New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a "Local timeline" privacy option #861
Comments
It's possible but undesirable as it would promote users siloing and piling onto the same instance. This centralizes what should be a de-centralized distributed system. Users should not be afraid of migrating accounts due to missing out on particular content, this defeats a major point of federation. |
Well, I would like to have this to toot when I'm doing an update without "spamming" federated timelines, as this only concerns my instance and not other ones. |
As a user (not admin) I would very much like the ability to occasionally post content only to users of my instance. This feels like an obvious missing feature to me. I see your criticism, yiskah. Two thoughts:
My own use case: marginalized identity, and fear external (originating outside Mastodon) harassment. I want to participate more openly (posting selfies I wouldn't want widely disseminated, for example) but hesitate to do so on an essentially worldwide basis. But my instance? It's small, well run, and I feel enough trust there. Local posting reduces tens of thousands of randos to tens of hundreds of self-selected people who tend to be more like me, sympathetic to me, supportive of me. Is my local-only content totally safe from bad actors? Of course not. But there would still be an overall increase of safety and trust (less randos) and I'd be able to feel pretty OK about the risk profile of sharing sensitive content when the occasion arises. |
I think this is a critical feature of federation: choosing how far to broadcast certain stuff. Otherwise certain sensitive or insular groups (think: an instance for a church, or for an addiction support group) will be forced to completely de-federate and/or block all other instances, which is an overreaction. Essentially, Facebook is currently great at creating hidden/secret/private groups and networks like Google+ have recognized this need (with Circles) -- without this ability, privacy controls will not be fine-grained enough and sensitive users/use-cases will not find Mastodon useful. |
Unsuscribe
… Le 11 avr. 2017 à 23:17, zyphlar ***@***.***> a écrit :
I think this is a critical feature of federation: choosing how far to broadcast certain stuff. Otherwise certain sensitive or insular groups (think: an instance for a church, or for an addiction support group) will be forced to completely de-federate and/or block all other instances, which is an overreaction.
Essentially, Facebook is currently great at creating hidden/secret/private groups and networks like Google+ have recognized this need (with Circles) -- without this ability, privacy controls will not be fine-grained enough and sensitive users/use-cases will not find Mastodon useful.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
More use cases in support of this:
|
Federation happens user-to-followers, not server-to-server, so stuff like this is hard. Like, you want to post something to your followers, but only followers from your own instance? |
No, the idea is it's a public but unfederated post. In the same way that posts from people you don't follow appear on the PTL of your instance, but limited to the instance itself. |
@Gargron The idea is that it would be useful for admin announcements and similar intra-community stuff. It would be a public toot, just prevented from federating to any other instance. |
As far as implementation, my thoughts are that with this setting:
|
@kepstin, regarding your second bullet, I'm not sure why a hypothetical local-instance-only toot would be federated at all? The point would be that it's only local, and not sent out everywhere. |
I don't think the local-only toot can/should really be "private" to the instance completely (after all, you could still browse the user's profile or use e.g. mastoview to see it), so the main purpose of this would be to make it not go into the federated timeline on other instances. If someone's explicitly following another person, they might be interested in seeing even their "listed locally only" toots. This also fits in with the position of the option in the list in the mockup in the first post. Preventing followers on other instances from seeing the toot is simultaneously more private that private and less private than unlisted. |
Yes, some randos could still stumble upon it via mastoview or a potential instance public timeline feature. So be it. Seems hard to avoid.
