Mastodon: Activitypub interop: private posts are not delivered in mastodon if receiver is not mentioned

i mentioned this when preparing the impl report but unfortunately didn't have bandwidth to fix it at the time, so it got dropped. https://github.com/tootsuite/mastodon/issues/5631#issuecomment-343041015

should be a pretty easy change if someone wants to take and fix, we can just change it so that mentions are a necessary but not sufficient condition and we will be within spec.

we can just change it so that mentions are a necessary but not sufficient condition and we will be within spec.

Does that imply that messages still won't be delivered when addressed in "to" but not mentioned?

yes, because Mastodon's UX has no other way of exposing an "intended
audience" to the user, so it would be very confusing (and a possible spam
vector) if you were notified for a post that apparently had nothing to do
with you.

considering the scope of mastodon as a microblogging application, adding
the additional complex UX for arbitrary audience values is probably not a
desired feature

On Mon, May 7, 2018, 3:47 PM git-marijus notifications@github.com wrote:

we can just change it so that mentions are a necessary but not sufficient
condition and we will be within spec.

Does that imply that messages still won't be delivered when addressed in
"to" but not mentioned?

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/tootsuite/mastodon/issues/7394#issuecomment-387181363,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAORV7BAjCjgRCa-Zfo0EIfFmwkK9FHTks5twKTfgaJpZM4T0fnr
.

so it would be very confusing (and a possible spam vector) if you were notified for a post that apparently had nothing to do with you

That makes it impossible to share a private message with a subset of followers where one of them should be mentioned. One would have to mention (notify) all of them.

Delivering to "to" and notify the one who is mentioned would be considered less spam i guess. Mastodon could still use mentions for private messages and add the mentions to "to". That would not change anything regarding UX for mastodon but would make interoperability with projects which have a more complex privacy model smoother.

Mastodon could still use mentions for private messages and add the mentions to "to". That would not change anything regarding UX for mastodon but would make interoperability with projects which have a more complex privacy model smoother.

This is our current behavior, as far as I know. Do you have an example otherwise?

Hmm, unless i'm misunderstanding your proposal..... Are you saying mastodon should do that for posts it originates? or posts it receives?

For posts it receives. Sorry if the title and toplevel post are not clear...

Mastodon could still use mentions for private messages and add the mentions to "to".

So you're saying if we receive a DM with mentions but no activitypub addressing that includes that person, we should pretend as if they were addressed? How would that help interoperability?

Wouldn't the interoperable thing to do be the other way around? create and inject mentions into the status for addresses that are included in activitypub but not mentioned explicitly?

There's maybe something to be said for that approach, but it would be pretty hard to do well.....

So you're saying if we receive a DM with mentions but no activitypub addressing that includes that person, we should pretend as if they were addressed?

No. That is not what i am saying.

Let me explain the current behaviour i am seeing in detail:
If i send a note with (i think this scenario is not possible in mastodon)

   "to":[
      "https://mastodon.at/users/motesting"
    ]

motesting will not see this note at all.

If i send a note with

    "to":[
      "https://mastodon.at/users/motesting"
    ],
    "tag":[
      {
        "type":"Mention",
        "href":"https://mastodon.at/users/motesting",
        "name":"@[email protected]"
      }
    ]

motesting will receive the note and gets a notification for it.

If i send a note with (please note the missing "to" attribute)

    "tag":[
      {
        "type":"Mention",
        "href":"https://mastodon.at/users/motesting",
        "name":"@[email protected]"
      }
    ]

motesting will receive the note but not be notified.

What i would expect is a slightly different handling (basically the other way around):

• If motesting is in "to": let him see the note in home
• If motesting is in "to" and mentioned: let him see the note and also create a notification

There are two issues with that proposal:

• People mentioned but not in the audience will be able to see the object, which may not be expected by the sender
• This may cause toots to appear in user's timelines without them knowing why (this could easily be fixed by only inserting messages from followed people, though, meaning that if you are in the audience but not mentioned or following the author, you will still be able to view the message if you look for it, but you won't be made aware of its existence in any way)

Either way, this would require some in-depth changes to Mastodon, since it does not stores the audience, only mentions and privacy setting (which is a very rough approximation of the audience).

