Morning all. Quite a day yesterday, and today so far. I’m obviously taking a beating from everyone who thinks the Bluesky bridge should be opt in. OK.
I want to run one idea by you all. The way the bridge is currently designed, no fediverse profiles or other content are proactively bridged into Bluesky. If someone on Bluesky wants to see or follow someone on the fediverse, they have to manually request it on the bridge. That fediverse user’s posts are then only bridged going forward, and only if someone follows them.
What if, the first time someone on Bluesky requests to follow someone on the fediverse via the bridge, the fediverse user gets prompted, “X from Bluesky wants to follow you. Are you ok with connecting with Bluesky?”, maybe via DM. I assume that would still be considered opt in?
Realistically, most people in the fediverse will never hear about the bridge. Traditional opt in and opt out both generally expect people to proactively find a setting or take some action, often one that only a tiny fraction of people ever learn about. I don’t really care how many people discover or use the bridge, but this kind of just-in-time prompt, only shown when someone wants to follow or interact with them, feels like a useful improvement in that it puts the decision in front of them directly.
Thanks to @kio for the idea. It seems promising; I’m now planning to try it out well before launch. Let me know if you don’t like it.
@snarfed.org I could live with this but it seems unnecessarily obtuse. We don’t expect new Mastodon instances to do this and I don’t understand why your bridge would need to. If people want to pre-approve followers there’s already a setting for that (which it sounds like you’d support in your bridge anyway).
@snarfed.org How do you deal with boosts? If someone on Bluesky views a Mastodon profile, would the snapshot of posts served to them get indexed by the PDS?
@snarfed.org sounds like a great consent check 👍
@snarfed.org@fed.brid.gy @kio@kitsunes.club I think that would be a perfect solution.
We’re currently thinking through some of the details here, feel free to follow along if you’re interested.
@snarfed.org Hell yes! As the admin of an art instance hosted in Germany, I welcome the opportunity for my members to reconnect with their former mutuals who set up camp on BlueSky in favor of Mastodon, so I would love for this to work out. Your suggestion of an opt-in via notification is great, and definitely something that would let me sleep more soundly at night as an admin, knowing it’s in the best interest of my members. Thank you so much for reconsidering, I’m excited!
@snarfed.org Prepare for people telling you that you need consent to contact them! Honestly, thanks for trying your best, but after what I saw in the discussions on search and reposts, some (very vocal) people on here just can’t be satisfied…
@snarfed.org man, you have the patience of a saint 🫂
@snarfed.org @fediversereport Sounds fine to me. How would this work with custom feeds on Bluesky that pull content from outside a person’s follows? Like, you can have feeds that pull from the entire network. Would that include the fediverse in any way when this bridge is active?
https://fed.brid.gy/r/https://snarfed.org/ @fediversereport Sounds fine to me. Actually too much, honestly, getting DMs would annoy me. I already get notifications when people follow me, that’s enough. If I wanted to pre-approve follows I would.
How would this work with custom feeds on Bluesky that pull content from outside a person’s follows? Like, you can have feeds that pull from the entire network. Would that include the fediverse in any way when this bridge is active?
https://fed.brid.gy/r/https://snarfed.org/ @fediversereport Sounds fine to me. Actually too much, honestly, getting DMs would annoy me. I already get notifications when people follow me, that’s enough. If I wanted to pre-approve follows I would.
How would this work with custom feeds on Bluesky that pull content from outside a person’s follows? Like, you can have feeds that pull from the entire network. Would that include the fediverse in any way when this bridge is active?
@snarfed.org
whatever you decide is fine by me. rock on.
@snarfed.org@fed.brid.gy @kio@kitsunes.club in that DM, consider letting them know the implications.
“if you react to this message, you are consenting for your data to be processed by bridgy-fed. you can revoke this consent by…”
@snarfed.org You mean once? The bridge has never interacted with you before, any request initiates it, you say “Yes, I would like to interact with Bluesky,” and then that’s it? That seems like an ingenious solution.
@snarfed.org sounds better. Thanks for thinking about a solution that involves consent.
@snarfed.org i’m currently on a hometown server that’s based on mastodon. anytime anyone follows me, i manually allow or deny the follow, which could be coming from any activity pub, misskey, pleroma, honk, writeas, or wordpress, as far as i know.
could this new approach have the bridge behave as a spec compliant activity pub actor?
put another way, is every bluesky user being on one domain equivalent to a growing flagship mastodon.social? i think in practice, probably.
@snarfed.org First, i think your new suggestion is a decent idea. Accepting a follow over a bridge is different enough to a regular follow that it does deserve some kind of message informing the user.
I’ve said my piece elsewhere, but I doubt you saw it and I’ve had more time to formulate my thoughts anyway.
A very big issue here is protocol compliance. When a site federates over AP(activitypub), that site and its’ users have only agreed to share their content over the AP protocol. This comes with built in tools for very important things, such as choosing whether to opt in or out to federation by default, giving or withdrawing consent with allow and block lists, moderation tools, and more.
Personally, I’m not concerned with the simple possibility of using a bridge across protocols, as long as the protocol I intended to use works as I expect. But there are some technical questions that need answers before a bridge can be okay.
