#Tag · bonfire.cafe

@caterpillar @stefan @ErickaSimone yes, I agree, the dominance of Mastodon does tilt both perception and reality of safety features. I hope that the various platforms here do learn from each other

Jupiter Rowland

@jupiter_rowland@hub.netzgemeinde.eu replied · 2 weeks ago

@ Rob Ricci @ caterpillar @ Stefan Bohacek @ Ericka Simone This is exactly the problem.

I'm on both Hubzilla and (streams) with multiple channels, and I've been on Hubzilla under various guises for longer than the vast majority of Mastodon users have been on Mastodon. I guess you can say that I know both very well.

I can tell you that the possibilities of Hubzilla's permissions system are staggering. It works on up to three levels: for the entire channel (that's "account" in Mastospeak), for individual connections (that's "followers and followed" in Mastospeak), for individual content (posts and and entire conversations, but also images and other uploaded files and documents).

For example, you can grant or deny permission to

see your public profile (this requires OpenWebAuth magic sign-on which Mastodon has rejected)
see your connections (this requires OpenWebAuth magic sign-on which Mastodon has rejected)
see your public posts in your stream (this requires OpenWebAuth magic sign-on which Mastodon has rejected)
send you their posts (this means public posts that aren't replies because replies are not posts on Hubzilla)
like (that's "fave" in Mastospeak; you know, the star), dislike and comment on your posts
send you DMs
see your uploaded files (this requires OpenWebAuth magic sign-on which Mastodon has rejected, but this also extends to images and other media embedded into posts, comments and DMs)

All in all, Hubzilla has 18 such permissions, but these are the ones that matter from a Mastodon point of view. They can be granted or denied for your entire channel at seven or eight levels, and if they're denied at channel level, they can be granted for individual connections. Imagine that, on Mastodon, you could allow only certain followers to see your profile and your toots. Or you could only allow certain followed accounts to send you their toots. All of this is reality on Hubzilla right now.

Better yet: You know that you can send toots only to mentioned accounts on Mastodon. Hubzilla exceeds and improves upon this in three ways. First of all, you can send posts to individual connections. Or to a certain privacy group (from a Mastodon POV, that's a list on steroids). Or to a custom selection of individual connections and privacy groups while even being able to exclude certain other connections or privacy groups. This goes way beyond Mastodon's "mentioned = allowed to see".

But this doesn't only define who will receive your post. It also defines who is permitted to see your post.

And: The permissions of a post are inherited by the entire conversation. Comments always have the same permissions as the top post. There's no restricting the permissions in a comment, and there's no relaxing the limitations of a comment. It's impossible to pull other Fediverse users into a private conversation by mentioning them if the top post wasn't targetted at them.

Even better yet: You can allow or disallow comments on individual posts (remember that a post on Hubzilla is only a post if it starts a conversation, not if it's a reply).

On top of all this, Hubzilla's filters are both vastly more powerful than Mastodon's filters and easier to use. Mastodon requires you to set up one new filter for each word that you want filtered. It's always blocklisting. And it's always account-wide.

Hubzilla covers Mastodon's entire filter functionality with one or two text fields. You have one blocklist for the whole channel. And you have an optional extra feature named "NSFW" with its own filter list that generated individual, reader-side content warnings for you. The equivalent of defining a new filter on Mastodon is to add a new line to one of these filter lists. Want to back them up? Just copy-paste them into a text file.

But wait, there's more: Hubzilla also has a channel-wide allowlist. If you only want to see certain content in your stream, you can allowlist certain keywords.

Hubzilla even optionally has one blocklist and one allowlist per connection. Imagine you could filter individual followed accounts on Mastodon.

Hubzilla's filter lists support regular expressions. There is also a "filter syntax" that lets you filter by whether a message is a top post or not, whether a message is public or private, whether it's a repeat (that's "boost" in Mastospeak or "retoot" for those of you who still have Twitter on the brain). The filter syntax even lets you use Boolean operators.

