the fact that Evan Prodromou (threat model: cisgender white canadian man) launched tags.pub without thinking about risks or exposure is, I assure you, par for the course
every security & privacy win in activitypub happened despite evan
@ariadne He's gay but not queer, like Tim Cook or Sam Altman.
EDIT: nvm he is not gay, I swore he was tho.
@noisytoot because it boosts any hashtag it sees, including ones it probably shouldn't, like peoples lewds and shit
@ariadne every time I see that guy mentioned (haven't seen his posts since I blocked him a few years ago) I think about how he showed up in late 2022 after twitter was sold to talk about how awesome he was for helping invent the fediverse despite the fact that he'd spent the previous ~decade posting on twitter and ignoring fedi
@noisytoot (the reason I wrote a relay server was to demonstrate that it could be done with Announce activities, thus not needing permanently lived LDSigs, not because relays are good)
@ariadne what would a good consent model look for aggregation services. I've thought about servers having an actor that represents the instance. Following the server actor would be a way to opt-in to the aggregation.
@PuercoPop *mutters loudly about capability based security*
@ariadne @noisytoot also, when threat modeling, one really mustn't underestimate how different "data is accessible to anyone *easily*" is from "data is accessible to anyone *who goes digging for it*"
@ariadne @noisytoot concrete example: records of who owns what parcel of land have been public for *centuries* but "public" used to mean "accessible to anyone who pays a visit to the relevant county records office in person" and now it means "accessible to anyone, anywhere, who can run an electronic search", and that is why I get spam (and paper junk mail!) about selling my house, when my grandfather never did
and to clarify the stakes, think about what this means for people who have stalkers
@ariadne wait, aren't those just some bots that boost toots with specific hashtags?
Like, I always found those bots kinda annoying (just bc they send me a boost notification and then when I go to check who that was it was just smthng automated) but I guess when I'm using hashtags the whole point is making more people who are interested in the subject see it? How are those any more risky than the hashtag following feature? Am I loosing something?
@luana the problem isn't the use of hashtag but rather the unintended amplification. for example, somebody uses a hashtag to group posts targeted at their direct audience.
the other part is that tags.pub works by scraping relay traffic.
@luana so if you are on a server which uses relays (you really shouldn't IMO), then there is a much larger chance that you shoot yourself in the foot if you're using a hashtag for post grouping that you don't really intend to distribute to the public.
a lot of the problem isn't tags.pub or relays but rather that activitypub's security model as implemented in practice does not give publishers enough control over how posts flow through the network
@ariadne I completely missed this when it was announced—I’ve got him blocked or muted. I remember suggesting something like this in the context of natural disaster response, where you really do want a post to get out there as widely as possible, despite the federation horizon. Opting in, I hasten to add.
But this thing doesn’t even have defederation lists, by the looks of it. If my instance defederates poast, and the relay I use also doesn’t federate with poast, but tags.pub just federates with everyone, my toots are going to end up on poast. Right? With AUTHORIZED_FETCH off, at least.
There’s not even an issue on GitHub about block laundering. How did no one consider this risk? (You already answered this.)
@futzle yes all of that is correct. this is why authorized fetch should be the default.
@noisytoot because signing up to one of those many relays doesn't mean you're okay with every hashtag you post being boosted by some random bot account which could be followed by almost anyone
relays are a whole lot more passive than that, and also are usually opt-in (and manually reviewed by the relay operator) for both reading from and pushing to, while tags.pub any malicious instance can follow some hashtag to find victims or get into just one relay to spam everyone following those bots with awful stuff
@ariadne
How would one know if my server uses relays?
I mean, I know my admin so I can just ask them but is there another way?
@ariadne I tried to find the info but it is not clearly written. Does it expose "quiet public" content? If yes it would be easy to fix, no ?
@ariadne I don't understand why anyone sane would bot-boost "quiet public" content, why have a standard if you don't follow it ?
I use a *lot* of hashtags, but curiously only my post about an old radio transmitter being closed down got snagged by these bots, none of my toots about cars, transport, crime reports from UK - which makes me /more/ suspicious - is the setup *really* following every hashtag (which might not even work as there seem to be some bizzare ones being used), or is it quietly being curated in a subtle attempt to introduce algorithms to the Fedi?