Mastodon: Federated Reports

This seems possibly open to abuse. Anonymized reports are safe for the one doing the reporting, but how would an instance have any guarantee that the reporter is being just? I would imagine that malicious users or instances would utilize this to perform a federated version of admin swatting.

Also, how is this implementable in a way that bad admins cannot find users who are reporting bad behavior while allowing that admins should be able to block specific instances or reporters? In my personal opinion, I am against anything that allows instances to anonymously harass other instances, and I'd expect a feature like this to give admins more grey noise to sift through. I would much rather appreciate an admin to contact me directly as an intermediary for an external reporter, as it would give more formality and more weight to the report for consideration.

I think this is a good idea, but due to the concerns mentioned above, federated reports should only be instance-to-instance. The way I would implement this, admins could "send" reports to other instances, and it would show up as a report from that instance's admin. This would be a manual action the admin undertakes after determining the validity of the report. Ideally it would also allow admins to communicate back and forth—for example, to clear up questions about the report.

This would make it much easier for admins of instances to cooperate and take action against malicious behavior.

I would be interested in implementing such a feature, however I'm very busy with end of term stuff for another few weeks. I have some ideas about how to implement it if people are interested.

I'm not sure I agree with the premise of this. Notifying a foreign admin might be a nice to have, but it doesn't affect you at all whether the foreign admin is notified or not. The local admin can block a foreign user from being seen or seeing content on your instance. That affects you, because it protects you and the users in your instance.

If a user on my instance was blocked because they were harassing somebody,
I absolutely would want to be notified and take action on it. I respect
that this may not be the same for all admins, but it is certainly the case
for many I talk to.
On Thu, Apr 20, 2017 at 5:48 PM Alex Gleason notifications@github.com
wrote:

I'm not sure I agree with the premise of this. Notifying a foreign admin
might be a nice to have, but it doesn't affect you at all whether the
foreign admin is notified or not. The local admin can block a foreign user
from being seen or seeing content on your instance. That affects you,
because it protects you and the users in your instance.

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/tootsuite/mastodon/issues/2176#issuecomment-295929453,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAORVwTcK3d6zgEEk7i-XpvAfgUC5GHvks5rx9KogaJpZM4NCUBq
.

The point of federating reports is allowing other admins to know of users on their instance breaching their code of conduct, which frankly just makes sense to me.

Seems like there are people worried about people abusing the system, and admins who want to know if a user on their instance is behaving badly.

So how about a setting? "Show me reports from other instances about users on my instance Y/N"

@nightpool in that case, why wouldn't the admin of the block-giving instance just contact you?

If the rapport is good between the two admins is good, I think a personalized "Hey friend, I have dealt with an issue and want to talk to you about it" would be more productive than an automated report, take the same amount of effort to perform, and would allow dev hours to be allocated elsewhere.

If the rapport between the two admins is bad, I guarantee you that the instance report would go into the cosmic papershredder. It is doubtful that a conversation would go better, but at least there is a chance.

@CatLover91 "why have reports at all" is not adding anything to this conversation about features. this feature of reporting would un-arguably be better if they federated. please do not derail the topic.

@hoodiek It is not un-arguable, I provided the other option that I think would perform better than a federated report. Federated reports are obviously an improvement over un-federated reports, but I am trying to demonstrate that admin-to-admin communication is better in all situations anyway.

Although, I am personally a bit hurt. I am not trying to derail anything, and I thought I was being helpful. If my opinion is wrong, I am sorry and I will leave this conversation.

If a personal message is better than an impersonal report, perhaps an option for an admin of the reporter's instance to add a personal message to the report before it gets federated might help? :)

@CatLover91 i do not mean to force you out of the conversation, i am merely stating that this is a discussion about the software side of things. it does not have to do with inter-admin communication, and a feature to allow admins to communicate is a decent idea, but a seperate issue. i'm sorry i hurt you.

@CatLover91

if I get a report and want to forward it on, currently I have to
1) look up what instance that user is from
2) look up/guess who the mods are
3) send one of them a private message
4) hope they see it

this has a lot of possible ways to fail! For one, most instances only list their main admin on /about/more—very few list their full mod team. Plus, I don't want to @ them for the same reason we have reports—because it's hard to keep track of, delegate, or refer back to. Thirdly, ideally I wouldn't have to divulge the personal name of who is forwarding the report—it would just be "from cybre.space moderation". (but, of course, visible to other admins of the same instance) This is not because of a bad relationship, but because it's good practice to have moderators speak with the full authority of the instance, or in-case a problem arises somewhere down the line.

furthermore, this isn't tracked with the rest of my reports/tickets, so it's easy to lose and forget to follow up on from my end. Ideally, a federated report interface would be a place where that conversation could be centralized and archived, so it could be referred to in the future.

Adding to what @nightpool said, there seems to be the expectation that admins police the behavior of their users toward remote users. If admins aren't receiving copies of abuse reports about their local users when a remote user uses the 'report abuse' link, this is an unreasonable expectation. Very often issues that seem gigantic to the people involved fly under the radar; it's not reasonable to assume an admin has an eye in the sky over every user interaction.