But I might be interested (ok, I am) in that outside follower not seeing (easily, by default) my instance-only toots. I made them local (home instance only) for a reason. My intent would be "only people on my instance can (easily, by default) see this." Maybe I question the point of adding local posting if it only partially works as the average user would expect. To me it's pretty clear that "local" does not mean "also on all federated servers." Local means local. Local, in the way I am describing, gives the user another tool to control a toot's audience. (In a related case I was very surprised that "private" toots do not go out to federated followers, only local ones. I think a lot of users expect otherwise. But that's a different issue and I am not privy to the history that lead to that situation. Just seems similar.) |
Yeah I know it can be hard to reconcile a wishlist item like this with the
actual technical way the software works, but Facebook or Google+ or even
Twitter style privacy settings are what we're looking for I think (i.e. no
web browsing allowed, no federation if desired, etc.) Mastodon is going to
need ways to prevent dogpiling and it's going to need ways for individuals
(not just admins) to wall themselves off from harassers or stalkers both
inside and between instances. So the time to figure out how to achieve
better privacy controls than the other guys is now, not later.
…On Mon, Apr 17, 2017, 3:20 PM A.Jane ***@***.***> wrote:
I don't think the local-only toot can/should really be "private" to the
instance completely (after all, you could still browse the user's profile
or use e.g. mastoview to see it), so the main purpose of this would be to
make it not go into the federated timeline on other instances.
Yes, some randos could still stumble upon it via mastoview or a potential
instance public timeline feature. So be it. Seems hard to avoid.
If someone's explicitly following another person, they might be interested
in seeing even their "listed locally only" toots.
But I might be interested (ok, I am) in that outside follower not seeing
(easily, by default) my instance-only toots. I made them local (home
instance only) for a reason. My intent would be "only people on my instance
can (easily, by default) see this."
Maybe I question the point of adding local posting if it only partially
works as the average user would expect. To me it's pretty clear that
"local" does not meant "also on all federated servers." Local means local.
Local, in the way I am describing, gives the user another tool to control a
toot's audience.
(In a related case I was very surprised that "private" toots do not go out
to federated followers, only local ones. I think a lot of users expect
otherwise. But that's a different issue and I am not privy to the history
that lead to that situation. Just seems similar.)
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#861 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAC9MkCw_KDMZDB7oFjKTEy_5OUai-Baks5rw-WdgaJpZM4MzHEo>
.
|
Hi, I registered mostly to say I would love that possibility to become a reality. Fediverse is nice, little community are nice too. That I love in mastodon is the possibility to interact with a "little" group of person, and thoses only. Sometimes I wish to speak to peoples of my instance only too. |
I'd like this feature a lot. The toot would appear only in the local timeline and not to remote federated ones. This can be useful for users of a thematic instance, and It would still allow to choose to send toots worldwide, or to followers on any instance. |
This feature is essential for local administration discussions, as right now the only way for an admin to post a message to local users is to post it globally. This results in matters of local governance turning into global discussions, which is very undesirable. |
Just had some good discussion about this on the Discord. I put together a rough sketch of some UX options here, the consensus in discussion previously was that the 'tabs' option is clearer than the 'switch' option. We also discussed a concerning edge-case regarding mentioning off-instance users in local toots. In some cases, this is at best confusing (A direct local toot to an off-instance user will never arrive) and at worst may leave users open to abuse (by allowing them to be easily talked about and linked to, before switching a conversation to federating) As such it seems reasonable that mentioning an off-instance user in a local toot should always be treated as an error and prevent posting. This allows the behavior to remain consistent across privacy types. |
i'd love to see this. i totally respect that it's a complex ask, too, but i think this would help foster safer spaces for those who need or want them, and also it would build a lot more community. building smaller communities that can also interact globally might help nurture the close-knit family feeling that's sort of faded away a bit as the userbase has grown exponentially. (the growth isn't a bad thing! i see this more as adapting to the needs of as many people as possible.) |
