It seems to me robots.txt or #nobot or a flag in the activitystream, or any advisory setting, isn't going to be more than a speed bump to abuse. In fact, it'll be a pain for ordinary users, while the folks with bot/troll armies will ignore that setting and index the fediverse as much as they want. And a "friend-locked" mode feels very restrictive. Maybe: friends-of-friends locked. Maybe some other social-graph algo. Maybe a TOS click-through legal tool.

@sandhawke An Advisory setting is just going to be ignored by bad actors anyways, so it is a false feeling of security, and you can only enforce any security modes on your side, the moment it leaves a node without something like E2EE you are relying on the foreign server to honour your requests.  Trying to have privacy on this kind of a model is like trying to turn back the ocean with a pail and a spade.  The only reliable way is E2EE, but that is typically much more difficult in the UX/UI space than most users want to deal with.

@maiyannah I mostly agree with you, although I think there's still value in a 'trusted-people-only' setting. Yes, you're also trusting the instances those people use, but I think that's generally going to be an okay bet. At least, I'd like to give that a try. We do that for email, and it generally works okay.


@sandhawke @maiyannah So, Diaspora and Google Plus both have the aspects/circles thing and this was a popular feature for exactly this reason.

ActivityPub supports this via collections of users. Maybe that's also what people want. (Mastodon and GNU Social don't yet but could.) We haven't emphasized it though in examples...

(sharing my own post like a jerk mainly because I'm interested in feedback on it)

@cwebber @sandhawke Er, GNU social has had groups since it was called StatusNet.

@maiyannah @sandhawke I know statusnet-style groups, and not totally the same thing. ActivityPub collections generic enough to do either, but:

- aspects/circles: a collection of people addressed to by an individual: select sending this to only "family" or "coworkers"
- groups: more like open-subscription mailing lists

Both are "collections" of sorts, but how "who's in there" is managed is different.

@maiyannah @sandhawke Not familiar with what that means. Is that like a tag on a person's profile?

Distinction is, if I select "family", I'm probably selecting my own family, not everyone's family :)

@cwebber @sandhawke Peopletags are basically lists from Twitter, but opted into by individual users, which avoids the "people making lists of people they want to harass" problem handily.
We've got (buggy) @#peoplelists for that in !GNUsocial. Just not the "blindly trust remote admins to be perfect moral individuals and expert sysadmims" aspect of it all.

@mmn @cwebber Some convo on that here but it's still not clear to me, who's adding people to the lists?

You build your own lists. On a profile page there's a "tags" field, so you can tag people with like #fedsocweb or #saunaclub and then to post to them you "mention" the hash tag and it's like writing all the nicks at once.

So you can choose yourself who to include. Reasonably these lists could be shared and you could mention someone else's list.
Sign in to participate in the conversation

On the internet, everyone knows you're a cat — and that's totally okay.