Login
Login

Home Login

Opt-in on instance level

2023-05-14

A german speaking user asked me recently: "Hi Matthias, thanks for developing Tootfinder. I would be interested if it is also possible to add whole servers as a whole there (which I run and where this is communicated)."

Opt-in involves that user are knowing what they are doing. I wouldn't consider consent hiding it on 315 page document of general conditions. However, each instance of Mastodon has it rules. Defining the rules by instance is also a cornerstone of the Mastodon philosophy of federation. So we can deduct it is legitimate to define a consent rule on the level of the instance. Everyone has read the instance rules and follows them (don't you?).

An instance could add a rule to the ruleset: "All public posts from this instance are indexed on tootfinder.ch."

Technically, the implementation would be rather easy.

  1. The instance owner joins with a special name "@@instance.net" where the user part of the name is empty.
  2. Tootfinder checks, if the rule is part of the rules set. The rules are accessible via the API path /api/v1/instance/rules.
  3. If the rule is there, Tootfinder, looks in the directory for local users and adds them to the database /api/v1/directory?local=1&order=new
  4. On a regular basis, Tootfinder checks if consent is still there. It is there if either the users gives individual consent on the profile or if the instance still has a rule.

Caveats

While this seems to work technically, there are still two privacy issues from the user perspective:

  • Users may read the instance rules when they join, but they are not checking the rules on a regular basis because these rules are not meant to be changed. If the instance owner does not actively inform the users about the change, they might not know it and we do not have explicit consent. There is no mechanical way for Tootfinder to verify if the instance owner has informed the users of the instance.
  • There is no opt-out for the users of the instance. If they do not want to be indexed, they must not join the instance. Existing users must leave the instance to move to another instance, which has negative consequences for the user. Moreover, if the instance user forces the consent without large support from the users, the instance owner risks to have bigger conflicts on the instance.

Result of the poll

113 persons replied. 73% answered yes to the question: Should instance administrators be able to opt-in to Tootfinder indexing on instance-level (means for all users), if the instance rules declare it transparently?

https://tooting.ch/@buercher/110367817146866630

We will therefore implement this feature. However, we heard also the request to opt-out as user inside an opt-in of a server. If it is technically feasible, we will implement it too.

https://www.tootfinder.ch/instance.php

Implented v 2.1 2023-06-12