PSA to all admins: I highly recommend a #FediBlock of #mastinator (ie. the entire mastinator.com domain).
Mastinator is a service that allows a person to anonymously follow people on the fediverse. No big deal you think? Your public posts are probably already anonymously viewable from your public profile anyways and all it is doing is aggregating public info? That is what its creator claims---it is just a convenience service!
Well no, it is mode concerning than that. It does this aggregation by following any account a mastinator user types into its service then replicating *all* your non-DM posts into a sort of "proxy inbox" in the mastinator.com domain that is completely out of your control and viewable by everyone!
In other words, if you are followed by mastinator.com it effectively turns your follower-only posts into public posts and lets people you have blocked keep following you by following the mastinator replica of your posts!
Innocent intentions or not this violates user consent.
@msh I'm not really well versed in ActivityPub etc, but I assume mastinator does not follow the actual account but rather scrapes the public feed (through an api or not).
So I have a few questions:
1) what would a block accomplish? That wouldn't block a scraper from accessing public data?
2) Blocking scrapers is hard and easily circumvented, but are there ip lists?
3) Shouldn't follower-only post not appear in public feeds? Is it a courtesy feature of the client to not show these?
@h5e @msh It does actually follow you. See https://mastodon.ar.al/@aral/109585159213960986