JollyOrc is a user on octodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

I thought of a completely trivial way for #Mastodon to implement all their soft security stuff w/o content leaking when it federates to incompatible servers.

It's such an obvious idea that I can't help but wonder if @Gargron is already doing it...

The idea: Put sensitive content in a non-standard XML element (e.g. <scopedcontent> instead of <content>). Poof, the problem just goes away, until a node is actually malicious.

JollyOrc @JollyOrc

@HerraBRE @gargron I might be wrong, but... isn't it already only a problem only when a node is malicious or at least badly configured? (which is kinda the definition of "incompatible servers", either by intent or incompetence)

ยท Web ยท 0 ยท 0

@JollyOrc Not quite.

If I understand correctly, if you set a post to "followers only" that disables boosting in the UI and prevents the toot from appearing on public timelines.

As I understand it, GNU Social doesn't implement either of those behaviours.

The scoping features require cooperation from the receiving server, much like deletion does.

They've got the content, but implementing the implied social contract is work not all have done - or want to do!

@JollyOrc @HerraBRE Whether a follower is from a server that doesn't understand privacy, or willfully ignores it, there is no way to tell. I have considered the "using new tag" or even Base64-encoding idea, but I think it just masks the issue. The real solution is that you should be aware who you allow to follow you, if you want your follower-only privacy to be respected.

@Gargron @JollyOrc Hmm. I don't think your real solution is a realistic expectation.

That is a lot of work which is easy for a computer but hard for a human. A prime candidate for automation.

If that's your preference AND you want to help people not make mistakes... then you probably shouldn't show the option at all until they (or The Computer) have reviewed their follower list.

Oh well. At least the ideas are on your radar.

@JollyOrc @Gargron ... you've also really badly confused the very human task of "knowing your followers" with the completely geeky and unreasonable task of "knowing what software your followers use and how it behaves."

Those are really not the same things, at all.

@HerraBRE @gargron

I agree: The system should, where feasible, give people some sort of indication if it detects followers from a "bad" instance that doesn't conform to the standards.

Of course, that cannot solve human malciousness or other PEBCAK issues. And we probably really don't want a codified reputation system...