My comments are littered with folks asking "why is it a problem if your blocklist is public on Bluesky?"
I'm glad you asked.
"Who you block" is a reasonable indicator of your personal alignments. If you block TERFs, you're likely trans-friendly, if not trans yourself. If you block white supremacists, you're likely in support of multiculturalism.
If you block government entities, well, you know how this goes.
Do I trust Bluesky to handle that information with care? Hell no.
To be clear, I don't trust Fedi to handle this information with care, either. Difference being that on Fedi, your mods aren't some VC/blockchain-funded corporate entity. They're often enough your friends, your neighbors, or yourself.
While there are certain database-related exploits which can be used to pull a blocklist, often enough that's a challenge for a typical layperson with an axe to grind. And it's an incomplete picture thanks to the quirks of federation. Not so on Bluesky.
I'm not going to talk about Bluesky anymore for a bit, but I know folks are coming back here after hanging out there for a while, and I want to encourage Fedi users not to gloat, not to be jerks about it.
And if you're just (re)joining us on Fedi, like all affinity groups, you're going to run into enthusiasts who are gloating, but I promise most of us are just happy you're here and want to help make this place awesome for you. <3
@vkc bluesky is no different than twitter. even if its leadership might be a bit better, it's still a proprietary site, and i don't care what anyone says about that. better to use fedi. you're still handing all your data and opsec over to an entity that you can't trust with either.
who do you trust more with your data? an american corporation called bluesky, or the cat-eared furry running your local friendly mastodon instance? i know which one i trust.
edit: and to be clear, i trust the furry.
Also, newbies or returnees: it's gotten better since you left! Cool new features!
It's not.
What you post to your PDS is public. The updates to it go to the "firehose", which is this public stream of updates. App views then take that information and filter it and crap. There's some other stuff going on here but this is pretty much it.
So your block list is a request to these views to not show your public posts to certain people.
If you are expecting more than that you are quite mistaken.
Don't put sensitive info on social media.
@niko @vkc If you just don't want to see it then that's what mute is for. It's possible to provide that feature without it being public and it apparently does that in bluesky.
Mastodon does the very same thing. Mute is just for you. Block also informs the user and won't let them see what you post. This is at least partially public because servers have to know to do this for you. If you are on an openly federating server then you are probably exposed here.
Were you properly informed?
@crazyeddie @niko a big difference here is that on Fedi, the block informs *your server* and *the other server*, but on Bluesky, it informs *everyone* because it's centralized.
An end user has to be pretty smart to exploit that via Mastodon, and it'll be incomplete because of federation/defederation. On Bluesky, it's trivial and complete.
@vkc @niko It's actually the decentralized and modular design of the architecture that means it informs everyone. If it were centralized it could avoid making the block list public.
The fact that everything you post goes to a PDS that then sends all updates to a "firehose" of information is what does the AT protocol bad here.
Blacksky seem to be planning to plan to do something about this maybe. They want PDS that will limit output to just blacksky. Then it would be more like fedi here.
@vkc @crazyeddie @niko A quick clarifying question; do you mean actual blocklists or simply who you have blocked? Because on BlueSky those are two different things
(For anyone who doesnβt know Iβll explain below)
If I make a block list on BS & start adding people to it, thatβs easily accessible and trivially available
If I simply block someone, that information is NOT trivially available, much the same as fedi; you CAN find it but you have to know how.
Block lists are meant to be shared (IIRC)
@vkc @crazyeddie @niko To be clear, I think Mastodon and BlueSky both have massive problems that need to be fixed, but they both have some promise; I like BlueSkys approach to account portability and better anti-abuse controls and I like Mastodon/fedi approach to distribution.
hopefully, both of them will fix their problems. It would be great to have multiple alternatives talking to each other other.
You seem to think I'm talking about public blocklists, I'm not. I'm talking about "who you block as a user" and how they get made into blocklists by the protocol, see ClearSky as an example.
