-
-
Notifications
You must be signed in to change notification settings - Fork 6.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Account Following REST API to Return All Users #23270
Comments
it's not a restriction. the API returns all the data it has. the problem is that the data it has is only what it knows duplicate of #19880 |
That seems rather... odd. If the client app can't show who someone follows outside of the server you belong to but you can see the followers if you go directly to that user's Mastodon server, wouldn't that imply that the given server I navigated to would in fact have the data? In which case, couldn't that data be provided to the client? For instance, using a client app like Ivory, if I look at who The data might belong to an instance that is different from the one I belong to but that data exists... somewhere. A client should be able to easily enough reach out to get the following data even if it is a separate request. This seems like a missed opportunity to really help improve discoverability. Especially for new people that come to Mastodon.
@trwnh Thanks for the reference. Will close this ticket. |
this is discussed further in the other issue but basically
in particular, that last point is most important. on the backend, mastodon only shows what it knows and can trust. right now, mastodon blindly trusts the total number, so it's possible to see cases where an account claims 0 followers, negative followers, billions of followers, and so on (and this has happened before). |
@trwnh Got it. Interesting.
I see. Perhaps this is an opportunity to establish the concept of who someone follows down at the protocol level (ActivityPub) or, maybe, establish a common REST API standard that any server that wants to be part of the fediverse can adhere to.
That's fine. Seems like that can be part of the server's REST API to properly advertise that it does not want to publicize the data. The client can use the information to present a more meaningful notice to the user.
Sure but given that why should clients like Ivory or the official Mastodon mobile app even bother to show how many people someone follows? Since the following count is shown, to users their assumption is that the number is truthful even if it may not be. Since the count is shown then might as well show the individual users. People joining Mastodon, many (most?) of them being non-tech savvy will be confused why they are not able to see all the users someone follows. Trying to explain different instances to such folks just makes their eyes glaze over wondering what's the point. Since the problem appears to come down to trust, maybe the solution is to establish a network or trust or zones of trust among servers (Mastodon or ActivityPub/fediverse compliant servers). For instance, the server |
there's already the concept of a as far as actually trusting the items contained within a follower collection, there are more issues to consider, such as having to resolve more profiles in general, potentially recursing through those, if you want to have that information ahead-of-time instead of on-demand, and so on. i don't know if it necessarily makes sense to have a network of trust in this specific application, but it could work; it'd just require admins to have to make more decisions about all of the servers they federate with. in any case, it's not an entirely new idea, as it has been brought up in similar "trustworthiness" cases such as with link preview information. but at least you can verify link previews for yourself... |
This really comes down to a matter of principal on where the line of trust and privacy is at. Kind of like with the vibrant discussion about whether or not to add quote tweets/posts functionality to Mastodon. Visibility around following count and the seeing the individuals who are being followed is here albeit hampered. Popular client apps (include the Mastodon web server) display it in one form or another. So it's not something that's going to be taken away. (Well, technically it could but that's going backwards IMO). I'm not sure about the broader fediverse ecosystem, but for Mastodon itself, it'd be better to look at a reasonable solution to make following data accessible, trusted (within reason), and built around privacy.
Seems like that's something apps can deal with themselves. I mean, that's essentially what Mastodon web app is doing right now when you go look at who someone follows on the web app, unless I'm misinterpreting what you mean by a profile. As for recursing, not sure I understand why it would be required. Let's say I have account on
Yeah, there is that. My quick take would be to at least provide the option. Admins can then decide if the burden of managing trust is worth it. If not, fine, don't bother. But for those who do want to handle trust they can. |
i don't think it's "backwards" unless you think seeing counts and numbers and metrics is a core feature of social media. and, well, that may be the case if you consider social media as a status game. but if you want to have good conversations then it shouldn't matter how many followers the other person has. the fact that the counts can be faked or otherwise claimed to be anything you want, well, that just exacerbates the issue.
