Ozone, Bluesky's stackable moderation system is up and open-sourced. https://bsky.social/about/blog/03-12-2024-stackable-moderationI think it's interesting in obvious ways and risky in some less obvious ones (that have less to do with "O NO BILLIONAIRES" ...
-
@joshwayne @mergesort @leitmedium Yep, they do.
-
Erlend Sogge Heggenreplied to Erin Kissane on last edited by
@kissane the placefulness of Mastodon and the extended microblogverse is its greatest flaw IMHO.
Instead of using AP servers as post-office relays for our digital letters, we’ve effectively been moved to *live inside* the post offices just to make it easier for the servers to send letters on our behalf.
The discussion groups of the threadiverse however do make sense as places we can *visit* with our independent identities.
I need separation between my place of living and place of discourse.
-
Gabriel Garridoreplied to Erlend Sogge Heggen on last edited by
-
Erlend Sogge Heggenreplied to Gabriel Garrido on last edited by
@ggpsv I’m arguing that #threadiverse platforms like Lemmy, kbin et.al. is where we should go for *place*, which will include Mastodon once it implements Groups.
I don’t have any sense of place on Mastodon, as it is chiefly oriented around people. I can’t easily visit Erin’s mas.to or your social.coop.
But root identity provisioning needs to be extricated from all of the above, in favor of the #nomadicidentity which Bluesky has gotten 80% figured out already and working in practice.
-
Erin Kissanereplied to Erlend Sogge Heggen on last edited by
@erlend I wouldn't say that I'm arguing for the current Mastodon model, exactly. More like I'm trying to take the techno-cultural (sorry) complexes apart so I can try to understand which things are "really there" and which are just emergent phenomena/ v i b e s that sneaked in because of our experiences elsewhere.
-
@kissane I'm still very confused about exactly which actors in what places of the AT collection of services moderates the "base level of non-optional moderation" on the bluesky-specific network.... but that said, do like the ideas of stacking additional opt in third-party moderation on top of that.
Assuming that it doesn't incite the base level of moderation to degrade as they "offload" it to others. And assuming that the UX of reporting issues to multiple parties isn't confusing.
-
Erlend Sogge Heggenreplied to Erin Kissane on last edited by
@kissane didn’t think you were anyway, excitedly looking forward to your post(s) on this subject!
-
@tchambers For the Bluesky app, it's the Bluesky moderation team, which is pretty active in the classical/centralized mode.
Bluesky 2023 Moderation Report - Bluesky
We have hired and trained a full-time team of moderators, launched and iterated on several community and individual moderation features, developed and refined policies both public and internal, designed and redesigned product features to reduce abuse, and built several infrastructure components from scratch to support our Trust and Safety work.
Bluesky (bsky.social)
Layers-wise, I think there are two things—the official Bluesky client enforces the use of Bluesky's in-house moderation work (at the level of the labeler) but then the network-wide, truly non-optional stuff—which is very limited in scope—happens at the level of the relay:
-
@tchambers So although there's a lot of concern across fedi about Bluesky "not moderating," they actually do both takedowns and de-indexing for the Bluesky platform itself *and* they're inserting a centralized kill switch for the worst-of-the-worst stuff into the network architecture, which would prevent the whole "we just defederate from CSAM" situation we have here.
It's not difficult to think of a variety of failure modes for this architecture, but I think they're interesting trade-offs!
-
@kissane @tchambers You are correct, but I think there are things to like about the “we just defederate…” model. It demonstrably provides a powerful incentive for the people who control instances not let them turn into Nazi bars.
-
Erin Kissanereplied to Tim Bray on last edited by [email protected]
@timbray @tchambers Agreed.
My main source of frustration about the cross-protocol conversations is that their underlying assumptions about the way AP/fedi and ATP/Bluesky work are kind of freely floating above the observed and stated realities of both protocols. There are lots of reasons for this, but it's getting in the way of crunchier thinking, imo.
edit: meaningful typo fix
-
@kissane Yes, I did know they centralize base moderation is halved by bluesky staff — but not sure at which part of the bluesky / AT ecosystem…can’t be at PDS servers as those swap out, as do the crawler indexers, so where does centralized non-optional moderation occur? Maybe at the app layer?