(streams) and Forte are similar. Their permissions are somewhat different (you don't need permissions for wikis and websites if you don't have wikis and websites). The permissions system is vastly easier to use because it's no longer template-based. You can simply switch permissions on and off for your channel as well as for connections. And you can choose to have even more options for reply control.

Again, all this exists in the Fediverse right now. And most of it has existed for longer than Mastodon. Some of this dates back to the earliest days of Friendica in May, 2010.

Unfortunately, next to nobody knows.

For most Mastodon features, the features that Mastodon has are the features that the Fediverse has. If Mastodon doesn't have it, the Fediverse doesn't. Not only is Mastodon the default, but there's nothing that strays from this default. That's why Mastodon users keep wishing for "the Fediverse" to introduce features which Friendica has had for almost 16 years already. Or which Hubzilla has had for over a decade.

In addition, probably not even 10% of all Mastodon users have ever heard of Hubzilla. Probably not even 1% of all Mastodon users know what Hubzilla can do. And even only the existence of (streams) and Forte is almost entirely unknown outside of (streams) and Forte themselves and Hubzilla.

# Long # LongPost # CWLong # CWLongPost # FediMeta # FediverseMeta # CWFediMeta # CWFediverseMeta # Fediverse # CW # CWs # CWMeta # ContentWarning # ContentWarnings # ContentWarningMeta # Hubzilla # Streams # (streams) # Forte # Permission # Permissions # ReplyControl # ReplyControls # Filter # Filters # MastodonCentricism # MastodonNormativity

unattributed

@unattributed@gotosocial.social · 4 weeks ago

@benpate
@swf @sovtechfund @bonfire

Curiosity question... Currently, if you are sending DM's between two users and a third is added part way through, the third party can see all the previous messages. That is a highly undesirable situation. If I understand correctly, this is a limitation / side effect of the ActivityPub specification.

Will this be resolved, or is it part of the spec, for this solution? IE, will there be a way to be certain that third parties cannot see previous portions of a Private DM thread? Or better, will it be default behavior to not expose the previous messages to third parties who are added to the thread later?

Jupiter Rowland

@jupiter_rowland@hub.netzgemeinde.eu replied · 4 weeks ago

@ unattributed 𓂃✍︎ @ Ben Pate 🤘🏻 @ Social Web Foundation @ Sovereign Tech Agency @ Bonfire Ideally, one day, the highly advanced permissions system available on Hubzilla (based on Zot, ActivityPub optional), (streams) (based on Nomad, ActivityPub optional) and Forte (based on ActivityPub) would be cast into one or multiple FEPs.

This would solve this issue by not only controlling who receives a DM, but also who is permitted to see the DM. In combination with FEP-171b Conversation Containers (which was invented on (streams), inherited by Forte and backported to Hubzilla), the permissions of the DM would be inherited by all comments and replies to the DM with no way of ever changing these permissions anywhere in the conversation.

See, if I send a DM to Alice and Bob, then only Alice, Bob and I are permitted to see the DM. Also, only Alice, Bob and I are permitted to participate in the conversation, and Alice, Bob and I can see each comment and reply, but only the three of us are permitted to see them. The entire conversation has the exact same permissions all over, inherited from the initial DM.

Anyone of us can mention Carol all we want. But that does not give her permission to see anything in the conversation, not even the comment/reply that mentions her. Once the initial DM is out, its permissions are set in stone, and it's also set in stone that any and all follow-ups in the same conversation have the same permissions as the initial DM.

This does not even require encryption. That said, at least Hubzilla does offer encryption on top of the permissions system; however, it's only compatible within Hubzilla AFAIK.

