Option to disable auto-acceptance of follows (manual acceptance)

[techknowlogick]

Currently PeerTube auto-accepts all follow requests, this is a feature request to allow disabling of the auto-acceptance and allow an admin to manually accept specific follow requests (and ignore, or reject others)

[Chocobozzz]

Why would you want to refuse a follow?

EDIT: that wasn't meant to oppose the issue, but rather define the scope of the issue. "Why might you want to refuse a follow" would have been a better formulation. See https://github.com/Chocobozzz/PeerTube/issues/1179#issuecomment-426911280 for a proper follow-up.

[techknowlogick]

I'd prefer that my content doesn't syndicate to an instance called "bootlickers"

[rigelk]

@techknowlogick please understand we are looking for a general case argument

[inmysocks]

How is not wanting to syndicate with certain instances not a general case?

[techknowlogick]

general case argument: someone could register a domain that is a slur (take your pick of whichever one you want) then syndicate my content there. It could give them impression that because my content is on that domain that I endorse it. Or just fill up the follows with a list of slurs that I have to see everytime I look at the follows. I know this isn't mastodon, but masto has the idea of "locked accounts" where followers need to be approved, this is almost the same.

[vegaelle]

I think that giving the choice to instance admins to not accept automatically federating instances is a heavy requirement in order to mitigate harrassment: for the same reason that private account does exist on Mastodon, or even on the birdsite, users (in this case, admins, because only them control the federation behaviour) may want to control how their content is propagated.

Here is a concrete example, I sincerely hope that you (=Peertube maintainers) will understand it: I’m running an instance for queer people, people who are targeted by harrassment on a daily basis on every social platform/network. Some 4chan trolls (but of course you can guess the type of communities i’m talking about here) make accounts on “freedom of speech” instances (AKA without any form of moderation), accounts that i can’t control, obviously. Those instances are following mine, so they receive automatically public videos published on my instance. Then, the trolls automatically receive content that they can harrass. Not enabling auto-accept for follow requests would make this a little bit harder. The difference can be huge. If you can’t by any mean control the automatic diffusion of your content, how exactly did we evolve since the horrible idea that all data had to flow worldwide without any kind of privacy?

[seanlynch]

I use a locked account on Mastodon so that I can control where my content shows up in the Fediverse. It's by no means a perfect solution, but there's a big difference between someone having to go out of their way to look at my toots and having my own instance automatically send all my toots to them. The inability to control follows is a dealbreaker for me.

[witcheslive]

Honestly kind of worry about the safety of this platform if the kneejerk response from the devs is "why would you want to control who follows you"

How is it possible that you're working on a youtube alternative and are completely unaware of how the total lack of control over publishing your content and letting any, say, alt-right yahoo and their hangers-on spike engagement in ways that are detrimental to your channel and community around it causes MASSIVE issues? A follow, like anything else, can be done in bad faith. If you honestly don't understand this you really need to get some marginalized people on board with this project who have been the target of online abuse onboard to help you get perspective on these things.

[sydneyfalk]

Not to answer that question with a question adversarially, but: Why shouldn't your users have the ability to do this?

It hurts nothing except harassers and trolls. It helps legitimate, good-faith users, and is immensely useful for some of them.

It also helps suggest that the platform is 'unwelcoming' to harassers and trolls, which would be a good thing, because if Peertube gets infested with harassers and trolls just like YouTube, people will stick to YouTube, because ad money.

@techknowlogick please understand we are looking for a general case argument

Generally speaking, there's a lot of instances with objectionable names in one way or another, and a lot of "we don't moderate" instances.

I think that the 'bootlickers' item was an example meant to refer to the problem, not the person specifically saying they needed it because of that one instance.

[joyeusenoelle]

I quote from the FAQ:

We want to stay neutral by limiting the influence of our platform on authors as much as possible.

Sometimes limiting the influence of your platform means giving the user more choices. By not including a way to vet followers, you're saying "you must allow people you know to be harassers to subscribe to your PeerTube feed", and you're make the content dynamic more hostile. That isn't a neutral decision; it's a decision in favor of harassment.

[DeadSuperHero]

To be clear, it's important to distinguish whether this is talking about "instances following other instances", where multiple PeerTube instances follow each other through a form in the admin panel, and "users following channels", where anyone from the fediverse can follow a particular channel.

