Loomio
Tue 22 Jul 2025 5:58PM

Sense checks for Mastodon 4.4 update

DP Dan Phiffer Public Seen by 243

Mastodon 4.4 introduces a couple new features that we should consider as a cooperative. I'm posting on behalf of Tech Working Group to get a sense check on a couple topics.

MN

Matt Noyes
<span class="translation_missing" title="translation missing: en.poll_proposal_options.looks good">Looks Good</span>
Tue 22 Jul 2025 6:01PM

Thanks for doing the work and for using this poll to raise awareness. When we drafted our code of conduct, we drew on several examples. Maybe it would be good to start collecting model TOS statements?

A

Ammar
<span class="translation_missing" title="translation missing: en.poll_proposal_options.looks good">Looks Good</span>
Tue 22 Jul 2025 6:01PM

I wasn't for enabling referrer headers but after reading other opinions I'm convinced that it should be okay

R

Rhys
<span class="translation_missing" title="translation missing: en.poll_proposal_options.concerned">Concerned</span>
Tue 22 Jul 2025 6:01PM

I agree we should have a ToS; I don't agree with referrer headers. We should aim for maximise privacy for members.

This poll should be split into two, IMHO.

MA

Majd al-Shihabi Fri 25 Jul 2025 12:52PM

@Rhys +1 on splitting the vote into two, one for ToS, other for headers.

BV

Brian Vaughan
<span class="translation_missing" title="translation missing: en.poll_proposal_options.concerned">Concerned</span>
Tue 22 Jul 2025 6:01PM

I don't see a problem with putting existing rules in another format.

I am not in favor of producing more hidden tracking information. Even if the intended use is innocuous, I think at this point we should consider it an elementary safety principle not to share tracking information unnecessarily.

AES

Andrew Escobar (Andres) · social.coop Finance Working Group
<span class="translation_missing" title="translation missing: en.poll_proposal_options.looks good">Looks Good</span>
Tue 22 Jul 2025 6:01PM

I am concerned with adding ref. headers on a relatively small instance but it is a general concern that can be addressed across the web with a privacy-focused browser, browser extension (Safari: StopTheHeaders), or Mastodon client.

M

mike_hales
Abstain
Tue 22 Jul 2025 6:01PM

I don't mind. But if it's 'yes' I favour what @Danny Garside highlighted: Mastodon not social.coop.

ML

Matt Lorentz
<span class="translation_missing" title="translation missing: en.poll_proposal_options.looks good">Looks Good</span>
Tue 22 Jul 2025 6:01PM

I support the referral headers, it seems like there is little downside. I care less about the ToS but it’s probably good to have one for legal reasons.

WO

wouter@freeknowledge.eu
<span class="translation_missing" title="translation missing: en.poll_proposal_options.looks good">Looks Good</span>
Tue 22 Jul 2025 6:01PM

Sending referral headers for Mastodon/social.coop so both initiatives are counted and made more visible. Thanks for keeping personally identifiable info hidden.

DVN

Dave V. ND9JR
<span class="translation_missing" title="translation missing: en.poll_proposal_options.concerned">Concerned</span>
Tue 22 Jul 2025 6:01PM

As with others who are concerned: I'm fine with adding a ToS, but object in principal to adding referral headers. There's way too much tracking of people on the Internet, and our adding referral headers is a tacit approval of that, even if the intention is good. I do what I can to defeat that tracking for myself but I don't think we should be participating in it as a group.

RH

Randy Hall
<span class="translation_missing" title="translation missing: en.poll_proposal_options.looks good">Looks Good</span>
Tue 22 Jul 2025 6:01PM

I appreciate that you are raising awareness of this. I for one don't see a huge distinction between terms of service and a code of conduct, though I'm sure there are details that would be present in TOS that aren't in a code of conduct.

