Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The current release candidate will indicate to blocked people that they are blocked while viewing a profile #10433

Closed
inmysocks opened this Issue Mar 31, 2019 · 115 comments

Comments

Projects
None yet
@inmysocks
Copy link

commented Mar 31, 2019

Expected behaviour

Mastodon doesn't enable harassment by not giving information to harassers that have been blocked.

Actual behaviour

Mastodon is going to tell harassers that they have been blocked so that they know to find another avenue of harassment.

Steps to reproduce the problem

Read the release notes.

Specifications

You can see the problem listed here: https://github.com/tootsuite/mastodon/releases/tag/v2.8.0rc1

@nergdron

This comment has been minimized.

Copy link

commented Mar 31, 2019

yeah this "feature" is pretty unacceptable, and designed solely for the benefit of bad actors in the fediverse.

@Sciss

This comment has been minimized.

Copy link

commented Mar 31, 2019

I agree that this "feature" has adverse effects, it doesn't solve or help anyone.

@Cassolotl

This comment has been minimized.

Copy link

commented Mar 31, 2019

I can see why it was added (reducing confusion means fewer non-bug bug reports for the developers to deal with), but I do agree that telling people when they've been blocked isn't a good idea. I would feel safer if it would just ambiguously error out. I agree that this feature will help blockees and hurt blockers.

Edit: Here is the PR: #10420 It's a change to a sensitive bit of the system, so at the time I was concerned that there were no screenshots or anything.

@bgcarlisle

This comment has been minimized.

Copy link

commented Mar 31, 2019

I am really not looking forward to people dunking on other people with screenshots showing that they got blocked, like they do on Twitter

"Lol I did this terrible thing and lol they blocked me" [screenshot]

@nightpool

This comment has been minimized.

Copy link
Collaborator

commented Mar 31, 2019

@bgcarlisle

This comment has been minimized.

Copy link

commented Mar 31, 2019

Yeah but we don't have to give the trolls a screenshot

@ataraxia937

This comment has been minimized.

Copy link

commented Mar 31, 2019

Please revert this change, it doesn't help anyone that we should want to help.

@inmysocks

This comment has been minimized.

Copy link
Author

commented Mar 31, 2019

'It isn't perfect' isn't a reason to make it worse.

@TrollDecker

This comment has been minimized.

Copy link
Contributor

commented Mar 31, 2019

the fact that some profiles don't load and some do is impossible to be ambiguous about. the only time mastodon will refuse to show you someone's posts is when you're blocked.

A blank profile is still pretty ambiguous as to whether it's a block or if their posts were never there. A harasser can't easily get their kek on if all they have to show for it is an empty profile.

A better choice would have been to prevent blockers from showing up in the blockee's search results or the profile column altogether. You know. Completely vanish from their end. Because that's the goddamn point of blocking: the blocker doesn't want to be seen by the blockee, full stop.

@HunterwolfAT

This comment has been minimized.

Copy link

commented Mar 31, 2019

I understand the issue this addresses, but another solution should be implemented as this is a huge help for harassers and as I see it will bring bad behavior we know from Twitter

@buckket

This comment has been minimized.

Copy link

commented Mar 31, 2019

Software shouldn’t lie to its users, and being blocked is important information. This allows users to reflect that they may have done something wrong and/or remind them that further correspondence is not wanted. Besides: There will always be pieces of information that give it away anyhow.

@TrollDecker

This comment has been minimized.

Copy link
Contributor

commented Mar 31, 2019

This allows users to reflect that they may have done something wrong and/or remind them that further correspondence is not wanted.

Plot twist. They never do. Twitter has proven this time and time again.

@joshgiesbrecht

This comment has been minimized.

Copy link

commented Mar 31, 2019

Adding my support to this. "YOU ARE BLOCKED" is like handing trolls a trophy.

@matrix07012

This comment has been minimized.

Copy link

commented Mar 31, 2019

It's already pretty obvious if you're blocked, so this barely changes anything.
Maybe don't block people and just mute them.

@Laurelai

This comment has been minimized.

Copy link

commented Mar 31, 2019

I mean a 403 forbidden when trying to follow someone only happens when you are blocked, so it is in essence a block message already. If anything blocking someone should make your profile invisible to theirs and vice versa.

@Gargron

This comment has been minimized.

Copy link
Member

commented Mar 31, 2019

The above arguments are why I initially designed the block feature in a way that would be impossible for the blocked person to tell they have been blocked. But the community insisted on a way to stop the blocked person from performing certain actions, and at that point the cat is out of the bag. If someone wants to favorite or follow and they can't, it's quite obvious what happened when they get a "403 not permitted" error. But not obvious enough that I don't regularly get bug reports from people and have to tell them "you have been blocked". You can't really hide that. That's why i personally only use the mute feature, for example, I don't want anyone to make a big deal about me not wanting to see them.

This change had the added benefit of hiding follower/following lists as well as posts from the web UI.

Before: blue follow button that says "not permitted" when you click it

After: greyed out follow button and "you are blocked" clarified before clicking

@ealgase

This comment has been minimized.

Copy link

commented Mar 31, 2019

I agree with Gargron here, it's already possible to tell if you're blocked, now it's just a bit more intuitive.

@kyefox

This comment has been minimized.

Copy link

commented Mar 31, 2019

This should be opt-in on the blocker side. I don't know that a block indicator was part of what turned Twitter into hellsite, but I do know this was part of the debris falling over the cliff with it.

Maybe opted in blockers could provide a reason and possibly an alternate form of contact.

Edit regarding the UX for trying to figure out why you get the error: Shadowbans were invented for this purpose. Twitter goes too far with it. I'm currently in the box for...who knows. But a block could just make it look like the blocker hasn't tooted since the block. The blockee sees a profile frozen in time, possibly with a fake bio provided specifically for them.

@TrollDecker

This comment has been minimized.

Copy link
Contributor

commented Mar 31, 2019

You can't really hide that.

The point of a safety feature is to make it harder to get around, if not completely impossible.

You know, like how any lock can be inevitably defeated, but that doesn't mean you should remove all the bloody doors. >.>

@dg01d

This comment has been minimized.

Copy link

commented Mar 31, 2019

So making Mastodon "more intuitive" for harassers and abusers is a goal now?

@Laurelai

This comment has been minimized.

Copy link

commented Mar 31, 2019

One of the "stop the blocked person from performing certain actions" were types of harassment. I remember this one because people i had blocked were still able to follow me, boost my posts and expose them to all of their terrible followers. Which just brought in more harassment. A 403 message already tells them they are blocked. While mutes dont directly inform a user something has happened, its not hard to figure out when it happens.

Knowing you are blocked i dont think has a lot of hard incentives behind any particular behavior. Sure some people might post some screenshots that they were blocked but most will not. I have thousands and thousands of people blocked on twitter and thats large enough for a good sample size. Very few make a big deal about being blocked. The rest i never see or hear from again. Theres the occasional determined harasser but when you have a determined harasser you need stronger tools than blocking anyways.

@fluffy-critter

This comment has been minimized.

Copy link

commented Mar 31, 2019

403 is only used to indicate a block, so maybe use a different error code which means other things too. GitHub is purposeful in using 404 fir permissions errors as well because they feel that obscuring the accuracy of the error helps to reduce the attack surface for people trying to guess at things; maybe Mastodon could serve up a 500 (because instances go down) or 404 (yay troll you won now you can’t see them anymore) or something.

Yeah it sucks to have the wrong status code but what sucks even more is a culture of abuse and harassment.

Most status codes are to benefit humans; computers only really care about 200, 30x, and everything else.

@Failure404

This comment has been minimized.

Copy link

commented Mar 31, 2019

Smart idiot: Smart enough to find out he's been blocked without explicitly telling him. But most likely he's also smart enough to refrain from killing me.

Stupid idiot: Doesn't understand all these 403s and 404s and most likely moves on to next victim due to boredom. But if he would know that he's been blocked because there's an in-his-face red sign, he most likely would come and kill me. Because he's a stupid idiot.

@inmysocks

This comment has been minimized.

Copy link
Author

commented Mar 31, 2019

403 errors only appearing when you are blocked isn't a reason to make it easier for people to tell if they are blocked, it is a reason to change that behaviour. This is a consistent message from anti-harassment people, you don't give information to harassers.

@haleyashleypraesent

This comment has been minimized.

Copy link

commented Mar 31, 2019

Blocks shouldn't give in your face indication that you've been blocked it should be silent and indistiguishable from resource not found.

If you block someone your profile should be from their perspective gone.

404 Not Found therefore it is just like the resource is gone.

@matrix07012

This comment has been minimized.

Copy link

commented Mar 31, 2019

I think the most sensible solution would be to completely remove blocks and get rid of this hassle. The block feature is finicky anyway.
Mute works for most cases. Instance wide suspension of the user for the edge cases.

@Lana-chan

This comment was marked as off-topic.

