My comments are littered with folks asking "why is it a problem if your blocklist is public on Bluesky?"
I'm glad you asked.
"Who you block" is a reasonable indicator of your personal alignments. If you block TERFs, you're likely trans-friendly, if not trans yourself. If you block white supremacists, you're likely in support of multiculturalism.
If you block government entities, well, you know how this goes.
Do I trust Bluesky to handle that information with care? Hell no.
It's not.
What you post to your PDS is public. The updates to it go to the "firehose", which is this public stream of updates. App views then take that information and filter it and crap. There's some other stuff going on here but this is pretty much it.
So your block list is a request to these views to not show your public posts to certain people.
If you are expecting more than that you are quite mistaken.
Don't put sensitive info on social media.
@niko @vkc If you just don't want to see it then that's what mute is for. It's possible to provide that feature without it being public and it apparently does that in bluesky.
Mastodon does the very same thing. Mute is just for you. Block also informs the user and won't let them see what you post. This is at least partially public because servers have to know to do this for you. If you are on an openly federating server then you are probably exposed here.
Were you properly informed?
@crazyeddie @niko a big difference here is that on Fedi, the block informs *your server* and *the other server*, but on Bluesky, it informs *everyone* because it's centralized.
An end user has to be pretty smart to exploit that via Mastodon, and it'll be incomplete because of federation/defederation. On Bluesky, it's trivial and complete.
@vkc @niko It's actually the decentralized and modular design of the architecture that means it informs everyone. If it were centralized it could avoid making the block list public.
The fact that everything you post goes to a PDS that then sends all updates to a "firehose" of information is what does the AT protocol bad here.
Blacksky seem to be planning to plan to do something about this maybe. They want PDS that will limit output to just blacksky. Then it would be more like fedi here.
@vkc @crazyeddie @niko A quick clarifying question; do you mean actual blocklists or simply who you have blocked? Because on BlueSky those are two different things
(For anyone who doesn’t know I’ll explain below)
If I make a block list on BS & start adding people to it, that’s easily accessible and trivially available
If I simply block someone, that information is NOT trivially available, much the same as fedi; you CAN find it but you have to know how.
Block lists are meant to be shared (IIRC)
@vkc @crazyeddie @niko To be clear, I think Mastodon and BlueSky both have massive problems that need to be fixed, but they both have some promise; I like BlueSkys approach to account portability and better anti-abuse controls and I like Mastodon/fedi approach to distribution.
hopefully, both of them will fix their problems. It would be great to have multiple alternatives talking to each other other.
You seem to think I'm talking about public blocklists, I'm not. I'm talking about "who you block as a user" and how they get made into blocklists by the protocol, see ClearSky as an example.
I'm referring to "who you block."
> If I simply block someone, that information is NOT trivially available, much the same as fedi; you CAN find it but you have to know how.
This isn't exactly true. The protocol publishes this stuff and scrapers make it easily available, see ClearSky for an example.
This differs from Fedi where "who you block" is obfuscated by decentralization and defederation (plus literal network hiccups like firewalls, etc).
@vkc @crazyeddie @niko OK, thank you for the clarification!
And yes, the fact that people are easily able to make tools is a potential issue
Now, whether it would be possible to do the same thing with fedi instances, that’s way above my coding grade.
Based on what I'm reading basically there is no block list sent to anyone. The user you blocked receives a notification in their inbox.
They could still log peoples' preferences by setting up honeypot accounts and servers to get blocked. They'd not be able to just scrape or watch a public database for the info though.
Bluesky should remove the block feature. It can't be implemented in that architecture. The public processing pipeline discludes the possibility.
@vkc @Wraithe @crazyeddie @niko
(plus literal network hiccups like firewalls, etc).
Really curious about this, actually; never had thought about that one way or another. I expose my instance to the regular Internet via Cloudflare Tunnel, and expose it to Tor through, well, Tor, obviously. I mention because neither of these require opening a port in the firewall, which is why I do not have any ports open in the firewall. So, does this make me more or less secure in this regard?
now it's veronicaexplains.net
Niko Poikulainen
derptron
Wraithe
P Stewart
Shoe Bill