Mark Shane HaydenDec 29, 2022

PSA to all admins: I highly recommend a #FediBlock of #mastinator (ie. the entire mastinator.com domain).

Mastinator is a service that allows a person to anonymously follow people on the fediverse. No big deal you think? Your public posts are probably already anonymously viewable from your public profile anyways and all it is doing is aggregating public info? That is what its creator claims---it is just a convenience service!

Well no, it is mode concerning than that. It does this aggregation by following any account a mastinator user types into its service then replicating *all* your non-DM posts into a sort of "proxy inbox" in the mastinator.com domain that is completely out of your control and viewable by everyone!

In other words, if you are followed by mastinator.com it effectively turns your follower-only posts into public posts and lets people you have blocked keep following you by following the mastinator replica of your posts!

Innocent intentions or not this violates user consent.

Show threadWill PalmerDec 29, 2022

@msh
This is why I don't like terms such as "follower only", which imply a limited audience has access, when actually it is effectively advisory-only.

Anything that intends to limit an audience should involve cryptography and allow direct control over who makes up that audience. That said, anything that intends to limit an audience will always be advisory, as anyone could reply / forward / etc. Quote Tweets exist because people were already copying & pasting, eg.

Show threadFrost「|霜の狼|人面獣心」🐺❄️Dec 29, 2022

@wpalmer @msh Okay but it /is/ followers-only if you lock your account so you can reject follow requests, like we do.

going "oh you have no privacy we shouldn't even try!" is, nah no thanks we're not here for that.

(on a technical level your followers-only posts are only sent to instances where someone follows you, IIRC, so rejecting the follow actually IS a defense; even if it wasn't, that's not a reason to just go "oh Everything Is Public haha enjoy having no privacy")

Show threadWill Palmer
@frostwolf @msh it still requires trust in server owners, and every single follower. If something requires trust in every follower, I'd prefer to be able to limit the audience of my posts to only those followers I've vetted (without forbidding casual follows). I'm not just throwing my hands up and saying "no point in trying, then." I'm saying that there are important missing features which I'd like to see added, because the current method is not robust.
Dec 29, 2022 at 12:37pmWeb
Show threadFrost「|霜の狼|人面獣心」🐺❄️Dec 29, 2022

@wpalmer @msh Yeah, there really needs to be multiple groups or something you can define who sees a given post. Or at least separating the concept of "follows" with "is friend" (useful in both directions, we've had friends unfollow us because we post a lot).

Personally I'd still want to approve both types of requests. But I'd approve a lot more if I could do that without letting them into my private posts.

Show threadWill PalmerDec 29, 2022
@frostwolf @msh right, that's the kind of thing I'm talking about, though I tend to think in terms of what can be securely implemented and what features those implementations would imply, rather than just in terms of features which would be nice-to-have.