If you guys are scared of a fediverse server archiving your stuff, good... but understand that this behavior doesn't have to announce itself.
Those that do are little scary, those that don't... well, they're monitoring.
I'll let you decide for yourself... but just know that OSINT on the Fedi is a trivial task if one were to wish to undertake it.
yes it does.
at this point blocking it just isolates you further...
I'm not saying it's the wrong thing to do... that's between you and your admin... BUT as long as unauthenticated & unauthorized federation are a thing... it won't change.
I know that Huginn runs more or less natively inside of Docker. I don't know how scalable it is, though - you should be able to spin up and down job workers as you need to. Looking in huginn/docker/README.md, you can use the single-process containers for that purpose.
You're running your cluster on RasPis?
@sungo thanks! That makes a lot of sense. I guess I've done similar stuff in the past with scraping and filtering.
One of those projects is a scraper for Dutch supermarket discounts that allowed me to quickly check where of my usual supermarkets certain products were on discount, and which could notify me based on keywords. Stopped using/developing it when I moved to Norway as all supermarkets here seem to use PDF/Flash/app-based solutions, which made scraping too cumbersome.
@sungo @FiXato This. I use Huginn to pull and analyze data from hundreds of sources, aggregate and summarize what I need, prioritize findings based on an idiosyncratic scale, and send alerts when something happens.
I use TTRSS for longer-term monitoring. I access it only rarely these days.
I use Wallabag for making personal copies of stuff. Shaarli as a bookmark manager and as an online card catalogue. They also feed into YaCy as primary sources for depth-2 indexing runs as needed.
Zero authentication required. With a little correlation, an attacker can harvest direct links to responses and replies, and pull those also.
I mention it to bring up the point that needing an account is not needed at all (there is the perception going around that this is the case) (and a lot of folks don't know what RSS is).
I don't know how heavily logged the Mastodon timeline APIs are. I've never tried to set up an instance so I don't know how it acts.
@thegibson I tell all my clients “if you want real privacy, don’t use any social media at all. Non negotiable.
@thegibson I just learned yesterday that maybe the second person on the Web after Trump that I didn't particularly want to go out of my way to have reading me, has read me. Because Google indexes all of Mastodon.social. A fundamentalist Christian literal witch-finder who influenced a former Pope is now following me on Twitter.
Oh well. It was probably going to happen anyway, and I don't intend to be especially secretive. But it's sure a thing.
and not even really a professional.
@thegibson Yep, anyone can Google anything these days. Just ordinary random people with a lot of time on their hands and a divinely-appointed task to rid the world of evildoers.
@thegibson It can be stopped but it's non trivial...
@thegibson I take that back, it's nontrivial for mastodon, it's less problematic with other solutions that work with/like mastodon.
@thegibson This is a design flaw in AP (or rather in the current implementations), no?
@thegibson Ya mean fedichive.tk ;-)
@thegibson is there anyway to prevent this or
@thegibson don't want to troll or anything. But we all are, at this very moment, of our own free will, posting stuff publicly online.
If I didn't want this particular thought of mine accessible to complete strangers on the internet I wouldn't have published it here.
I'm no Mastodon expert, but I believe one could host an invite only instance disconnected from the fediverse, right? That would facilitate "safe" communication inside a controlled community. But that misses the point.
@TheGibson true, but that doesn't stop vulnerable users being understandably wary of a user who announces his intention to do exactly that just because he can.
Which I address in these posts. You must do what fits your threat profile. I am not arguing taking action.
Just know that that action is ultimately pretty ineffectual.
@TheGibson I agree on the technical level. The issue for me is that there are vulnerable users spread across instances who may not have understood the technical details around federation and who is able to access what. Telling them they shouldn't have posted sensitive information because AP never specified protection does nothing to solve their problem. That horse has probably already bolted. 1/?
@TheGibson then we have actors on the fediverse threatening to put vulnerable people in danger just because there's nothing technical stopping them. Again the onus is put on already vulnerable people to defend themselves from this, rather than dealing with the threatening behaviour. 2/2
A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.