• @[email protected]
      link
      fedilink
      17 months ago

      I have a few suggestions for development concerns off the top of my head:

      • Scrub post metadata* after users request its deletion
      • Auto-purge deleted content* rather than letting it sit behind a “deleted” flag (something Facebook got a ton of flak for doing)
      • Auto-purge deleted media*
      • Consider seriously limiting opening data wide for scraping, since the problem is non-consensual scraping, not payment for non-consensual scraping

      * either immediately or, to prevent spam, after some time

      • @[email protected]
        link
        fedilink
        17 months ago

        I agree with your first few points but I’m unsure about the scraping. This is a public forum, what could be done to mitigate scraping that wouldn’t take away form that?

        • @[email protected]
          link
          fedilink
          17 months ago

          If we take “unlimited unauthenticated API access shouldn’t be possible” for granted, I’m unfortunately not all that technically competent about what can be done next.

          The first thing that comes to mind is treating website access and app access differently, maybe limiting app API access by default for people who haven’t logged in.

          Or creating a separate bot API that’s rolled out across all servers at some point in the future… And I know federation could pose some serious chokepoints here so that’s where my speculation ends.