I'm looking at setting up an instance with allow-list federation, and am wondering if anybody's got good suggestions on how to make it work well. A couple of specific questions:
-
I'm looking at setting up an instance with allow-list federation, and am wondering if anybody's got good suggestions on how to make it work well. A couple of specific questions:
what to use as an initial allow list? Since awoo.space has (as far as I know) the most experience with allow-list federation, I might just start with theirs and augment it with some instances hosting accounts I have connections with
how to let people from instances not on the initial allow list request to be added? A cryptpad form could make sense, but how to make it discoverable?
@erincandescent's suggestion of "Letters of Introduction" (in A better moderation system is possible for the social web) seems to me like it could make a lot of sense at the instance level as well, and @db0's "feeler network" idea in Can we improve the Fediverse Allow-List Model? is also an interesting approach. Are there ways to experiment with these on top of an allow-list system?
-
The Nexus of Privacyreplied to The Nexus of Privacy on last edited by [email protected]
@noiob @thisismissem @julian @Lady @ophiocephalic you all seem like folks who might have some thoughts about this -- https://infosec.exchange/@thenexusofprivacy/112873026679067520 has the deets
-
@[email protected] was this for NodeBB?
There's currently no facility for making requests to be allow listed, so that'd be something you'd have to do separately from the site.
-
ophiocephalic 🐍replied to The Nexus of Privacy on last edited by
@thenexusofprivacy
I have no input on the questions of practical implementation, but I would heartily encourage you to do a writeup following your effort (probably a thing you've already considered). That would be a very valuable contribution to fedi-knowledge.On the question of adding *individual* accounts to the allowlist, that's an interesting one. That seems like the kind of thing that could become quite cumbersome without purpose-built functionality along the lines of the typical follow request. You're blazing a trail with not much in the way of tooling to assist
-
The Nexus of Privacyreplied to ophiocephalic 🐍 on last edited by
Yes, if it's interesting enough I'll certiainly write it up.
I wasn't planning on adding individual accounts to the allowlist, as well as the cumbersomeness I don't think the technology exists to do that in the underlying system. So that leaves a problem with big instances like .social, putting them on an allowlist will lead to a lot of drive-bys but leaving them off cuts a lot of very reasonable people out of the conversation. In general though I think instance blocking only gets you so far, so it makes sense to defer that issue to approaches like reply-limiting and better control over whether to accept followers -- or @thisismissem's "firewall" model allowing much more flexibility than blocking/limiting.
-
@thenexusofprivacy @erincandescent hmmm that gives me a an idea to allow instances to request endorsements from specific other instances via the fediseer. The fediseer would pm your admins that another instance requires your endorsement and if you have your endorsements synced as your allow list, Bob's your uncle
-
@julian Yes, it is, and I realize that, thanks! Did you see db0's suggestion at https://hachyderm.io/@db0/112873675233486067 ?
-
@[email protected] @[email protected] it sounds a lot like the Vouch system I've read about before... which iirc is an indie web thing.
