Mastodon: Allow people to reject all DMs from people they don't follow
I have noticed that a lot of harassment on mastodon happens in DMs. This protects the harassers because most of the protections against harassment are social and a common tactic is to send harassing messages over DM where they can't be seen by most people and then pretend that the target of the harassment is being unreasonable when they publicly react because other people can't see the cause.
I think that a setting to allow accounts to not receive DMs from at least people that the account doesn't follow would go a long way to helping this sort of harassment. If it could be set up so you can have multiple levels like blocking all DMs, only allowing DMs from your followers or only allowing DMs from people you follow that would be better. I think that at least the last one is necessary to help prevent harassment.
- [x] I searched or browsed the repo’s other issues to ensure this is not a duplicate.
- [ ] This bug happens on a tagged release and not on
master(If you're a user, don't worry about this).
inmysocks
All 12 comments
+1
Of course Mastodon DMs aren't really like Twitter or Facebook private chat type DMs at all; they're just a normal post with more limited permissions, and the design focus in creating a post is on giving the poster control over who that post is available to.
In preferences, there _is_ the option to limit notifications to only show those from people you follow / who follow you. But of course that applies to all notifications, about both public viewable / mentioned only posts. I can see a use for allowing separate visibility settings for notifications, depending on the visibility setting of the post the user is being notified about.
TBH I think the Mastodon DM system needs a rethink entirely. It's already not compatible with other Ostatus implementations, and I guess 2.0 doesn't even send private-scoped messages to non-Mastodon platforms anymore? If private message compatibility with other Ostatus implementations is no longer a consideration, then something like packaging Mastodon with an xmpp server that's already solved private messaging, and integrating it into the UI, becomes a viable option.
fsnk
on 12 Oct 2017
Some point to stimulate discussion:
The list of accounts that are followed make a decent defacto whitelist, but there could be a better one. Someone could hate follow, wanting to see what is said in public but not wanting them to be able to send direct messages. An instance admin might want messages from their users, but not want to follow them.
When it comes to stopping people from abusing a system, blacklists don't work. See also: XSS, where the naive approach is to block
As I said, DMs not being publicly viewable by anyone else puts them in a special place in terms of harassment vectors, this is almost completely independent of the normally notifications settings. People are willing to do a lot more in DMs than they are in places that are visible to others.
inmysocks
on 18 Oct 2017
Okay, fair warning, I'm not familiar with this coding environment, but I think I'm able to clone most of this from work that's already been done. I just don't have a test environment I can use to verify if this works. :D
In mastodon-master/app/controllers/settings/notifications_controller.rb change line 29 to the following:
interactions: %i(must_be_follower must_be_following must_be_following_dm)
In mastodon-master/app/controllers/settings/preferences_controller.rb change line 47 to the following:
interactions: %i(must_be_follower must_be_following must_be_following_dm)
In mastodon-master/config/settings.yml add after line 38:
must_be_following_dm: false
In mastodon-master/config/locales/simple_form.en.yml add after line 56:
must_be_following_dm: Block only direct messages from people you don't follow
In mastodon-master/app/views/settings/notifications/show.html.haml add after line 22:
= ff.input :must_be_following_dm, as: :boolean, wrapper: :with_label
In mastodon-master/app/services/notify_service.rb change line 4 to the following:
def call(recipient, activity, status)
Add after line 7:
@visibility = status.visibility
Add after line 48:
blocked ||= (@recipient.user.settings.interactions['must_be_following_dm'] && [email protected]?(@notification.from_account) && @visibility['direct']) # Options
RobertRence
on 18 Oct 2017
I would also suggest something like "reject media in DMs from people you don't follow" like I don't personally mind being DM'd by randos except I do when they send me unsolicited dickpics or gore (it has happened!)
But yes this is an important vector of abuse that should be address
yiskah
on 19 Oct 2017
linking this #5503
wxcafe
on 23 Oct 2017
I closed out the review for now as there as some problems. I'll be submitting another one here once I get it fixed up and resubmit when it's ready.
vahnj
on 23 Oct 2017
(Oops sorry about the close)
vahnj
on 23 Oct 2017
OK, I've resubmitted the PR with proper Ruby style and some testing. #5511
vahnj
on 23 Oct 2017
Related issues
alex73630
·
56Comments
nclm
·
187Comments
Gargron
·
121Comments
mdik
·
46Comments
miguelpeixe
·
61Comments
Most helpful comment
I would also suggest something like "reject media in DMs from people you don't follow" like I don't personally mind being DM'd by randos except I do when they send me unsolicited dickpics or gore (it has happened!)
But yes this is an important vector of abuse that should be address