Mastodawn

🅰🅻🅸🅲🅴 (🌈🦄)1d ago

Today, an unknown bot swarm started using my name, boosting my posts, and inserting itself into communities I helped create. I treated it like any other potential attack and started defending myself and our communities as best I could. This has taken up more of my day than most malicious bot attacks, because it had the air of legitimacy—despite taking the actions of a threat.

When the owner, @evan ¹, came in with the same justifications as the porn-scrapers and LLM-owners I regularly fight against—repeatedly doubling-down in the face of backlash²—I felt more and more sure of my response.

I now feel justified in calling for a #FediBlock of tags.pub (and probably his other projects), at least until a better opt-in consent model is built into the project.

¹ I'm including his name as he's a public figure associated with Activity Pub, and our whole conversation today is already a public record, but please don't dogpile; just defed or block as you see fit and call it a night (or day—I'm not your mom).

² Receipts: https://lgbtqia.space/@alice/116824281370893420

🅰🅻🅸🅲🅴 (🌈🦄) (@[email protected])

"Add this tag to your profile to opt out of our shitty service" is *not* a valid way to run your bot/app/etc. #NoBots #NoBot #NoTagsBot #HalfMyBioIsGoingToEndUpBeingOptOutsForYourShitServices #FuckBots

LGBTQIA.Space

DJGummikuh 1d ago

@alice I must admit, I understand the technical side of it. Especially considering that there are people here going "hurr durr, doing your own instance is the only true way to use Mastodon" and the like, discoverability of Hashtags is directly tied to the size of your instance.
Is their approach heavy-handed? Undeniably.
Does it solve an issue? I'd say so.
Is there a better approach? Honestly, time must tell, the fediverse still is pretty much in its infancy and a lot of contract still forms.

🅰🅻🅸🅲🅴 (🌈🦄)1d ago

@DJGummikuh seems like there should be an efficient way to semi-anonymously broadcast that a server has specific hashtags, and if a user on a single-user instance follows that hashtag, then their instance would know which servers it has to poll to get posts with that tag.

DJGummikuh 23h ago

@alice I don't think there is and that hinders discoverability of as of yet unknown persons massively. This is a direct function of the concept of federation, balanced against the load requirements of servers. We're firmly in the design philosophy territory of ActivityPub here, and social-graph forming via hashtags is a complicated issue, again predominantly disadvantaging small/one-user instances

DJGummikuh 23h ago

@alice always keep in mind that ActivityPub has no master servers, so an inclusive "Push" to all servers is as impossible as an inclusive pull, as there is no central registry maintaining a list of all federating servers. Cheating around that 'short-coming' with an approach like theirs releases pressure on this pain point for people running one-user instances, which in turn simplifies the life of people trying to push for more instance-diversity as opposed to everyone going to the big instances

DJGummikuh 23h ago

@alice again, I understand your underlying position of 'no usage of my posts without my explicit approval', but I'd wager a bot exclusively restricted to retooting (i.e. not using the gained reach for propagating their own messages) should fall short of any thorough definition of 'usage', at least in the context of a social media.

🅰🅻🅸🅲🅴 (🌈🦄)23h ago

@DJGummikuh my nudes were being boosted by @[email protected] 😐

There was also a @[email protected], and several other hashtags that were turned into named bots for the sole purpose of boosting my posts.

This was the most "Invasion of the Body-Snatchers" implementation of a "service" I've seen. Though I admit it would have been worse if it had used my profile photo for the bots.

DJGummikuh 23h ago

@alice I fully expect there to be no discriminatory logic behind the operation of this approach. From my understanding this bot just takes the hashtag, generates it as an account and causes the posts to propagate. I'd be ABSOLUTELY with you that the bot attempting to actually impersonate you (e.g. by using your pic), therefore suggesting a direct relation between you and it, would clearly cross a line of immorality, but it doesn't, which feels a very deliberate choice to steer free of this topic

DJGummikuh 23h ago

@alice also, with your nudes being public, they already would be available without any controls, authorization or access control beyond deletion by you, even outside the fediverse altogether, so from a strictly judical standpoint, the bot does not tread on issues such as privacy or individual consent for access. I believe the actual discussion to be had in this specific case is the exact definition of what 'publicly available' is supposed to mean and entail

Jennifer Moore 😷19h ago

I mean this is technically arguable yes, but "from a strictly judicial standpoint" is simply not the right standpoint. Consent and the law aren't a one-to-one mapping.

DJGummikuh 18h ago

@unchartedworlds that is correct but the problem is, the law (and to a degree the ToS of Mastodon) is essentially an agreed-upon understanding of what is and isn't tolerable. Everything beyond that very quickly descends into individual opinion, which is absolutely legal to have but becomes difficult to navigate when different opinions differ. Such as whether posting something public while allowing everybody to boost still allows you to then complain that somebody/something does exactly that.

DJGummikuh 18h ago

@unchartedworlds I think this also touches on the question what "rights" you retain to the Hashtags you use. Hashtags are predominantly a technical utility that allow you to categorize and tag your posts for specific topics. Using the name of that hashtag to name a bot does in my personal opinion not touch any legal limits, as they are neither copyrighted nor have an exclusive usage. It also (again, my opinion) does not tie the user to any kind of identity, as their usage is not limited.

DJGummikuh 18h ago

@unchartedworlds I think at its core this whole thing blew way out of proportion with a lot of the discussion being caused by completely different frames of reference. This also is an issue exclusive to the Fediverse - no centralized SoMe actually has this problem family, as even bluesky has master servers that theoretically allow synchronization of content - and therefore touches issus and motivations nobody ever really faced since the advent of search engines.

Jennifer Moore 😷17h ago

"This also is an issue exclusive to the Fediverse - no centralized SoMe actually has this problem family"

If the issue is "material shared in a particular context is transmitted onward into a different context without asking", then I disagree it's exclusive to Fedi - I've seen that area conceptualised and navigated on Twitter as well. Examples:

• People asking "Okay to retweet?" - not because they legally _had_ to ask, but out of sensitivity to whether the OP _wanted_ their post shared further. Often used for posts where a personal anecdote was shared and other people find it especially illuminating.

• Quote-tweets being used to focus attention on a tweet - widely considered an affordance which can be used for good or evil :-)

Or are you thinking of a _different_ issue?

DJGummikuh 17h ago

@unchartedworlds no, that's the point, I'm talking about a COMPLETELY different issue. Due to the federated, non-centralized nature of ActivityPub, if I'm on a single-user instance, and I post a message e.g. under the generic hashtag "linux", even if you follow the linux hashtag, you WILL not see my post unless your server and my server are federated. With this bot server, it would be (presumably, still trying to find out) enough that your server knows the bot server to find my original post.

Jennifer Moore 😷

Oh right, yes I see what you mean - the challenge of successfully federating.