Enable authorized_fetch?
Jay
Public
Seen by 99
authorized_fetch prevents instance-suspended and personally blocked domains from being able to see user content.
This is a complicated subject that I’m not sure I fully understand, but it seems like this would be a good thing to consider if it isn’t enabled already.
https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/
Item removed
Django Sat 30 Dec 2023 8:57PM
This should be enabled considering we already have some domains on a block list, and that these blocks are un-enforceable with regards to fetching public posts and profiles.
Additionally:
Mastodon user domain blocks are now enforceable by Authorized Fetch, which the majority of users seem to support
Provides a light deterrence with regards to scraping bots.
This should be a straightforward action, but I'm unclear on the following:
Do one of the Tech or Community Working Groups need to sign off on this?
Do we need a formal proposal, and a vote at large?
Ed Summers @edsu · Fri 22 Dec 2023 3:56PM
Thanks for the link to the post @Jay. I have seen that the admin of Pixelfed's flagship instances is implementing authorized-fetch. I haven't dug into the technical details to understand what it means specifically for Mastodon. Lets definitely use this space on Loomio to gather notes and opinions.