gonna nudge this in the hopes it'll happen sometime :) |
This issue thread came up in conversation on a node im on and im happy to see it being discussed. I think the value of federation is that it is decentralized and allows for diverse, distinct groups to exist, not only that it distributes the server load onto thousands of different community run nodes. Allowing for nodes to have "private" discussions allows for the distinctness of the node to develop. I don't believe this would discourage ultra-private communities however. If anything, a node that wants to have the option to be private sometimes would be pushed towards not federating if it meant they couldn't. I'd love to help out as I learn more about mastodon. I'll check in on this when im up to speed. thx y'all |
Absolutely! |
Since version 1.6 it's possible for new users to auto-follow e.g. an admin account. This partly solves the case in the original post. If somehow it would be possible to let pre-1.6 users auto-follow the admin, it would be a lot easier for admins to inform their users. Of course it must always be possible for users to stop following admins. |
Trying to revive this issue. Instances are a type of a comunity. It will be great to mantain conversations only in it. I think that one of the distinctive features of mastodon is having 3 timelines, but the absence of being able to post exclusively to the local timeline is a huge gap that needs to be filled. Think about people who use instances as safe heaven. They need to choose between have only followers in the current instance or not posting some opinions. I kown that people tend to have more prejudices when are on restricted spaces and allowing to users in instances have closed conversations is a source of concern, but this toots will not be totally closed in the instance as:
What I am asking for is one level more of privacy, not secrecy. |
Even if there are "secrecy" features added to Mastodon I think that's a
good thing. Currently when I tell a marginalized friend about Mastodon, I
have to include a few paragraphs about how the magic of federation also
decreases security, and I warn them against treating DMs as actually
private, etc.
What users post belongs to them, if they make an informed choice to do
something with their data we should be respecting that as much as possible.
Keeping data out of the hands of stalkers, Nazis, or malicious indexers
seems like a pretty reasonable request.
…On Mon, Mar 2, 2020, 11:50 AM arturdesouza ***@***.***> wrote:
Trying to revive this issue.
Instances are a type of a comunity. It will be great to mantain
conversations only in it.
I think that one of the distinctive features of mastodon is having 3
timelines, but the absence of being able to post exclusively to the local
timeline is a huge gap that needs to be filled.
Think about people who use instances as safe heaven. They need to choose
between have only followers in the current instance or not posting some
opinions.
I kown that people tend to have more prejudices when are on restricted
spaces and allowing to users in instances have closed conversations is a
source of concern, but this toots will not be totally closed in the
instance as:
- Anyone searching users toots would find them, if the account is not
closed.
- When a user of the instance boost one of this toots it would appear
for his followers, even for those are outside the instance (a warning for
this must appear when boost button is clicked).
What I am asking for is one level more of privacy, not secrecy.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#861>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAL2MWQU4F2V477DOAO4FLRFQEYRANCNFSM4DGMOEUA>
.
|
The option to post to local timeline & users would be very beneficial. I was considering Mastodon for all members of a local sports association and set up an own Mastodon server for it. While there would be definitely stuff to discuss within the association (e.g. when to meet, unimportant or internal stuff), the members certainly would like to communicate with everyone else in the world/Fediverse, too. For me, this option is necessary to make Mastodon interesting for us. Please consider this enhancement. |
I think this feature, toots that never leave the server, apart from being helpful, might actually become a necessity in the future. I think giving members of an instance the ability to control their "exports" can help mitigate total isolation (both self-imposed, imposed). Maybe there should also be an admin option to choose the server's default privacy/visibility too, if there isn't already. This is my understanding: "Public" ~= Not Private & Listed & Federate esentially, "Local" toggles the federate boolean. An argument could be made that "Local" could be a separate option much like the CW and poll options/icon. But thats a minor point. |
