Post by @gaditb@icosahedron.website

@gaditb@icosahedron.website · 11 months ago

@mayel
-- And I'm sure there are people who, like, have done theoretical and practical work supporting them in these scenarios, who already have a lot of expertise thst doesn't need to be rederived from scratch --

And ask them to know what capabilities they'd need, what they'd reach for given the tools/options this software provides, and try to trace what assumptions they make and whether the implementation aligns with those.)

(Possibly also running scenarios maybe? Maybe e.g. one target with one account, attacker and per-scenario supporting other accounts they can use also, a support-resource person who can react to information they can see through the network. I'm sure people who like actually know what they're doing and are not just tossing out thoughts have better/stronger-formaized suggestions.)

Mayel

@mayel · 11 months ago

@gaditb@icosahedron.website great point! This is what's currently shown when you delete a post in Bonfire, I guess we could make it clearer that this:

deletes it on your local instance
sends a deletion request to other instances (and to which ones?)

A screenshot that says: Delete this post - A request will be sent to remote instances to delete it as well.

Gadfly (-booq-)

@gaditb@icosahedron.website · 11 months ago

@mayel Oh wow! I didn't even look at the specifics yet (another reason this was dashed-off and non-specific), that's great that you've already been thinking along those same lines!

The actual specific thing with Bonfire set me off on this line of thinking was:

"""
E.g. you can share a post with several circles but only allow replies from a specific circle, or make a post public but invisible to specific people.
"""

"Make this invisible to X, Y, Z" strikes me as something that can requires very nuanced and situation specific careful stepping around disclosure/visibility and trust. (Ranging from "none", e.g. planning a birthday party, to much higher stakes.)

Mayel

@mayel · 11 months ago

@gaditb@icosahedron.website Good catch! We usually try to explain things in a more comprehensive way than in that short blurb. Specifically in this case, if something it shared publicly there can be no gurantee that they won't see it. For non-public posts there's no guarantee either (because there's no end-to-end-encryption) but there's a better chance, since we distribute it only to the actors who were given permission (in a similar way as BCC in email).

Gadfly (-booq-)

@gaditb@icosahedron.website · 11 months ago

@mayel How visible is the exclusion itself, though?

Like, if I send to "Hey does anybody have a place I can crash tonight?" to @group--attendees_of_this_hacker_gathering but invisible to @guy_I_dont_trust_to_be_alone_with_but_really_dont_want_to_get_into_a_public_confrontation_about_that_right_now,

is there a chance that @defender_of_that_guy_who_sees_fear_of_him_as_an_attack_on_his_character sees that block in the metadata of the post and starts flaming me about it?

This is a contrived example that I don't have specific experiences I'm translating it from,
and sometimes technical limitations or just "we don't have a better design for that yet" mean that you can't AVOID exposing that, so it's not necessarily "it Must Be Fixed if it reveals this",
just,
(a) finding what intuition might be, and checking the implemented teality against that
(b) exploring what attacks there might be, and knowing where they might be made less post-hoc surprising

e.g.:
https://old.reddit.com/r/BlueskySocial/comments/18ebrhx/blocks_being_public_is_already_leading_to/

2+ more replies

Gadfly (-booq-)

@gaditb@icosahedron.website · 11 months ago

@mayel (Also there's a limited degree to which I'll be able to evaluate whether a given phrasing does correctly and coherently align promise to reality.

I'd like to think I know how to WORRY well, and to understand networked/distributed systems enough to look for places where intuition might misalign, but I don't have experience needing or using these tools, to speak to success.)

Gadfly (-booq-)

@gaditb@icosahedron.website · 11 months ago

@mayel (My best idea of how to get a good evaluation on that is to reach out to people who regularly use/need these as safety features (or who have had specific need for them) --

-- public figures whose public existence in general tend to attract haters who feel empowered, people who have been subjected to targetted harassment campaigns (often I-think-with-no-specific-formal-knowledge-work-backing-this these are often non-public figures, whose interaction with/from a public figure or keyword made them visible to a community that uses harassment campaigns as a tool), domestic violence survivors/people who have navigated domestic instability involving someone in their social community in a position of resource-controlling power over them, people who have had previous trust-relationships collapse, etc. ...
--

1+ more replies

Gadfly (-booq-)

@gaditb@icosahedron.website · 11 months ago

This is re @mayel 's recent post about Bonfire Social's current status and features, but I dudn't want to criticize this one detail without also kvelling about all the things I really really like about their implementation and ideological approach alongside.