Server-to-Server Follow Curation So, one particularly strong use-case for this would involve more robust curation around which instances your own instance federates with directly.

Being able to check follow requests from other instances and decide which instances to connect with gives instance admins some notion of control, and would allow them to avoid connecting to problematic instances known to host trolls and serial harassers.

Actor-to-Actor Follow Curation At the very least, channels could have some kind of privacy mode similar to Mastodon accounts, where an account is essentially private and the person running it grants who to share their content with. Not everyone is going to opt into setting up their channels this way, but this is a use-case that already works somewhat well on platforms such as Mastodon.

[sydneyfalk]

That isn't a neutral decision; it's a decision in favor of harassment.

This is arguably true. With the "my house" analogy, I ask, to demonstrate how the initial response sounded: "Why would you want a lock on your door? Then people couldn't come in."

Well, yeah, and sometimes people need that. Hence.

[paintedsky]

It is my kind and sincere hope that the admins listen to the folks here and what they are saying.

Privacy and anti-harassment tools are one of the unique features of Mastodon which, imo, have significantly lead to its popularity and adoption.

Choosing NOT to focus on privacy and anti-harassment features for this platform will, I feel, unnecessarily hinder it and kill adoption rates.

The world needs a distributed, federated video sharing platform and PeerTube can be that platform. But the world is bigger than "free speech activists" and most of the rest of us want nothing to do with them.

Making features that allow us to avoid harassing behaviour is beneficial for everyone (except trolls obviously) in the long run.

[sydneyfalk]

The world needs a distributed, federated video sharing platform and PeerTube can be that platform. But the world is bigger than "free speech activists" and most of the rest of us want nothing to do with them.

Even if we all assume somehow that "free speech activists" (ha ha) are acting in good faith (many aren't, unfortunately), the paradox of tolerance is still a pitfall. If you let people who wish to exterminate others, eradicate constructive speech, etc. follow everybody else, then the burden is put on the people being harassed to 'push them out of their house'.

A lock on the door would be a much better solution than dealing with home invasion after home invasion, logically speaking.

(And, in fact, I suspect that even if this functionality's not implemented, people would implement around the lack of it eventually -- if they write a tool that auto-blocks any followers, keeps track of them, and shows them to the user to unblock and send a "you can follow me now" message. But most users can't do that kind of thing, and if the users who need to have at least deterrent-level security can't, they just won't use the platform at all.)

[Hache-Games]

"Why would you want to refuse a follow?"

The fact that you even asked this question demonstrates why, months ago, people raised concern about this project's approach to design with zero consideration of how it may be used for harassment.

It is precisely why folks recommended you bring on someone with anti-harassment experience.

It reinforces the fear folks had that this team would not take seriously the input of those who have experienced harassment.

Please listen to the feedback gathered here: consider that it only represents a small portion of those who take issue with this feature, as it only represents those who have or are willing to make a GitHub account to comment.

[8spinach]

personally i like to have control not only over who follows me, but also over who gets to see each post. being able to lock down completely and decide at any time which of the people in my network i share anything with is bar minimum in any media platform i’ll consider using. that’s not even just about harassment, i really just want certain things to only be seen by a few people. automatic approval of follows precludes that.

[XenonFiber]

PeerTube is only as good as it's safety and anti-harassment features. Period.

It doesn't matter how good the software is, or how much better than YouTube it is, if only abusers can use it. Your userbase will be completely full of the same shitty people who made YT completely unusable for anything other than a free video dump because there's no barriers stopping them from kicking off everyone else off it.

Building a social platform means understanding why YT and other community sites have failed.

[phikal]

Practically speaking, would this mean that some instances would have to disable RSS/Atom feeds? Since if the argument is, as @gordonzola mentioned:

Then, the trolls automatically receive content that they can harrass. Not enabling auto-accept for follow requests would make this a little bit harder. The difference can be huge

they could just jump over to RSS (and knowing them that's not the issue), maybe even extending Peertube to circumvent the lack of auto-acceptance. And even if that's disabled, HTML can still be parsed for updates. Unless I'm missing something, this issue seems far more intrinsic to federated networks (and the Internet in general) than that it could be solved with an option.

