Aside: this is a *major* reason why I quit Bluesky and deleted my account some months back.
-
@Laukidh@infosec.exchange @vkc@linuxmom.net I tried but no-one loves the bot that bridged you to other platforms
-
@vkc a similar thing is true for Mastodon. the UI doesn't show it, but your server will send the other server a note saying that you blocked that user.
since you run your own server, you can get a list of who blocked you with a query like
SELECT accounts.username, accounts.domain
FROM blocks
JOIN accounts ON blocks.account_id = accounts.id
WHERE
target_account_id = (
SELECT id
FROM accounts
WHERE
username = 'vkc'
AND private_key IS NOT NULL
LIMIT 1
);this is documented, and while the official UI doesn't show it, a malicious actor could easily build tooling on their own server.
don't ask me why, I don't know either. while there probably are ui-niceties around it (mainly that the other node can make sure they don't show the user you've blocked your content), this... isn't great.
-
@vkc Wait, the people you block, on your account, are public to anyone? That... Is the weirdest technological decision I have ever heard of. I wonder why they would do that? Transparency? Idk...
-
RE: https://mastodon.social/@_elena/115909375706083994
Aside: this is a *major* reason why I quit Bluesky and deleted my account some months back.
I would block a baddie, and because that crap is PUBLIC on Bluesky (?!?), that basically creates a "hate list" that's easily exploitable. And of course folks were exploiting it!
If you're going to use Bluesky, strongly recommend not blocking folks unless they're specifically harassing you. And don't block big accounts, that crap can come back to haunt you.
I went the other way, and deleted my account.
@vkc This is straight up terrifying!
-
RE: https://mastodon.social/@_elena/115909375706083994
Aside: this is a *major* reason why I quit Bluesky and deleted my account some months back.
I would block a baddie, and because that crap is PUBLIC on Bluesky (?!?), that basically creates a "hate list" that's easily exploitable. And of course folks were exploiting it!
If you're going to use Bluesky, strongly recommend not blocking folks unless they're specifically harassing you. And don't block big accounts, that crap can come back to haunt you.
I went the other way, and deleted my account.
@vkc There is so much toxic crap, worldwide. I'm sorry you had to deal with any of it.
Against them. For You.
Tim -
@vkc a similar thing is true for Mastodon. the UI doesn't show it, but your server will send the other server a note saying that you blocked that user.
since you run your own server, you can get a list of who blocked you with a query like
SELECT accounts.username, accounts.domain
FROM blocks
JOIN accounts ON blocks.account_id = accounts.id
WHERE
target_account_id = (
SELECT id
FROM accounts
WHERE
username = 'vkc'
AND private_key IS NOT NULL
LIMIT 1
);this is documented, and while the official UI doesn't show it, a malicious actor could easily build tooling on their own server.
don't ask me why, I don't know either. while there probably are ui-niceties around it (mainly that the other node can make sure they don't show the user you've blocked your content), this... isn't great.
@denschub @vkc Yep, DMs or "Private mentions" on Mastodon can be exploited using a similar vector. The client can say this message should be readable only to this/these users, but you can write a client which doesn't respect the protocol and view them anyway. It's a strong argument for why DMs should probably not exist on decentralized platforms that do not or cannot use E2EE.
-
@Ember @vkc Sorry, but this has a bit of a "if you block someone and get harassed for it, it's your fault because you're on a node that's not doing a good job" vibes to me. I'd be a lot happier if we didn't provide potential footguns to people.
Also, I'm not even sure your argument works. If I'd be an instance admin wanting to do a decent job, I wouldn't even know how to protect my users. mastodon.social only has one instance blocked for blockbots according to their list, so that's not a good starting point. A lot of "decent instances" don't publicly explain why they block other instances, or don't show that info at all. If I, for example, would trust your decisions fully, I couldn't even follow your lead because you don't make server blocks publicly available. Same with Hachyderm. That also means a user couldn't evaluate block decisions before joining a server to make sure they're on a node that is "decent". In the end, it's all just vibes based, and that puts a lot of people at risk without them even knowing.
There's a ton of instances that are run by really awesome people, but they don't have the bandwidth to stay on top of the latest malicious instances all the time. And those are commonly also the kind of instances that host a lot of non-tech users, which makes this even riskier.
I get it, it's a hard problem to solve, but this is one of those many things where Mastodon puts users at risk without even telling them or allowing them to make a decision on their own. I don't like that. And if we rightfully throw shit at Bluesky, we should also at least acknowledge the limitations in our own courts.
-
RE: https://mastodon.social/@_elena/115909375706083994
Aside: this is a *major* reason why I quit Bluesky and deleted my account some months back.
I would block a baddie, and because that crap is PUBLIC on Bluesky (?!?), that basically creates a "hate list" that's easily exploitable. And of course folks were exploiting it!
If you're going to use Bluesky, strongly recommend not blocking folks unless they're specifically harassing you. And don't block big accounts, that crap can come back to haunt you.
I went the other way, and deleted my account.
@vkc alternatively, if you're going to BlueSky please block me. I don't want to know anyone that supports that platform.
-
RE: https://mastodon.social/@_elena/115909375706083994
Aside: this is a *major* reason why I quit Bluesky and deleted my account some months back.
I would block a baddie, and because that crap is PUBLIC on Bluesky (?!?), that basically creates a "hate list" that's easily exploitable. And of course folks were exploiting it!
If you're going to use Bluesky, strongly recommend not blocking folks unless they're specifically harassing you. And don't block big accounts, that crap can come back to haunt you.
