Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • AdaA
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    What might an anti-harassment tool look like on a social network without any pretenses of privacy?

    There’s no such thing. They are mutually exclusive. Take queer folk for example. We need privacy to be able to talk about our experiences without outing ourselves to the world. It’s especially important for queer kids, and folk that are still in the closet. If they don’t have privacy, they can’t be part of the community, because they open themselves to recognition and harassment in offline spaces.

    With privacy, they can exist in those spaces. It won’t stop a dedicated harasser, but it provides a barrier and stops casual outing.

    An “open network” where everyone can see everything, puts the onus on the minority person. Drive by harassers exist in greater numbers than a vulnerable person can cope with, and when their content is a simple search and a throw away account away from abuse, it means the vulnerable person won’t be there. Blocking them after the fact means nothing.

    • PeriodicallyPedantic@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      An “open network” where everyone can see everything, puts the onus on the minority person

      But isn’t this already the case?

      You make a good point about people still in the closet. That’s an excellent use case for privacy. But I still believe that’s a different issue. And I’m fact this is my great concern: people think they have privacy when they dont so they say things that out themselves (as any kind of minority) accidentally, because they mistakenly relied on the network privacy.

      You’re right though, it’s not all-or-nothing, but I do think these are two separate problems that can and maybe should have different solutions.

      The type of drive-by harassment you describe is by online randos, not in-person. For those situations, is it not enough that you remain oblivious to the attempted harassment? If a bigot harasses in a forest and nobody is around to hear it, did they really harass?

      • AdaA
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        is it not enough that you remain oblivious to the attempted harassment? If a bigot harasses in a forest and nobody is around to hear it, did they really harass?

        The problem is, there are plenty of other people around to hear it. Everyone else except the harassed person can see it, and on top of that, the fact that harassment is trivial to do, and not policed, ensures that more harassers will come along. Each one having to be blocked one by one by the people they’re harassing, after the harassment has already taken place.

        As I said earlier, this is how twitter does things, and there is a reason that vulnerable folk don’t use twitter anymore.

        But isn’t this already the case?

        No, it isn’t, because right now, local only posting, follower only posting, authorised fetch, admin level instance blocks etc, all combine to make it non trivial for harassers. If you’re familiar with the “swiss cheese defence model”, that’s basically what we have here. Every single one of those things can be worked around, especially by someone dedicated to harassing folk, but the casual trolls and bigots, they won’t get through all of them. The more imperfect security, anti harassment and privacy options we have, the harder it is for casual bigots.

        • PeriodicallyPedantic@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          I’m familiar with the Swiss cheese model and you make a good point.

          But even still, I think what we have now is insufficient, has other negative side effects too, and I don’t see a good path to make it sufficient.

          I was initially lamenting that social networks currently do a terrible job (dangerously negligent job) setting user expectations wrt privacy (or lack thereof). It’d be nice if social networks were upfront about the lack of privacy, and made the limitations of their tools inherently obvious. Sorry if it seems like I keep shifting goalposts, I keep changing the direction of the conversation as you give me interesting things to think about and discuss.

          I’m not suggesting that we copy Twitter’s model for anti-harassment, especially since The Idiot took it over.

          I’m suggesting that, rather than just double down on what exists now, you do a thought experiment with me where we explore a radical rethink of anti-harassment, and what it might look like if we don’t try to use privacy tools to accomplish it. I’m not convinced that there is no reasonable solution possible. Although the details would probably depend significantly on the type of social network (for example: microblogging vs reddit-like).