Can specific sites and users be blocked across the bridge, or does one have to block the bridge itself? If not, the AP method of withdrawing consent is being violated, and everyone will have to block the bridge. Similar concerns exist for reporting, editing, deleting, and so on.
I’m raising this concern because there seems to be a lot of confusion regarding what this bridge even entails. You yourself were suggesting putting a hashtag in the user profile to opt out, despite the existence of block lists.
If your bridge can’t work with the AP protocol, and this method is accepted, then every user must now fill their bio with hashtags to control every possible bridge a person could create. As an example, look at my profile, which I’ve been filling with tags to show how silly this looks. Even if this bothered nobody, it’s horrendously clunky and forces everyone to use their accounts in unintended ways.
The next issue is that this has to all be done again with bluesky’s protocol, or they might react poorly as well. Maybe this is simpler than I’ve made it sound, but I’ve seen no indication that it is.
As for whether everyone wants to block you for suggesting an opt out bridge, and how to navigate the legal issues of cross site cross TOS posting, that’s none of my concern nor expertise.
It looks like you’re at least putting some effort into not making a mess of things, so I wish you the best.
@snarfed.org I think that would work wonderfully.
Not sure which form the opt-in should take in practice though, UX-wise. Typing a reply manually would probably be too cumbersome.
Following a mentioned tool account on the bridge (@opt-in@…?) – which never posts except to confirm each consent change via DM – would be nice, easily reversible and only two taps here on fedi though. Would also allow anyone to opt-in proactively too, if it’s explained in the bio.
This tool account shouldn’t follow back! That would send posts to the bridge without a clear delegating follower, and I think it would be a good idea to avoid giving the impression of an anonymous follow.
If you do this, please use a separate consent account representing each remote network. I have friends on Bsky but I do NOT want people from Nostr in my mentions.
(Probably goes without saying, but please enforce a generous delay between any opt-in requests to the same account, and also require an opt-in before any mentions are bridged to someone. That would handily fix the largest cross-network contact issues. Please also put in a sensible rate limit for how many opt-in request one account can cause.)
Side-note, but if you reply to someone here on fedi without still @-mentioning them, they likely won’t get a notification. I noticed you did that with a reply to my first post earlier. I still saw it since I was already following you (so my instance received it), but I had to browse your profile to find it since it wasn’t in my mentions/notifications.
@snarfed.org
Native #openweb is “permissionless” this is how #ActivityPub works and why it works. If #bluesky is native to the #openweb it should bridge simply.
This is a “trust” vers “control issue and yes people are pushing #closedweb thinking and code as “common sense” we need to think this through better.
@snarfed.org you lucky bastard, I was just getting ready to write a long-ass Dan Talks About Consent post.
Yeah, a DM at point of entry, laying out the whole situation and its ramifications and giving simple “Yes please / no thank you / no thank you and go away forever” options would blunt my pitchfork considerably. I might even put it back in the shed. And stroke its tines while lovingly crooning “Next time, my pretty, next time.”
@snarfed.org i don’t care about the bluesky side of the bridge; i’m managing my mastodon server, not bluesky infrastructure.
from the fediverse side i would like to see explicit opt-in instead of opt-out heuristic based on parsing biography field, also support for AUTHORIZED_FETCH and proper handling of defederations and limiting the server.
a quick question: what happens when a bluesky user requests a follow of a mastodon account on an instance that limits (silences) your bridge instance?
@snarfed.org I’m sure this will get lost in all the anger, but thanks for tackling this problem, it’s a neat one and I appreciate the thought you’re putting into it
@snarfed.org … Or you could just make it opt-in.
@snarfed.org Hey, I was in the thread In GitHub and I would like to say that, while it is true that things got pretty heated, I think the concerns are valid. Online harassment is a very sensitive topic for some collectives here, and they will not mince any words or moderate tone to express frustration (nor I think they should, but that is my personal opinion).
Their anger is coming mostly from a place of concern and from the goal to protect the people they love. I’m sure it must be hard to be on the receiving end of this, but I hope you may be able to get the feedback and apply it to your project so it can be safer for them.
I don’t know if technology can address that concern fully, but we should try, at least.
@evanprodromou Ah, so bad you joined almost at the end, was super interested in discussing this with you
@snarfed.org So, you failed to listen to anything, and are sticking with opt-out, instead of opt-in.
Got it.
I’m blocking the entire domain, and any I learn you control.
@snarfed.org@snarfed.org @Kio instead of a DM, use an AP actor to send a follow request with the name “X from bluesky” and a disclaimer in the bio explaining the bluesky bridge. The acceptance of the follow request could be used as a confirmation indicator.
Please add a way to opt out of the DMs. My software already allows me to accept or not accept followers. Sending me a DM would be redundant.
@snarfed.org Just as it’s my choice whether to approve Fediverse followers individually, I’d like to be able to allow anyone on Bluesky to follow me without having to approve each one. I’m fine with the default being to ask, but I’d like to be able to let anyone follow me.
@snarfed.org depends. Will posts still be federated across? How will Bsky users find fedi users if the posts aren’t already being bridged?
