New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Followers-only post federation #2111

Merged
merged 9 commits into from Apr 23, 2017

Conversation

Projects
None yet
6 participants
@Gargron
Member

Gargron commented Apr 18, 2017

  • Use PuSH to send :private toots to subscribers
  • Filter subscribers by only domains where author has known (=authorized) followers
  • Settings UI to list followers grouped by domain, with a button to remove any

New settings page:

image

If your account is not locked:

image

"Remove followers" applies soft-blocks to all followers from selected domains. Soft-block means "block, then immediately unblock"

When posting to followers-only with unlocked account:

image

"Private" has been renamed to "followers-only"

Default post privacy settings have been restyled slightly:

image

@Gargron Gargron changed the title from [WIP] Followers-only post federation to Followers-only post federation Apr 22, 2017

account = Account.find(account_id)
target_account = Account.find(target_account_id)
BlockService.new.call(account, target_account)

This comment has been minimized.

@mjankowski

mjankowski Apr 22, 2017

Collaborator

The block followed by unblock here has the effect of:

  • Remove any follows between the accounts, in both directions
  • Create a block from account to target
  • Clear the timeline and notifications of the account from anything from the target
  • Salmon the block from the account to the target
  • ...
  • Remove the block
  • Send the unblock salmon

This does not prevent accounts on the target domains from immediately refollowing the person, unless they also change their account to private, right?

I just want to make sure I understand the general flow here.

This comment has been minimized.

@beatrix-bitrot

beatrix-bitrot May 3, 2017

Collaborator

was this confirmed?

before_action :authenticate_user!
def show

This comment has been minimized.

@mjankowski

mjankowski Apr 22, 2017

Collaborator

Should the @domains here be paginated, maybe ordered by most followers? I'm not sure what's typical for how many instances a typical account has following them.

If so, maybe rename this action to index

@@ -0,0 +1,28 @@
# frozen_string_literal: true
class Settings::FollowersController < ApplicationController

This comment has been minimized.

@mjankowski

mjankowski Apr 22, 2017

Collaborator

I could see this being Settings::FollowerDomainsController with a single index action for the list, and then something like Settings::FollowerDomains#update with the array of domain values instead of purge.

Related - how do you feel about a "Block" button next to each domain that would just do them one at a time (and redirect right back to list) -vs- the checkboxes to select a bunch and then submit at once?

def show
@account = current_account
@domains = current_account.followers.reorder(nil).group('accounts.domain').select('accounts.domain, count(accounts.*) as accounts_from_domain')

This comment has been minimized.

@krainboltgreene

krainboltgreene Apr 22, 2017

Member

Switch to COUNT("accounts"."id")

@yiskah

This comment has been minimized.

Collaborator

yiskah commented Apr 23, 2017

Question: Is this a toggle-able setting? Having it enabled by default and hidden in preferences will cause the same problems as last time. I assume this time users will be notified that if they wish they can go into settings and enable this after reviewing who follows them?

@Gargron

This comment has been minimized.

Member

Gargron commented Apr 23, 2017

This is a hard problem, because it's a one-off event... I wouldn't want to code in special cases for such things so early on in the lifetime of the project... That being said, it's not like old private toots would retroactively travel anywhere. A word-of-mouth announcement might be fine? Alternatively, and this should've been a thing since the start probably, show a warning in web UI if you selected private toot setting but your account isn't locked.

Also I remember everyone wants to rename "private" to "followers-only".

@yiskah

This comment has been minimized.

Collaborator

yiskah commented Apr 23, 2017

Word of mouth is absolutely not the way to go. The problem last time was that users were suddenly having this big change and didn't know to go auditing their followers because everything is suddenly different. Implementing a warning is a good idea.

Gargron added some commits Apr 23, 2017

Rename Settings::FollowersController to Settings::FollowerDomainsCont…
…roller, paginate results,

rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style
Extract compose form warnings into own container, show warning when p…
…osting to followers-only with unlocked account

@Gargron Gargron merged commit 5015149 into master Apr 23, 2017

3 checks passed

codeclimate no new or fixed issues
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@Gargron Gargron deleted the feature-private-federation branch Apr 23, 2017

seefood added a commit to Toootim/mastodon that referenced this pull request Apr 26, 2017

Followers-only post federation (tootsuite#2111)
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers

* Authorized followers controller, stub for bulk action

* Soft block in the background

* Add simple test for new controller

* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style

* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account

seefood added a commit to Toootim/mastodon that referenced this pull request Apr 28, 2017

Followers-only post federation (tootsuite#2111)
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers

* Authorized followers controller, stub for bulk action

* Soft block in the background

* Add simple test for new controller

* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style

* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account

y0t4 added a commit to y0t4/mastodon that referenced this pull request Apr 29, 2017

Followers-only post federation (tootsuite#2111)
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers

* Authorized followers controller, stub for bulk action

* Soft block in the background

* Add simple test for new controller

* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style

* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
@dunn

This comment has been minimized.

Contributor

dunn commented May 1, 2017

Are any of the proposed mitigations from https://marrus-sh.github.io/mastodon-info/everything-you-need-to-know-about-privacy-v1.3-020170427.html planned for future releases?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment