Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change silences to always require approval on follow #11975

Merged
merged 8 commits into from Sep 27, 2019

Conversation

@ThibG
Copy link
Collaborator

ThibG commented Sep 27, 2019

So far, silenced (mutes decided by an instance moderator) and user-muted accounts can follow local users just like any other account. The only difference being that they would not generate notifications when doing so.

Having silenced accounts silently follow users may be misleading and undesirable.

This PR changes the following:

  • Silenced accounts (whether individually or through domain silence) will always generate a follow request, which won't be auto-accepted, regardless of whether the target account is locked. The rationale for this can be found in #11958. One downside though is that “follow spam” would not be prevented by silencing an instance.
  • User-muted accounts will always generate a follow request, which won't be auto-accepted, regardless of whether the target account is locked. Indeed, the question “should a muted user be able to follow the person muting them?” has been brought up repeatedly, and both answers to that have disadvantages. But requesting approval for such follows would solve unexpected follows while not changing the current behavior too drastically. In case a muted users sends repeated follow requests, #11562 would enable silently discarding them. Removed to avoid leaking user mutes
  • Add follow_requests_count to /api/v1/verify_credentials (fixes #11958)
  • Make the WebUI check for pending follow requests regardless of whether the account is locked
  • Make the API result for follows not assume the follow went through if the following account is locally silenced
@ThibG ThibG force-pushed the ThibG:features/silence-follow branch Sep 27, 2019
@ThibG

This comment has been minimized.

Copy link
Collaborator Author

ThibG commented Sep 27, 2019

While the new notification type would be useful, it is not strictly needed for our purposes, and it may break some clients. I think that can be postponed.

@ThibG ThibG marked this pull request as ready for review Sep 27, 2019
@ThibG ThibG force-pushed the ThibG:features/silence-follow branch Sep 27, 2019
@Gargron

This comment has been minimized.

Copy link
Member

Gargron commented Sep 27, 2019

API results for locally-silenced accounts will still pretend the follow to be immediate when trying to follow an open-follow user. This is mainly to avoid leaking the fact that the user has been silenced (although it can still be found out easily by refreshing and figuring out that no follow gets through immediately)

This is no longer necessary as the "account status" section reveals if your account is "limited".

@Gargron

This comment has been minimized.

Copy link
Member

Gargron commented Sep 27, 2019

  • add follow request notification type
  • handle follow request notifications in UI

As you mentioned, it would make follow spam something you have no escape from. The advantage of locked accounts was, until now, that follow requests were not spamming your notifications and you could address them at your own leisure. What we need, indeed, is a more prominent way of showing follow requests in the UI even if the account is not locked, but I do not think that putting follow requests into notifications will help. Consider Twitter's DMs UI: You have one tab for normal DMs, and one tab for DM "requests", i.e. from people you haven't accepted. There is similar UX with Facebook messages. I think something like that would make sense. One place for normal notifications, and one place for follow requests. It's kind of like that already except that the follow requests UI is far away from notifications visually and the count doesn't load on page load unless your account is locked.

@ThibG

This comment has been minimized.

Copy link
Collaborator Author

ThibG commented Sep 27, 2019

I used “notification” pretty liberally here, the idea just being to push the update through the streaming server and be picked up by the front-end without having to poll the list.

@ThibG

This comment has been minimized.

Copy link
Collaborator Author

ThibG commented Sep 27, 2019

API results for locally-silenced accounts will still pretend the follow to be immediate when trying to follow an open-follow user. This is mainly to avoid leaking the fact that the user has been silenced (although it can still be found out easily by refreshing and figuring out that no follow gets through immediately)

This is no longer necessary as the "account status" section reveals if your account is "limited".

Alright, changing that!

@ThibG ThibG force-pushed the ThibG:features/silence-follow branch Sep 27, 2019
@realityfabric

This comment has been minimized.

Copy link

realityfabric commented Sep 27, 2019

For silenced users / instances, could requests be auto dropped (as opposed to auto accepted)? That seems like the expected behavior (and would stop follow spam, right?)

@ThibG ThibG force-pushed the ThibG:features/silence-follow branch Sep 27, 2019
@ThibG

This comment has been minimized.

Copy link
Collaborator Author

ThibG commented Sep 27, 2019

For silenced users / instances, could requests be auto dropped (as opposed to auto accepted)? That seems like the expected behavior (and would stop follow spam, right?)

That sounds too harsh, as users from those instances will then be completely unable to follow local users. Up until now the model was basically “hide those remote users, but let them interact with people who know them”, this would prevent it. This PR removes the auto-accept and moves to pending accepts instead (this doesn't change anything for people with locked accounts).

@ThibG

This comment has been minimized.

Copy link
Collaborator Author

ThibG commented Sep 27, 2019

Hm, in fact there is one thing I'm not too sure about: this could potentially leak that one person mutes another, if the follow doesn't get through immediately…

@Gargron

This comment has been minimized.

Copy link
Member

Gargron commented Sep 27, 2019

Maybe mutes should continue working like before. We're specifically interested in domain silences here.

@ThibG ThibG force-pushed the ThibG:features/silence-follow branch to 62d76a4 Sep 27, 2019
@ThibG

This comment has been minimized.

Copy link
Collaborator Author

ThibG commented Sep 27, 2019

Maybe mutes should continue working like before. We're specifically interested in domain silences here.

Alright, makes sense. We should definitely mention the follow bit in the confirmation dialog, though (which is addressed, among other things, in #11562)

@ThibG ThibG changed the title Change silences/mutes to always require approval on follow Change silences to always require approval on follow Sep 27, 2019
@Gargron Gargron merged commit 18b451c into tootsuite:master Sep 27, 2019
2 checks passed
2 checks passed
build-and-test Workflow: build-and-test
Details
codeclimate All good!
Details
hiyuki2578 added a commit to ProjectMyosotis/mastodon that referenced this pull request Oct 2, 2019
* Change silenced accounts to require approval on follow

* Also require approval for follows by people explicitly muted by target accounts

* Do not auto-accept silenced or muted accounts when switching from locked to unlocked

* Add `follow_requests_count` to verify_credentials

* Show “Follow requests” menu item if needed even if account is locked

* Add tests

* Correctly reflect that follow requests weren't auto-accepted when local account is silenced

* Accept follow requests from user-muted accounts to avoid leaking mutes
katsusuke added a commit to katsusuke/mastodon that referenced this pull request Nov 26, 2019
* Change silenced accounts to require approval on follow

* Also require approval for follows by people explicitly muted by target accounts

* Do not auto-accept silenced or muted accounts when switching from locked to unlocked

* Add `follow_requests_count` to verify_credentials

* Show “Follow requests” menu item if needed even if account is locked

* Add tests

* Correctly reflect that follow requests weren't auto-accepted when local account is silenced

* Accept follow requests from user-muted accounts to avoid leaking mutes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.