@snarfed.org I like it :)
@snarfed.org That sucks to be punished for building something cool (and interoperability is always cool). Stay strong, and thanks for your work.
@snarfed.org@fed.brid.gy @kio@kitsunes.club Just a quick word to say hi and I hope you’re okay.
I’m really sorry for all the idiots who attacked you yesterday. Don’t listen to them, they’re not representative of the Fediverse.
@snarfed.org I think it’s a realistic compromise. It might be accompanied by both an opt in and an opt out options.
@snarfed.org
This seems conceptually sound. You’d probably want some granular controls in the reply “Never” for the people that want nothing to do with bluesky, “Never from this user” to refuse the person, “No” refuse request, & “Yes”. Never options are essential to prevent the bridge from being used to spam requests as a way of harassing someone. Rate limit needed too.
Also needs to fail closed. If DMs are blocked, or no reply is received, assume “Never” on.
@snarfed.org I was against the bridge when it was announced, but this sounds like a very reasonable approach.
@snarfed.org
Is the following what would happen for seeing replies to a post made by someone who opted in?
the bluesky user clicks on a post from the fediverse user to see the replies.
The bluesky users sees replies only from fediverse users who already opted in, and presumably a placeholder note for missing replies
opt-in requests are sent for all the replies where the user hadn’t made an opt-in / opt-out decision
Users can send a DM changing opt-in or opt-out any time they want to change their decision
You suggested that most people would never hear about the bridge. If looking at posts replies trigger opt-in queries, the active people in the fediverse would get opt-in requests pretty soon.
@agrinova
So richtig verstehe ich den Vorschlag nicht.
Für mich liest sich das so!
“Ich transportiere ohne zu fragen Fediverse-Beiträge nach Bluesky.
Die Verfasser*innen der Beiträge werden erst gefragt, wenn jemand von Bluesky ihnen folgen will.”
😤🤬
Sorry, aber was ist das anderes als ein reines Opt-Out?
@michaela
@Cameron @michaela “The way the bridge is currently designed, no fediverse profiles or other content are proactively bridged into Bluesky. If someone on Bluesky wants to see or follow someone on the fediverse, they have to manually request it on the bridge. That fediverse user’s posts are then only bridged going forward, and only if someone follows them.”
Dein erster Satz ist also falsch. Natürlich können öffentliche Beiträge im Fediversum von allen gelesen werden, auch von Leuten bei Bluesky.->
@snarfed.org Hi, I have a question, there is a special scenario. Let Berta be a Bluesky member. She wants to follow Marc who is on mastodon.social. Marc says “yes” and thus they can interact. But then Berta reads some posts by Tim who is on troet.cafe. His posts may be public (that means, anyone can read them.) But Berta wants to favor, share, and comment them. Is this possible without Tim’s consent, or has Tim to agree to this, or has Berta to follow Tim – requiring his consent?
@snarfed.org I’m in the camp with others that IMO if people want opt-in then shouldn’t they already have their profiles setup as requiring approval to be followed. I’m sorry but if your profile is public and open to be followed then just because we are talking about a bridge to some other platform with “different rules” is no different than another ActivityPub instance, or Mastodon instance for that matter, that also has different rules.
@snarfed.org FWIW I think the bridge is an awesome idea.
Forgive my ignorance though — doesn’t that 🔒 icon already mean that some users require permission to follow?
@snarfed.org
““X from Bluesky wants to follow you. Are you ok with connecting with Bluesky?”, maybe via DM”
I don’t accept DMs from –> people <– I don’t already Follow on the #Fediverse
So how is that supposed to even work?
Or are you still backing and filling frantically, as it pretty much seems, particularly on Github
#Bluesky #Bridgy
@ATcfi39xNv3Ow6QFrU.snarfed.org@snarfed.org I trust protocols, and there is no protocol where an acknowledged DM allows a follow from a completely random, remote service that I’m not familiar with. Furthermore, there’s no reason for anybody to trust you or your bridge that you’re doing it, doing it right, or continue to do it. This isn’t good enough, at all.
If somebody on Bluesky wants to follow me, there should be a brick wall in the way, you’re looking to build a paper wall that can be commented out. If there is no way to build a brick wall then this bridge is not meant to be.
@snarfed.org@fed.brid.gy @kio honestly…. that sounds like a fair balance.
With a way to “Accept All” perhaps so in future all are automaticly accepted to avoid popular accounts getting hammered with requests.
@snarfed.org its content on the web. People can read it in a web browser, without auth, so bridge-away! I look forward to connecting Bluesky to a wider meta-fediverse.
Now, if Mastodon admin tools such as blocking can be made to work, and I’d hope they can, then that would be good.
Nothing about the fediverse is opt-in right now though, other than a small minority of private servers. Let’s not screw up a good thing, open federation, because someone chooses to use different software!
@snarfed.org If Bluesky was, from a community perspective, it would maybe be fine. But it isn’t – Bluesky is known for the really toxic userbase. And that doesn’t go well on fedi.
(and, again, things like the GDPR NEED to be considered)
I am seeing less and less people complain about this. I think most of the people who cared blocked us already.