# Long # LongPost # CWLong # CWLongPost # FediMeta # FediverseMeta # CWFediMeta # CWFediverseMeta # Hubzilla # Streams # (streams) # Forte # FEP_171b # ConversationContainers # Permission # Permissions # DM # DMs # DirectMessage # DirectMessages # PrivateMessage # PrivateMessages

Jupiter Rowland

@jupiter_rowland@hub.netzgemeinde.eu · 4 months ago

@ Julian Fietkau I'm surprised to read that (streams) allegedly has FEP-e232 implemented. As I happen to have two (streams) channels myself, and as (streams) allows me to have a look at the whole source code of any activity (whereas Hubzilla only shows me that of the content), I've checked a fairly recent post of mine that includes a link. And while it does define the hashtags just like Mastodon and Hubzilla, it does not define links in a way that conforms to FEP-e232. Either that, or (streams)' implementation of FEP-e232 is newer than the software was when I sent that post.

Next, I wanted to see if (streams) had its way of quote-posting changed in the last seven years or so of development and forking. I expected it to quote-post like Hubzilla, namely by turning a BBcode short code into a dumb copy of the original upon sending, but I wanted to see proof. As (streams) is a fork of a fork of three forks of a fork (of a fork) of Hubzilla that's still maintained by Hubzilla's own creator, I would have been surprised if he had changed the way (streams) quote-posts at some point on the way.

So I quote-posted my own post on (streams) just to see what happens. And (streams) acted exactly like Hubzilla and not at all like described in FEP-044f on the surface. It still inserts a dumb copy.

Good thing I have access to the full source code of any message on (streams). So here's what happened, namely what I expected to happen: (streams) quote-posts like Hubzilla.

First of all, when I clicked the "Share" button, this short code was inserted into the post editor:

[share⁠=1198713][/share]

The number, by the way, is the running number of the message to quote-post on the server.

Upon sending the post, (streams) automatically "expanded" the short code into the dumb copy I had expected.

[⁠share author='Jupiter+Rowland' profile='https://hub.netzgemeinde.eu/channel/jupiter_rowland' portable_id='_moYLN61-o3FbP3jyThygMDf-bjF2cApXgkrwlAE77iKy19xM1_6F06V4b71eTkqqNaTUjGiN0lfw2dyn5nXRw' avatar='https://streams.elsmussols.net/xp/6b50efa4bb804860f6128bba791b74fab4a0a5e09dbcbee8d8ca77cee00f0330-6' link='https://hub.netzgemeinde.eu/item/0a1cdda5-eb1c-4a33-9574-ddd896977b4f' auth='true' posted='2025-09-21 19:42:56' message_id='https://hub.netzgemeinde.eu/item/0a1cdda5-eb1c-4a33-9574-ddd896977b4f'] ...(the source code of the original message goes here)... [/share]

Both Hubzilla and (streams) render this the same way, namely with a header line above the copy that includes the profile picture of the original author, the name of the original author with a Zot/Nomad-type link to their channel/account and a Zot/Nomad-type link to the original of the post ("Zot/Nomad-type" means that [zrl][/zrl] is used rather than [url][/url] which means that the ID of an observer on Hubzilla/(streams)/Forte is attached to the link for OpenWebAuth identity recognition purposes.)

At the same time, curiously, (streams) includes the line "rel": "https://misskey-hub.net/ns#_misskey_quote" and a line that starts with "name": "RE: and continues with the URL of the original message into the code for the link to the original message. The latter is identical to what Misskey and all Forkeys have in quote-posting notes in plain sight, only that (streams) only reveals it in the source code rather than in the content as well.

So this part of FEP-044f is implemented, albeit concealed from most people and only happening in the code.

Now, looking at the quote policy part, that looks like it could be possible to add to the Fediverse's permission champions Hubzilla, (streams) and Forte. After all, they already have comment controls with no FEP backing it (and if GoToSocial's quote policy can be made into an FEP, maybe so can (streams)' and Forte's comment controls so that they actually do blank out reply buttons on the farther ends of the Fediverse if the software on the farther ends implement support for that FEP).

