This is a draft of what I'll hopefully be submitting to Rebooting Web of Trust. If anyone would like to take a look, constructive feedback welcome:
@emacsen Hey, thanks for putting this all down on paper! some thoughts:
- I don't understand what ocap inboxes achieves over the current ability of moderators and users to block individual actors. how does this meaningfully improve spam-fighting abilities?
- You mention two methods for "Closing the Relay Hole", which both seem very similar to the discussion on https://github.com/w3c/activitypub/issues/319. You seem to gloss over the backwards-compatibility issues though—have you put thought into how you would implement this?
@emacsen A couple of your proposals seem like they would limit too much—the pet names proposal seems to boil down to "don't allow replies from people who don't follow or aren't followed by people you follow or are followed by", which seems like it would basically get rid of the local and federated timelines and any interaction on those timelines.
The problem isn't replies in my mind, it's that when you reply, the protocol dictates that I send your reply to my followers. The problem with that is that this bypasses checks the recipient might do (content checks, postage, etc.). Because of that, I think replies need to be more scrutinized. That means some form of additional checks on them for actors you've never interacted with and have no (even indirect) connection to.
Moderation is essentially OK IMHO to address this.
@emacsen ah, i don't think any current implementations work the way you're describing. (where forwarding the reply bypasses checks the recipient might do). The AP spec explicitly says "The server MAY filter its delivery targets according to implementation-specific rules (for example, spam filtering)." (which means it may choose not to forward replies that it considers spam)
@emacsen i agree that this is kind of confusing language when combined with the MUST above, but i believe it's still consistent when both requirements are read together.
@nightpool You're right about that MAY- it's a good point.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!