Convener: Jaz-Michael King (@jaz@toot.wales) on behalf of Stefan Hayden (@stefan@gardenstate.social)

Participants who chose to record their names here:

• Jayne Samuel-Walker (@tcmuffin@toot.wales)
• @anca@mastodon.xyz
• Cagan Mert Islek (@cagan@cmislek.me)
• Alexis Bushnell (@alexisbushnell@toot.wales)
• Ben Pate (@benpate@mastodon.social)

Notes

• To check this out: Reach out to Stefan for an invite.

• Mastodon only - toot.wales is a mid-size instance which is a “test server” as we’ve been using it for a while.

• Spam - SEO, east Asian, Russian bots…despite having a relatively large moderation team, we’re not catching everything as quickly as we’d like.

• Stefan’s developed an automated admin tool to detect potential spam.

• Highly customisable which is just as well for a Welsh server because usernames may have long runs of letters which in English would be considered to be consonants and would be flagged as spam.

• Dry run will show recently flagged suspect accounts because of characteriestics that seem “odd”.

• Sensitivity for each characteristic can be varied and each characteristic can be turned off and on.

• Doing the dry run and reviewing the results allows the characteristics to be varied (on or off and sensitivity) to fine tune the settings.

• Domain, email, and IP blocks are also covered in Stefan’s tool.

• None of the instance admins should need to create admin tools like this…ideally all tools should work with all things, but at the moment it’s just for Mastodon.

• Stefan will create this as OSS and hopes to host the service on a pay for service basis.

• To make use of this tool, implement Mastodon API - but there is a requirement to make changes on Stefan’s side as well. If there is interest, maybe this will happen.

  • Theoretically there’s FASPs: (Federated Auxilliary Service Providers) https://github.com/mastodon/fediverse_auxiliary_service_provider_specifications/

• Why aren’t you using existing tools, like Roost Coop or Osprey?

• Coop (originally SaaS but acquired by Roost) and Osprey work on a stream of data whereas Stefan’s tool is effectively working offline/batch.

• The people want a mailing list so we can subscribe to your release notes

  • @anca@mastodon.xyz

• Roost.tools has the links (https://roost.tools/) to learn about Coop and Osprey.

(Anonymized) transcript of session chat

• This software is so well thought through!

• almost like people who know what they’re talking about built it!!!

• This is at the level that major social media sites have

• These are all things you could do with other existing software (and even more advanced things), such as Roost’s Osprey or Coop

• Off topic: How do you fuzz the email addresses out in the screenshare?

• (you basically need a setting that adds a classname to blur certain data, and you enable that setting before screensharing

• but is it using just the standard masto api? in which case other software who implement a compatible should be usable…

• (we reluctantly are doing so)

• Same :)

• If only there were an open ActivityPub API…

• C2S but it is way too low-level for these kind of ideas

• it has the same SMTP problem: one weird acting actor and server gets banned from peers to stabilize.

  • Except the flagship instances, which is why we ended up with a duopoly

• true, but it would need extensions for moderation-related data and actions which the standard doesn’t specify at all

• We’re working to make them scale down well

• Im on the mission to convience mastodon to apply APapi itself, I said that I will send a proposal to help

• can you spell how these alternatives are?

• Roost’s Osprey or Coop

• Yes, I’d love to experiment with this!

• Me too!

• yeah we’d love access to try to make sure we have the right API features to be compatible!

• Do you have the link?

• https://roost.tools has the links

• that’s exactly the idea of FASPs

• There was a firewall project called Activity Colander or something

• but I think it was abandoned

• You can’t actually do what you’re describing for E2EE without serious metadata leakage

• On E2EE, that’s a whole other conversation. But very shortly, we’re working to solve the problem of E2EE group messaging when one actor is blocked. One solution was for the home server to add moderation information into the messages sent to my client only.

• For FASPs, we need implementers to help build the specification for them. Mastodon wants to do this, but doesn’t have capacity to necessarily right now