Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
There’s no such thing. They are mutually exclusive. Take queer folk for example. We need privacy to be able to talk about our experiences without outing ourselves to the world. It’s especially important for queer kids, and folk that are still in the closet. If they don’t have privacy, they can’t be part of the community, because they open themselves to recognition and harassment in offline spaces.
With privacy, they can exist in those spaces. It won’t stop a dedicated harasser, but it provides a barrier and stops casual outing.
An “open network” where everyone can see everything, puts the onus on the minority person. Drive by harassers exist in greater numbers than a vulnerable person can cope with, and when their content is a simple search and a throw away account away from abuse, it means the vulnerable person won’t be there. Blocking them after the fact means nothing.
But isn’t this already the case?
You make a good point about people still in the closet. That’s an excellent use case for privacy. But I still believe that’s a different issue. And I’m fact this is my great concern: people think they have privacy when they dont so they say things that out themselves (as any kind of minority) accidentally, because they mistakenly relied on the network privacy.
You’re right though, it’s not all-or-nothing, but I do think these are two separate problems that can and maybe should have different solutions.
The type of drive-by harassment you describe is by online randos, not in-person. For those situations, is it not enough that you remain oblivious to the attempted harassment? If a bigot harasses in a forest and nobody is around to hear it, did they really harass?
The problem is, there are plenty of other people around to hear it. Everyone else except the harassed person can see it, and on top of that, the fact that harassment is trivial to do, and not policed, ensures that more harassers will come along. Each one having to be blocked one by one by the people they’re harassing, after the harassment has already taken place.
As I said earlier, this is how twitter does things, and there is a reason that vulnerable folk don’t use twitter anymore.
No, it isn’t, because right now, local only posting, follower only posting, authorised fetch, admin level instance blocks etc, all combine to make it non trivial for harassers. If you’re familiar with the “swiss cheese defence model”, that’s basically what we have here. Every single one of those things can be worked around, especially by someone dedicated to harassing folk, but the casual trolls and bigots, they won’t get through all of them. The more imperfect security, anti harassment and privacy options we have, the harder it is for casual bigots.