Sigh. Quote posts are edging towards attaching screenshots without even bothering to link to the original.
https://mastodon.social/@kerileighmerritt/109577253570783336
https://infosec.exchange/@wendynather/109577029835326187
This is the future the mastodon maintainer wants...
@landley well quote tweets not existing makes it harder to quote tweet people in anger to have your audience harass them. @bcantrill noticed this as one of his first experiences with Mastodon.
This statement to me is obvious truism to me. If you make communication harder you have less bad communication.
I'm not sure it is a good or a bad thing. The argument seems unsupported to me. It is one of many user unfriendly parts for former Twitter users
I was and am unaware of that maintainer. The mentioning of bcantrill was not an appeal to authority but a source where i heard reflections on QTing first and i hoped that perspective would be novel to you. It wasn't.
@landley If the link preview contained the entire Toot it links to, would that be the same as quote tweeting or am i missing some part of the social dynamics?
@freemin7 informing the recipient of the link, making it stop showing if they delete the link, ensuring that you're not accidentally publicizing content from a locked account that way...
So, note that the case of _poster's_ instance being malicious is not unrealistic. I would prefer if we could deal with that by having a protocol where there isn't room for malice misbehaviour, but am sad that this ship likely has sailed (e.g. you can gaslight people by sending different contents of the "same" post to different instances, and watch as they start talking past each other).
That said, fair point: something that's fetched by the _target_ instance is strictly better by quite a bit than a screenshot.
> Activepub is eventually going to need cryptographic signatures if it doesn't already have them. Shouldn't be noticeably more heavyweight than https...
When you push a message to another instance you sign it (with a key whose public key is fetchable from your instance over https). When pulling we rely on https.
@robryk @freemin7 I can include a dead link to anywhere, yes. But if my instance doesn't expand that dead link into a forged post, then my instance isn't implicitly attesting to the validity of a snapshot in time of what the post said. (Back on the bird site a summary card and inline tweet data were distinct and distinguishable.)
Activepub is eventually going to need cryptographic signatures if it doesn't already have them. Shouldn't be noticeably more heavyweight than https...