Copy link

commented Mar 31, 2019

this is a pretty bad regression bug, i can't believe it wasn't caught earlier

@ealgase

This comment has been minimized.

Copy link

commented Mar 31, 2019

@haleyashleypraesent I disagree. Shadow banning/blocking is a way bigger issue than dedicated harassers being able to see if someone has blocked them.

@haleyashleypraesent

This comment has been minimized.

Copy link

commented Mar 31, 2019

@haleyashleypraesent I disagree. Shadow banning/blocking is a way bigger issue than dedicated harassers being able to see if someone has blocked them.

@ealgase sorry but if I block someone I don't want them to easily figure out I've blocked them, I want it to look like my profile from their perspective is not found that way they're more likely to give up, my experience on other social networks is if the blockee knows they've been blocked they will often go to make other accounts, if they think my account is gone I don't thitk they're going to waste time making a new account just get around it.

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

Email notification of what? Does it send an email when someone blocks you?

@TrollDecker

This comment has been minimized.

Copy link
Contributor

commented Apr 6, 2019

...email notification of the Troll's mentions. >.>

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

Don't those happen only if you haven't logged in for a while? Or is there a setting to get mailed about every mention? That sounds like it could get overwhelming fast.

@TrollDecker

This comment has been minimized.

Copy link
Contributor

commented Apr 6, 2019

You can set your account to email you whenever you're followed, requested, boosted, faved, or mentioned (and it's configurable for any combination of those) regardless of whether you've logged in recently, as well as the option of a "digest" email that only gets sent if you haven't been on for a while.

It could get overwhelming if you just leave it all to sit in your inbox, but it's also possible to filter your mail and have it moved to a specific folder on arrival. :)

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

Ah, that's good to know! Well, I had no idea that option even existed and wouldn't want it on anyway. So assuming the ghost-troll scenario is actually a problem, let's provide some way to avoid it from within the UI. (:

@Gargron

This comment has been minimized.

Copy link
Member

commented Apr 6, 2019

Because it seems that it's not obvious why being unable to block someone back is an awful regression (possibly because only good people ever block someone), let me outline a use case:

  • Send threatening message to Alice while Alice is visibly active
  • Block Alice
  • Alice can't block back
  • Wait a random amount of time, unblock Alice
  • Send another threatening message to Alice
  • Block Alice
  • and so on

That's a lot of gymnastics just to avoid screenshotability of a short, reasonable message that disables the follow button and hides follower/following lists. I'd almost say "Okay, let's not show any message, only disable the follow button" except that it's a worthless sacrifice of clarity. In a system where networking issues are omnipresent, being able to tell apart bugs from intentions has value. Worthless sacrifice because as people in the thread mentioned, anyone who's been on Mastodon for some time is able to determine whether they are blocked just by the way the software behaves, which comes down to the dichotomy between blocking and muting that I have also outlined in a previous post upthread.

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

Do you have any concerns about the only-show-a-minimal-profile option @joyeusenoelle proposed above? It would both make it clear that it's not a network issue, and also keep it ambiguous whether the person blocked you or got suspended.

The blocked person would probably have an idea, of course, but it would lack the easy "look, they blocked me!" screenshot, since it would be ambiguous to other people. And it seems to me that the "look, they blocked me" screenshot is the primary reason for not wanting to show a message (unless I'm misunderstanding this, in which case please let me know).

@TrollDecker

This comment has been minimized.

Copy link
Contributor

commented Apr 6, 2019

Because it seems that it's not obvious... snip

You just recited what other people have just been discussing and considering solutions for. Pay attention. >.>

@Laurelai

This comment has been minimized.

Copy link

commented Apr 6, 2019

I agree with Jo's idea. A manual block input would be useful for a lot more use cases than this.

@witcheslive

This comment has been minimized.

Copy link

commented Apr 6, 2019

I'm running the Master branch and ran into an issue yesterday where I needed to block someone who had blocked me, and was unable to find any way to block them back since their profile would not load under any circumstances. As @Gargron mentioned, this can be particularly nasty as giving one party the agency for cutting off contact and not the other leaves open the possibility of abuse.

I definitely understand the concern about block trophy screenshots, but I would even argue that those are the symptoms of a problem and not the root of them. If you don't want block trophies to be a thing, create and be enthusiastically part of communities centered on kindness, setting and respecting boundaries, and acting in good faith.

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

I think a message might theoretically be able to work, but only if it were worded very carefully. We would probably need to keep the ambiguity, but then "this person either blocked you or was suspended" would likely be interpreted as "this person blocked you", since I would think blocking trolls is more common than suspension by an instance, if it's a troll sharing the screenshot.

