Today, an unknown bot swarm started using my name, boosting my posts, and inserting itself into communities I helped create.
-
Today, an unknown bot swarm started using my name, boosting my posts, and inserting itself into communities I helped create. I treated it like any other potential attack and started defending myself and our communities as best I could. This has taken up more of my day than most malicious bot attacks, because it had the air of legitimacy—despite taking the actions of a threat.
When the owner, @evan ¹, came in with the same justifications as the porn-scrapers and LLM-owners I regularly fight against—repeatedly doubling-down in the face of backlash²—I felt more and more sure of my response.
I now feel justified in calling for a #FediBlock of tags.pub (and probably his other projects), at least until a better opt-in consent model is built into the project.
¹ I'm including his name as he's a public figure associated with Activity Pub, and our whole conversation today is already a public record, but please don't dogpile; just defed or block as you see fit and call it a night (or day—I'm not your mom).
² Receipts: https://lgbtqia.space/@alice/116824281370893420
@alice @evan How hard would it be to make this "service" opt in only? It would still be able to perform the stated intended function and prevent this unnecessary collateral damage.
The owner's unwillingness to do this makes it seem like some kind of content or info scraping scam.
If people are uncomfortable with it then don't do it. You're only pissing people off by continuing to go down your current path. Why do that?
-
Today, an unknown bot swarm started using my name, boosting my posts, and inserting itself into communities I helped create. I treated it like any other potential attack and started defending myself and our communities as best I could. This has taken up more of my day than most malicious bot attacks, because it had the air of legitimacy—despite taking the actions of a threat.
When the owner, @evan ¹, came in with the same justifications as the porn-scrapers and LLM-owners I regularly fight against—repeatedly doubling-down in the face of backlash²—I felt more and more sure of my response.
I now feel justified in calling for a #FediBlock of tags.pub (and probably his other projects), at least until a better opt-in consent model is built into the project.
¹ I'm including his name as he's a public figure associated with Activity Pub, and our whole conversation today is already a public record, but please don't dogpile; just defed or block as you see fit and call it a night (or day—I'm not your mom).
² Receipts: https://lgbtqia.space/@alice/116824281370893420
@alice I must admit, I understand the technical side of it. Especially considering that there are people here going "hurr durr, doing your own instance is the only true way to use Mastodon" and the like, discoverability of Hashtags is directly tied to the size of your instance.
Is their approach heavy-handed? Undeniably.
Does it solve an issue? I'd say so.
Is there a better approach? Honestly, time must tell, the fediverse still is pretty much in its infancy and a lot of contract still forms. -
@alice @evan I had to deal with the same shit yesterday. I also would support a #FediBlock of tags.pub
It should at least be opt inI have general doubts that it’s made for a good purpose.
This is exactly the problem. The goal may be to help smaller Fediverse instances federate more easily, but good intentions don't justify an opt-out consent model. When a service reaches into other communities by default, the burden falls on everyone else. Opt-in is the better design. One would expect a public figure stewarding Fediverse infrastructure to understand that. Yet here we are.
-
@alice @evan How hard would it be to make this "service" opt in only? It would still be able to perform the stated intended function and prevent this unnecessary collateral damage.
The owner's unwillingness to do this makes it seem like some kind of content or info scraping scam.
If people are uncomfortable with it then don't do it. You're only pissing people off by continuing to go down your current path. Why do that?
@Darkasvim @alice @evan He's probably too lazy to get a large enough user base the right way (opt in) for what ever he's doing this for.
All platform bridge bots etc require that you follow them to participate in their function, it's a long established practice.
-
@alice I must admit, I understand the technical side of it. Especially considering that there are people here going "hurr durr, doing your own instance is the only true way to use Mastodon" and the like, discoverability of Hashtags is directly tied to the size of your instance.
Is their approach heavy-handed? Undeniably.
Does it solve an issue? I'd say so.