i could see a use-case for building upon the "featured accounts" which used to be shown on the public profile pages, back when there were separate public profile pages. you could have people opting in to recommending other accounts to check out or follow. but moreover, i just think that having the expectation of knowing someone's entire network is not feasible or even a good idea. you might be able to achieve it on a centralized network like Twitter, but then there are sites like Tumblr that hide follower counts and only show it to yourself. and then you consider the comparison to email (since ActivityPub is basically email for websites), where people don't generally publish their entire address books as that's considered private information. so the way that mastodon works right now (only showing you locally verifiable data) is a bit of a compromise that doesn't really please anyone -- the people who want privacy don't like it because it's unnecessary, and the people who want information don't like it because it's not complete.
say you load a profile's followers. you get 20 accounts. not all of those accounts may be known by your server. so your server fetches any new accounts it discovers this way. then if it wants to prefetch their followers, it might again discover new accounts in the process. at minimum you will end up resolving more accounts that no one follows, and at maximum you may end up spidering the entire network if you're not careful. also consider that the followers collection is not the only thing that you might want to fetch or prefetch for any given profile -- you may be interested in their avatar, their header image, their bio, their pinned posts, replies to their pinned posts, and so on. that's all more data to process and keep around for indeterminate time periods. |
Ah, okay. I think we need to reset. I'm only referring to see who some follows. Regarding seeing the people who follow someone, yeah, I certainly agree with you. Your point about follower count can indeed lead to potential toxic environment as is evidenced on The Bird Site. Those who trumpet follower count for clout with intent of misuse, abuse, vanity, etc is something I also would like to keep away on Mastodon (and the fediverse in general). With that being said, the follower count is there -- for better or worse. Regarding recursion, yeah, that makes sense WRT to followers. Appreciate the details. Just focusing on who someone follows, let's take a simple, concrete example. I'll use tapbots@tapbots.social account. When I make a request against the public
So the data is there (again only focusing on following, not followers). Everything a client app would need to show each account's basic, relevant information is available in the response (username, note, avatar, etc). Putting aside trust, there doesn't appear to be anything limiting a client from obtaining data about who someone follows. |
it applies to following lists too -- the point is that you will be likely discovering new accounts in the process and therefore have to be careful with how many child requests you spawn
everything a client app would need to show basic information as presented by a remote server. yes, you could show a username, display name, avatar. but there's two big issues with this:
let's say that tapbots.social was running misskey instead of mastodon. then the alternatively, consider how you discover that the standardized way to do this would be to fetch the actor and see if they have a |
The initial approach I used was via the Mastodon REST API. Started with
Right. And that is something that Mastodon does expose via WebFinger:
Then from there you can get the ActivityPub actor/account object:
And as you noted, page over the
Yeah, there is that to consider. If authz/authn is required, the client could just fallback to linking out to the account's given profile. |
Correction: Any ActivityPub-compliant service that wants to be interoperable with Mastodon must use WebFinger. From the Mastodon docs:
For a client, it can get all the users an account follows via WebFinger. No need to use a Mastodon specific REST API. |
Pitch
If you use any Mastodon app to view who someone follows, you can only see those who belong to the same Mastodon instance as you. For instance, I have an account on mas.to and therefore I can only see those who also belong to mas.to. If, however, you go to a Mastodon web app you can view all user regardless of what server they belong to. This appears to be a restriction placed on the Mastodon REST API. Specially the
/api/v1/accounts/:id/following
endpoint.Suggestion: Update the account following REST API to return all accounts that are being followed; not just those accounts that the requestor belongs to.
Please note that I have reached out to 3rd-party Mastodon developers (such as Tapbot) about this and they have noted that the issue is indeed with the REST API.
Motivation
The ability to explore who someone follows whether via a mobile app or the Mastodon web app would go a long way towards helping improve discoverability. The easier it is for people on Mastodon to find others, the better the overall experience. Since many people regularly use a Mastodon mobile app, such as the official Mastodon iOS app or a 3rd-party app like Tapbot's Ivory, it would be beneficial for these apps to let users easily view who someone follows without the need to navigate over to a specific Mastodon web server instance.
The text was updated successfully, but these errors were encountered: