@hipsterelectron @smallcircles @kopper @dalias oh! we'll have to give that a look

@smallcircles I think you'd better remove it from public record even if you keep it available privately.

@nycki @smallcircles the mastodon quote fep mentions that a server is allowed to transform rejecting a quote authorization into deleting the entire post (as in, if someone quotes you, you can tell their server to delete their entire post, including their own words, from their own server). this is explicitly described as an acceptable and conformant behavior. not sure why gargron is allowed to write FEPs since he certainly never implements them himself

@ireneista @hipsterelectron @Johns_priv

Yes, though there's also the social side to it. If you think of a large and active Discourse community with a long history of deep and relevant online discussion, then it can be highly disruptive to community health when one of the most active members leaves and demands deletion of 1,000's of public domain topics and posts.

In any case I think what is most interesting is the observation on the many contextual modes of communication we use in our daily life and how we continually switch between these, depending on social context.

And that somehow when we throw out a single line of communication and connect everyone to it, we assume that we can project a healthy social communications network onto that. Only to a small extent are we aware of the enormous simplification in our online comms abstraction, and we start to build unnatural social construct to fix comms problems, like all kinds of moderation, blocking, suspending, etc.

@nycki @smallcircles i have more abstract qualms with the notion of consent that FEP invokes (and why gargron's notion of consent is distinct from user safety, or any of the existing discussions about consent) but i think you have identified a really important framing here that consent to deletion is a form of consent that is absolutely right to require here.

in https://circumstances.run/@hipsterelectron/116543061887456848 i mentioned "two-party consent" to record in US state law which i feel is framed in a way that obfuscates the consent mechanism you identity here

@ireneista @hipsterelectron @kopper @dalias

Nice! Added the project to the note-taking list of C2S / ActivityPub API focused fediverse project..

Which ActivityPub applications support Client-to-Server (C2S)?

delightful-fediverse-experience - A curated list of server applications supported on the ActivityPub Fediverse and related standards.

Codeberg.org (codeberg.org)

@nycki @smallcircles i say "absolutely right to require" in an informal sense, to mean "i personally believe the power of remote deletion requires either (a) mutual user consent to delete or (b) moderator intervention in response to abuse + a contextual theory of harm which is alleviated by deletion".

case (b) does not propose a new power but attempts to codify the expectations of the current status quo, while enabling specific elevated permissions for admins/moderators upon satisfying certain conditions

@kopper thanks, fixed.

@oblomov @smallcircles @django @ireneista You referenced the client-to-server (C2S) Delete. Did you intend to reference server-to-server Delete (section 7.4)? In either case, the Tombstone is optional (MAY). Removing the S2S cached representation is recommended (SHOULD), but not required (MUST) and the spec notes this behavior cannot be enforced anyway. In other words, not deleting a cached object when an S2S Delete is received is conformant, but not recommended without a good reason.

@nycki @smallcircles i am really interested in codifying guarantees like this with cryptographic identity to produce documents attesting to the exercise of elevated permissions & justification for same, because that produces a verifiable log of actions that can be cross-referenced against others (which you'll note is exactly the purpose of making an independent recording of e.g. a phone call). this is something i'm currently working to formalize for package repositories, since git actively obscures decision-making by generating diffs on demand and enables backdating commits while failing to keep track of when an object was first made visible by a remote

@midnakrystal

Yes, it is a quite nuanced subject. Thank you for your thoughtful reply.

@hipsterelectron @smallcircles

is a valid legal basis for the admin authority, which is an authority granted conditionally to the admin by the users

I’m not sure I fully agree with this approach.

In some countries, administrators can have legal responsibilities regarding hosted content. Germany is one example where certain kinds of material are explicitly illegal, so instance admins may be required to intervene regardless of user consent.

If my instance were a public one rather than a personal server, I would legally have to remove content such as Nazi propaganda, racist material, Holocaust denial, incitement to violence, or illegal sexualized content involving minors, real or fictional.

That obligation exists independently of whether users agree with moderation decisions or not. At that point it’s not really a matter of personal preference, but of complying with local law.

@smallcircles I think the single-user instance should at least mark the post as private and don't share it outside the instance. As a courtesy.

@nycki @smallcircles i think @SRAZKVT has some cool thoughts on source control here. vcs like git is analogous to fedi in that user identity is distinct from the set of objects each remote makes visible to others, and each remote (github, codeberg, local clone) completely controls which objects are propagated across servers, which makes them an implicit proxy for each user. while the concern on fedi is that a server might claim you made a post without you, git/hg instead might heuristically generate source file diffs that you didn't validate yourself (leading to e.g. a merge conflict)

cryptographic signatures solve some problems for vcs, but i think the solution there also involves losing some convenience (more awkward diff generation, requiring a signature for merges and not just commits). as with fedi, there may be multiple valid threat models here, so a "git that doesn't generate diffs i didn't sign off on" might allow for skipping signature requirements in certain cases.

@smallcircles from my understanding of w3c activitypub there is no concept of signatures between users at all (the spec emphasizes that actors are not necessarily users and other such negated claims) as opposed to e.g. TLS cryptography used between servers, and this is especially problematic because activitypub is expressly intended as a human communication medium.

@smallcircles if a user can get sued for making a post (i know they can, i don't need precedent to claim this), it's because the activitypub protocol is understood to be representative of its users' speech, which is an incredibly powerful responsibility to assume

@hipsterelectron @nycki @smallcircles this got me thinking, what if cryptographic signature had canonic human-readable representation? Like not simply a 128bit opaque string but also a 80 columns block of text telling what was signed, when, in what context and maybe some user supplied flourish like ascii art corner decoration and logo.
80 columns is mainly here so it can be printed on receipt machine

@smallcircles
What does “delete” mean in this context-Delete the record so no one on the internet can access it after a certain point in time?
I comprehend “delete” request to remove access from public Internet, not whatever a person’s replicated in private notes/server.
Surely it does not mean delete any dated references in:
Screenshots, quotations in notes, books, etc.

I’d like to have a single person server as a publish once, share syndicate everywhere(POSSE) & would keep the dialogue

@smallcircles nope, wrong. You’ve conflated your personal memory and secondary documention about others with the primary record. You can have the former — it’s yours — but not the latter. Moral rights are the author’s in each case. You author and own a memory and representations of it, not the original source.