Is there a better approach? Honestly, time must tell, the fediverse still is pretty much in its infancy and a lot of contract still forms.@alice I mean we're on a 'social network' after all, there is a point to be made that everything we post publicly comes with an 'implicit default opt-in' to redistribution, which especially includes retooting. I'd see a line crossed if they were to copy-steal posts of others, but from what I saw in this discussion, this is not what they're doing. As long as federation holds, modification or deletion should be propagated to all participating instances, leaving 'you in control of your content'.
-
@alice I must admit, I understand the technical side of it. Especially considering that there are people here going "hurr durr, doing your own instance is the only true way to use Mastodon" and the like, discoverability of Hashtags is directly tied to the size of your instance.
Is their approach heavy-handed? Undeniably.
Does it solve an issue? I'd say so.
Is there a better approach? Honestly, time must tell, the fediverse still is pretty much in its infancy and a lot of contract still forms.@DJGummikuh seems like there should be an efficient way to semi-anonymously broadcast that a server has specific hashtags, and if a user on a single-user instance follows that hashtag, then their instance would know which servers it has to poll to get posts with that tag.
-
Today, an unknown bot swarm started using my name, boosting my posts, and inserting itself into communities I helped create. I treated it like any other potential attack and started defending myself and our communities as best I could. This has taken up more of my day than most malicious bot attacks, because it had the air of legitimacy—despite taking the actions of a threat.
When the owner, @evan ¹, came in with the same justifications as the porn-scrapers and LLM-owners I regularly fight against—repeatedly doubling-down in the face of backlash²—I felt more and more sure of my response.
I now feel justified in calling for a #FediBlock of tags.pub (and probably his other projects), at least until a better opt-in consent model is built into the project.
¹ I'm including his name as he's a public figure associated with Activity Pub, and our whole conversation today is already a public record, but please don't dogpile; just defed or block as you see fit and call it a night (or day—I'm not your mom).
² Receipts: https://lgbtqia.space/@alice/116824281370893420
@alice You always very kindly ask everyone not to dogpile the people in question, which I admire. But does this not sidestep the issue of their lack of understanding of basic consent? When we turn the other cheek, aren't we encouraging them not to learn? I've never seen good things come from letting people off the hook when they're refusing to acknowledge how consent works. We all fuck up at times to various degrees, that's human. But it's also necessary to learn from our mistakes and endeavour not to repeat those. When someone takes the I-did-nothing-wrong-and-will-now-victim-blame-to-deflect-the-heat approach, they're clearly not interested in learning unless there are actual negative consequences, be it through social pressures, financial cost or what not. They simply move on to their next victim. How do we protect each other while getting people to do the work they need to do on their own consent practices?
Because that's the only winning scenario imho - someone taking a step back, acknowledging that they got it wrong, and working on remedying the harm already done and avoiding causing future harm. Maybe a person simply hasn't had the benefit of an environment where they could have learnt this sooner, but isn't that all the more reason to ensure they get caught up? Learning to suppress the instinctive defensive response and actually listen to the other party and engage in self reflection is hard work, but work that everyone needs to do. Even if they don't want to. Especially if they don't want to.
And to be clear, I don't have a magic solution, but I'd like to hear what others think and have experience in.
-
@DJGummikuh seems like there should be an efficient way to semi-anonymously broadcast that a server has specific hashtags, and if a user on a single-user instance follows that hashtag, then their instance would know which servers it has to poll to get posts with that tag.
