- User safety. The user knows that a troll server is subscribed to the relay, or it's an open registration relay, and a troll server *could* subscribe. They want to make sure their content doesn't go out to instances dedicated to harassment.
- User control. They just want to know they can turn the tap on and off if they need to.

@Brendan Jones

in reply to Evan Prodromou

Evan Prodromou

in reply to Evan Prodromou yesterday, 3:42 PM

@Brendanjones

- Scoping. They think they can handle responses from some limited "public" audience, but not from a wider one supported by the relay.

@Brendan Jones

in reply to Evan Prodromou

Evan Prodromou

in reply to Evan Prodromou yesterday, 3:44 PM

@Brendanjones There are lots of other ways to do this better, by the way: followers-only posts, quiet public posts. But a lot of people want to post with the Public flag locked high, and still decide who can and cannot read their stuff.

@Brendan Jones

in reply to Evan Prodromou

Brendan Jones

in reply to Evan Prodromou yesterday, 4:10 PM

I didn’t vote because I didn’t feel I had an informed answer. But now I’ve read the reasons you added post-poll, I’m not sure I see a meaningful difference between a relay and a server in this instance. If a troll finds my post through a relay, I can still block them and their server, right?

If that’s the case, my vote would be ‘no’.

in reply to Brendan Jones

Evan Prodromou

in reply to Brendan Jones yesterday, 4:13 PM

so, the answer to your question is usually no. If your server uses a relay, and their server uses the same relay, your content will keep going to their server, regardless of your blocks. Here, "opt out" means "having any control over what goes to that server."

This entry was edited (yesterday, 4:14 PM)

in reply to Evan Prodromou

Brendan Jones

in reply to Evan Prodromou yesterday, 4:19 PM

This sounds like a problem with the Fedi block model, or of relays not respecting the block model. Good Fedi servers should respect blocks, and I’d include relays as servers there (even if they’re not technically servers). Bad servers get defederated, and the same should happen to relays.

This entry was edited (yesterday, 4:19 PM)

in reply to Evan Prodromou

Tim Bray 🇨🇦

in reply to Evan Prodromou Thursday, June 4, 2026, 8:47 PM

We currently say nothing about how far a post might travel, because the nature of the federation protocol means it's an insanely complex. People should really assume that anything they post will be, in effect, public. The degree to which running a relay changes that would require a thousand-word essay which would probably have to omit some of the finer points.

in reply to Tim Bray 🇨🇦

Tim Bray 🇨🇦

in reply to Tim Bray 🇨🇦 Thursday, June 4, 2026, 8:47 PM

(In case it's not obvious, I'm a "no")

in reply to Evan Prodromou

M. Grégoire

in reply to Evan Prodromou Thursday, June 4, 2026, 8:48 PM

No, but the server should indicate its policy about sharing content. That way if a person doesn't want to share, she can look for a server more to her liking.

in reply to Evan Prodromou

Mark Andrew

in reply to Evan Prodromou Thursday, June 4, 2026, 8:46 PM

Yes, of course they should be able to opt out, but doing so is silly.

in reply to Evan Prodromou

modulux

in reply to Evan Prodromou Friday, June 5, 2026, 12:53 AM

Yes, but making it technically meaningful given the limitations of the protocol is difficult. However, if people want their posts to be limited to the sort of organic travel they can envision having them, it should be possible for users to make this known, and for good actors to respect this.

in reply to Evan Prodromou

Justin Fitzsimmons

in reply to Evan Prodromou Friday, June 5, 2026, 1:22 AM

If you don't want to share, don't post.

You can't post a letter on a public bulletin board and then get upset if a lot of people read it.

There are plenty of communication methods that allow you to control the audience with a great degree of specificity and privacy; use one of those instead.

in reply to Evan Prodromou

flo

in reply to Evan Prodromou Friday, June 5, 2026, 1:32 AM (Received Friday, June 5, 2026, 1:47 AM)

cc @crossgolf_rebel

@crossgolf_rebel - kostenlose Kwalitätsposts

in reply to flo

crossgolf_rebel - kostenlose Kwalitätsposts

in reply to flo Friday, June 5, 2026, 5:28 AM (Received Friday, June 5, 2026, 6:11 AM)

done

@evan@cosocial.ca definitely no

@Evan Prodromou

in reply to crossgolf_rebel - kostenlose Kwalitätsposts

Evan Prodromou

in reply to crossgolf_rebel - kostenlose Kwalitätsposts Friday, June 5, 2026, 11:33 AM

@crossgolf_rebel @fasnix that's strong! Why not?