This could be done at three levels again. I'll illustrate this with (streams) and Forte because they're quite a bit less complex than older Hubzilla.

At channel level, quote-posting (and maybe quoting as well) could be set as usually, namely to semi-public (= everyone in the Fediverse = no quote policy), restricted (= only your contacts) and only yourself. (Seriously, you don't want random passersby with no accounts to quote-post you. Even though you can allow them to comment on your posts if you dare.)

"Only yourself" could be overridden at contact level by permitting certain contacts to quote-post (and maybe quote) your messages. This is actually standard behaviour on (streams) and Forte.

And then there is the per-post level which would be similar to (streams)' and Forte's comment controls. These allow you to limit who may comment on a post to only your contacts and those who have already participated in the same conversation, and they allow you to turn off comments altogether.

Quote authorisation would not be much different in handling from manually moderating comments from those who technically aren't permitted to comment (only that spammers don't quote-post, at least not yet, and they probably never will because that simply makes no sense). So that'd be nothing really new.

Of course, this would have some limitations which come from how Hubzilla, (streams) and Forte work and from their conversation architecture.

The first limitation is that you could only give certain contacts permission to quote-post your posts if you didn't give it to the whole Fediverse. Channel-wide permissions are always inherited by contact-specific permissions, and this cannot be overridden. So you couldn't generally allow everyone to quote-post your posts except for one certain contact of yours.

The second limitation is that you can only control the permissions of contacts, but not of non-contacts. So you can't disallow some stranger whom you aren't connected to to quote-post your posts while everyone else is allowed.

Then again, FEP-044f doesn't make either of these two possible either. It can only define who is permitted to quote-post a post, not who isn't.

The third limitation is that, on Hubzilla, (streams) and Forte, comments always have the same permissions as the post that they belong to because comments always have the same owner as the post that they belong to. Basically, if FEP-044f was to be defined for each comment individually, it would have a chance of clashing with conversation containers as per FEP-171b.

Here on Hubzilla, as well as from (streams)' point of view, everyone's comments in this thread are owned by me because I've started the thread. And the permissions on all these comments are defined by my post. I've seen my share of permission clashes whenever someone on Mastodon replied to a public post or a public comment with a DM, and Hubzilla overrode this by forcing the permissions of the post on that reply.

In practice, this means that the quote policies of all comments would be the same as that of the post. At least that's how Hubzilla, (streams) and Forte would understand them because the concept of comments having different permissions than the post is alien to them. So if you say that I'm not permitted to quote-post your comment, but I say that anyone can quote-post my post, Hubzilla and (streams) override the quote policy that you've given your comment on Mastodon with the quote policy that I've given my post on Hubzilla, and I can quote-post you.

So the actually difficult part would be to implement an exception in how Hubzilla, (streams) and Forte handle comment permissions for quote policies and make them individual for each comment rather than making comments inherit them from the post.

Well, and lastly, if you permitted all your contacts to quote-post a post of yours, and you had a few more contacts, the "canQuote" section would end up monstrous. (A bit less so if you could cherry-pick those who are allowed to quote-post you on a per-post base, just like you can cherry-pick those who are allowed to see the post in the first place.) Also, I'm wondering just how well policies as per FEP-044f (and their implementations in various server applications) will work with DIDs as per FEP-ef61 which (streams) and Forte use, and I guess, so does Mitra now.

# Long # LongPost # CWLong # CWLongPost # FediMeta # FediverseMeta # CWFediMeta # CWFediverseMeta # Fediverse # Misskey # Forkey # Forkeys # GoToSocial # Hubzilla # Streams # (streams) # Forte # Mitra # QuotePost # QuotePosts # QuoteTweet # QuoteTweets # QuoteToot # QuoteToots # QuoteBoost # QuoteBoosts # QuotedShares # Permission # Permissions # FEP_044f # FEP_171b # FEP_e232 # FEP_ef61