mastodon / mastodon

Your self-hosted, globally interconnected microblogging community
https://joinmastodon.org
GNU Affero General Public License v3.0
47.22k stars 7k forks source link

Begin Silencing Unsupported Version Mastodon Instances #29283

Open Shanesan opened 9 months ago

Shanesan commented 9 months ago

Pitch

This is in relation you the current spam wave but just good general practice:

Mastodon has versions they support and those they do not, but the instances with unsuppported versioning continue to communicate with servers that are, or are close to, up to date.

I suggest silencing these older instances, such as any instances still running the 4.0.X or 3.5.X branch that isn't the latest, making them unable to communicate with instances that stay up to the minimum requirements.

Motivation

Most of these old instances are floating the fediverse unmanned, unmoderated, unadministrated. Vectors for bad actors to do damage to the fediverse and dampen its reputation due to the difficulty of moderating these actors.

There's no need or value added to support Mastodon Instances that are literally 2 years old and untouched since 3.0.1, except a method for any user still actually using it to move off to another instance.

dalekcoffee commented 9 months ago

I agree here to some extent.

We should respect I think the absolute latest build, but definitely one build below. Perhaps another one below that.

After that, I definitely agree. I found a server where the admin account was a human (not a service account) and his last activity was back in 2022 server way out of date.

ChiefGyk3D commented 9 months ago

I would propose an N-2 capability. As long as it's within two builds it should still be supported. This falls in line with policy on a lot of InfoSec tools I use as well.

rararwg commented 9 months ago

It's just a speculation that servers not using the latest version are unmoderated. Many instances I know stay in 3.5.x because they don't like the new features, for example the changes in the UI since 4.x. Those instances are very actively in use, it would be a shame to silence them, forcing them to update to a version they don't like.

InvoxiPlayGames commented 9 months ago

A non-negligible number of servers run forks of the Mastodon code where the version number isn't always in lockstep with the mainline branch - I've seen a couple of servers still cherry pick the latest security patches but stay on an older version for personal preference/software config reasons. It's not a good metric to judge whether a server is actively maintained and moderated or not.

Also, any sort of policing on what software is allowed on the fediverse is just asking for trouble. Spam and abuse should be filtered by filters that can detect spam and abuse (of which Mastodon lacks), not filters that can detect outdated software.

Aeris1One commented 9 months ago

Not to mention it is also against most EU laws related to moderation on social medias (which apply to any Mastodon instance that is accessible from EU). You just can't preventively ban anyone.

Shanesan commented 9 months ago

Not to mention it is also against most EU laws related to moderation on social medias (which apply to any Mastodon instance that is accessible from EU). You just can't preventively ban anyone.

IANAL, but technically you are not banning a user – that user can find an instance that has an active administrator that does the bare minimum to keep the community safe. Defederating an old instance is not a ban, it's dropping support.

This is the same thing as logging into Facebook: Facebook keeps you on the latest version because that's the only thing they support when you log in. Mastodon doesn't do that. And it should to a point.

Aeris1One commented 9 months ago

IANAL, but technically you are not banning a user – that user can find an instance that has an active administrator that does the bare minimum to keep the community safe. Defederating an old instance is not a ban, it's dropping support.

Free, a French Internet access provider, got fined because it was banning mailservers that were, according to Free, "spams", but did not infringe any law.

In fact there are two legal possibilities in EU law :

If an illegal content is posted, stay online 2 hours and then you moderate it, you aren't prosecutable if you're a "mere conduit", but you are if you aren't.

This is due to the EU Directive 2000/31/EC, article 12 "mere conduit".

I personally don't really like that law, but it's the law. You just can't moderate what's not illegal in the EU, or else you'll be deemed responsible for every word that appears on your instance (be it from your own users or from federation).

Using an old version of Mastodon isn't illegal, thus implementing such a silencing would make every Mastodon instance "not mere conduit" and expose them to legal responsibility for everything that's accessible through them.

ThisIsMissEm commented 3 months ago

I would say that if someone wants this, then it should be implemented in user-land via the APIs.