If we said something to the effect of "there was an error loading the profile" combined with the minimal-profile idea, that would work on the minimal-information side, but it very well might make people think there's a weird network error going on instead.

Unfortunately, as nice as a message would be, I don't think there's a good solution for those issues. (Prove me wrong!)

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

@witcheslive Community kindness works wonderfully, right up until the point where a bad actor comes in from outside and starts attacking people. ): Of course we should handle them at the instance level, but we also need user-level tools to deal with that sort of thing.

@witcheslive

This comment has been minimized.

Copy link

commented Apr 6, 2019

@SilverWolf32 right, but what I'm saying here is that leaving open a loophole that can be exploited for abuse is much worse than something that is the symptom of problems that cannot be solved by technical means alone.

@joyeusenoelle

This comment has been minimized.

Copy link
Contributor

commented Apr 6, 2019

@Gargron I agree that that's a bad scenario and one we want to avoid. That's why I suggested that 410 return a substantively different result from 404.

Another potential solution is to have Mastodon compile a list of the last N people who mentioned you, whether or not they've blocked you since - such that blocking you might remove their mentions from your notifications column, but not from the list - and allow the user to block/mute/follow from that list. (This has the added benefit of providing an additional feature for people who get lots of likes/boosts and don't want to cull them from their notifications.)

@witcheslive Yes, we are absolutely looking for a technological solution to a social problem here, and we would all, I think, prefer a social solution! Unfortunately, part of the issue is that as federation expands, so does the society associated with it, and it's impossible to prevent bad actors from joining that society. That problem is what the technological approach attempts to solve.

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

Hm, what if someone harasses/threatens you, but then you get a deluge of other mentions (perhaps you're very popular or are in a lively discussion) and they fall off the end of the list?

I agree that would be nice for other purposes though.

@Gargron

This comment has been minimized.

Copy link
Member

commented Apr 6, 2019

HTTP return codes are irrelevant to the ongoing discussion: If you're talking about showing a "minimal UI" (which the thing that sparked this issue was, in a way), you need the JSON to do it, so you won't be returning errors.

I think that reverting everything to how I did it, but rewording the "You are blocked" string to "Profile unavailable" would be the most optimal solution.

@joyeusenoelle

This comment has been minimized.

Copy link
Contributor

commented Apr 6, 2019

There is not a perfect solution to this.

@SilverWolf32 If you're getting so many notifications that your harasser always scrolls off the list before you get to it, odds are you're not actually noticing the harassment. And if you are, that's a case so far to the edge that we've reached diminishing returns by considering it.

@Gargron You don't have to serve JSON to provide the UI I'm suggesting. You just need a template for handling a 410 that uses session variables to populate the "username", "block user", and "mute user" fields. You don't need any data from the server beyond that.

Anyway. I have said all I have to say about this. You may take my suggestions or leave them. (Please don't @-mention me, as this will resubscribe me to the thread.)

@trwnh

This comment has been minimized.

Copy link
Contributor

commented Apr 6, 2019

imo the solution that seems most ideal is the one where you stop serving updates to that account, effectively freezing it in time and making it look inactive rather than invisible or outright telling you "you are blocked". if you consider email, your old inbox messages aren't affected when someone blocks your messages, so the analogous thing would be to retain all visible messages at the time of block and hide all new messages.

pro: it makes it effectively undetectable that someone has blocked you unless you manually compare the public page to the in-app profile (with no other side effects). you'd probably want to make the account appear locked or at least cause the follow button to look like "request follow" (since you can technically send a Follow, but will not receive an Accept Follow due to being blocked). you'd also probably want to error out any interactions with existing public objects, or maybe silently discard them idk

con: old messages remain visible, though this is no different than opening in new tab. could also be computationally a bit expensive (unless you store a max_id that each person is authorized to see and silently apply that filter?)


the simpler, lower-computation solution would be to genericize the block message so that it is indistinguishable from any other error. something like "no posts available" is less aggressive but still obvious that something is not normal. or you could simply revert both this and the "you are blocked" commit so that blocking profiles go back to being empty as if a loading error occurred

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

"Profile unavailable" sounds like it could be a workable solution...but I would still be worried about "look, they blocked me!" screenshots, since "profile unavailable" right after you harassed them is still pretty likely to be a block.

That would also affect the minimal-profile solution, although not as much since there's no punchline text.

The last-N-mentioners list sounds like a good idea. Anyone have thoughts on that?