Edit: Never mind this if it deters from what I'm asking.

[techknowlogick]

they could just jump over to RSS

that's right, however it at least adds some barrier to harassment, as well as the issue is that I don't want content syndicated to another instance automatically (RSS doesn't push to other instances, RSS has to be configured on a users end to pull periodically, as well it doesn't populate other instances). By using RSS they are still able to "automatically" discover content (in their feed reader), but like I said it makes it harder. If someone is super motivated to harass disabling RSS feeds wouldn't deter them (for example they could write something in to call the api).

If you take it another level, just by putting out information without RSS feeds or activity pub harassment is possible, this issue is just by making it a little more difficult for those who intend on harassing to give a slight reprieve to those who may be harassed. And as @gordonzola said "The difference can be huge"

[XenonFiber]

@techknowlogick @phikal And once we can completely suspend instances and remote users, it'll be as easy as banning their new accounts and preemptively blocking those non-moderated instances.

They can still see public content in the same way as everyone else, but they'll be stopped from interacting with it.

[rigelk]

@XenonFiber indeed, actor blocks will be the most effective solution in the long term. Making follow requests approvable/deniable will also help detect actors to block.

[witcheslive]

@phikal not every little thing has to solve every problem to be useful. sure they can still get at the content elsewhere, there's always going to be block dodging with public content, but that doesn't make it useless. the point is less to keep people from viewing your content and more to prevent people engaging with it in a harassing way.

to use a practical example, think of how an entire cottage industry exists on youtube of "skeptic" dipwads making video replies to Antia Sarkeesian's videos. if YouTube wasn't shitty, and let femfreq/Anita block bad faith actors from these video replies, an entire subindustry of creeps wouldn't exist that literally make money off of harassing women.

[phikal]

@witcheslive @techknowlogick @XenonFiber Ok, so basically RSS/Atom wouldn't have to be suspended for this, right? (We obviously have different things that deter us from YouTube, but that's really not what I'm after)

[Chocobozzz]

Hum.

I asked one question: "Why would you want to refuse a follow?". It is the basis of software engineering, when the developer does not understand the feature or the use case. I don't think it deserves these :-1: nor some rude comments. Remember there are real people behind projects, that work very hard (some of them for free after their own work) to improve their software so their users are happy.

We don't build PeerTube for us, we build it for people. It's the reason why we take time to understand each issue, to correctly define the scope, or to propose better alternative to some use cases.

So, I asked this simple question because at this time and in my opinion, instances refusing follows of other instances was useless:

• PeerTube has (at the moment) 3 privacy video settings: private, unlisted and public. Private videos are not federated, and unlisted/public videos are shared by the instance actor.
  • Then you could have told me: "I want this feature to protect my unlisted video"
  • :arrow_right: https://github.com/Chocobozzz/PeerTube/issues/944 would have been the appropriate issue
• If you don't want that the public content of your instance to be on other websites, then it's more difficult because we can't really control that. People can make embed of your videos for example
  • Then you could have told me: "We could add another setting to the video to prevent embed!"
  • :arrow_right: Let's create this issue!
• If you want to control your video audience, then what you want is another privacy setting "Only my followers can see this video" + "Ability for a channel to manually accept followers".
  • :arrow_right: Let's create these issues!
• If you want to prevent other instance/people to be notified about new content on your instance, for example to limit harassment then it's useless because they have RSS feeds, that is much more simpler to use than creating a PeerTube instance
  • Then you could have told me: "We could disable RSS feeds, or only enable them for local users"
  • :arrow_right: Let's create this issue!
• etc
• etc

That's how we collaborate. By asking questions that may silly to specify needs, and find other features that could be interesting. Not by posting sarcastic comments making us look like idiots.

I think the scope is well defined, so please let's stop commenting on this issue unless we want to share something new/technical information.

I really need a break :pensive:

[witcheslive]

@phikal With the disclaimer that I only have a cursory knowledge of how peertube works, yes. Just like on a regular Mastodon instance, I'm aware that things like posting locked when anyone can follow me or blocking someone doesn't absolutely keep someone from reading my toots, but it makes it more obnoxious (and clear if they're evading.) Similarly, I don't see much difference between RSS and right-click-open-in-incognito in this case. Though given what Chocobozzz said I might misunderstand this slightly, and maybe an option to disable RSS at various levels (per video, channel, user, instance) would be a good way to give people better control over their content. I'm assuming that RSS is done non-authenticated? Or are there different RSS feeds depending on authentication?

