No, malicious or buggy software running on a remote instance absolutely can ignore followers-only and DM restrictions. ActivityPub doesn't offer any guarantees on these fronts. That makes it unsuitable for anything confidential, and it's a good question whether most users realize it.

Then again when infosec and a bunch of other instances accidentally explosed all media in DMs to the world, and when kolektiva accidentaly shared all followers-only and DMs with the FBI, people weren't actually particularly angry about it, so maybe expectations are set correctly,.

@8124 @stefan

Holy shit I just realized who that account was! They're blocked now.

@stefan

@thenexusofprivacy @stefan

atm not on this page

Public Roadmap

Learn what we are working on in Mastodon

(joinmastodon.org)

@stefan

thank you for prioritizing this. It's not a total solve (there are no technical solutions to social problems) but it will go a long way toward helping make our communities feel safer and newcomers feel welcome.

and to the Italian instance mod, that's cool you have no problems, tons of others do, and for us this has been an issue we raised repeatedly to apparently deaf ears. I applaud the Mastodon team for applying their care to this issue.

@informapirata

Useful info, thanks for checking!

(And, how embarassing that I didn't even do the straightforward checking myself)

@lobingera @stefan

@stefan I don't think the Fedi is ever going to go mainstream, it's basically the Linux of social media

@cyberlyra I'm sorry, I am not involved with Mastodon's team, or this request. But I do hope that after we speak out enough, this will get the prioritization it deserves, for the sake of fediverse's diversity.

@informapirata

@kycm_ancy Perhaps. But I am curious to see what happens when Bluesky's money runs out.

@stefan I can only speculate but they did mention that they are considering ways to get monetized, but the first step will be ads for sure lol

@kycm_ancy Yep.

And I don't want to speculate either, but --

Stefan Bohacek (@stefan@stefanbohacek.online)

Attached: 1 image Ah, so that was the missing feature that required creating a brand new protocol, I see. "Hard to sustain a company like this without ads in todays world" 12+ million fediverse users would beg to differ. Source: https://stefanbohacek.online/@mikestevens@aus.social/110229009098190020 #bluesky #fediverse #ads

Stefan's Personal Mastodon Server (stefanbohacek.online)

@uc Hmm, I'm not sure I understand how this would work, mind elaborating?

@stefan

for someone who has not been approved before, or for all replies if desired, a reply goes into a moderation queue for the OP to read and approve or dismiss. Much the same as with some blogging software.

@uc Ahh, interesting idea!

@evan @stefan “If a) remote servers only use that collection for showing replies and b) the local server lets the user curate the collection, it just works.”

You’re not listening to the users, who prefer the ability to block replies altogether rather than to simply ignore them as you propose here.

For example, elsewhere in this thread @elena writes “Thing is, as a woman on the internet, I prefer to see what people are saying to me... so I can block accounts or entire servers if needed.”

@8124 @stefan @elena obviously, one should be able to optionally view responses that aren't part of the collection. Most social platforms allow this.

@evan @stefan @elena Yeah, true enough, but then you are no longer talking about “reply controls” in the same sense which others are using the term when asking for this feature.

When they find out that replies are not controlled (after installing your software from a landing page emblazoned with “now supports reply controls”) they will get mad at you.

@8124 @stefan @elena declaring an acceptance policy ahead of time is helpful, definitely. "Only followers", "Only mutuals", "Only mentioned people". It can't prevent replies, of course, but it helps compliant clients and servers know which replies won't be accepted.

@8124 @stefan @elena Definitely put my contact information on that page. I'm happy to answer any questions.

This is definitely reply control; you control which replies are put into the official `replies` list.

@evan @stefan @elena “It can't prevent replies, of course”

This is literally my only point, so I’m glad we can agree on it.

@8124 @stefan @elena good!

I think there are social pressures possible, such as blocking servers that don't respect advisory flags.