💾 Archived View for gemi.dev › gemini-mailing-list › 000610.gmi captured on 2023-11-04 at 12:58:57. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Hello! I've been enjoying the gemini-space and I'm excited that this email signals my attempt to join more vocally. Hopefully my attempts to support Gemini end up being acceptable or at the least agreeable. :-) I've been working on a server and client for Gemini and I'm nearing the end of what I wanted to explore in my implementations... but I have a few questions that I'd love some help thinking through. I'd like to cover one of those questions in this email. One of my goals has been to have a client / server pairing that supports helping non-technical users go from downloading a client to posting content as quickly and painlessly as possible. In my mind this means allowing new accounts to be created *without* moderating their creation... which leaves me wondering how I might respond to side-effects like any unwelcome content (illegal, offensive, spam, etc.). I understand that walking down a path that allows un-moderated account creation is asking for trouble. I'm still interested in exploring the possibilities to see if a compromise might be found for my implementations. One of the options I'm considering is to restrict the number of posts a new account can make. Say, only "one page"? This wouldn't remove *all* negative side-effects, but seems to discourage some abuse and facilitate any clean-up since there'd only be one 'thing' to remove. Another option is to limit the *kind* of content that a new account can provide. Say, no links? This could curtail a type of side-effect (facilitating access to external content through my domain/server), but not entirely, since text/gemini *without* explicit links could just as easily be a link-in-plain-text that is copied and used somewhere else. A third option I'm considering is to limit the visibility of the content that a new account can provide. I've written an HTTP server that provides access to the Gemini content, so, maybe I disallow any content from accounts less than say, 1 month old? If a new account were showing promise as a positive contributor I could manually enable it sooner than a month... a sort of default-deny with a manual-allow. Content could of course still be viewed through a Gemini-specific client, just not through a web browser. The last option I've been mulling over is to just accept the side-effects, but that feels too much like an ends-justify-means approach which I find weak as a motivation... but... I *almost* prefer encouraging communication and creation enough to endure negative side-effects. I guess one way to sum up the sharp corner I'm trying to round-off is that I have two goals that seem to oppose each other: encourage creation of content *and* discourage creation of 'wrong' content. I'm very sensitive to this concept of 'wrong' content too... (I'm *very* uninterested in limits to agency, but there's the swinging fists and noses point in the middle of that)... but that's a different discussion. I have memories of some server implementations simply requiring manual account creation approvals, which, as mentioned, is what I'm hoping to avoid... I *know* this is a tough complication. As some additional information, all I have set up as required for account creation is to provide a certificate. I plan on using the subject-common-name and first few characters from the generated fingerprint as the account name... so... no email verification, and no way to know if some spammer is just creating a bunch of new accounts for similar purposes. There's more thought I've had, but I'll stop rambling there. Thanks for reading this far. :-D Thoughts?
