There is a big fucking bug in Mastodon's moderation features.
-
There is a big fucking bug in Mastodon's moderation features.
When I as a moderator suspend a remote account...
Expected behavior: The account can no longer be found or interacted with on our server and the account can't find or interact with accounts on our server.
Actual behavior: the account can still be found but is empty. there is a notice that the account is suspended and there is even still a follow button - it just doesn't do anything.
And the account can still see everything from our instance and interact with our posts. π€― Our users just won't reciprocate the interaction, because the reply won't appear here.
But if someone else replies to a reply from the suspended account we'll see that reply, but won't know what original post it belongs to.Is this a new bug with Mastodon 4.3 or has it always been like that?
I've been moderating for 5 years now and this is new to me.I'm not going to create an account on Microsoft
οΈ Github to officially file this bug report, but can someone tell me if it's already reported and what's the status? Thanks.Additional ideal expected behavior: Previous replies to any of our posts by the suspended account won't be seen by anyone anywhere on the Fediverse - or at least not as replies to our posts, because our instance notifies/federates all other instances that these replies shouldn't be there.
#MastoMod #MastoAdmin #FediMod #FediAdmin #MastodonBug #moderation #Suspension
-
Oliphantom Menacereplied to PaulaToThePeople last edited by
@PaulaToThePeople m.art was reporting a few weeks ago that even with authorized fetch enabled, Mastodon does not treat a blocked account the same way it treats a blocked instance.
(GoToSocial does, though.)
-
quintessence :blobfoxcomfy:replied to PaulaToThePeople last edited by
Hey as an FYI - it sounds like you need to disable authorized_fetch.
Adding user safety through Authorized Fetch on Mastodon | Fedi.Tips β An Unofficial Guide to Mastodon and the Fediverse
An unofficial guide to using Mastodon and the Fediverse
(fedi.tips)
@thisismissem can speak to it with more technical detail if she has spoons, but the short version is that disabling authorized_fetch will give you the intended outcome you're looking for when doing blocks. :blobfox:
-
Emelia πΈπ»replied to quintessence :blobfoxcomfy: last edited by
@quintessence @PaulaToThePeople I think this has always been the case? And this has nothing to do with authorized fetch β authorized fetch just makes defederation slightly stronger.
Basically the Account record isn't deleted when you defederate, afaik.
Search and directly opening URLs to actors and posts gets all manner of wonky.
Maybe someone from @MastodonEngineering can better explain it (I have almost no spoons today)
-
Oliphantom Menacereplied to Emelia πΈπ» last edited by
@thisismissem @quintessence @PaulaToThePeople @MastodonEngineering
It could be implemented differently.
Next, GoToSocial will check for the existence of a block (in either direction) between the owner of the public key making the http request, and the owner of the resource that the request is targeting. If the GoToSocial user blocks the remote account making the request, then the request will be aborted with http code 403 Forbidden.
