There is an interesting article titled "Please Don’t Share Our Links on Mastodon: Here’s Why!" about the startling load that Mastodon's mass-distributed link preview generation has on small independent webservers. But I cannot link it to you, because of a reason
@mcc i saw a lot of stuff in the comments to that article you didn't share where ppl said the person had misconfigured their site, but... if mastodon is the ONLY place where that is a problem it is probably still very much worth disabling i feel like?
@mcc Isn't this pretty much an ideal use of the Torrent protocol? Map all the link preview resources into a CAS and then pull the bits from random other federation sites instead of the source site. At most, upgrade the protocol with a new hash since SHA-1 has been collided.
@mcc The initial hash list would have to come with the first referencing post. Unless somebody better at math could make a proof of how many sites would have to agree on hashes for something to be considered extremely likely to be authentic, without resorting to any sort of overly complex computation like blockchain.
Also feels like a hole in either Mastodon's use of Fediverse or Fediverse itself. If node A is cloning posts to node B, it's already generated a preview and should clone that too!
@robryk@mark You could imagine manually configured chains of trust, or for example creating three independently administered preview servers and only accepting previews if they are identical between all three. It is a solvable problem
@robryk@mcc In what sense? The preview my personal node generates can also be a lie because the server can inspect the source requester and change the output depending on who's asking.
In the sense that someone other than your client, your own instance (both of which you kind of need to trust anyway), and the actual site that's linked to (who's the source of the content, so the preview must trust it) can manipulate it.
The site showing different contents to different users is another issue that I agree exists and can cause similar problems for malicious linked-to sites. For nonmalicious ones consider e.g. a post expressing outrage at something bbc published with a link to the "article" on bbc with a helpful "preview".
@robryk It may be just personal preference, but it seems an odd place to draw the line of trust at "I trust this other node to tell me what posts its users made and the images they uploaded but not the link previews it generated and cached."
Huh, I'm very surprised that you find this line odd (I don't think I've seen this opinion in the past). I would appreciate if you answered a question or two so that I can understand it better (but do understand if you don't wish to).
The reason I find this line very natural is that I think in terms of which node is intended to be able to speak for which entities, especially that those entities are named in a way to remind us of that relation (domain in URLs, domain/instance part of a fedi ID). Do you think that it makes more sense to keep track of a more vague trust (as in, "that node is rather trustworthy") in general, that the mapping between nodes and entities is insufficiently natural, or something else I can't easily see?
Add comment