Comments inline. My background on this is my work helping moderate Mozilla's Bugzilla bug tracker from 2015 to last year. On Wed, Jan 6, 2021, at 20:38, Mansfield Mansfield wrote: > One of the options I'm considering is to restrict the number of posts a > new account can make. Say, only "one page"? This wouldn't remove *all* > negative side-effects, but seems to discourage some abuse and > facilitate any clean-up since there'd only be one 'thing' to remove. You'd have drive-by abusers, but in my experience those sort of users post will do a burst of posts and either leave or they are banned. Making it easy to tag those sorts of posts so a moderator can clean them up is key. Also, remember that some days a reasonable person of good intent will have a bad community day. Sometimes you don't need a ban, but just a takedown and a, "hey, don't do that" backed up with bans for people who don't get the message. You could also do invites so you can do controlled growth. > Another option is to limit the *kind* of content that a new account can > provide. Say, no links? This could curtail a type of side-effect > (facilitating access to external content through my domain/server), but > not entirely, since text/gemini *without* explicit links could just as > easily be a link-in-plain-text that is copied and used somewhere else. Limiting new account privileges is a one way to start, in terms of no-links, no-attachments, no tagging other users, no direct replies. One of the issues I dealt with, was too many permissions for new posts which caused confusion or missing steps in process. That's less likely for people just making posts. > A third option I'm considering is to limit the visibility of the > content that a new account can provide. I've written an HTTP server > that provides access to the Gemini content, so, maybe I disallow any > content from accounts less than say, 1 month old? A friend has given a lot of though to the onboarding problem, https://gist.github.com/aredridel/470d6d186f3d848b3a7eeb6f8fa8dcf9, and one of the suggestions is about getting people into community. So you could ask someone joining "what content you want to find? Cooking, Rust, anime, crochet, axe throwing, etc.." and plug them into that community to start, then broaden the scope as they make connections. You will have to do some bootstrapping of community, but expectations are a lot easier to build out of a group of people invested in making community. > The last option I've been mulling over is to just accept the > side-effects, but that feels too much like an ends-justify-means > approach which I find weak as a motivation... but... I *almost* prefer > encouraging communication and creation enough to endure negative > side-effects. Creating community and creation are good, and don't get in the the way of people doing that, but doing things in the way that someone can't wreck the place either intentionally or not. Emma H gemini://gemini.djinn.party/
It was thus said that the Great Mansfield Mansfield once stated: > Hello! > > One of my goals has been to have a client / server pairing that > supports helping non-technical users go from downloading a client to > posting content as quickly and painlessly as possible. In my mind this > means allowing new accounts to be created *without* moderating their > creation... which leaves me wondering how I might respond to side-effects > like any unwelcome content (illegal, offensive, spam, etc.). > > I understand that walking down a path that allows un-moderated account > creation is asking for trouble. I'm still interested in exploring > the possibilities to see if a compromise might be found for > my implementations. I am not a lawyer, so take what I say with a few bolders of salt. How concerned are you? I can see where you might be subject to: * laws where you live * laws of the domain you register (for instance, the purely fictional .fd top level domain (Freedonia) might subjects you to its punative libel and copyright laws despite where you or the server or your users are located) * laws where the server resides * laws where the user lives All of those might be the same country; it might not. The US has strong freedom of speech codes and thus libel cases are harder to prosecute (to a degree); the UK has less free speech and very strong libel laws (compared to the US) so you might be liable for something a user said. Again, it depends upon jurisdiction. I know the US (since I live there) tries to make a distinction between a "publisher" and a "platform" and one of the differences comes down to moderation---do too much and you can fall into the "publisher" category which makes you more liable for what is said than if you are in the "platform" category. Too little moderation and, as you say, is also troublesome. Okay, ignoring legal liabilities, one way might be to use an "invite-only" system. The website Lobsters (https://lobste.rs/) uses an invite system. Users can invite new users (even ones they don't know) but they then become liable for the new users behavior. I'm checking the current moderation queue for users [1], and while most are userid changes (foo changed username to bar), some users have been banned (mostly for spamming; one for "repeatedly trying to use Lobsters to whip up an online outrage mob against organizations they don't care for"), some have had invites disabled for inviting too many other people who have been banned. That seems to work for Lobsters. Also, trying to invoke a community spirit can help. -spc [1] https://lobste.rs/moderations?moderator=%28All%29&what%5Busers%5D=users\ I'm not sure if you can read the link if you aren't a member.