@Chocobozzz I get that it can be overwhelming to get a strong reaction to things, but please consider that being marginalized in any way is to be relentlessly attacked, and constantly. While we cheer on projects like this, we've been let down repeatedly by people running, well, projects like this getting myopic and defensive when concerns are brought up from people who have different needs or use cases than the people who run them. Peertube is a pretty cool concept, and I pray for the day we can share videos without dealing with a nazi entryism algorithm, but I'm not just going to settle for literally anything, and want to see it actually done right this time, y'kno?

[rigelk]

@witcheslive right now RSS feeds are public, except for a user's subscription feed which are authentified. We're planning to extend that to every feed (through an option I guess). Users would have their own personal access token for RSS feeds.

[kyrahabattoir]

Someone is gonna have to educate me on how exactly preventing someone from following your peertube instance is a tool against harassment.

• Preventing an instance from commenting on your content? I get it, absolutely.
• Deciding where your content shows up? Isn't the entire point of peertube to be a federated system?

To me it's just as stupid as being unable to read someone's twitter feed because they didn't like one of my arguments and decided to block me. It's one thing to block yourself from seeing someone else's content, but it's another to block them from seeing your content and I don't really see how that achieves anything.

[Skrylar]

@kyrahabattoir I suspect there is a concern with:

• Someone posts a video to an instance about ice cream sundaes
• It federates to an instance named "look at dese niggas"
• Someone sees the ice cream video on the "offensive" site
• They then guilt-by-associate the ice cream video maker because they showed up on another site.

The ice cream videographer wants to then preemptively block the second before hate mail rolls in about why they support something that they didn't even know they were a part of.

Or in agile terms: As a content uploader I need to control where my content federates so that my brand's reputation can be managed by me.

[kyrahabattoir]

@Skrylar I get this but the federation is a cornerstone of the system. Correct me if i'm wrong but this is not a "build your own private youtube site for free".

It's ment to create a meshed video network after all.

[XenonFiber]

@kyrahabattoir I don't want my instance's videos showing up on the instance of some group of harassers (or literally whoever else you'd want to keep away from). I'm trying to keep a community from becoming targeted as much as possible, and having their videos flow straight into a dangerous instance isn't a good thing in any way.

[8spinach]

@chocobozzz you asked one question and got a lot of answers. people care. they put up money you were happy to take because they care. they’re trusting you to make a space that enables them to share themselves with those they know and love and after dealing with a string of platforms that betrayed that trust and opened them up to harassment they’re right to be concerned when you don’t understand a privacy request. this isn’t a collaboration, federation means the developers control the platform – an unacknowledged but implicitly felt power dynamic on all sides – it’s the whole reason you can feel comfortable demanding free consultation from us rather than going to look at the ways privacy is implemented elsewhere, yourself.

[swift2plunder]

The desired outcome is to reduce the ease with which harassers can create targeted abuse campaigns without forcing lower visibility on those most likely to be targeted. Each additional step or external tool required to monitor the activity of a content creator reduces the effectiveness of such campaigns.

[kyrahabattoir]

@XenonFiber Why? What happens in an instance you aren't following doesn't affect what happens on yours.

[sydneyfalk]

@kyrahabattoir

It's a deterrent to harassment and won't affect most users at all, AFAICT.

meshed video network

IME, most users don't set to screen even when the option's given, they just block after the fact. So it's not as if the bulk of users will suddenly have to 'wait' to 'be approved', or something. This should basically only negatively impact bad faith users and positively impact harassed users to any major degree.

Deciding where your content shows up?

Isn't the entire point of this to give control back to users, ultimately, though?

I can't really think of any reason people would object short of not understanding the need personally (a lot of people have not experienced harassment, which is why it is still often treated as trivial) or being unhappy they're not allowed to access people's content specifically to distribute it to potential harassers.

Hopefully the need is clearer now.

What happens in an instance you aren't following doesn't affect what happens on yours.

If the instance is collecting your material and using it to harass you, it does affect your life, however. Deterrents for that are valuable.

[kyrahabattoir]

It is trivial to turn a post filter into a pre filter.

@sydneyfalk Not at the expense of the network itself, and once you add this kind of control, access to public content from an instance becomes conditional and creates a two way street where an instance can pad its video collection through the federation system while at the same time denying its "exclusive" content to anyone else.

And we are all back to the youtube we all love to hate.

[doublah]

I think many people are looking at this as a solution to problems that don't really exist. On mastodon, many admins use instance blocking to prevent bad actors from harassing their users, if you want to completely avoid all "bad actors" without blocking them yourself, you can always go to your instance's admin.

If you join an instance on any federated service with enforced rules against harassment and such, I would argue the job should come to the admin, who should be doing their job in protecting their users.

[sydneyfalk]

public

Not everything on Peertube is even 'public' at this point, per earlier in the thread:

PeerTube has (at the moment) 3 privacy video settings: private, unlisted and public.

so it isn't exactly like users are explicitly disallowed control over their content.

while at the same time denying its "exclusive" content to anyone else

It's barely going to affect the whole mesh much, and it's to help users of the network.

Whereas giving harassers streamlined harassment options would lead back to the YouTube others hated the very existence of, with constant harassment comments, no ability for users to control anything about the platform, etc.

[sydneyfalk]

I think many people are looking at this as a solution to problems that don't really exist.

That would be referred to as 'preventative'. If PeerTube is looking to avoid the pitfalls YouTube fell into, I don't see how this wouldn't qualify. (And considering how much Mastodon has changed since harassers started working it, I would say there's two good examples of why to be more cautious, not one.)

the job should come to the admin, who should be doing their job in protecting their users

This arguably is a point in favor of the screening option, really. Letting users protect themselves would reduce workload for all the admins by reducing the amount of shitflinging, which is good for both admins and users.

Also: Bad faith admins exist, just like bad faith users. Minimizing their ability to control what users get to do with their own content is probably a good thing in the long run, for that reason and others.

[DavidLibeau]

general case argument: someone could register a domain that is a slur (take your pick of whichever one you want) then syndicate my content there.

You can create any website that looks like yours and download PeerTube/YouTube/whatever videos to scam the users. That's not a PeerTube issue, that's a content protection issue. You solution is DRM video or other tech like this.

It is my kind and sincere hope that the admins listen to the folks here and what they are saying.

This issue was open one day ago and you are alredy saying that nobody is listenning?

In my view, to totally "lock the door" (your words) you need to :

• protect your videos : with DRM protections, or other tech like this to prevent downloading.
• disable embed : by blocking IP and cross origin domains.
• disable data parsing : by disabling API, RSS/Atom Feed ; and even disable HTML, maybe with a Canvas or Image render of the website. What else do we need to "lock the door"? :thinking:

[sydneyfalk]

This issue was open one day ago and you are alredy saying that nobody is listenning?

I believe they said they hope the admins are listening. That doesn't suggest they are or aren't, only that the speaker hopes they are.

totally "lock the door"

There isn't a "complete" securing of anything. This was noted earlier in thread.

Also earlier in thread was noting that this is independent of RSS functionality or even other functionality -- this isn't about all that, it's a simple front door lock. And yes, locks can be picked.

But they're still deterrents, and deterrents are useful. Same reason we use passwords -- not for some mythic 'absolute security', but for a bit more security than zero.

[DavidLibeau]

Also earlier in thread was noting that this is independent of RSS functionality or even other functionality -- this isn't about all that, it's a simple front door lock. And yes, locks can be picked.

It is about data parsing, they said that they want to prevent harassment with citation. I can create a website that parse your HTML (RSS and API are just easier to code) and display it on my website to harass you. Yes it's impossible to prevent but you are asking to prevent it. That was the point of my answer. The only thing you can do is to build a closed community were your videos are totally private and unsharable outsite the community. In my view, you can't totally "lock the door" if you share public content.

[XenonFiber]

@DavidLibeau So you're asking to leave the door wide open then?

[sydneyfalk]

I can create a website that parse your HTML (RSS and API are just easier to code) and display it on my website to harass you.

Most. Harassers. Can't.

Most users can't either. Most people do not have the specialized knowledge you do, and therefore are at the mercy of those implementing features.

