Mastodon: Prevent moderators from accessing private/direct toots that haven't been flagged
There have been much discussion recently about admins/moderators being able to read private/direct toots from the admin panels.
There are many issues with this feature, including:
- Moderators not knowing whether a toot is public/unlisted/private/direct (#6972)
- Moderators/admins seeing private/direct toots without opting in (if they should be able to access them at all, this should be an extra, conscious step)
- Moderators being able to access unflagged private/direct toot
This issue is about 3., which subsumes 2.
I think it is an issue that admins can access unflagged private/direct messages. Offending messages can be flagged by users even if they are private or direct, and even if the recipient is on a remote instance since last release.
This change has already been implemented on a few instances, by merging the following commit: https://github.com/Aldarone/mastodon/commit/2700d4744d12749c2ef3d3dd174c16fe330ccc4d
- [x] I searched or browsed the repo鈥檚 other issues to ensure this is not a duplicate.
- [ ] This bug happens on a tagged release and not on
master(If you're a user, don't worry about this).
ThibG
All 6 comments
Better check this one, there is a comment for a nicer implementation : https://github.com/Aldarone/mastodon/commit/1dce88cbdf2bdc6cc1d159a63a32d4b1f480b4c7
Aldarone
on 1 Apr 2018
Problem with this is, is that an admin can still access the database and read the messages.
ghost
on 1 Apr 2018
Sure, but the moderation team is usually significantly larger than the number of admins who have access to the database. It makes sense to prevent them from accessing private/direct toots.
Le 1 avril 2018 17:08:03 GMT+02:00, Jeroen notifications@github.com a 茅crit :
Problem with this is, is that a admin can still access the database and
read the messages.--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
https://github.com/tootsuite/mastodon/issues/6986#issuecomment-377793087
--
Envoy茅 de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma bri猫vet茅.
ThibG
on 1 Apr 2018
Yes that's true for larger instances, but medium or small instances mostly have only one admin/moderator. On the other hand it will be easier to give people moderator access, because those mods can't see everything.
ghost
on 1 Apr 2018
There are the instance on masto.host and mastodon.net where the admins are not even the sysadmins.
Aldarone
on 1 Apr 2018
Problem with this is, is that an admin can still access the database and read the messages.
That doesn't mean we shouldn't make it harder for admins to read private communications without good reason, though, right?
It's like saying we shouldn't have privacy settings for toots because people will still take screenshots and repost them, or deletes don't need to federate because there will be instances that are deliberately modified to ignore the delete requests and keep everything for nefarious purposes. I've seen both of these arguments made earnestly, but putting extra layers between intrusive people and the content they shouldn't be looking at is a worthwhile thing, I think.
Cassolotl
on 1 Apr 2018
Related issues
renatolond
路
3Comments
selfagency
路
3Comments
cwebber
路
3Comments
hugogameiro
路
3Comments
svetlik
路
3Comments
Most helpful comment
That doesn't mean we shouldn't make it harder for admins to read private communications without good reason, though, right?
It's like saying we shouldn't have privacy settings for toots because people will still take screenshots and repost them, or deletes don't need to federate because there will be instances that are deliberately modified to ignore the delete requests and keep everything for nefarious purposes. I've seen both of these arguments made earnestly, but putting extra layers between intrusive people and the content they shouldn't be looking at is a worthwhile thing, I think.