Thanks for the response - I've inlined as well. On Wed, Jan 6, 2021 at 11:46 PM Emma Humphries <ech at emmah.net> wrote: > Comments inline. > > My background on this is my work helping moderate Mozilla's > Bugzilla bug tracker from 2015 to last year. > > On Wed, Jan 6, 2021, at 20:38, Mansfield Mansfield wrote: > > > One of the options I'm considering is to restrict the number of posts a > > new account can make. Say, only "one page"? This wouldn't remove *all* > > negative side-effects, but seems to discourage some abuse and > > facilitate any clean-up since there'd only be one 'thing' to remove. > > You'd have drive-by abusers, but in my experience those sort of users > post will do a burst of posts and either leave or they are banned. Making > it > easy to tag those sorts of posts so a moderator can clean them up is key. > I hadn't given much thought to implementing specific mechanisms to make moderation easier. I think I just thought, "It won't be difficult". Implementing specific tools to help moderate is a good suggestion. I'll look into it. > Also, remember that some days a reasonable person of good intent will > have a bad community day. > > Sometimes you don't need a ban, but just a takedown and a, "hey, don't > do that" backed up with bans for people who don't get the message. > Too true. I like your suggestion of levels of response... I'll have to think about that... maybe a pause button on new content? Rate limit... I like it. > You could also do invites so you can do controlled growth. > I hadn't considered invites for general posts, but was starting to think along those lines for facilitating community generation. A sort of ability to make invite-only groups. Feels like an OK way to share moderation ability. Maybe provide community managers with invite-only ability and a pause button with eventual ban. > > Another option is to limit the *kind* of content that a new account can > > provide. Say, no links? This could curtail a type of side-effect > > (facilitating access to external content through my domain/server), but > > not entirely, since text/gemini *without* explicit links could just as > > easily be a link-in-plain-text that is copied and used somewhere else. > > Limiting new account privileges is a one way to start, in terms of > no-links, no-attachments, no tagging other users, no direct replies. > > One of the issues I dealt with, was too many permissions for new posts > which caused confusion or missing steps in process. That's less likely for > people just making posts. > I think I agree. One of the points about text/gemini that I've enjoyed is that there's so little there to begin with - not much to remove if a more limited format is what's wanted. > > A third option I'm considering is to limit the visibility of the > > content that a new account can provide. I've written an HTTP server > > that provides access to the Gemini content, so, maybe I disallow any > > content from accounts less than say, 1 month old? > > A friend has given a lot of though to the onboarding problem, > https://gist.github.com/aredridel/470d6d186f3d848b3a7eeb6f8fa8dcf9, > and one of the suggestions is about getting people into community. > > So you could ask someone joining "what content you want to find? Cooking, > Rust, anime, crochet, axe throwing, etc.." and plug them into that > community > to start, then broaden the scope as they make connections. > > You will have to do some bootstrapping of community, but expectations > are a lot easier to build out of a group of people invested in making > community. > Thanks for the link! I think I'll have to spend some time thinking through flipping the problem away from being about privacy... it's a different take... I like the exploration of onboarding communities as a unit... not one-off as individuals. Something like... you can start a community if you can get 5 others to join you in the waiting room and agree together to start a community... or something... > > The last option I've been mulling over is to just accept the > > side-effects, but that feels too much like an ends-justify-means > > approach which I find weak as a motivation... but... I *almost* prefer > > encouraging communication and creation enough to endure negative > > side-effects. > > Creating community and creation are good, and don't get in the the way > of people doing that, but doing things in the way that someone can't > wreck the place either intentionally or not. > That's what I'm dreaming of - I feel heard and helped - thanks! > > Emma H > gemini://gemini.djinn.party/ >
