an appeal to the fediverse regarding anti-abuse 

an appeal to the fediverse regarding anti-abuse 

an appeal to the fediverse regarding anti-abuse 

an appeal to the fediverse regarding anti-abuse 

@emsenn @wilkie @cwebber Please elaborate on the autonomy of moderation point. What do you mean by that?

@Gargron If I understand it right - which I very well might not:

Current discussions of OCAP provide the tools to instance moderators, but don't provide similar tooling for users.

Right now, as I understand it, users can do most of the moderation action moderators can, relative to their own profile: they can autonomously moderate their profile even if their instance doesn't do moderation.

(Again, I could be wrong in understanding how things are or could be.)
@wilkie @cwebber

@emsenn @Gargron ah, you are right about the current implementation in Mastodon. That can be fixed though (but it would be more expensive)

@emsenn @Gargron say hello to github.com/tootsuite/mastodon/

Also, your claim about “the more targeted your server is by harassment, the more costly it will be to continue operating” is partially true: cryptography as well as the most expensive db queries are avoided when the instance is known to be blocked instance-wide (not the user-defined blocks honored by this PR)

@Thib Gonna untag Gargron since I'm just asking questions: My main concern is with short-lived instances spun up to DDoS more than a known server trying to spam me. There are tools at nearly every part of the network stack for dealing with the latter.

@emsenn that concern is already very much present without authenticated fetches, unfortunately

@Thib Well, the concern of DDoSing at a network level is, sure. But the encryption stuff adds other resources to the pile of what can be made scarce.

@emsenn that can be done by pushing things to the inbox, this will trigger exactly the same kind of workload as fetching a toot with a signed request.

And I'm not sure something OCAPS-based will help a lot, since you'd still have at least the endpoint(s) dedicated to requesting caps vulnerable to the same kind of things

Follow

@Thib Thanks for that first sentence - it's a crucial part in what I was missing to understand.

Sign in to participate in the conversation
Ten Forward

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!