JollyOrc is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

I thought of a completely trivial way for #Mastodon to implement all their soft security stuff w/o content leaking when it federates to incompatible servers.

It's such an obvious idea that I can't help but wonder if @Gargron is already doing it...

The idea: Put sensitive content in a non-standard XML element (e.g. <scopedcontent> instead of <content>). Poof, the problem just goes away, until a node is actually malicious.

@HerraBRE @gargron I might be wrong, but... isn't it already only a problem only when a node is malicious or at least badly configured? (which is kinda the definition of "incompatible servers", either by intent or incompetence)

@JollyOrc @HerraBRE Whether a follower is from a server that doesn't understand privacy, or willfully ignores it, there is no way to tell. I have considered the "using new tag" or even Base64-encoding idea, but I think it just masks the issue. The real solution is that you should be aware who you allow to follow you, if you want your follower-only privacy to be respected.

@Gargron @JollyOrc Hmm. I don't think your real solution is a realistic expectation.

That is a lot of work which is easy for a computer but hard for a human. A prime candidate for automation.

If that's your preference AND you want to help people not make mistakes... then you probably shouldn't show the option at all until they (or The Computer) have reviewed their follower list.

Oh well. At least the ideas are on your radar.

JollyOrc @JollyOrc

@HerraBRE @gargron

I agree: The system should, where feasible, give people some sort of indication if it detects followers from a "bad" instance that doesn't conform to the standards.

Of course, that cannot solve human malciousness or other PEBCAK issues. And we probably really don't want a codified reputation system...

ยท Web ยท 0 ยท 0