Feature request: filter out webmentions from particular domains / sources

[tantek]

Not quite a block list (e.g. https://github.com/snarfed/bridgy/issues/473 and related) but rather it would help a lot to filter out (without deleting) webmentions from particular domains or sources.

E.g.: Exclude Bridgy webmentions from backfeeding Twitter responses (replies, reposts, likes, mentions). Not sure of the best syntax etc. for doing that in an API request URL query param etc.

The problem is that while Twitter allows blocking, that's often too late / after the fact, and abusive replies (or accounts) can get through, and then end up displayed (or linked to) on your own site (especially via an embed). Bridgy doesn't do blocking yet.

Eventually (hypothetical?) we'll see abusive domains (outside of Bridgy / silos) sending webmentions as well, and the more we're prepared to at least filter, the better.

[tantek]

(Personal blocker: I need something like this just to even start displaying a facepile of likes, because if for example one of those likes is from an abusive account, I want a way to stop/delete that webmention from showing up (possible abusive icon!) and linking from my site to an abusive profile)

[voxpelli]

Related: https://github.com/voxpelli/webpage-webmentions/issues/31

[snarfed]

hey @aaronpk, would you consider consuming mf2 blocklists as a way to implement this filtering? if so, i'm happy to prioritize snarfed/granary#40.

[tantek]

I'm not sure we need the abstraction of a separate / external list yet. I think the MVF for this would be a query param of a handful of domains/sources.

[snarfed]

@tantek MVF, yes, but sounds like your own block list is probably big, so the MVF wouldn't work well even for you as the canary here, right?

[tantek]

No, the MVF would work for me because I would start with "block all Twitter backfeed from Bridgy" as a stopgap (without having to disconnect Bridgy from Twitter and thus lose valid responses in the mix)

[aaronpk]

Step one for me in webmention.io would be adding a way to have block lists internally at all. I'd start by implementing a minimal UI for managing which things are blocked, similar to how this works on Twitter. Then I could definitely see syncing that list from an mf2 blocklist that might be generated by Bridgy.

Things that you could block:

• source URL matching by domain or prefix (e.g. malicioususer.example.com or *example.com/malicioususer*
• author URL matching by domain or prefix (allowing you to block Twitter accounts from Bridgy URLs for example)

Functionality summary:

• If you block something in webmention.io, all previously received webmentions will be marked as "blocked" and will no longer show up when the API is queried.
• Future webmentions that match the block list will be acknowledged (so the sender doesn't know they've been blocked) but will not be stored.
• Unblocking will cause all the previously received hidden webmentions to be shown again, but nothing that was received while the account was blocked will be shown because they will not have been stored.

[aaronpk]

Update: I implemented the first bit of this internally as part of the ability to delete webmentions (and prevent that source URL from appearing again).

[snarfed]

small note here that the functionality above may need to support u-url and/or author, since e.g. bridgy doesn't have source URL prefixes per source silo account.