Evan ProdromouJun 6

For #tagspub, I've done more fine-tuning with user domain blocks.

I have to admit that I've been surprised at how soft user domain blocks are in Mastodon. I added a bug report for one behaviour that I thought was unclear: a signed request from a blocked domain for your user profile will succeed. https://github.com/mastodon/mastodon/issues/39318 It may get dismissed as works as designed; I don't know.

User domain blocks also don't keep your content from going out to blocked relays; see here https://github.com/mastodon/mastodon/issues/39293 .

Signed GET from user blocked domain to actor is incorrectly successful · Issue #39318 · mastodon/mastodon

Steps to reproduce the problem [email protected] blocks domain other.example [email protected] fetches https://mastodon.example/user/user1 with a signature and Accept: application/activity+j...

GitHub
Show threadEvan Prodromou
Regardless, #tagspub now checks even more carefully for user domain blocks AND blocks against particular tags.pub bots.
Jun 6 at 3:11pmWeb
Show threadEvan ProdromouJun 6
Thanks to everyone who reported issues with this feature, especially @AlienJay . The more I learned about user domain blocks in Mastodon, the more I considered just removing the documentation for using them as an opt-out method, but I wanted to give another option besides the #NoTagsPub in the profile. The one thing I worry about is that this feature might give people more confidence in user domain blocks than they deserve. But I feel like reporting the issues with user domain blocks is enough.