tech.lgbt is one of the many independent Mastodon servers you can use to participate in the fediverse.
We welcome all marginalized identities. This Mastodon instance is generally for folks who are LGBTQIA+ and Allies with an interest in tech work, academics, or technology in general.

Server stats:

3.1K
active users

Public

PSA to all admins: I highly recommend a #FediBlock of #mastinator (ie. the entire mastinator.com domain).

Mastinator is a service that allows a person to anonymously follow people on the fediverse. No big deal you think? Your public posts are probably already anonymously viewable from your public profile anyways and all it is doing is aggregating public info? That is what its creator claims---it is just a convenience service!

Well no, it is mode concerning than that. It does this aggregation by following any account a mastinator user types into its service then replicating *all* your non-DM posts into a sort of "proxy inbox" in the mastinator.com domain that is completely out of your control and viewable by everyone!

In other words, if you are followed by mastinator.com it effectively turns your follower-only posts into public posts and lets people you have blocked keep following you by following the mastinator replica of your posts!

Innocent intentions or not this violates user consent.

Public

@msh I'm not really well versed in ActivityPub etc, but I assume mastinator does not follow the actual account but rather scrapes the public feed (through an api or not).

So I have a few questions:

1) what would a block accomplish? That wouldn't block a scraper from accessing public data?

2) Blocking scrapers is hard and easily circumvented, but are there ip lists?

3) Shouldn't follower-only post not appear in public feeds? Is it a courtesy feature of the client to not show these?

@aral @msh Ok so if you don’t accept the follow (or block it), it will stop aggregating? Well at least that’s something…

Of course it’s still shit and it will undoubtedly keep content that a user deletes.

Public

@h5e Yep. Apparently it’s ephemeral, though, and the database exists only in RAM (so it’s wiped when the server is restarted). But yes, still… I don’t want random bots (with my name on them, much less) following me and aggregating my posts without my permission :)

@msh