I should deep dive the Mastodon code base. Was wondering how bans worked. Are bans fediverse wide? Do they perma-ban the IP or the signup email address? If bans are based on email address, would the old gmail . trick work?
It's interesting how users coming from Twitter to Mastodon want a global unique ID system. Yet no such system currently exists, only unique IDs within walled gardens. You can get a new email address, new phone number, even new Gov ID number. A good ban system isn't perfect, but it will 86 lazy trolls.
@postmodern Unique IDs are important for social profiles, as they aren't just random, interchangeable addresses or ID numbers, but a representation of a person and a node in a network of trust. Followers are not just neutral subscribers, but social capital you don't want to lose when switching servers.
Permanent, instance independent IDs add a second layer of decentralisation, as it makes changing instances much less costly.
@fxneumann also skeptical whether accumulating social capital is a good thing. If you change your email, phone number, IRC server, etc, those who wish to stay in contact do. Amassing social capital tends to encourage social hierarchies, power structures, group think, and things like fake follower/upvote bots.
@postmodern On the other hand: When there is no easy, low-transaction-cost system of switching instances only those with high social capital can do so easily.
If Justin Bieber leaves Pinterest for Ello, his fans will follow. If I do the same, I have to put in much more work to maintain my contacts β so some kind of global ID is much more important for my then for much more powerful actors.
@fxneumann your example is changing platforms, not changing instances. Not too concerned with ensuring Justin Bieber preserves his Twitter followers if he switched to Mastodon :P
More interested in perma banning trolls, recovering accounts and preventing impostors.
@postmodern Where's the difference to switching instances?
Perma bans, account recovery and preventing impostors would also be aided by global IDs. Also, a global ID increases incentives not to misbehave on one instance as this will be linked to me on other instances as well.
@fxneumann global unique IDs would help enforce bans, provided it's not easy to obtain a new global unique ID. This would require the global unique IDs be tied to other some pieces of unique information. A good example is how Steam's VAC ban system ties your Steam ID to your email, phone number and probably even CC. Or how that Bird site started requiring a phone number to help flag returning trolls.
https://support.steampowered.com/kb_article.php?ref=4044-qdhj-5691
@postmodern That's where social capital comes in: Technically, it'll always be easy to get a new global ID if you really want β professional trolls will buy cheap burner phones.
But social ties are a layer of checks and balances not so easily to be forged or produced.
@fxneumann "it'll always be easy to get a new global ID" that's exactly how trolls, stalkers and harassers persist on social networks. Ban them, they signup again with a new email address or phone number. Granted getting a new phone number is more expensive than an email address. Also trolls, stalkers, harassers don't care about social capital.
@postmodern I don't get your point: having no global ID makes it easier, not more difficult, to troll.
Means to corroborate one's persistent identity are a tool to reduce the impact of trolls with throwaway accounts. Well-established identities are something you can technically filter for β as it is now possible on Twitter to filter out accounts with default profile pics, without verified phone or email addresses.
@postmodern OK, thanks! What's still not clear to me: What's the advantage of the current, instance based ID system compared to a global, Mastodon wide ID system? I don't see the higher barrier.
Regarding some kind of crypto: Granted, that can be lost, stolen, created anew β but that's the same as losing my current instance-specific credentials. Why is this worse, when now all those problems exist too?
@fxneumann there's nothing ideal security wise with the current implementation, although it's familiar to users of email, IRC, and other server centric protocols.
As far as exotic crypto/blockchain implementations go: you can remember a password, you can't usually remember a crypto key. Even if someone steals your password, you can reset it via email. Or additionally protect your login or email with 2FA, which is connecting another piece of unique information.
@fxneumann and if you can create a completely new crypto/blockchain identity alongside your previously banned identity, then what is the point of banning troublesome users?
@postmodern That's your point I get the least: The current system is even worse, as there is no means of preventing new accounts when old one's are banned.
A persistent identity could much easier accumulate reputation and karma across multiple instances; user-side filtering of low-karma accounts would be much easier.
@fxneumann I suppose you could go with the "new users need approval" filtering model. Or some kind of invite/voucher system, that way new users can't simply register a bunch of Like bots to boost karma above some threshold.
@postmodern OK, I think that's were we start from different points of view: I see the paradigms of server-centric protocols more as technical compromises we learned to wrap our heads around, while a persistent identity is much more similar to how social interaction in general works.
@postmodern
I agree that most cryptography currently has big usability problems; but I think that could be solved. Especially since the goal is primarily to reach a similar level of security as a simple username/pw combinations.
@fxneumann I hope my original toot(s) made it clear. Current user ID systems are not perfect, but act as a higher barrier to entry for returning violators. Current global ID systems are IDs within a walled garden or closed networks, which are tied to other semi-unique information such as emails, phone numbers or CCs. Proposed cryptographic/blockchain global IDs are actually worse, as they are prone to lose, theft, or simply generating a new one.