@crossgolf_rebel - kostenlose Kwalitätsposts @flo

in reply to Evan Prodromou

crossgolf_rebel - kostenlose Kwalitätsposts

in reply to Evan Prodromou Friday, June 5, 2026, 1:39 PM (Received Friday, June 5, 2026, 1:59 PM)

For example

If I’m interested in horses, I might subscribe to that.
But if the creator thinks they can ‘treat’ me to their second favourite topic – spiders – without asking, that’s going too far.

You shouldn’t assume that everyone is just as interested in the topic as you are.
In our culture, that’s intrusive and is considered spamming.

For me, that would be a reason to unsubscribe from the newsletter and block the address

@fasnix@fe.disroot.org

@flo

in reply to crossgolf_rebel - kostenlose Kwalitätsposts

Evan Prodromou

in reply to crossgolf_rebel - kostenlose Kwalitätsposts Friday, June 5, 2026, 1:59 PM

@crossgolf_rebel @fasnix I don't understand the analogy.

If you've got an account on a server, and the server admin signs up for a relay from relaylist.com/ like relay.toot.io, for example, should you as a user be able to keep your content from going to relay.toot.io?

It sounds like you think people should have that level of control, but you answered "definitely no", which is surprising.

Relay List - Connecting the Fediverse

A regularly updated list of relays for use with Mastodon, Misskey, Pleroma and other ActivityPub servers.

^{relaylist.com}

@crossgolf_rebel - kostenlose Kwalitätsposts @flo

in reply to Evan Prodromou

flo

in reply to Evan Prodromou Friday, June 5, 2026, 2:19 PM (Received Friday, June 5, 2026, 3:08 PM)

I suppose @crossgolf_rebel mixed up "yes" and "no".

My vote is that yes, a user should je able to opt-out under any circumstances.

That's what crossgolf wanted to express as well.

@crossgolf_rebel - kostenlose Kwalitätsposts

in reply to flo

Evan Prodromou

in reply to flo Friday, June 5, 2026, 3:07 PM

@fasnix @crossgolf_rebel OK. I had a different poll about mailing lists earlier this week that seems a lot more like what they are talking about.

cosocial.ca/@evan/116683278812…

Evan Prodromou

2026-06-03 00:12:18

Is it ok for the founder of a project that had you on its mailing list to add you to the mailing list of their next project?
#EvanPoll #poll

@crossgolf_rebel - kostenlose Kwalitätsposts @flo

in reply to Evan Prodromou

crossgolf_rebel - kostenlose Kwalitätsposts

in reply to Evan Prodromou Friday, June 5, 2026, 8:59 PM (Received yesterday, 12:41 AM)

It’s my mistake.
I mixed up your two threads – sorry.
My ‘no’ refers to the mailing list.

In this vote, my question is more about what kind of relay servers we’re talking about. I don’t see tags.pub as a relay server.

I’m more in favour of: all rights to the users

in reply to crossgolf_rebel - kostenlose Kwalitätsposts

Evan Prodromou

in reply to crossgolf_rebel - kostenlose Kwalitätsposts yesterday, 12:40 AM

I wasn't asking about tags.pub.

Most relays don't have a way to opt out. Is that OK?

I agree: users should have the right to opt out of services that their administrator configured.

This entry was edited (yesterday, 12:44 AM)

in reply to Evan Prodromou

Philip Mallegol-Hansen

in reply to Evan Prodromou Friday, June 5, 2026, 3:05 AM

Should? No. But I hope AP Server implementations that support it win in the marketplace.

in reply to Evan Prodromou

Golemwire

in reply to Evan Prodromou Friday, June 5, 2026, 3:18 AM (Received Friday, June 5, 2026, 3:31 AM)

"No", because there's no real point. How far your reach is is already random, and if the relay can see it, you're posting publicly, no? Seems like extra complexity.

Would be cool if the About page on #Mastodon listed the server's connected relays; optionally, like with the Moderated Servers list.

in reply to Evan Prodromou

OldKid ⁂

in reply to Evan Prodromou Friday, June 5, 2026, 5:46 AM from sekretaerbaer.de

@Evan Prodromou Yes, and furthermore, the administrator of an instance should be able to prevent a relay with which the instance has no direct connection from sharing posts by users of their instance.