D

Dynamic
<span class="translation_missing" title="translation missing: en.poll_proposal_options.concerned">Concerned</span>
Tue 22 Jul 2025 6:01PM

I think referrer headers are a terrible idea. We should be resisting the panopticon and trying to do what we can to preserve a normal web experience where content authors get to decide how their content works. I'm not interested in advertising to random websites where I happened to see the link to their articles.

I also agree with what others have said that it's not right to ask these two questions together.

MS

Melissa Santos
Abstain
Tue 22 Jul 2025 6:01PM

I do not feel super strongly that this should not happen, but I did write out my reasoning that I am not in agreement

S

Sieva Tue 22 Jul 2025 6:09PM

I think this is a good change, and I'm happy it was brought forward!

If the referrer becomes an issue in the future (potential privacy risks?), we could disable it.

BV

Brian Vaughan Tue 22 Jul 2025 10:20PM

I'm still wondering what's happened with our vote to increase the character limit. I thought the Tech WG was looking at alternate server software partly for that reason.

MA

Majd al-Shihabi Wed 23 Jul 2025 12:30PM

With 470 active users, I think our instance is large enough that we don't need to worry about identifying users when sending the headers.

There is a scenario in which someone can be tracked, but it will require a lot of manual labour on the part of the whomever is collecting the analytic, but I think that is outweighed by the benefits of ensuring that the fediverse's presence is recognized.

I wonder if an individual user override of this option at the account level is on the roadmap for the Mastodon dev team.

Thank you for the thoughtfulness of this process 🌹

GDD

Gilles DePemig Dutilh Wed 23 Jul 2025 4:15PM

@Majd al-Shihabi Although I tend to agree that personal privacy is not a big concern with 470, I think it is difficult to establish a number under which it would become a concern. (I wrote "personal privacy" for the first time above, making me think about "group privacy" which is maybe something to consider too, but I never read anything about it or thought much about it)

F

Flancian Mon 28 Jul 2025 2:37PM

Posting here to say I found https://github.com/mastodon/mastodon/issues/21795 a good source of historical (occasionally heated) discussion about the Mastodon referer setting, and people interested in sampling a range of opinions on the interactions between this setting and privacy could be interested in taking a look.

IMHO running a different poll/sense check for the referer setting is appropriate given that people raised it as a distinct concern, but my current expectation is that we will see a similar split in opinions there (a roughly 90/10 split) so we could start thinking in parallel about how to interpret that result :) The CWG might be interested in helping navigate that aspect of the decision? Setting more concrete a priori guidelines for when we go with the majority or minority opinion in divisive topics could be generally useful.

BV

Brian Vaughan Mon 28 Jul 2025 4:11PM

@flancian I think it's worth looking at thread and noting the overwhelming majority of comments were opposed to changing the referer heading away from no-referer.

MS

Melissa Santos Mon 28 Jul 2025 3:15PM

Hrm. I went with "Looks good" because my default is to go with whatever TWG feels is fine. But I may adjust my vote to Abstain or Concern.

Here's my reasoning:

I do think it would be good for large publishing sites to know that Mastodon/the Fediverse is out here and is a source of traffic. Maybe they will establish a presence here, maybe they will add easy links to articles, things like that. I think it will be very good for mastodon.social to have this on for this reason.

But I don't think having the referrer headers on for a small instance will help achieve that. I think we'd be so far in the tail of someone's referrer list that they would seldom get down to us to even look at the server and realize it's a Mastodon server.

I looked at the github issue Flancian linked to (thanks so much Flan!) and it is clear pretty quickly from the discussion there that there is not a good web way to make the referrer just generic Mastodon at least in the webapp - just a limitation of how links on the web work.

I think I have talked myself around to:

  1. Adding the referrer header for our small site will likely not do any good in the world

  2. there is a small chance that it will bring our small site attention we don't want, like people looking for servers to hack or set up advertising accounts on.

I think we should not turn on the referrer headers for now.

(Re: ToS, I'm always up for a proposal of "let's talk about it" so that seems great)

(side note: I am a member of the Community Working Group)