Tootfinder

Well, some of you know that this instance also offers a matrix server.
However, sone users have decided to join every room possible - on every server they can find.
And that causes our server to run out of space and being constantly overloaded all the time.
This is why we cant have nice things

Giants' John Harbaugh not surprised by Dexter Lawrence's trade request: 'There’s business involved' https://www.nfl.com/news/giants-john-harbaugh-not-surprised-by-dexter-lawrence-s-trade-request

In the interests of starting a more productive dialogue than yesterday's main character was interested in, let's make a #brainstorm thread about design changes to ActivityPub and/or client UI that could actually help address drive-by (often racist) harassment on the fediverse.
Feel free to discuss pros/cons but don't feel an idea needs to be perfect to suggest it. Also since this is a brainstorm don't worry about complexity/implementation cost. If you have a great-but-hard-to-implement idea someone else may think of a way to simplify it.
Note that the underlying problem *is* a social one, do there won't be a technological fix! But tech changes can make social remedies easier/harder.
I've got some to start:
1. Have a "protected mode" that users can voluntarily turn on. Some servers might turn it on by default. In protected mode, users whose accounts are less than D days old and/or who have fewer than F followers can't reply to or DM you. F and D could have different values for same-sever vs. different-server accounts, and could be customized by each user. Obviously a dedicated harasser can get around this, but it ups the activation energy for block evasion and pile-ons a bit. Would be interesting to review moderation records to estimate how helpful this might or might not be. Could also have a setting to require "follows-from-my-server" although that might be too limiting on private servers. Restriction would be turned off for people you mention within that thread and could be set to unlimit anyone you've ever mentioned. Would this lock new users out of engagement entirely? If everyone had it on via a default, you'd have you post your own stuff until someone followed you (assuming F=1). One could add "R non-moderated replies" and/or "F favorites" options to soften things; those experiencing more harassment could set higher limits. When muting/blocking/reporting someone who replied to your post, protected mode could be suggested with settings that would have filtered the post you're reporting.
2. Enable some form of public moderation info to be displayed when both moderator and local server opt-in. Obviously each server would be able to ignore federated public tags. I'm imagining "banned from X server for R reason (optional link to evidence)" appearing on someone's profile & an icon on their PFP in each post viewed by someone on server Y *if* the mods of server X decide it's appropriate *and* server Y opts in to displaying such tags from server X specifically. Alliances of servers with similar moderation preferences could then have moderation action on one server result in clear warning propagation to others without the other mods needing to decide whether to also take action immediately. In some cases different moderation preferences would mean you wouldn't take action yourself but would keep the notice up for your users to consider. Obviously the "Scarlet Letter" vibe ain't great, but in some cases it's deserved, and when there's disagreement between servers about that, mods on server Y could either disable a specific tag or disable federation of mod tags from that server in general. Even better shared moderation tools are of course possible.
3. Different people/groups have different norms around boosting. Currently we only have a locked/public binary. Without any big protocol changes, adding a "prefers boosts/doesn't" setting which would warn in the UI before a viewer chooses to boost if the preference is "doesn't" could help. This could be set per-post, but could also have defaults and could have different values for same-server or not, or for particular servers. For example, I could say "default to prefer boosts from users on my server but not from users on other servers" or "default to prefer boosting on all servers except mastodon.social." Last option might be harder to implement I guess.
#ActivityPub #Meta #Harassment

✍️ New article: Webspace Invaders
👾👾👾👾👾👾👾👾👾👾👾👾
https://matthiasott.com/articles/webspace-invaders

Webspace Invaders · Matthias Ott
There’s something happening on the Web at the moment that almost feels like watching that old arcade game Space Invaders play out across our servers. Bots and scrapers marching in formation, attacking our servers wave after wave, systematically requesting page after page, relentlessly filling their data stores while we watch our access logs fill up.

"A three-judge panel for the Ohio Tenth District Court of Appeals ruled that gender-affirming care for minors constitutes an essential medical treatment for trans youth and that the ban on gender-affirming care is in violation of a state constitutional amendment. "
Republicans passed an amendment to curtail Obamacare. It just backfired in a surprising way. - LGBTQ Nation
https://www.lgbtqnation.com/2025/03/republicans-passed-an-amendment-to-curtail-obamacare-it-just-backfired-in-a-surprising-way/

🇺🇦 #NowPlaying on KEXP's #DriveTime
Surfbort:
🎵 Hot Dog
#Surfbort
https://todorecords.bandcamp.com/track/hot-dog
https://open.spotify.com/track/1UEwMrAAig4VsW8YQzNOGe

«Storm Infostealer umgeht 2FA — Malware übernimmt Accounts ohne Passwort:
Der neue Storm Infostealer umgeht 2FA, kapert Accounts per Session-Hijacking und entschlüsselt Daten serverseitig.»
Ich gehe mal davon aus, dass die JSON Web Token (JWT) umgehen. JWT ist zwar populär aber nicht sicher. Die Zwei-Faktoren Autentifikation (2FA) ergibt am Ende auch JWT zur online Erkennung.
😕

Storm Infostealer umgeht 2FA: Malware übernimmt Accounts ohne Passwort
Der neue Storm Infostealer umgeht 2FA, kapert Accounts per Session-Hijacking und entschlüsselt Daten serverseitig.

Ausprobiert und für gut befunden: Mie-Nudeln mit Tofu in scharfer Thai-Kokossoße
#HolgerKocht
https://www.dm.de/tipps-und-trends/rezepte/…