As I outlined above, requiring both to and mention is the only quick fix that's really possible for mastodon. Like I said, allowing users to see a private post where they're not mentioned (and isn't addressed to followers) presents both severe UX and technical hurdles for mastodon.

Understood this is difficult for Mastodon to implement, but please understand that this is basic ActivityPub communication as described in https://w3c.github.io/activitypub, see specifically EXAMPLE2, EXAMPLE3, EXAMPLE4, and EXAMPLE5 - none of which will be delivered in a Mastodon-based network (they will be silently dropped). Other projects are left with two unworkable choices. The mention hack doesn't scale and leaks privacy metadata and users will rebel (they are doing so already). Implementing the spec correctly is the ideal option but as a side effect private messages won't federate to Mastodon. Given those choices we will probably be forced to go with the second. Does anybody have a better way?

and users will rebel (they are doing so already)

can you link to what conversations you mean? I would be interested to read actual user feedback in this area

https://zotadel.net/channel/support/?f=&mid=9ea6f4ca43b308c3fa63cddc7aa32e91fa0063343dc2e07c27042e7cc8b5a68d@zotadel.net

https://grindcore.ch/channel/navigium/?f=&mid=e54312ae5ad9d808d4b9aef21da6daf5981caffa78c894ee57be3d2bbdb0f413@grindcore.ch

Please note that Hubzilla makes extensive use of ACLs. It's part of that project's basic privacy framework. Probably half of the network traffic involves lists of private recipients of varying lengths. Ditto with Diaspora.

How does Mastodon intend to support privacy groups? I remember this being on the roadmap some time ago.

@redmatrix not sure what's up but the first time I click those links they take me to the channel home due to a messed up URL (some rewriting going on), then the second time it works fine.

Okay, I see a couple things going on here:

1. The first user you mention didn't even seem to know that they were using an ACL group—they thougt they were sending the message to a single person.

2. Mastodon notifies every user in every DM message—this might not be the right move, and it doesn't respect the difference between to/cc addressing. it causes things to be more spammy then they should be.

3. when you go to reply to a DM, mastodon includes every user in the audience in that reply. While this is strictly correct behavior—it allows mastodon users to preserve the same audience that the original post had—it can also be somewhat confusing for other usecases.

4. The second one seems to imply that some mastodon users shouldn't know about who was all able to see the post. Is this true? If so, that's a hubzilla bug, since you shouldn't be sending a mastodon server a broader audience then it's possible for it to know about. (see also using bto and bcc to implement private addressing)

I can see a couple ways to fix item 2 & 3, but the first and the fourth seem harder.

My only motivation here is to vote for this issue and provide clear reasoning (basic spec compliance). I'm recommending that Hubzilla go with my second option, which is to implement private ActivityPub messages as per the specification (sans mentions); and consider Mastodon's failure to deliver as an implementation bug. The various project developers can implement workarounds if they can find something acceptable.

There's some UX mismatch between Mastodon and Hubzilla here, I've received a few of such private-audience posts, and the problem isn't just that replying to it puts every mention into the textarea, it's that the post appears as a DM in my notifications (and like, strictly speaking it's correct that it's a DM, in terms of not letting other people see it), but the problem is that it's not actually addressed to me, as in concerning me personally or replying to me, it's someone's broadcast.

yeah that's what I meant by item 2 basically.

I don't really see a way to solve that UX mismatch. The thing is, the person who broadcast to me with a private audience wasn't even someone I followed, so it's not like it could be put into my home timeline. In fact, it's a little bit strange that someone can address things to me in a broadcast when I am not following them.

This appears to be fixed with #8950
Thanks!