Indeed, this would be extremely useful. It's a niche case, but occasionally one has the need to "whisper" only to one's neighbors. There are certain posts that have "instance" as the appropriate visibility scope, or an appropriate additional condition on the scoping. Perhaps, from a UX perspective, have a yellow or red infobar that pops up near the editor when checking the “Disable Federation for this post” box, that says something like
As long as the setting isn't persistent (i.e., it remains unselected by default on new messages) on servers that have federation enabled, I think that it'd be unlikely that a severe degree of "siloing" would occur (and, to the degree that it does anyway, such will have been entirely voluntary and user-driven anyway, thus not an actual issue). |
To answer this specifically, @shrmn, it might hurt in the following ways:
(To be clear, I think this specific option—per‑post defederation—is (in addition to acutely filling a common use‐case) eminently tenable: since (by definition) the post will only be available to others on the same node in the first place, the above issues are dodged; I'm only answering your more general question as-stated.) |
Whether via a "local only" option or otherwise, I think it's quite common to want to communicate about the instance you're on, and there's currently no good way that Mastodon facilitates that as far as I'm aware (let me know if I am missing something!). You can hashtag/CW your post, but it'll still clutter other people's timelines, and makes it harder to have uninhibited instance-level chatter. @Gargron and other maintainers, I'm curious if there are other solutions you're considering for this use case? If not, I think it'd be possible to come up with a UX for "local only" that makes it clear that your followers on other instances won't see your posts. |
I'm curious what the state of this issue is since its been around for some time and it comes up from time to time. Is it just waiting to be picked up by a dedicated individual/volunteer or something that cannot be achieved or sort of impracticable. Should it be a question of comfort, perhaps when added this feature can be disabled by default giving individual admins the choice to make it available to their community. |
@spaceottercode It definitely can be done, and has been done in various forks of Mastodon. At some point in years past I believe it was implemented by a volunteer and declined as contrary to the philosophy of the main Mastodon software. I'd still love to see it myself, though. Seems like a good feature for smaller instances. |
I believe that when we implement groups, it will remove the need for local-only posting. In our planned implementation, group posts will be separate from other posts, and only go out to the group (which could be public or private). So if you'll have a group that you won't allow anyone from other servers to join, it will be "local-only" without this being hardcoded into the software (which I am strongly opposed to, because "you have to have an account on x to participate, your own fediverse account is invalid" is a centralizing force). Groups are planned for this year. |
@Gargron Ah, I've been a little fuzzy on what groups are, myself. Is it similar to the concept of Facebook groups, then? I.e. you post to a group timeline, rather than to your own? I've seen some folks expecting it will be like Google+ Circles or Facebook post permissions, where you can decide on a granular level who the post is visible to, even though it is still part of your timeline. Either way it sounds like groups may satisfy this request. Especially if there is a way for new users to be auto-added to groups (similar to how new users can be set up to auto-follow certain users). I still like the idea of having local-only posts that go to the local timeline, though I understand your views on the matter. It really is something that only has value on small (but not single-user) instances. |
Yes, like facebook groups. Not to be confused with circles. We were gonna have circles too, I wrote the code. It got stuck on protocol issues with reply distribution. |
This would be a great solution, thanks!!
…On Mon, May 23, 2022 at 8:49 PM Eugen Rochko ***@***.***> wrote:
I believe that when we implement groups, it will remove the need for
local-only posting. In our planned implementation, group posts will be
separate from other posts, and only go out to the group (which could be
public or private). So if you'll have a group that you won't allow anyone
from other servers to join, it will be "local-only" without this being
hardcoded into the software (which I am strongly opposed to, because "you
have to have an account on x to participate, your own fediverse account is
invalid" is a centralizing force). Groups are planned for this year.
—
Reply to this email directly, view it on GitHub
<#861 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGXFRD2LUO4RKUCU73ZOKF3VLPHM3ANCNFSM4DGMOEUA>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
A group feature would be amazing indeed, and I think a huge win for Mastodon on other fronts.