I've been 'thus said'ed!! :-D Thank you. On Thu, Jan 7, 2021 at 1:03 AM Sean Conner <sean at conman.org> wrote: > It was thus said that the Great Mansfield Mansfield once stated: > > Hello! > > > > One of my goals has been to have a client / server pairing that > > supports helping non-technical users go from downloading a client to > > posting content as quickly and painlessly as possible. In my mind this > > means allowing new accounts to be created *without* moderating their > > creation... which leaves me wondering how I might respond to side-effects > > like any unwelcome content (illegal, offensive, spam, etc.). > > > > I understand that walking down a path that allows un-moderated account > > creation is asking for trouble. I'm still interested in exploring > > the possibilities to see if a compromise might be found for > > my implementations. > > I am not a lawyer, so take what I say with a few bolders of salt. > > How concerned are you? I can see where you might be subject to: > > * laws where you live > * laws of the domain you register (for instance, the purely > fictional .fd top level domain (Freedonia) might subjects you to > its punative libel and copyright laws despite where you or the > server or your users are located) > * laws where the server resides > * laws where the user lives > > All of those might be the same country; it might not. The US has strong > freedom of speech codes and thus libel cases are harder to prosecute (to a > degree); the UK has less free speech and very strong libel laws (compared > to > the US) so you might be liable for something a user said. Again, it > depends upon jurisdiction. > > I know the US (since I live there) tries to make a distinction between a > "publisher" and a "platform" and one of the differences comes down to > moderation---do too much and you can fall into the "publisher" category > which makes you more liable for what is said than if you are in the > "platform" category. Too little moderation and, as you say, is also > troublesome. > I think I'm following your walk through the legal aspect... I guess that was part of my thought process too... not too dominant, but part. I'm not too worried - and now I can see how attempts to find a desirable outcome from constricting and controlling too much might lead to an undesirable outcome anyway if the situation is seen as more-like-publisher. Good food for thought. I get the sense that you would lean more toward little to no moderation, which can make sense. From the little that I've seen, I *think* that if I wanted an 'account' on your gemini server I would need to email you. Are you able to keep up with the invites, or, said another way, do you sometimes wish you weren't in the middle? > Okay, ignoring legal liabilities, one way might be to use an > "invite-only" > system. The website Lobsters (https://lobste.rs/) uses an invite system. > Users can invite new users (even ones they don't know) but they then become > liable for the new users behavior. I'm checking the current moderation > queue for users [1], and while most are userid changes (foo changed > username > to bar), some users have been banned (mostly for spamming; one for > "repeatedly trying to use Lobsters to whip up an online outrage mob against > organizations they don't care for"), some have had invites disabled for > inviting too many other people who have been banned. That seems to work > for > Lobsters. > This idea of invites becoming some form of responsibility appeals to me quite a bit. > > Also, trying to invoke a community spirit can help. > > -spc > > [1] > https://lobste.rs/moderations?moderator=%28All%29&what%5Busers%5D=users\ > <https://lobste.rs/moderations?moderator=%28All%29&what%5Busers%5D=users%5C> > > I'm not sure if you can read the link if you aren't a member. > The link worked fine for me and I'm not a member. Interesting that there seem to be a dozen to a few dozen 'moderation actions' a week.
It was thus said that the Great Mansfield once stated: > I've been 'thus said'ed!! :-D Thank you. You're welcome. > On Thu, Jan 7, 2021 at 1:03 AM Sean Conner <sean at conman.org> wrote: > > > I know the US (since I live there) tries to make a distinction between a > > "publisher" and a "platform" and one of the differences comes down to > > moderation---do too much and you can fall into the "publisher" category > > which makes you more liable for what is said than if you are in the > > "platform" category. Too little moderation and, as you say, is also > > troublesome. > > I'm not too worried - and now I can see how attempts to find a desirable > outcome from constricting and controlling too much might lead to an > undesirable outcome anyway if the situation is seen as more-like-publisher. > Good food for thought. I get the sense that you would lean more toward > little to no moderation, which can make sense. From the little that I've > seen, I *think* that if I wanted an 'account' on your gemini server I would > need to email you. Are you able to keep up with the invites, or, said > another way, do you sometimes wish you weren't in the middle? If you are talking about this link: gemini://gemini.conman.org/conman-labs-private/ then no one has ever asked for access. So in that sense, yes, I've been able to keep up with the subscription rate. It was more of a way for me to test client certificates than anything else. > > [1] > > https://lobste.rs/moderations?moderator=%28All%29&what%5Busers%5D=users\ > > <https://lobste.rs/moderations?moderator=%28All%29&what%5Busers%5D=users%5C> > > > > I'm not sure if you can read the link if you aren't a member. > > > > The link worked fine for me and I'm not a member. Interesting that there > seem to be a dozen to a few dozen 'moderation actions' a week. Cool. So you can get an idea for how that works then. -spc
---
Previous Thread: [tech] A '.well-known/' path for contact information?