@alice I don't think there is and that hinders discoverability of as of yet unknown persons massively. This is a direct function of the concept of federation, balanced against the load requirements of servers. We're firmly in the design philosophy territory of ActivityPub here, and social-graph forming via hashtags is a complicated issue, again predominantly disadvantaging small/one-user instances
-
@alice I don't think there is and that hinders discoverability of as of yet unknown persons massively. This is a direct function of the concept of federation, balanced against the load requirements of servers. We're firmly in the design philosophy territory of ActivityPub here, and social-graph forming via hashtags is a complicated issue, again predominantly disadvantaging small/one-user instances
@alice always keep in mind that ActivityPub has no master servers, so an inclusive "Push" to all servers is as impossible as an inclusive pull, as there is no central registry maintaining a list of all federating servers. Cheating around that 'short-coming' with an approach like theirs releases pressure on this pain point for people running one-user instances, which in turn simplifies the life of people trying to push for more instance-diversity as opposed to everyone going to the big instances
-
@alice always keep in mind that ActivityPub has no master servers, so an inclusive "Push" to all servers is as impossible as an inclusive pull, as there is no central registry maintaining a list of all federating servers. Cheating around that 'short-coming' with an approach like theirs releases pressure on this pain point for people running one-user instances, which in turn simplifies the life of people trying to push for more instance-diversity as opposed to everyone going to the big instances
@alice again, I understand your underlying position of 'no usage of my posts without my explicit approval', but I'd wager a bot exclusively restricted to retooting (i.e. not using the gained reach for propagating their own messages) should fall short of any thorough definition of 'usage', at least in the context of a social media.
-
@alice I mean we're on a 'social network' after all, there is a point to be made that everything we post publicly comes with an 'implicit default opt-in' to redistribution, which especially includes retooting. I'd see a line crossed if they were to copy-steal posts of others, but from what I saw in this discussion, this is not what they're doing. As long as federation holds, modification or deletion should be propagated to all participating instances, leaving 'you in control of your content'.
@DJGummikuh opt-in to new "services" can't be assumed.
Just because I'm, say, open to flirting, doesn't mean that each new person doesn't have to get consent to do it.
-
@DJGummikuh opt-in to new "services" can't be assumed.
Just because I'm, say, open to flirting, doesn't mean that each new person doesn't have to get consent to do it.
@alice I understand your position to this, but who decides whether this is 'the correct way' to interpet what social media means as concept for mastodon? I mean everything happening is a continuous negotiation between all participants, there is not (neither should there be) a single authority deciding what is right and what isn't. In this instance, however, I believe their approach genuinely steers the fediverse in a more inclusive direction than it currently is, which feels a win in my book.
-
@alice I understand your position to this, but who decides whether this is 'the correct way' to interpet what social media means as concept for mastodon? I mean everything happening is a continuous negotiation between all participants, there is not (neither should there be) a single authority deciding what is right and what isn't. In this instance, however, I believe their approach genuinely steers the fediverse in a more inclusive direction than it currently is, which feels a win in my book.
@alice and to go more specifically to your example: what I believe they are doing is not flirting with you; they are only taking your statement that you are available for flirting and making it visible for potential candidates which otherwise might not have had a chance to know about this prospect.
-
@alice again, I understand your underlying position of 'no usage of my posts without my explicit approval', but I'd wager a bot exclusively restricted to retooting (i.e. not using the gained reach for propagating their own messages) should fall short of any thorough definition of 'usage', at least in the context of a social media.
@DJGummikuh Interesting that I already had that douchebag blocked. Given that you’re advocating for the douchebag , presumably because you want to do the same, kindly fuck off. You’re blocked as well. @alice
-
@alice You always very kindly ask everyone not to dogpile the people in question, which I admire. But does this not sidestep the issue of their lack of understanding of basic consent? When we turn the other cheek, aren't we encouraging them not to learn? I've never seen good things come from letting people off the hook when they're refusing to acknowledge how consent works. We all fuck up at times to various degrees, that's human. But it's also necessary to learn from our mistakes and endeavour not to repeat those. When someone takes the I-did-nothing-wrong-and-will-now-victim-blame-to-deflect-the-heat approach, they're clearly not interested in learning unless there are actual negative consequences, be it through social pressures, financial cost or what not. They simply move on to their next victim. How do we protect each other while getting people to do the work they need to do on their own consent practices?
