Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limit the number of people that can be followed from one account #8807

Merged
merged 1 commit into from Oct 4, 2018

Conversation

@Gargron
Copy link
Member

commented Sep 27, 2018

Configurable hard limit of 7,500, and above that, configurable ratio of 1.1 * followers, controlled by:

  • MAX_FOLLOWS_THRESHOLD
  • MAX_FOLLOWS_RATIO

Fix #2311

Why? There is a type of spambot where the advertising is in display name and avatar, and not in the posts, and it tries to follow every account in the fediverse, because then it appears in people's notifications. There are other spambots, but there is no good reason for anyone to follow so many accounts, and following many accounts puts a lot of strain on the server.

Why not a rate limit? The "import follows" function would not be affected by the rate limit, therefore it wouldn't stop anything. In this patch, the "import follows" function cuts off at the limit.

@Gargron Gargron force-pushed the feature-limit-follows branch 2 times, most recently from 070fbde to c98b085 Sep 27, 2018

@nightpool

This comment has been minimized.

Copy link
Collaborator

commented Sep 27, 2018

so just to be clear, the limit is max(7500, 1.1*followers)?

if that's the case, then I think "soft limit" would be a better term then "hard limit" (which would tend to imply the OPPOSITE behavior)

Limit the number of people that can be followed from one account
Configurable soft limit of 7,500, and above that, configurable
ratio of 1.1 * followers, controlled by:

- MAX_FOLLOWS_THRESHOLD
- MAX_FOLLOWS_RATIO

Fix #2311

@Gargron Gargron force-pushed the feature-limit-follows branch from c98b085 to 4e58ead Sep 27, 2018

@m4sk1n

This comment has been minimized.

Copy link
Contributor

commented Sep 28, 2018

Still, somebody can just set up an instance without this limit…

@ThibG

This comment has been minimized.

Copy link
Collaborator

commented Sep 28, 2018

I'm not fundamentally opposed to this, but:

  • Importing will silently drop follows
  • This doesn't seem like a very effective measure overall, since remote accounts can bypass this, 7500 is pretty high anyway, and at worst the spammer will just use multiple accounts
@Gargron

This comment has been minimized.

Copy link
Member Author

commented Sep 28, 2018

@ThibG We can't process infinitely large CSV files either, and processing them synchronously to show the user an error message does not seem wise. Excluding imports from this limit is a bad idea too, since it's the easiest way for spambots to operate.

For the record, the 7,500 number is taken from Instagram, which has that limit. Twitter has a 5,000 limit.

@ThibG

This comment has been minimized.

Copy link
Collaborator

commented Sep 28, 2018

I guess I'm advocating for an asynchronous signaling of import issues.

@ykzts
ykzts approved these changes Oct 4, 2018

@Gargron Gargron merged commit a46ab86 into master Oct 4, 2018

11 checks passed

ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: check-i18n Your tests passed on CircleCI!
Details
ci/circleci: install Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.3 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.3 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: test-webui Your tests passed on CircleCI!
Details
codeclimate All good!
Details

@Gargron Gargron deleted the feature-limit-follows branch Oct 4, 2018

@ghost

This comment has been minimized.

Copy link

commented Oct 4, 2018

👎

@Angular-Angel

This comment has been minimized.

Copy link

commented Nov 7, 2018

I have run into this limit. Would it be possible to get some kind of a utility function to remove accounts that no longer exist from ones follows, or something? I don't actually feel like I follow that many people. Or at least, not that many people who are actually active. :/

@Angular-Angel

This comment has been minimized.

Copy link

commented Nov 14, 2018

I talked to my admin and they said they can;t change it cause they don't run the code directly, they do so through masto.host, and there's no admin control for this short of editing the code. Would it be possible to add a control to the admin board or something? This is seriously crippling my use of the network, I can't follow anyone new. :/

@nightpool

This comment has been minimized.

Copy link
Collaborator

commented Nov 14, 2018

@Angular-Angel That's a bug in masto.host, not mastodon. We're not affiliated in any way with masto.host, so if something isn't configurable, that's their fault.

@nightpool

This comment has been minimized.

Copy link
Collaborator

commented Nov 14, 2018

Try unfollowing some people who don't post regularly

@Angular-Angel

This comment has been minimized.

Copy link

commented Nov 15, 2018

But you could still add it as an admin board feature to make it more accessible, right? Or is it already an admin board feature and masto.host broke it or something? :/

As for unfollowing people manually, I'm lazy and was hoping for an easier way. Besides, think of all the poor unfortunate souls that find themselves in my position! Something must be done, I tell you! :V

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.