cross-posted from: https://quokk.au/c/fediverse/p/887450/piefed-flagship-instance-shadowbanning-instances-from-discoverability-other-questionable-upd
This morning while checking if Quokk.au's new instance logo was federated out, I discovered that overnight we had been shadowbanned from the PieFed.Social Instance Chooser (This is a tool to help spread out users across the platform and help avoid funnelling users into the largest.)
Knowing that Rimu was happy to explain, I just asked for some clarification as we were visible on every other PieFed instance except his.
Apparently for ' obvious reasons ', of which I can only assume is our left leaning anarchist/pro-trans stance we were chosen not be advertised on the PieFed flagship instance and first point of contact for many potential new users. Seeing as a large portion of our new users found us via this method, it will have a tangible effect on a small instance such as ours.
This was a pretty sad sight to see, and reflects the sort of petty drama that is emanating from the PieFed project lately. It's now the third such move to discredit and harm left leaning instances by PieFed's lead developer. This also shows a trend towards autocratic unilateral decision-making on Piefed.social, of which is starting to be run as a personal fiefdom without consulting the team or users.
I must commend Lemmy.ml for remaining neutral and not letting its own political leanings influence join-lemmy.org, while simultaneously condemn PieFed.social for this immature move that is harmful to the health of the Fediverse.
Following this exchange, Rimu announced a new update to PieFed allowing for some rather concerning things.
- Modlog: Reason for the action is only shown from trusted instances, so abusive mods won't have an audience. Admins can still see the reason though. Which instances are trusted is set in the admin UI.
This feature means problematic users can now go undetected, and will harm moderators ability to view their past moderation history. For example PieFed.social runs a 'trusted' list of only 34 instances, meaning any mod action taken by any of the hundreds of instances outside of this will not show up. So for example if Quokk.au was to ban a user for transphobia (our most common ban), this will not be reflected for piefed.social users potentially leading towards more hate speech on the Fediverse.
- Instance silencing similar to Mastodon. A silenced instance is not defederated from but their posts do not show in the Popular or All feeds and their communities are not shown in Starter packs aka Topics. Their communities can still be found in the communities list and joined in the normal way. Once joined, posts in there show up in the subscribed feed as usual.
This is another way to shadowban instances and not 'advertise' them. Surely if an instance is problematic enough that a defederation would be in order rather than this reddit-like move.
Speaking of the modlog. Rimu appears to again want to remove modlog functionality in the future. Again because only those in the know should apparently be able to see what actions are done
https://piefed.social/comment/11278899
However, you don't explain why. The extract you shared was the last part of Rimu's comment :
This person asked us, admins to remove it. Imagine that was your full name and address. We delete it and it appears in the modlog.
We can face legal issues if we aren't able to delete person real name.
Yes it was related to the ban for zionism. However that's just the tip of the iceberg....imagine a new spam bot, how will you handle it if it write in the modlog ?
I enjoy the modlog transparency. My mod action is transparent, everyone can see what we do. However there is some downside. Admins struggled to remove that person real name, that wasn't an easy task.
So there is pro and cons about the modlog. Until now, it served its purpose and allowed users to defend themselve against mod & admin abuse. However we shouldn't ignore the point above.
As for myself, i don't know what is the correct answer.
The solution isn't simple. 😔
Edit: typo
This has been an extremely obvious flaw in the modlog concept from the very start, and has been discussed on and off for years. IMO, it exposes a much wider issue with federated forums as currently implemented, despite the aggressive defense of some vague concept of "openness."
Blindly casting every user and mod action out into the universe in plaintext with no recall mechanism is problematic, and it will only get more problematic as the technical prowess of the average user drops. Doxxing is just the tip of the iceberg here, and I don't think most people appreciate just how massive the social engineering attack surface actually is. Rogue instances could silently build engagement profiles on users, and then actually serve them targeted malicious content. This could be widespread, and almost impossible to detect.
I agree with your point but would nuance it. Some part are flawed but we also saw the good side of the modlog openess, let's not forget thay.
Otherwise the community yptb wouldn't exist, we wouldn't able to juge our action, user wouldn't be able to choose their own instance and that's terrible.
We already have lot power : seeing vote, ban, delete...and for me, the modlog counter-balance our tools. So i hope we can find something in the middle ground. :)
On mod tools, i think we need to developp other tool than than ban and delete, they are very aggresive. I hope we will see new tools that will change the way we take action.
There already is an option to purge content though? Extend that as an individual admin action for individual comments? "Hiding" a modlog action doesn't make the data disappear (which makes it not GDPR compliant!), purging does. It also creates a modlog entry, "purged" that doesn't reveal the data but the action. Creating accountability that content was purged with the possibility to enter why. If the concern actually was the gdpr incident the other day (which didn't include an address dunno where that came from) the dev solution would have been to purge content have that federate, not "hide the mod entry". I don't believe that excuse at all.
I left out the context as it's literally an excuse to again limit the modlog.
The solution isn't to make it more closed off
I don't see that way. It was very difficult for admins to remove doxxing info from the modlog.
@unruffled@anarchist.nexus wanted to remove doxxing info from an user.
Our admins, together, did their best to remove the doxing info from the modlog because it federate accross the fediverse.
Given how serious the issue was, most admins expressed the idea to have an option to remove it from the modlog.
So, it wasn't only Rimu idea. Rimu is also a dev, so he decided to tackle on this issue.
The last one were Rimu was banned for zionism in a community. A false statement, He was so furious about this misinformation. Although admins from the FAF reverted the ban, the mod & modlog remained.
But, right now, what worry me the most isn't thing as "rule 2" "zionism" "rude" "bot"...but a bot that spam content throught mod action.
Yes, defederating would partially solve it, but the spam would remain...
So how i see, yes the update was the direct result of this conflict between those two instances. But this conflict wasn't the only reason, it also revealed some issues from the modlog.
Until now we used yptb, it was used to reveal mods & admins bad behaviour, Rimu benefited from it. However, we were lucky someone hasn't exploited the modlog yet.
For me, it would be a mistake to ignore it. And yes, hidding modlog from most people also raise issue for me because that's the keypart in self-managed organization and that a key part in limiting our power.
So i don't know what would be the best solution. I purposed to piefed dev a "right to answer" in the modlog few week ago in our zulip chat and maybe matrix.