Right now, for an admin to receive a report about abuse on a remote server, it relies on:
-> A@server1 reporting B@server2 to admin@server1
-> Admin@server1 has to review that report and decide whether to take action and whether to involve admin@server2; if so
-> Admin@server1 then must go to server2/about/more and send an email with a copy of the abuse report to Admin@server2

(I think, for the privacy reasons discussed elsewhere, sending abuse reports via DM is not good practice. And even assuming Mastodon to Mastodon is reasonably private, a wrong click could blast that abuse report to the federated timelines of multiple servers, including non-Mastodon instances that don't necessarily comply with delete requests. So let's pretend no one is doing that. ;)

One problem with this, from the perspective of Admin@server2, is that if B@server2 is kind of a jerk, but only to people on other instances, and Admin@server1 and Admin@server3 and Admin@server5 have all gotten reports on B@server2, but in the vacuum, none of them have thought it was worth troubling Admin@server2 with (or worth the effort of forwarding the report) then Admin@server2 has no record of this history of the problematic interactions with this user.

Please see my issue #3885 that was a duplicate (couldn't find this one). It has probably some ideas that can be used.

I really like that this will be implemented, cause it can solve some of the issues we have between instance admins.

I think it is very valuable to consider further possible harassment issues with this feature.
So maybe offer both white-list and black-list of servers you'd be interested in getting reports from?

@mal0ki i'm down to talk about this more over chat (or voice chat), but I think making this admin-to-admin only would basically make harassment non-existent (so basically admins have the ability to "forward" local reports to the remote admin) without sacrificing usability.

@nightpool I rather will let users do it themselves, but admin only like you describe would also be an idea. We can also a make it like this:

• [ ] Would you like to send the administrator of this user's instance a copy?

Edit: so that means that users can only send remote rapports as a copy (cc). This will make sure the reporting user's instance admin will still be the #1 responsible and the remote instance admin will be aware of what's going on. The name of both admins will be in the rapport, to make it easy to send direct messages to each-other.

@jeroenpraat see the harassment concerns above. Unfortunately, I think it's very hard to make user -> remote admin a useful possibility. Either you a) make reports anonymous, in which case it's very easy for bad actors to spam lots of false reports, or b) you show the admin who is sending the report—which is a huge privacy concern. (pseudonymous is another possibility, but it's both very complicated (requiring ephemeral identities) and doesn't gain you much privacy, as it's still pretty easy to correlate reports)

But by making the report local admin -> remote admin, there's no privacy concerns, you don't draw reporters into protracted arguments (instead, your local admin is acting as your advocate), you allow instance admins to develop more of a rapport, etc. The benefits are huge.

@nightpool
Is it not better to make the reports not anonymous? So admins see who is making reports, so it's harder to abuse the function? But to avoid the latter, a remote admin should probably be able to block specific remote users from sending them copies of reports. We can also show the reporting user a privacy warning that their name will also be shown to the remote admin when they send a copy. I think this will actually decrease harassment and abuse, cause it can't be done anonymously. And to make sure people are not spamming admins right after they signed up with a pseudonym, we can demand e.g. at least 25 toots and 1 week activity before they can make reports at all.

@jeroenpraat You're not thinking of what happens when you report someone who's being abusive to an admin, only to find out that that admin agrees with them completely, and shows them a copy of your report. It's a huge risk that frankly noone who doesn't already know the other admin would take. (and if they knew the other admin well, then they could just use some other communication mechanism...)

anyway, federated reports needs to happen, and it should be admin -> admin only, so your local admin can act as your advocate and your point of contact for the wider fediverse.

@nightpool I don't see this is going to happen so fast, especially with the things I suggested in my previous comment. But anyhow, also admin to admin would be a huge advantage.

This is a good idea only if every instance of the whole fediverse have the exact same moderation rules.
But it's not the case, so it will only end up spamming or pressuring other admin into moderating content they might agree with for the instance who don't share your moderation rules.
Because if you keep getting report for a content you don't see any issue with, you might end up moderating it to get rid of the report spamming.

For example, some instance will find a toot with a sexist joke as needing moderation, but that's not the case for all instance of the whole fediverse. So reporting it to the other instance admin will just spamm him and pressure him (yes getting reports is a form of pressure) into moderating this toot he don't see any issue with.

I can understand that some might want this but you've got to make it an option and an opt in as some already said.

The reason people want to leave Twitter is the fact that they can't report things and have them taken seriously. Here it seems to be that you just can't report things period and that's a shame. I think a report flag and then you enter a reason why this is a violation. Then the admin can take action or give the good old "This doesn't violate our TOS."

@Maverynthia Have you used Mastodon? You can report things. That's exactly how it works. You report to your own admin though. This issue is about also sharing the report with the admin of the remote instance the content comes from.

This issue is still ongoing and needs to be addressed. Kitty.town is getting harassment from multiple instances because trolls sign up for open ones for the purpose of tooting harassment at her. Being able to report these people to the instance admins would help resolve the issue.

Please make this a priority issue because bad actors are currently right now abusing the fact that reports cant be sent to instance admins. You should have two options in a report, report to local admin or report to instance admin. The first one sends a report to the instance you are on, the second to the instance the person you are reporting is on. Just add an option in the admin control panel to turn on and off remote reports but have it on by default.

Edit: You can also limit federated reporting to instance admins only.