Well, I think administrative groups specifically for the meta-stuff that's truly only relevant for a local instance are one of the good use cases that I see where such a rule seems entirely benign (but an admin might still want to allow exceptions for folks with multiple accounts). |
While this will resolve #139, I still see groups as being a fundamentally different thing than allowing users to disable federation for certain posts. I understand that you disagree with the use-case of non-federated posts as being "centralizing", but for site-admins to "DIY" this comparatively trivial request (#861) by creating site-specific groups and finding some way to sync the memberlist to them seems like a very awkward resolution. |
I thought I would chime in with a real-world example where the user might really want this feature, and for good reason. This comment does not address the nuances that have already been addressed - I am just sharing a case study for thought: https://med-mastodon.com/@ccleighton/109424799830602730
This user is on a Mastodon instance for medical professionals. On their local instance they are likely to get a well-informed answer. The prior probability of an answer coming from the broader fediverse being from someone with expertise is much lower than it is for the local instance. |
Yeah I really don't want to spam my normal followers with the niche issues related to folks who signed up on my server. |
Hi, PitchI'm not sure how this would work exactly, and I know there has been a lot of discussion around post privacy settings already, so I am guessing this has already been discussed somewhere else. But, I keep thinking it would be very nice to be able to choose "Local Timeline Only" when creating a new post. This would mean only users of the local server would be able to view the post, which is a little different than the currently supported "Follows Only." MotivationI think it would help improve the community aspect of servers and give good motivation for groups to create community around mutual interests, and create reasons for wanting to choose one server over another. Being able to post privately to an entire community means only members of that community would be able to read the post, and would potentially create safer environments where participants felt more free to openly discuss topics related to that community. Of course, servers with open registration would need to be able to explain that anyone could just sign up for an account in order to read their post, but I think that could be well explained with the right terminology and UI design. |
Just want to +1 the use case of a 'local only' post feature. Groups does not seem like a good solution to this problem, as it adds another layer of complexity as a workaround. With Mastodon's popularity growing, we will see many more topic-specific instance types popping up. Examples above, such as schools, families, etc, are good and realistic. Enabling users to post 'local only' may go against the original vision, but for Mastodon to be truly successful it will need to react and be flexible in response to user desires. |
My use case: our neighborhood has a very active private Facebook group (1000s users), An invite only Mastodon instance with local only posting would be the perfect solution I'd also like to call out that this fork already has it: Although it appears there is an outstanding issue: |
It's June 2023 and a lot of folks are curious about what Meta's intentions are toward the Fediverse. Having the option to keep posts on my server would give me more control about what I share to whom. This would offer a middle-ground between defederation and acquiescing to whatever Meta wants to do with all my posts. Please give me more control over who sees my posts. |
Saw this post on my feed, had to think of this issue, given the post was only meant for people from that server: https://aus.social/@melissabeartrix/110977380833000664 Having this post privacy option would have kept it from my feed. |
With the recent developments on Meta beginning to federate, this is even more important now. Along with more granular visibility options such as making a post visible to any instance except specific ones the user picks. |
The downside of that, however good an idea it may be, is that it requires additional posting controls. Yet another thing to fiddle with in the posting UI. Whereas a 'local only' posting option can simply be added as an option to the existing post privacy options. In other words, it's probably out of scope for this issue. A v2, if you will. |
Local only posts would improve my ability to manage the local community on my server, and communicate with my own users.
Some existing work-arounds for the lack of local only posting:
Beyond the admin side of things, I believe many users of community oriented instances would appreciate being able to post to that community, without the risk of pile-ons, harassment, or going viral across the fediverse. On smaller instances, people do engage with each other on the local timeline, and this would provide a way to reach out to that local community beyond your own followers, without also having that post or conversation being exposed to the entire fediverse. This has been pointed out as being particularly useful for minority communities which are more subject to harassment. There are essentially two modes that a Mastodon server can currently operate in, completely open (minus suspensions), or completely closed private communities (which are rare, since most users are on the fediverse to federate). If a user wants to sometimes engage with the fediverse, and sometimes engage with a smaller community, they would need two separate accounts on different servers. Local only posts would allow a single account on a community server to provide both options. To my understanding, there are no significant technical hurdles or roadblocks to overcome in implementing local only posting. |
Definitely. Multiple forks of Mastodon implement the feature (the most popular being glitch-soc) |
It would be useful for instance admins to send toots only to instance users.
It would look like this:
Is it possible in Mastodon ?
The text was updated successfully, but these errors were encountered: