Vlad IonescuControlled, monitored, and audited by who? I believe y’all and appreciate the right approach here but I don’t know any of you and it sounds like a setup for “we investigated ourselves and found no wrongdoing”.
pirate moo 🐮@ucsenoi The owner of this instance is @jerry and you can find a link to the moderation staff within the Wiki here:
https://wiki.infosec.exchange/about/moderators
I guess what I meant to ask isn’t exactly who, it’s pointing out that I don’t think having the ones doing the access be the same people who audit for abuse is an inherently trustworthy setup. Either there is a team who has separate incentives and power to hold those with access accountable, or the public must take that role which means there needs to be transparency to empower people to do that.
Anyway it’s not an easy solution especially when it’s all volunteers. I appreciate the work you’re all putting into having responsible moderation here.
@ucsenoi I did try to work on this a bit by working on the Mastodon.py lib with the API in order to create a "transparency" report only to discover there was no way I could do it without basically hammering the API in the process and dealing with rate limiting issues (I have put the project git on my feed).
We're definitely open to suggestions/solutions in order to resolve some of the many concerns users have (including us).
@apiratemoo nice!
Something I always appreciated at $work is when an employee accesses your account (internal account, on-platform account, whatever) you get either a message asking you to approve/deny the action, or at least a notification. As a Red Teamer this has caught me a couple times when I thought I was being sneaky only to trigger that and have the target escalate the event to blue team.
I'd like to see that implemented here (inb4 send PR 
). It makes auditors think a little harder before accessing user data, and gives users both peace of mind and recourse.
It'll probably be bypassable if you have direct DB access, so that's not great, but hopefully the number of people with that access is < the number of moderators. Harm reduction.
@ucsenoi All of it is a discourse we need to have and we're aware of that, but also juggling a ton of things on a new platform (I know the Moderator team has been working pretty hard to get as much out as possible).
I'm going to make a note, that we should probably add some sort of feedback forum and specific hashtags in order to help engage with everyone on here (this is as much your instance as it is everyone's).
More stuff to add to the to do list 
@ucsenoi Basically, I wanted my script to be able to pull reports and calculate the average ranges of problem type/resolutions implemented and toot those stats weekly.
I completely failed on that end and am still trying to figure it out sigh.
ddench who art in infosec exchange 
@apiratemoo @paco it seems that the sort of controls @ucsenoi is suggesting wouldn't really be possible with the current governance structure of this instance, as Vlad admits, it's not really possible. However @jerry briefly mentioned future intentions for governance, and these suggestions might have a place there. I think until then keeping confidential data off platform is a must, as is the implicit trust in the mods and admin (of any Mastodon instance) to "Do The Right Thing" (TM). Users have to personally come to terms with that, which will be tricky for some.