w3c / activitypub

http://w3c.github.io/activitypub/
Other
1.22k stars 77 forks source link

Option to silently follow `Actor`s #361

Closed n-bernat closed 1 year ago

n-bernat commented 1 year ago

Context: I'm creating a new server-to-server implementation of ActivityPub and I want to fill it with Actors and Notes


Currently, if a new instance wants to populate its "federated" or "public" feed in order to offer some more content to its users it has to either:

  1. implement a bot that would automatically Follow Actors that interacted with content already present on our instance (eg. automatically Follow a remote Actor that replied to a Note by an Actor that is on our instance),
  2. periodically fetch outboxes of various remote Actors.

First solution may result in a degraded trust to our instance since followed users will wonder why they got followed by a sketchy bot.

Second solution (while works without bothering other users) stops organic growth of our instance since it won't grow as a result of real interactions. Moreover, it's possible that we go out of sync with Actors that we are following.


Solution that I thought of is to define an option to silently Follow an Actor as an Actor of type Application which would result in subscribing to Notes targeted to https://www.w3.org/ns/activitystreams#Public without notifying followed user. Privacy won't be compromised since it's already there in Actor's outbox and user won't have to wonder why a weird bot followed them.

nightpool commented 1 year ago

No, this would be a huge privacy and security risk for the people followed. We definitely don't want to encourage anything of the sort. Followbots are distrusted for a reason

Clay-Ferguson commented 1 year ago

When I post publicly I want the widest possible audience based on whatever network distribution system works. FollowBots work. When I see a FollowBot follow me, I know that's one more thing moving my public posts around the web, helping others find me and interact with me. If I want something private I send a DM.

For example: The network effect and the fact that Twitter covers such a WIDE audience is a 'feature not a bug', regardless of anything else you might think about Twitter or Centralized systems. The large audience and large network is not the problem.

joyeusenoelle commented 1 year ago

There's a pretty clear divide between people who want to use ActivityPub as a social medium and people who want to use ActivityPub as a marketing/tech vector. In my opinion, when there's a divide like this, the more ethical approach is the one that doesn't decrease user privacy and increase the likelihood of corporate abuse; in this case, my belief is that that's the existing behavior.

roadriverrail commented 1 year ago

This seems to boil down to "people think they're being followed by a sketchy bot, so I would like to remove the process informing them they're being followed by a sketchy bot". The correct answer here is to make the bot, and the service it empowers, not look sketchy.

Asking users to accept lower privacy protection and self-ownership because "it doesn't make my use case easy" doesn't sound like a fair bargain to me.

gersande commented 1 year ago

This undermines security and privacy of users on the fediverse for... a nebulous opaque reason? I think this would be a net negative.

trysdyn commented 1 year ago

I'm confused. You propose an addition to the spec that allows secret following so that you can perform behavior that has classically been considered sketchy or privacy invading without the target knowing about it. Then you claim alternatives do not encourage "real interaction" or "organic growth" when the thing you propose is a one-sided secret interaction to begin with.

If your goal is to promote real interactions, the way to handle this is to have people initiate (and optionally approve) follow interactions in a 1:1 manner, and build interactions around that process. Bootstrapping a new instance is a only half-solved problem right now, but part of the strength of the federated model is having networks where the links are a sum of what your community likes and not just a firehose of random stuff.

Solution that I thought of is to define an option to silently Follow an Actor

I am not clear on what would be gained here from the proposed use-case aside from the ability to slurp data without consent for any number of nefarious purposes. This could end up being a massive net negative for privacy, safety, consent, user agency. If someone does not want to be followbotted they'll block the bot and there's no problem; you're proposing taking that agency away for a purpose that is not entirely clear except for "I don't want to be refused in that manner"

Also not least of all is the avenue this creates into far more easily building a scraper or data farm without the consent or knowledge of the people being scraped...

On a more fundamental level I suspect if such a thing were to be enshrined in the spec, you would see almost 0% compliance from the sector of AP implementations that prioritize user privacy and safety which, at present, is most of them.

ShadowJonathan commented 1 year ago

NO.

Can we PLEASE stop normalising hijacking and disregarding explicit consent and user agency?

Edit: Has nobody learned anything of the last few months? Qoto.org? Abusive followers? Can we please not repeat mistakes and ignore warning signals that have been taking place LITERALLY in the past MONTH?

Arteneko commented 1 year ago

This is not twitter, stop treating it like it is.

AP is not a marketing-oriented protocol, and it's not made for data-stealing or other toxic behavior.

Following (and manual approval of follow requests) exist for a reason: to allow everyone to see and manage their account and community, and to provide real accountability for users and bots. This is called informed consent.

If you want to do something you explicitly said would make people block you, there is absolutely no way to not consider this as extremely toxic, and trying to force such a horrendous idea into the spec itself to try to get implementations to comply with this is just plain bad.

RileyApeldoorn commented 1 year ago

what you are proposing is the most serious violation of user consent and privacy, which flies in the face of how and why literally the entire protocol exists

kate-shine commented 1 year ago

When I see a FollowBot follow me, I know that's one more thing moving my public posts around the web, helping others find me and interact with me. If I want something private I send a DM

Good for you, but If you like it when followbot follows you, you probably don't mind getting notification about it either and this feature request is unnecessary for your use case.

zenhob commented 1 year ago

Doesn't the spec allow followers-only posts? It seems like this would completely violate the intent of those kinds of posts.

nightpool commented 1 year ago

Hi all, I think we've made our point. I don't know if this got linked somewhere or why else this issue might be getting brigaded, but I think we've resolved this conversation for now and we don't need to add additional comments.

gersande commented 1 year ago

Hi all, I think we've made our point. I don't know if this got linked somewhere or why else this issue might be getting brigaded, but I think we've resolved this conversation for now and we don't need to add additional comments.

I think it's because this whitepaper which links back to this post has been circulating in some discussions about followbots and privacy.

ShadowJonathan commented 1 year ago

I think it's because this whitepaper which links back to this post

That white paper is from a server that has had several fediblock posts circulating around, fwiw.

roadriverrail commented 1 year ago

I think it's because this whitepaper which links back to this post

That white paper is from a server that has had several fediblock posts circulating around, fwiw.

Indeed, I came here because the bot followed me, and in discussion with my instance co-admin, she and I discovered this discussion referenced in the whitepaper and wanted to be sure our concerns were voiced. No brigading, per se.

Maffsie commented 1 year ago

Speaking as the operator of a Mastodon instance since 2017, I strongly object to any spec change that would reduce the privacy of users on the fediverse, which I believe this proposal would do. Ignoring the problem of scrapers, a Follower by nature would receive unlisted notes, even if a user’s profile is otherwise open. Follow-bots are annoying but at least the notification allows the end user to immediately take action to block the bot. A silent follow system of any form is unacceptably easy to abuse.

This is antithetical to what I perceive ActivityPub’s mission (granted, through the lens of a Mastodon operator) to be. At a period where ActivityPub adoption is accelerating, this feels especially ill-advised to suggest.

n-bernat commented 1 year ago

Ok, I think it's clear enough for me what is the purpose of ActivityPub. Thanks everyone for this discussion and taking your time, I will try to look for different solutions for my project that will satisfy both me and the community

(also replying to one of those comments I wanted to clarify that proposed instance-level follow would have access only to public posts and not those for followers)