I went the other way, and deleted my account.
@vkc
If you're gonna use Bluesky, don't.
-
RE: https://mastodon.social/@_elena/115909375706083994
Aside: this is a *major* reason why I quit Bluesky and deleted my account some months back.
I would block a baddie, and because that crap is PUBLIC on Bluesky (?!?), that basically creates a "hate list" that's easily exploitable. And of course folks were exploiting it!
If you're going to use Bluesky, strongly recommend not blocking folks unless they're specifically harassing you. And don't block big accounts, that crap can come back to haunt you.
I went the other way, and deleted my account.
@vkc Could someone enlighten me on why this is bad or otherwise harmful?
-
RE: https://mastodon.social/@_elena/115909375706083994
Aside: this is a *major* reason why I quit Bluesky and deleted my account some months back.
I would block a baddie, and because that crap is PUBLIC on Bluesky (?!?), that basically creates a "hate list" that's easily exploitable. And of course folks were exploiting it!
If you're going to use Bluesky, strongly recommend not blocking folks unless they're specifically harassing you. And don't block big accounts, that crap can come back to haunt you.
I went the other way, and deleted my account.
Well done you.
I am not tech savvy enough to know why something is bad UNTIL it bites me on the ass.I know what I don't want. Anyone being harassed (you are legally required to kick Nazis in the balls - if they have any) in the future.
I do not want ads (craft items by individuals I like) but am [lobster weeps] not able to purchase presently.
I will not be going back on WAFRN developers/main forum until I am comfortable with its policy towards Bluesky. I only joined a few days ago. So no great loss. Though I really appreciated its early day capabilities. Ah Well ...
-
RE: https://mastodon.social/@_elena/115909375706083994
Aside: this is a *major* reason why I quit Bluesky and deleted my account some months back.
I would block a baddie, and because that crap is PUBLIC on Bluesky (?!?), that basically creates a "hate list" that's easily exploitable. And of course folks were exploiting it!
If you're going to use Bluesky, strongly recommend not blocking folks unless they're specifically harassing you. And don't block big accounts, that crap can come back to haunt you.
I went the other way, and deleted my account.
Well done!
-
@vkc@linuxmom.net I am planning to delete it but the problem is some of my friends are there and idk if they will migrate to the fedi
-
@vkc@linuxmom.net I am planning to delete it but the problem is some of my friends are there and idk if they will migrate to the fedi
-
RE: https://mastodon.social/@_elena/115909375706083994
Aside: this is a *major* reason why I quit Bluesky and deleted my account some months back.
I would block a baddie, and because that crap is PUBLIC on Bluesky (?!?), that basically creates a "hate list" that's easily exploitable. And of course folks were exploiting it!
If you're going to use Bluesky, strongly recommend not blocking folks unless they're specifically harassing you. And don't block big accounts, that crap can come back to haunt you.
I went the other way, and deleted my account.
@vkc I’m on bluesky and have been for ages. I block people. I don’t care that fascists and terfs know I blocked them. I will never be travelling to the US again for the foreseeable future. And I wouldn’t pass the social media checks anyway if I didn’t just go with a burner phone.
-
@Ember @vkc Sorry, but this has a bit of a "if you block someone and get harassed for it, it's your fault because you're on a node that's not doing a good job" vibes to me. I'd be a lot happier if we didn't provide potential footguns to people.
Also, I'm not even sure your argument works. If I'd be an instance admin wanting to do a decent job, I wouldn't even know how to protect my users. mastodon.social only has one instance blocked for blockbots according to their list, so that's not a good starting point. A lot of "decent instances" don't publicly explain why they block other instances, or don't show that info at all. If I, for example, would trust your decisions fully, I couldn't even follow your lead because you don't make server blocks publicly available. Same with Hachyderm. That also means a user couldn't evaluate block decisions before joining a server to make sure they're on a node that is "decent". In the end, it's all just vibes based, and that puts a lot of people at risk without them even knowing.
There's a ton of instances that are run by really awesome people, but they don't have the bandwidth to stay on top of the latest malicious instances all the time. And those are commonly also the kind of instances that host a lot of non-tech users, which makes this even riskier.
I get it, it's a hard problem to solve, but this is one of those many things where Mastodon puts users at risk without even telling them or allowing them to make a decision on their own. I don't like that. And if we rightfully throw shit at Bluesky, we should also at least acknowledge the limitations in our own courts.
-
@vkc I should hope they fixed this by now, but a year or so ago, I read a post detailing a lot of technical shortcomings of Bluesky, and one of them was that deleted posts could be easily recovered because instead of a database, they just had a repo, and if you could find the pre-deletion commit, you could read deleted posts.
The whole website is a fucking clown car
-
@vkc Could someone enlighten me on why this is bad or otherwise harmful?
@Jourei @vkc Imagine you're being harassed by someone, who has a lot of followers. You block them, because you don't want to put up with them anymore. Now they can see you blocked them, and tell their followers to terrorize you in revenge. And suddenly you'll get thousands of death threats or people are even dozing you. That could do a lot of harm.
-
@Jourei @vkc Imagine you're being harassed by someone, who has a lot of followers. You block them, because you don't want to put up with them anymore. Now they can see you blocked them, and tell their followers to terrorize you in revenge. And suddenly you'll get thousands of death threats or people are even dozing you. That could do a lot of harm.
-
@vkc Could someone enlighten me on why this is bad or otherwise harmful?
