Over the past few months I’ve been putting my UX Interviewing hat on and helping @jenniferplusplus’s Letterbook project, by talking to a variety of people doing moderation work, largely in the Fedi space
-
Matthew Lyonreplied to technomancy (turbonerd aspect) last edited by
@technomancy many of the ideas that I’m coming up with for what I’ll call “situational context” across both individual flag activities and community awareness involve aggregate queries or things that would be difficult to define in any kind of standardized form
that’s not to say your idea isn’t good! it’s just, I think with things as they are now, it’d be like trying to communicate through a straw instead of something richer
-
I’ll also put it out there that this sort of “UX/UI/Prototyping/ The Human Part of Software Design / especially for technical/nuanced problems” is what I consult for, and I have availability
-
technomancy (turbonerd aspect)replied to Matthew Lyon last edited by
@mattly admittedly my idea was motivated largely by the question "how could I contribute without first having to learn either golang or javascript?"
so yeah, definitely of limited utility
-
Matthew Lyonreplied to technomancy (turbonerd aspect) last edited by
@technomancy I LLOL’d
-
@[email protected] @[email protected] This sums up a lot of frustration in a nutshell. Not sure if we particularly talked about post visibility but I've made complaints on this account publicly before.
Sometimes a post that is part of a report is a response to a post that's been deleted, and since the server software deletes those posts immediately, the full thread is gone. It's completely possible for a report to become "un-solveable" by any reasonable standard, but the model around ActivityPub flags don't allow for this.
It's really unfortunate how software doesn't save an "archive" of a reported note. This is just a bandaid to the underlying problem but it would reduce the amount of times I've had to close a report. It's really unfortunate when I have to close a report because there is no longer anything "actionable". I am hesitant to 100% follow the words of the reporter (something which you also touch up on) because I cannot be sure that we both agree on what constitutes a violation of rules. I've found that most instances report things that violate their rules to us, instead of forwarding reports for rule violations of our own rules. This is fine, but it means that what may be a rule violation to another instance is completely acceptable here. Having to read through a remote instance's rules and make that determination is not fun.
Not to mention the fact most instance admins do not specify an action they'd like to be taken. How do I know the severity of a report? Does the remote instance want me to suspend this local user? Is a silence sufficient? Are they just passing it along as a heads up and do they want me to do anything? This is a big communication issue and it's unfortunate it often times gets lost when a report comes in from an instance I don't have an existing relationship with the administration on. If I get a report from Labyrinth.zone I can reach out to Vel for clarification. If I get a report from an instance I've never heard of... now I am stuck trying to track down their contact information and figure out how to establish communication off platform. 1/? -
@puppygirlhornypost2 @mattly multiple people shared concerns in this area
-
@[email protected] @[email protected] yup ik. just wanted to get out some more information
-
@[email protected] @[email protected] it's genuinely so annoying when i get a report and i don't know what to do with it. I constantly think "is remote going to be mad i didn't take action?" and other questions
-
@puppygirlhornypost2 @jenniferplusplus you know, now I’m wondering how many of these inter-instance admin spats we hear about are caused by the poor design of the protocol & tooling in this area
-
@[email protected] @[email protected] Too many actually. The amount of times a report just didn't federate over, and someone gets mad because they see an inaction on the instance administrator's side. Timezones too (everyone seems to have this expectation mod teams are online 24/7. now that's usually the case for this instance as we have people in a variety of locations so i don't worry too much... but it has bitten us in the ass when things happened on the instance and we were all asleep unable to respond to remote instance concerns).
-
@[email protected] @[email protected] Or in a separate reply in this thread if remote admin is following instance A user A, instance B user B and I'm instance C... and I don't follow either A or B? To them the context is crystal clear and to me I have no idea what the dispute was about. It's all about perspective (especially when it comes to even worse cases of this with fragmentation of replies due to most instance software not using reply collections)
RE: https://transfem.social/notes/a0s9cpebp54d00wu -
@[email protected] @[email protected] Just the pure amount of areas where information gets lost and it's assumed we're all operating on the same page with the same information... It's horrible. It's why admins burn out. It's not the root cause of why instances fight over things and have big public disputes, but it certainly isn't helping. It's a miracle we're even able to moderate to this degree, I think most people would have given up if faced with the challenges my team and I face every day.
-
@puppygirlhornypost2 @mattly I know this doesn't help right now, but I do plan to address these issues in Letterbook.
Some of that requires design work that's not done yet. Some of it will be necessarily incomplete without spec improvements, but I'm working on that, too.
Permissions, though, has been on the plan since day 1. I'm going to have auditable privilege escalation for moderators, so you can actually review reports you receive. I was shocked to learn other backends *don't* have that.
-
@[email protected] @[email protected] I talk about these problems not because I expect immediate solutions but because I hope that aspiring implementations will use it to find better solutions to the problems we face. I hope that I can laugh with people 1-2 years from now and go "haha yeah mod tools when I first started were in the Stone Age. the network was at a turning point where it needed growth to survive but didn’t have the appropriate resources to accommodate growth"
-
@[email protected] @[email protected] I really love role systems, conditional access, mandatory access controls. It makes me happy that you’re prioritizing permissions. Misskey’s role system is a start and while I am getting major improvements (upstream has taken feedback and is making a bunch more extended permissions) that takes time and still doesn’t fix the underlying problem of "moderator" & "administrator" flags on accounts. Still trying to do it step by step, but you have the benefit of not having a legacy codebase needing major refactoring to support modern features.
-
@[email protected] @[email protected] What i'd really like to see one day is the deprecation of "IsAdministrator" and "IsModerator" flags for misskey. I want things to follow something like Discord or Active Directory (yes, Microsoft Active Directory). Creating policies for users, governing what resources they have access to. Not having a specific flag for "administrator" that gives nearly full control of the instance (or the "root" flag which gives you 100% control. administrators can't create accounts but root can create accounts... it's a mess). Ideally instance software should accommodate a variety of hierarchy. It's sad that discord beats instance software on this front.
-
@[email protected] @[email protected] Sure, discord has the concept of "ADMINISTRATOR" permission which just encapsulates all permissions. But that's not the same because you can make roles with specific permissions like MANAGE_MESSAGES. Here? If I wanted to give someone the ability to suspend users? There is no "SUSPEND_USERS". There is only administrator/moderator. And honestly I forgot which one actually gives you the ability to do that. I personally follow the philosophy of least privilege, if I do not need a permission i do not give it to myself. Same goes for everyone else on the mod team. If someone just needs the ability to suspend a user they shouldn't have access to DEFEDERATION and causing a diplomatic crisis. administrators certainly shouldn't be able to just grab all of our credentials (Yes, anyone with admin role can just grab the key for S3 and other instance configuration. There's nothing stopping them. Something you'd expect "Root" to only have access to but no).
-
@puppygirlhornypost2 @mattly We have an ADR open for discussion about authorization and organizing claims. I need to clean it up, but I could do that sooner than not. Would you be interested in looking it over? Particularly from the perspective of how it reflects the actions that mods and admins need to take?
-
-
@puppygirlhornypost2 @mattly Hooray!
This gives me an excuse to put off trying to cobble together a new federation debugging solution (because docker keeps failing at this)