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

Just silently maintaining a shadow state for every blocked person is an interesting idea. Everything is timestamped, right? Yes, we could probably just store a max ID/timestamp, possibly applying that filter when we get stuff from the database.

Does anyone else have concerns about this approach?

@Gargron

This comment has been minimized.

Copy link
Member

commented Apr 6, 2019

Just silently maintaining a shadow state for every blocked person is an interesting idea. Everything is timestamped, right? Yes, we could probably just store a max ID/timestamp, possibly applying that filter when we get stuff from the database.

A profile not updating is a common networking issue that you'll find in multiple troubleshooting threads on this GitHub. Furthermore, displaying old posts for the sake of ambiguity may run counter to people's expectations who might want to stop someone from looking at all of their posts, right now.

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

Oh, those are both very good points. Don't know how I didn't consider the networking-error issue.

@trwnh

This comment has been minimized.

Copy link
Contributor

commented Apr 6, 2019

profile not updating is a common networking issue

that's the implicit tradeoff being made here, though. this is fundamentally an issue of deniability vs. clarity, with "you are blocked" at 100% clarity and "frozen profile" at near-100% deniability. so the only question is, where along that spectrum should the optimal solution lie? since there is no perfect one.

in other words: do you want to deal with people not knowing they are blocked, or people knowing they are blocked?

@ealgase

This comment has been minimized.

Copy link

commented Apr 6, 2019

"Profile unavailable" sounds like it could be a workable solution...but I would still be worried about "look, they blocked me!" screenshots, since "profile unavailable" right after you harassed them is still pretty likely to be a block.

I think at some point, we need to accept that people will just share these screenshots. It's not something that's really worth it to prevent.

@witcheslive

This comment has been minimized.

Copy link

commented Apr 6, 2019

A good reason to block someone is to keep them from rifiling through your shit. I mean, yeah, right click new window is always there, but having 0 control over at least some basic obstacles between a stalker and your corpus is not a very good idea.

@ThibG

This comment has been minimized.

Copy link
Collaborator

commented Apr 6, 2019

Why not just have the block take effect both ways automatically?

It is already the case, to some extent. Blocking someone does not prevent you from seeing their toots if you look for them (and that's needed, otherwise the block-then-report workflow wouldn't work), but limits the interactions you can have with them.

In both cases, we can safely serve a minimalist user info panel through the web interface, consisting solely of the remote user's username and the "hamburger" menu, which only allows the ability to mute or block the remote user.

Serving a minimalist user info panel for a 410 is tricky because the client may not know stuff like the username at all. Also, without allowing people blocking you in search results, this is not very practical. If we do re-enable search results, that's already one difference in behavior with suspended users (who do not show up in search results).

What about having an option in Preferences that offers a single input box for a username and Block/Unblock buttons?

That would be a useful feature, but only to the extent you know the exact handle of the person you want to block, which might not be practical, especially if you have to deal with multiple people. Also, the current implementation assumes the blocked account is known to the instance, so we would either have to error out if the typed handle isn't known, or change things significantly. Which we could do, but would be a separate issue with a longer term resolution I think.

All in all, I think the best solution, at least short term, would be to revert both #10442 and the original PR that spawned this thread, even if I don't like the prior state very much as it was neither a good way to provide plausible denial nor a good way to avoid bogus bug reports 😩

@ealgase

This comment has been minimized.

Copy link

commented Apr 6, 2019

A good reason to block someone is to keep them from rifiling through your shit. I mean, yeah, right click new window is always there, but having 0 control over at least some basic obstacles between a stalker and your corpus is not a very good idea.

Are basic obstacles really worth sacrificing usability for everyone?

@SilverWolf32

This comment has been minimized.

Copy link

commented Apr 6, 2019

How much usability does this really sacrifice, though? If we don't load their posts and instead just show a blank profile, it still lets you block the user back and such, and if you're blocked, you really shouldn't be seeing their posts anyway.

@witcheslive

This comment has been minimized.

Copy link

commented Apr 6, 2019

@ealgase I'm talking about like, leaving your statuses before the block visible to someone you blocked, I think that is a really bad idea

@ThibG

This comment has been minimized.

Copy link
Collaborator

commented Apr 7, 2019

Does anyone here opposes to us reverting both PRs, so that things behave like they did before this release candidate? That is, accounts will still show up, pretending they don't have toots, and you won't be able to follow them, but you'll be able to block, mute or report them (but not specific toots since they'll be hidden from you).

EDIT: Oops, I hadn't seen it had been reverted already in #10491

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.