Giac El Vecio shared a comment of this post/conversation

Tue, 07 May 2024 11:28:22 -0400 from Bunny of Doom

Giac El Vecio wrote the following post Tue, 07 May 2024 11:28:19 -0400

Just remembering (or explaining to those who don't know):
We use consent- and permission-based software, but as soon as we open the ActivityPub tide, we are exposed to unwanted comments on our public posts.
In the example here:
using a streams channel for testing, you can notice the comment written by Giac (mastodon) who, in truth, does not have permission to comment in that public post, and I can see this because I am using a streams channel that is connected via ActivityPub to elvecio (mitra), while in my channel who wrote the original post I don't see Giac's comment. Comments like this are seen on the network using ActivityPub regardless of the server/site, unlike what happens between hubzilla and diaspora, because there (diaspora) they don't use the Twitter/mastodon system, where every comment turns into a post, on the network diaspora the unwanted comment remains limited to the Diaspora server, to the site, and not to the entire network (at least based on what I remember).

@Giac El Vecio

Bill Statler

Tue, 07 May 2024 11:45:26 -0400 from Bunny of Doom

Do I understand this right? In the image are posts/comments from 3 channels, and this is how it looks when you are in a 4th channel?

Giac El Vecio

Tue, 07 May 2024 12:02:13 -0400 from Unio Diversi Spiritus

And.. In Mitra I can see the unwanted comment too, other servers sites using ActivityPub and the Twitter system model can see it.

Bill Statler

Tue, 07 May 2024 13:26:49 -0400 from Bunny of Doom

You are putting too many Giacs in the same place, and they are collapsing into a black hole where the laws of physics do not apply.

Giac El Vecio

Tue, 07 May 2024 15:12:44 -0400 from Unio Diversi Spiritus

Test

Giac El Vecio

Tue, 07 May 2024 15:13:52 -0400 from Unio Diversi Spiritus

Now it works (from my clone)

Giac El Vecio

Tue, 07 May 2024 15:18:24 -0400 from Unio Diversi Spiritus

Last..

Bill Statler

Tue, 07 May 2024 15:23:05 -0400 from Bunny of Doom

I 'liked' all of your comments that I can see here. No 'like' = I can't see it.

Mike Macgirvin 🖥️

Tue, 07 May 2024 15:49:17 -0400 from Y

If you look at the precise English wording of the permission setting referred to, it is "Accept delivery of comments on your posts from ...".

Basically, we cannot control what other people using other software do. Anybody can technically create a comment and send it anywhere. We can't control this. We actually can't control what somebody else does using their own software which they can modify. This a fundamental law of decentralised systems. Some younger developers think they can "fix" this.

They cannot.

What we can control is accepting that comment on your server and shoving it in your face in your stream. And we can control whether it becomes a part of your conversation. And we can control whether your server resends it to your audience that is/are following your conversation.

We can, and we do.

Bill Statler

Tue, 07 May 2024 20:34:15 -0400 from Bunny of Doom

We actually can't control what somebody else does using their own software which they can modify. This a fundamental law of decentralised systems.

I'm pretty sure of the answer to this, but...

If we send a post to a limited audience, including channels on other servers and software, there is no guarantee that the actual audience will be limited as we intended. Each recipient's instance could just post it on that instance's public timeline, or do anything they want.

Is that correct? I've been assuming that is how things work (and I've also been assuming that legitimate projects and instances don't generally do this on purpose).

Giac El Vecio

Tue, 07 May 2024 21:05:23 -0400 from Unio Diversi Spiritus

I don't know if I understood your question, but a limited post cannot be "repeated" in a instance, there is no way.

Jupiter Rowland

Wed, 08 May 2024 03:30:02 -0400 from hubzilla

@Giac El Vecio Not even Mastodon can because Mastodon understands limited posts as DMs.

Giac El Vecio

Wed, 08 May 2024 10:29:07 -0400 from Unio Diversi Spiritus

I was thinking, returning to my post, the vast majority of the 1000 or 10000 people who read the terrible unwanted comment (those who inhabit the mastoverse), do not know that you (in streams) did not receive and read that comment, and are probably wondering why don't you answer or something.

Bill Statler

Wed, 08 May 2024 11:42:26 -0400 from Bunny of Doom

Mastodon understands limited posts as DMs.

Thanks, that makes it more obvious what's going on. The receiving instance would have to ignore the concept of direct messages in order to mis-deliver a limited post to the wrong people.

Giac El Vecio

Wed, 08 May 2024 12:08:22 -0400 from Unio Diversi Spiritus

Not just mastodon, but the mastoverse (pleroma mitra............).

Mike Macgirvin 🖥️

Tue, 07 May 2024 21:06:36 -0400 from Y

That's correct. All we can do is provide a good faith effort to restrict the audience as you've indicated in your preferences. And this works reasonably well in the fediverse, even considering Mastodon. But technically, we can't actually enforce what somebody does on their own server. And admins can still read everything. Even if you use the Secrets app and encrypt the message, there's nothing stopping somebody from decrypting it and copy/pasting in a post to the world. Your site admin can also insert a backdoor to the Secrets app if they are really savvy. That's why I call it browser-to-browser encryption and not end-to-end encryption. This wouldn't be easy for them, but it can be done. Fortunately, most admins are lazy and unless you've given them a reason, they won't go through the trouble.

On the bright side, anybody who does these things will be discovered and un-friended pretty quickly. So we're relying on a social contract and the fact that most people are honest and act in good faith, and try not to associate with those that don't. That's the best we can do.

Giac El Vecio

Tue, 07 May 2024 21:17:29 -0400 from Unio Diversi Spiritus

Currently, no project that I know of has the 'ability' to take a non-public post and repeat/reblog it in the site's timeline (or similar).

Mike Macgirvin 🖥️

Tue, 07 May 2024 21:43:23 -0400 from Y

This doesn't mean it can't be done.

Giac El Vecio

Tue, 07 May 2024 16:10:29 -0400 from Unio Diversi Spiritus

Yes, the important thing is that people are aware that any idiot using mastodon can comment something horrible in a public streams/hubzilla post, and the person (of the original post) probably doesn't even realize it.

Mike Macgirvin 🖥️

Tue, 07 May 2024 16:17:18 -0400 last edited: Tue, 07 May 2024 18:20:05 -0400 from Y

Hate to be the bearer of bad news but people you don't know can talk about you behind your back. There is nothing you can technically do to stop them. Nothing.

Let it go.