out. It’s about minimising harassment from the random drive by bigots

                • @[email protected]
                  link
                  fedilink
                  English
                  311 months ago

                  Hmmm I think I understand the intent. I’ll have to think on it some more.

                  My gut tells me that protecting people from drive-by bigotry is antithetical to content/community discovery. And what is a social network without the ability to find new communities to join or new content to see?

                  Perhaps something like reddit where they can raise the bar for commenting/posting until you’ve built up karma within the community? That’s not a privacy thing though.

                  What would this look like to you, and how does it relate to privacy? I’ve got my own biases that affect how I’m looking at the problem, so I’d be interested in getting another perspective.

                  • Ada
                    link
                    fedilink
                    English
                    311 months ago

                    You’re thinking about this in an all or nothing way. A community in which everyone and everything they post is open to everyone isn’t safe.

                    A community in which no one can find members or content unless they’re already connected to that community stagnates and dies.

                    A community where some content and some people are public and where some content and some people are locked down is what we need, and though it’s imperfect, things like authorised fetch brings us closer to that, and that’s the niche that future security improvements on the Fediverse need to address.

                    No one is looking for perfect, at least not in this space.

        • @[email protected]
          link
          fedilink
          English
          411 months ago

          It’s about the nature of the network. If it’s just a little bubble where you only see and interact with your friends, it’s probably doable. But nobody seems to want that anymore.

          People want soapboxes like Twitter or Reddit or tiktok or YouTube. Privacy there is a lot more complicated and dubious.

          In this case specifically, I think that the bad servers are spoofing as good servers. Which seems solvable (else cryptography signing things wouldn’t work), but still.

    • 0x1C3B00DA
      link
      fedilink
      1211 months ago

      It’s not sustainable to keep offering poorly designed solutions. People need to understand some basic things about the system they’re using. The fediverse isn’t a private space and fediverse developers shouldn’t be advertising pseudo-private features as private or secure.

    • @sugarfree
      link
      English
      711 months ago

      A private forum may be useful in that case.

      • Ada
        link
        fedilink
        English
        111 months ago

        Why even bother with that comment?