@Evan Prodromou

in reply to OldKid ⁂

Evan Prodromou

in reply to OldKid ⁂ Friday, June 5, 2026, 11:34 AM

@oldkid agreed! How many users are there on your server? Can they opt out of having their content shared to a relay?

@OldKid ⁂

in reply to Evan Prodromou

OldKid ⁂

in reply to Evan Prodromou Friday, June 5, 2026, 11:51 AM (Received Friday, June 5, 2026, 12:42 PM) from sekretaerbaer.de

@Evan Prodromou See my post a little further up; it’s also about the legal aspect. However, other platforms don’t make it that easy for people to filter out individuals using specific hashtags and then use that data for purposes such as harassment.

@Evan Prodromou

in reply to OldKid ⁂

Evan Prodromou

in reply to OldKid ⁂ Friday, June 5, 2026, 12:42 PM

@oldkid every Mastodon server has a feature for filtering posts by hashtag.

Can you let me know if your server block worked?

@OldKid ⁂

in reply to Evan Prodromou

OldKid ⁂

in reply to Evan Prodromou Friday, June 5, 2026, 12:55 PM (Received Friday, June 5, 2026, 1:08 PM) from sekretaerbaer.de

@Evan Prodromou But not everyone collects data as aggressively as tags.pub. Or are you telling me that the 361,500 accounts on tags.pub are just dormant?

@Evan Prodromou

in reply to OldKid ⁂

Evan Prodromou

in reply to OldKid ⁂ Friday, June 5, 2026, 1:07 PM

@oldkid I don't think we're aggressive. You can see how people connect their accounts and servers to tags.pub here: tags.pub/#connect .

I'm sorry you don't want to use tags.pub, but I'm glad you have control over it.

tags.pub

^tags.pub

@OldKid ⁂

in reply to Evan Prodromou

Tuxi ⁂

in reply to Evan Prodromou Friday, June 5, 2026, 6:05 AM

@Evan Prodromou
Users in the Fediverse should always have control over their posts. This is especially important in the Fediverse, which is known for its emphasis on self-determination. This becomes particularly relevant when it comes to the automated sharing of posts by bots—especially when it is done by “aggressive” services like tags.pub, which, as it currently stands, does not offer a reasonable solution. I have nothing against relays or bots that share hashtags, but please ensure that the technical implementation respects the will and self-determination of users in the Fediverse. As tags.pub is currently implemented, I believe it poses a significant threat to the entire Fediverse.

@Evan Prodromou

Unknown parent

Evan Prodromou

Unknown parent Friday, June 5, 2026, 12:44 PM

@ibims @oldkid I agree! I think server admins who are that concerned about public posts shouldn't sign up for open-registration relays, but that's up to the admin. If they don't want any server on that relay to process their posts, they should have control over that. Users too!

@OldKid ⁂ @ibims

in reply to Evan Prodromou

Bruce Elrick

in reply to Evan Prodromou Friday, June 5, 2026, 5:25 PM (Received Friday, June 5, 2026, 5:34 PM)

I say yes, under my assumption that a relay does not faithfully allow a user the same control of their outbox that their home server does. I might be wrong in that assumption. I also say this in full knowledge that there are also probably many other ways another person could bypass such controls.

in reply to Evan Prodromou

Thiago Ferrer Morini

in reply to Evan Prodromou Friday, June 5, 2026, 5:31 PM

Yes, but. I believe that in big, newbie-oriented instances like .social is an useful feature —but in smaller, by-choice instances you know what are you doing

in reply to Thiago Ferrer Morini

Evan Prodromou

in reply to Thiago Ferrer Morini Friday, June 5, 2026, 5:39 PM

@tferrer That's interesting! So, you should be able to opt out of relays if you're a n00b, but not if you're experienced?

@Thiago Ferrer Morini

in reply to Evan Prodromou

Jonathan Lamothe

in reply to Evan Prodromou yesterday, 12:43 AM

@Evan Prodromou Yes, but... it would be pretty difficult to enforce that, for the same reasons that DRM is a fundamentally flawed idea.

@Evan Prodromou

in reply to Jonathan Lamothe

Evan Prodromou

in reply to Jonathan Lamothe yesterday, 1:02 AM

@me no, it's not that hard at all. Currently the relay interface sends "fat pings" -- it includes the full content object. If it instead used "thin pings", with just the URL of the content, the relay and all the downstream servers have to fetch the content from the source server. That lets the source server enforce server blocks, including user server blocks.

@Jonathan Lamothe

Kristian likes this.

in reply to Evan Prodromou

Evan Prodromou

in reply to Evan Prodromou yesterday, 1:03 AM

@me of course, if the user opted out of being relayed, the source server could simply not send their content. Problem solved.

@Jonathan Lamothe

in reply to Evan Prodromou

Jonathan Lamothe

in reply to Evan Prodromou yesterday, 1:41 AM

@Evan Prodromou To be honest, I haven't looked that deeply into the protocol. I'm sure what you're telling me is true. After all, you literally wrote the book on ActivityPub. Also, this is perhaps not exactly what you're talking about, but as soon as a post federates to another server (because the poster has a legit follower there) the originating server is no longer in exclusive control of the content of that post, is it not?

Unless I'm fundamentally misunderstanding something here—which I'll admit is a possibility—a single misbehaving server could circumvent this entire system, could it not? Obviously, there's the option of defederating such a server, but you'd have to know it's happening first. It's not just about trusting your own server, but also every server you federate your posts to.

Am I way off base here? If so, I'd love to understand how.

@Evan Prodromou

in reply to Jonathan Lamothe

Evan Prodromou

in reply to Jonathan Lamothe yesterday, 3:43 AM

@me no, you're absolutely right. Once the content is delivered to a remote server, it's hard to force it to do the right thing.

It's one of the reasons we're doing e2ee messaging.

github.com/swicg/activitypub-e…

GitHub - swicg/activitypub-e2ee: Coordination of work on end-to-end encryption with ActivityPub

Coordination of work on end-to-end encryption with ActivityPub - swicg/activitypub-e2ee

^GitHub

@Jonathan Lamothe

Jonathan Lamothe likes this.

in reply to Evan Prodromou

Jonathan Lamothe

in reply to Evan Prodromou yesterday, 3:47 AM

@Evan Prodromou I'm glad this is being worked on. This is something that's been lacking in the fedi.

@Evan Prodromou

in reply to Evan Prodromou

Evan Prodromou

in reply to Evan Prodromou yesterday, 12:54 AM

Hi, all. I think for most services that admins configure, there should be a way for users to opt out or customize. I think relays are a good example; some people only want their content visible to people on the same server or people who follow them or random other people on the same server as people who follow them. (This is the Mastodon default.) They don't want their content relayed for whatever reason. They should have some control over that. So I say yes.

in reply to Evan Prodromou

Evan Prodromou

in reply to Evan Prodromou yesterday, 1:04 AM

Most relays don't do this today, by the way.

in reply to Evan Prodromou

Roche

in reply to Evan Prodromou yesterday, 2:29 PM

I agree that users should have this choice and be able to opt out of a relay. I can also imagine scenarios I might want to opt out of one relay but be fine with another relay. But should a special control be built for relays, that are just one type of ActivityPub server? Or should creators just have controls that can applied to restrict their content from any ActivityPub server?

in reply to Roche

Evan Prodromou

in reply to Roche yesterday, 3:02 PM

@rochebit One way to do this is to use user domain blocks. If I block the domain relay.example, my server shouldn't send my content to relay.example. Or, the user could have a settings page that shows all the relays used by the server, and they can turn sharing to those relays on or off.

@Roche

in reply to Evan Prodromou

Evan Prodromou

in reply to Evan Prodromou yesterday, 4:45 PM

Most relays also don't notify users that they are resharing their content.

in reply to Evan Prodromou

Jeffrey Haas

in reply to Evan Prodromou yesterday, 2:46 PM

In many respects, users that want a more closed experience don't need more than we had on livejournal: Private (only for the poster), Friends, Lists of Friends, Public.

For federated services, "public" gains extra scope that is harder for a user to understand: Server-only, the federation at large.

Providing such scoping services for posts would be appreciated, IMO. But it does raise the question on how to provide better visibility to what "public" means.

This website uses cookies. If you continue browsing this website, you agree to the usage of cookies.

⇧

Evan Prodromou Thursday, June 4, 2026, 8:34 PM • •

Evan Prodromou
Thursday, June 4, 2026, 8:34 PM