If you’re a developer working on a fediverse app or service and want to get it right – or just don’t want to be the center of the next firestorm – here are a few suggestions.

  • The Nexus of PrivacyOP
    link
    fedilink
    English
    28 months ago

    Thanks for the feedback – and thanks for reading them despite the bristling. I couldn’t come up with a better way to put them … I know they’ll cause some people to tune out, but oh well, what can you do.

    I don’t think these solutions are inherently unscalable, it’s more that there hasn’t ever been a lot of effort put into figuring out how to make things scalable so we don’t have any great suggestions yet. I wrote about this some in The free fediverses should focus on consent (including consent-based federation), privacy, and safety (the article is focused on instances that don’t federate with Threads, but much of it including this section is true more generally):

    There aren’t yet a lot of good tools to make consent-based federation convenient scalable, but that’s starting to change. Instance catalogs like The Bad Space and Fediseer, and emerging projects like the FIRES recommendation system. FSEP’s design for an"approve followers" tool, could also easily be adapted for approving federation requests. ActivityPub spec co-author Erin Shepherd’s suggestion of “letters of introduction”, or something along the lines of the IndieWeb Vouch protocol, could also work well at the federation level. Db0’s Can we improve the Fediverse Allow-List Model? and the the “fedifams” and caracoles I discuss in The free fediverses should support concentric federations of instances could help with scalability and making it easier for new instances to plug into a consent-based network.

    (The post itself has links for most of these.)

    • @GlitterInfection
      link
      English
      2
      edit-2
      8 months ago

      Thank you for the thoughtful response here.

      If it helps, I feel like “Be an ally if you’re cis and joining the conversation” might fit what you’re saying and wouldn’t have bristled me. But I recognize that it isn’t your responsibility to manage the emotions of people who have unquestioned privilege.

      I also hope this isn’t a weird question but I noticed that I have to turn my vpn off to see your site. Is that intentional?

      On the other stuff, I love that you’re talking about the importance of account migration, and I like the idea of the concentric federation.

      There’s a bit more in there about scalability. So it’s nice to see your thoughts around it. I was thinking that the opt-in process which messages you for approval was the closest to scalable from the former article, because it allows everyone the opportunity to opt in without requiring hidden knowledge. But it could also feel like some sort of fishing attempt to get a message asking for consent.

      So I guess finding a way to build opt-in into the protocol in some way would be the most scalable option in the long term. However that could work.

      • The Nexus of PrivacyOP
        link
        fedilink
        English
        28 months ago

        Thanks for the tipoff on having to turn off the VPN, it’s not at all intentional – and it’s not a good look for a site with privacy in its name! I’ll try to figure out what’s going on, it’s pretty vanilla Ghost / nginx hosted on a Digital Ocean droplet so not immediately obvious.

        And yeah, it’ll be interesting to see how well the messaging you for approval works out in practice. As you could say it could look like phishing; and even if it’s fine when just one app is doing it, it’ll be annoying if there are hundreds. Also, there’s a Mastodon setting to silently ignore DMs (and I think other platforms have similar options as well). And for Bridgy Fed, it would be great to have a mechanism that works symmetrically between the fediverse and Bluesky … but Bluesky doesn’t have DMs. Tricky!

        I should probably mention something about being a good ally in that section, that’s a good suggestion. That’s not the main message I’m trying to convey though, I really do mean it as a warning to cis guys to be careful. These firestorms are tiresome for everybody, ould we please just not? Also btw sometimes particularly unpleasant for whoever sets them off. But maybe there’s a better way to word it.

        • @GlitterInfection
          link
          English
          28 months ago

          That’s all fair. I can see what you meant after reading it, so maybe it’s more of a me thing than one you have to consider in any depth. I know I have issues around feeling heard that aren’t the general. And people who don’t like being called out for cis-typical behaviors tend to be various forms of awful people that don’t really need to be included.

          Anyway, thank you for the conversation and the blog posts. I’m using Hotspot Shield as a vpn, if that helps and looking at your site through Safari on my iPhone.