I'm referring to "who you block."
> If I simply block someone, that information is NOT trivially available, much the same as fedi; you CAN find it but you have to know how.
This isn't exactly true. The protocol publishes this stuff and scrapers make it easily available, see ClearSky for an example.
This differs from Fedi where "who you block" is obfuscated by decentralization and defederation (plus literal network hiccups like firewalls, etc).
@vkc @crazyeddie @niko OK, thank you for the clarification!
And yes, the fact that people are easily able to make tools is a potential issue
Now, whether it would be possible to do the same thing with fedi instances, thatβs way above my coding grade.
Based on what I'm reading basically there is no block list sent to anyone. The user you blocked receives a notification in their inbox.
They could still log peoples' preferences by setting up honeypot accounts and servers to get blocked. They'd not be able to just scrape or watch a public database for the info though.
Bluesky should remove the block feature. It can't be implemented in that architecture. The public processing pipeline discludes the possibility.
@vkc @Wraithe @crazyeddie @niko
(plus literal network hiccups like firewalls, etc).
Really curious about this, actually; never had thought about that one way or another. I expose my instance to the regular Internet via Cloudflare Tunnel, and expose it to Tor through, well, Tor, obviously. I mention because neither of these require opening a port in the firewall, which is why I do not have any ports open in the firewall. So, does this make me more or less secure in this regard?
I think users should be prompted when blocking someone a "hey wana send the block to the other server" and even a "wana send the block to all your followers to make this block public?" (this one would bee a stopgap solution to reply control but⦠why do a stopgap solution when GTS has started with proper reply control?)
As its name suggests, metadata is data about data. Metadata is used in a variety of contexts, often for cataloging information, like tagging keywords in a video so itβs easy to find later. When it comes to computers, people often first think of "file metadata," which includes details about when...
I already had my doubts but when ICE was accepted, I left immediately!
@adamshostack it is public, I said that in the first sentence of my post!
The point I'm making is that I could imagine Bluesky cooperating with authorities or advertisers in providing additional metadata well beyond the public data, and this could be used for nefarious purposes.
Is there a collection of national rules on this topic? Are servers hosted in some states more protected than others?
Been using Mastodon off an on for some time. Spent some time on BS and felt icky. It stinks of corporate surveillance infrastructure.
... and everyone else whose opinions and actions they dislike.
Chatcontrol is right out of the authoritarian playbook 101 and must be stopped.
I searched for and blocked ICE on Bluesky BECAUSE I'd seen posts here saying the blocklist is public. (I have a BS account, but only use it to follow, not to post).
Yes, this involves some (probably remote) risk to myself. But a. I wanted to stand up and be counted and b. the more people on that blocklist, the harder it is to analyse and use the data.
So yes, be aware the blocklist is public. But this doesn't necessarily mean don't block. Especially if you're outside the US
@vkc wow ive never thought of that its such a good point o_O
My main problem with blocks being public is that if the one whos blocked has bpd abandonment issues then knowing they are blocked could kill them...
now it's veronicaexplains.net
Chris Lowles
Paco Hope
Taran Rampersad
Leah Rowe ist kein Roweboter
My camera shoots fascists
Malka Beth
TheDyslexicKitchenwitch
DJGummikuh
Nelfaneor πͺπΊ π§πͺ π«ββοΈβββγ½οΈβπ€β
ren (a they/them) ππΆ
Niko Poikulainen
derptron
Wraithe
P Stewart
Shoe Bill
gabboman the wafrn dev
antoniovr
Phil M0OFX
mx alex tax1a - 2020 (6)
Kyle R. Conway
Luuk_Aalders
The Polish Dispatch
Adam Shostack 
Daltux
legraLeGra
Terra Says
Florian K.
Loohoosaher
Ben Ramsey
Dwight (DB) π¨π¦
π
Hilary
h0h0kam
Maho π¦π»
Anti
mega mushroom
John
CM Thiede
Christopher Snowhill