Mark Shane HaydenDec 29, 2022

PSA to all admins: I highly recommend a #FediBlock of #mastinator (ie. the entire mastinator.com domain).

Mastinator is a service that allows a person to anonymously follow people on the fediverse. No big deal you think? Your public posts are probably already anonymously viewable from your public profile anyways and all it is doing is aggregating public info? That is what its creator claims---it is just a convenience service!

Well no, it is mode concerning than that. It does this aggregation by following any account a mastinator user types into its service then replicating *all* your non-DM posts into a sort of "proxy inbox" in the mastinator.com domain that is completely out of your control and viewable by everyone!

In other words, if you are followed by mastinator.com it effectively turns your follower-only posts into public posts and lets people you have blocked keep following you by following the mastinator replica of your posts!

Innocent intentions or not this violates user consent.

Show threadTechnorganical
@msh If anyone follows you, and they see your follower-only posts, then they can copy that content to share it with others. Ethically, this is not cool. Technically, it makes sense. It sounds like an issue with the protocol or reliance on Mastadon for selective audiences. I don’t believe blocking everyone who tried to do this is the answer. (Assuming I understood the OP and comments; I am not familiar with this functionality)
Dec 29, 2022 at 4:35pmWeb
Show threadMark Shane HaydenDec 29, 2022

@birch agreed... long term blocking is not the answer. My main goal here at this point is awareness. Medium term the best mitigation is to encourage people to switch their accounts to manually approve follow requests and also for instance admins to disable automatic approval of new accounts or to disable open registrations entirely...getting into a different mindset about sharing and reach and so on.

Ultimately the solution to these kinds of issues will rely on protocol level changes...perhaps implementing an #OCAP (object capabilities) permission model or a revamp/new protocol. The "fedi founders" aren't standing still but it will take time.