Because that's the only winning scenario imho - someone taking a step back, acknowledging that they got it wrong, and working on remedying the harm already done and avoiding causing future harm. Maybe a person simply hasn't had the benefit of an environment where they could have learnt this sooner, but isn't that all the more reason to ensure they get caught up? Learning to suppress the instinctive defensive response and actually listen to the other party and engage in self reflection is hard work, but work that everyone needs to do. Even if they don't want to. Especially if they don't want to.
And to be clear, I don't have a magic solution, but I'd like to hear what others think and have experience in.
@anyia I use "please don't dogpile" as a shorthand for "please don't be shitty to this person just because I'm calling them out for some behavior". It doesn't preclude things like challenging them, agreeing (or disagreeing) with things I've said, boosting, etc.
Just please be kind to folx—even if you think their position is bad.
My one exception to this is the paradox of tolerance. If they break the social contract, then they're no longer protected by it either.
-
Today, an unknown bot swarm started using my name, boosting my posts, and inserting itself into communities I helped create. I treated it like any other potential attack and started defending myself and our communities as best I could. This has taken up more of my day than most malicious bot attacks, because it had the air of legitimacy—despite taking the actions of a threat.
When the owner, @evan ¹, came in with the same justifications as the porn-scrapers and LLM-owners I regularly fight against—repeatedly doubling-down in the face of backlash²—I felt more and more sure of my response.
I now feel justified in calling for a #FediBlock of tags.pub (and probably his other projects), at least until a better opt-in consent model is built into the project.
¹ I'm including his name as he's a public figure associated with Activity Pub, and our whole conversation today is already a public record, but please don't dogpile; just defed or block as you see fit and call it a night (or day—I'm not your mom).
² Receipts: https://lgbtqia.space/@alice/116824281370893420
-
Today, an unknown bot swarm started using my name, boosting my posts, and inserting itself into communities I helped create. I treated it like any other potential attack and started defending myself and our communities as best I could. This has taken up more of my day than most malicious bot attacks, because it had the air of legitimacy—despite taking the actions of a threat.
When the owner, @evan ¹, came in with the same justifications as the porn-scrapers and LLM-owners I regularly fight against—repeatedly doubling-down in the face of backlash²—I felt more and more sure of my response.
I now feel justified in calling for a #FediBlock of tags.pub (and probably his other projects), at least until a better opt-in consent model is built into the project.
¹ I'm including his name as he's a public figure associated with Activity Pub, and our whole conversation today is already a public record, but please don't dogpile; just defed or block as you see fit and call it a night (or day—I'm not your mom).
² Receipts: https://lgbtqia.space/@alice/116824281370893420
-
@alice I don't think there is and that hinders discoverability of as of yet unknown persons massively. This is a direct function of the concept of federation, balanced against the load requirements of servers. We're firmly in the design philosophy territory of ActivityPub here, and social-graph forming via hashtags is a complicated issue, again predominantly disadvantaging small/one-user instances
@DJGummikuh we already have opt-in solutions for that. I'm registered with like a dozen of my most-used hashtags on multiple discoverability services.
But I chose those.
I chose to be listed as someone who talks about data privacy, LGBTQ topics, etc.
No one assumed I'd be okay with being listed there.
-
@alice always keep in mind that ActivityPub has no master servers, so an inclusive "Push" to all servers is as impossible as an inclusive pull, as there is no central registry maintaining a list of all federating servers. Cheating around that 'short-coming' with an approach like theirs releases pressure on this pain point for people running one-user instances, which in turn simplifies the life of people trying to push for more instance-diversity as opposed to everyone going to the big instances
@DJGummikuh it's a bad solution that will be abused by bad actors to harm vulnerable people, and it takes control of my content (in this case, personal hashtags and photos of my naked body) out of my control.
-
J jwcph@helvede.net shared this topic
