Soooo after a bunch of testing with @poisonous , turns out that even with authorised-fetch enabled (on instance A in the following example), if instance A blocks a user on instance B as an instance-wide block from the admin panel, that block will only ...
-
Soooo after a bunch of testing with @poisonous , turns out that even with authorised-fetch enabled (on instance A in the following example), if instance A blocks a user on instance B as an instance-wide block from the admin panel, that block will only apply as a limit on instance B. The blocked user on instance B will still be able to view and interact with posts on instance A.
(continued)
-
If you want to hard-block a user on another instance such that they cannot view any profiles or posts or interact with any of your instance's accounts in any way (from the blocked account), you have to block the full instance (ensuring authorised fetch is enabled).
The only other way is to add the account as a block from the profile-level (e.g. me, on this account, manually blocking another user) - but of course that will only apply for the single user making the block.
-
@welshpixie I had just run into this the other day. It's so unintuitive that suspending an instance prevents interaction but suspending a user doesn't.
-
@ellesaurus @welshpixie Would it be OK to tag Emelia? She's been working on moderation / security issues, and I'm very curious what her thoughts are.
-
@tamitha @ellesaurus For sure
-
@welshpixie @ellesaurus @thisismissem Hi! Putting this thread on your radar. I'm extremely curious what your thoughts are about the difference between an instance suspending another instance versus an instance suspending a remote account.
-
@tamitha @welshpixie @ellesaurus I think this documentation may explain that for you:
If the official mastodon documentation isn't clear enough: https://docs.joinmastodon.org/admin/moderation/
-
@tamitha @welshpixie @ellesaurus in theory for a user block, there should be a Block activity federated out, such that the server knows you've blocked that specific user, but you also need to be careful of malicious servers where they enable block circumvention or outing.
-
@thisismissem @welshpixie @ellesaurus I looked over both documents and I might be missing something.
If I blocked you - a 1 on 1 user suspension - it seems to behave the way we'd expect. ie: you, the remote user, can't see or interact with my account or posts. This is good.
However, if indiepocalypse.social blocks you from the moderator panel - an instance on user suspension - then you can still see my posts and interact with them, including replying.
I won't see it or be notified, but you still have access to my feed. In turn other folks - let's say welshpixie - can see your reply and reply to your post, and I'll see what they said to the both of us, but can't see your post.
Why is it the 1 on 1 user-level suspension works the way I expect, but the instance on 1 user doesn't?
-
@tamitha @welshpixie @ellesaurus I suspect that's because a user to user block can be federated, but a instance to user block cannot really, or if it is, there concerns over block evasions