In my view, you can't totally "lock the door" if you share public content.

Nobody said that. I'm not sure why that keeps coming up, but I'll quote the rest of my response:

But they're still deterrents, and deterrents are useful. Same reason we use passwords -- not for some mythic 'absolute security', but for a bit more security than zero.

Hopefully it's clearer that this isn't intended as a panacea but a preventative deterrent.

It's a vaccine, not chemotherapy, if we use a somewhat more accurate medical analogy. Vaccines don't mean you can't get sick, merely that you're less likely to get sick and your immune system is slightly more robust. Chemo is a radical, multiple-system-affecting process, and can make people very sick by itself -- hence, it's hauled out as a big cannon for a big problem.

Vaccines help hold off the flu of unskilled harassers; skilled harassers are beyond the ability of users to prevent or detect, but there's no reason to facilitate unskilled harassers just because skilled harassers exist.

[DeadSuperHero]

From the perspective of an account, having the ability to choose whether or not to deliver your content to a specific Actor or Instance is actually not completely unreasonable. Conceptually it's not that far removed from blocking; it's likely that some people would prefer to be selective in curating their audience.

I'd say the only real sticking point is in determining whether this concept can co-exist with public-facing content, since it is accessible to everyone. Would it be unreasonable to just have a privacy level for accounts where those follow requests have to manually accepted by someone who otherwise doesn't have public-facing videos?

[DavidLibeau]

@DavidLibeau So you're asking to leave the door wide open then?

For my use : sharing videos (SHARING), I think that citation is not only wanted but needed. That does not mean that I don't understand your needs, but I also think that you can't say "we want that and the core dev team is not answering us" without proposing technical solutions. And I also think that technical solutions are heavily hard to find for this issue and maybe (or maybe not) can't fit with a video sharing system. So, in my view, we need to find clearly the whole system for a video sharing service (not for PeerTube) that's fit your needs, and after that, try to see how to implement it for PeerTube.

[XenonFiber]

@DavidLibeau The technical solution I propose is literally the title of this issue, and there are plenty of other detailed comments here to reference from.

[sydneyfalk]

That does not mean that I don't understand your needs, but I also think that you can't say "we want that and the core dev team is not answering us" without proposing technical solutions.

I assumed "the option of screening your followers" was literally the described technical solution. I'm not very well acquainted with GitHub conventions of speech -- perhaps 'technical solution' is used to mean a provided implementation that's suggested as an addition? Then that would make sense. Otherwise, I'm not sure what you mean.

Regardless: Several places have this, and have not imploded or become walled gardens through some sort of magic. Mastodon's built on AP and implemented it, frex.

[DavidLibeau]

@DavidLibeau The technical solution I propose is literally the title of this issue, and there are plenty of other detailed comments here to reference from.

The general case argument shows that the technical solution was a bit usseless. So we can accept a PR that implement an useless functionnality in PeerTube, or we can find systemic solutions that resolve the issue...

[DavidLibeau]

Most. Harassers. Can't.

Copy an HTML embed code is up to everyone (and it's easier than creating a PeerTube server).

[sydneyfalk]

The general case argument shows that the technical solution was a bit usseless.

It showed it couldn't solve everything, and further discussion indicated it wasn't expected to, so I'm not sure what you're trying to say.

systemic solutions that resolve the issue

You said yourself there isn't a solution. Even the measures you offered are defeatable.

A simple deterrent is literally all that's being asked for.

Copy an HTML embed code is up to everyone.

I assume you mean it's within anybody's ability. (And, actually, it technically isn't. Some people literally don't know what an embed code is. There are still plenty of technically unskilled people in the world. The fact you can do it in a heartbeat and I might be able to figure it out with a bit of time (with my rusty-ass tech skills from back when) doesn't mean every single rando can do it.)

The other things you described certainly weren't immediately accessible items to most people, though.

The point is not keeping skilled harassers out. The point is deterring unskilled harassers, which this would demonstrably do.

Regardless of all these things: Why shouldn't people be able to lock this door? What exactly is being lost here if people can screen their followers? (Other than, I guess, harassers complaining to admins that they can't harass as efficiently? Is that a thing? I don't admin anything, I know it's not something I could handle.)