-
@tchambers For just Bluesky-the-app, as opposed to other potential future ATP apps?
Looking at the whitepaper plus Paul's most recent comments, I *think* it's labelers hardwired into the official client app(s) and actioned at the App View layer plus takedowns at the Bluesky-run relay and Bluesky-run PDSes, right?
Caveat that my understanding is highly fragmented. (As are their docs and explanations, bless them.)
-
@kissane I *THINK* you and I see it the same way, but I personally am still feeling like I have a 20 percent or more chance of being wrong. Wish they would clearly state that.
Side question related to that: So if Gab.com built it's own full AT Protocol coalition of services (It's own app, own labler, own PDS's etc) could the BlueSky service "defederate" entirely from GabSky?
If so, would that also be done at the BlueSky service's App?
-
jonny (good kind)replied to Tim Chambers on last edited by
@tchambers
@kissane
"Can you opt in to labeling" is the whole tension of labeling for content moderation - the answer necessarily has to be "no" at some level or else it wouldnt work, ppl posting harmful shit dont want it to be labeled as harmful, but then it becomes a vector for abuse as eg. The gab system eg. labels all queer people for targeting.They have a view on abuse that "if you dont see it, then its not abuse" - so eg. here you dont see labels from labelers you dont subscribe to: https://github.com/bluesky-social/atproto/blob/a0625ba40f3d66528488a18f6d32854d9165e191/packages/api/src/moderation/decision.ts#L262
But it does look like any labeling service can label any event - there isnt a good way of making that opt in on the protocol. Im going to set up a test instance later and try and label myself and see what happens in my PDS.
The risk is that identity is so cheap that there doesnt need to be a stable "gab" labeling service - if it gets blocked at an infra level by atproto, cool, signal through a side channel to your followers youre minting a new DID and block successfully evaded. So it is effectively impossible to stop labels as designed from being used as abuse vectors.
I raised this last June and Paul did respond once and from a first look it doesnt seem like any changes were made https://github.com/bluesky-social/proposals/issues/19
-
Right. I don't think they've fully thought through the implications of the underlying design. I asked @bnewbold over there if they had done threat modeling but didn't get a response, oh well.
@tchambers @kissane that's also how I see it with Bluesky-run relays and PDS's, but they've also said that it's only illegal content and spam. Masnick's paper talked about *not* removing Alex Jones at this level. So it's not clear that Gab would have to have their own PDSs or relay. (1/N)
-
Erin Kissanereplied to jonny (good kind) on last edited by
@jonny Yep, shared moderation lists are absolutely a potential attack vector. It's one of the most bullet-biting hard tradeoffs of locked-open + decentralized shared mods layer.
Blocking isn't a strong way to prevent regular user lists from being used adversarially either—I see your issue suggesting otherwise, but I have near-zero faith in blocking as a mitigation for the kind of brigading you describe.
(con't)
-
@jonny I guess for me, the question becomes whether other parts of their model can mitigate the harms concentrated by adversarial use of lists and shared mods.
(My current suspicion is that without strong place boundaries, it's always going to be an arms race, but we also haven't really seen "arms race" on this exact configuration of semi-decentralized services yet and there are a lot of variables.)
-
jonny (good kind)replied to Erin Kissane on last edited by
@kissane
Totally agree. And the labels are a different vector than lists alone too since they are applied to the post/account itself, rather than the post/account being indexed and etc. Also agree that blocking is at best a reactive measure, even if identity had more friction. I think youre right on diagnosing lack of place as the core of it, and its a really nasty downside of "frictionless all-to-all platform" as design goal. Fedi fiefdoms are not great, but having no sense of place doesnt feel like an alternative either. -