Login
Login

Home Login

Verification of consent

2023-02-10
I passed the day skiing, a privilege of early 21th century, with splendid snow and sun and not too many people, it's friday.

As I am writing this blog, Tootfinder has reached 1200 users and the number of issues to solve has growed. I got many thankful mentions, this is encouraging. And yes, this will go open source as soon as the code is presentable. We are still at a proof of concept.

1200 users have opted in, but for probably 50 of them, there was a problem. When they opted in, OAuth asked them "read" access to everything. What does that mean. Will Tootfinder read also direct messages? Will it be able to read my credentials or other details I want to keep private?

Tootfinder does nothing of them. It just has verified now that you are the user that asked to opt in and throws the bearer token right away. You can verify it: If you revoke the permission in the Mastodon user settings, Tootfinder will continue to index, because it uses the public RSS feed that does not need permission. Tootfinder will stop to index, when you asked it to do by opting out.

I do understand the concern, because at this time, you just have to believe me. The code is not open source, so you do not see what happens. And even if the code was open source, the 50 people having a problem giving read access for everything, are right. We have the german word Datensparsamkeit. An application should not collect more data than needed to provide the service.

So we need a scope narrower than "read", and here the problem begins. The API documentation of Mastodon (https://docs.joinmastodon.org/api/oauth-scopes/) has defined narrower scopes: "read:accounts" or "read:statuses". The latter would probably the most innocent, as statuses are already public (I did not test if that included not public statues).

The problem is that narrowing didn't work. OAuth statues other than "read" give an error "requested scope is invalid". What I experienced is a documented bug on GitHub: https://github.com/mastodon/documentation/issues/1098

This leaves me with 3 options

  1. Wait OAuth to work to narrow the scope. It might be a problem that the problem is on my side, but the GitHub issue looks like there is a bug.,
  2. Change to a concept with a bot to follow when you want to be indexed and unfollow when you don't want to be indexed any more. This was my first approach, but I did not find any instance ready to accept it. I could create an instance myself, with another software to maintain and also the risk that admins of other instances decide to block the instance. This said, it would be easy for the user
  3. The user who opts-in proves the consent adding a magic word in the user profile. The magic word could be "tootfinder" or alternatively "tfr", a rare trigram. It could be in the bio or in one of the 4 labels. The magic word can be part of the URL https.//www.tootfinder.ch" if the user wants to propose the site, but that isn't needed. It also can be invisible, as long as it makes part of the HTML code block of the user page. The user still has to opt-in on the server, but indexing only happens if and as long as the magic word is in the profile. This makes it also easy to opt out. However, it may be more complicated for usability, and the user may expose in the profile the indexing.

Which way should I go. I am preferring the option 3, because it is simple to implement and does not have much dependencies nor complexity, which makes it more reliable. But I am interested what you think.

I just will start a survey and will also be happy to get mentions with arguments.