@malwaretech seems like passing the link metadata along with message content would probably be a good idea
@sam @malwaretech "manually" editing the metadata probably would end in abuse/phishing 🤔
@melizeche @malwaretech that would require the instance itself to be acting maliciously though, right? I, as a tooter, can't manipulate that metadata
@sam @malwaretech it would depend if the metadata collection is done in the client or in the server
But as an admin of a instance you could mess with that, like for all users of the instance
Even worse, you could mess with it for all people who view a post made on your instance. So, if fedi instance evil.com publishes a post with a link to good.com, evil.com could choose to include a fake preview and have every other instance display that fake preview. Now, when I see a preview of good.com, I expect that this preview can be manipulated only by good.com and _my_ instance.
@robryk @melizeche @malwaretech both commercial social media tools and ones run by volunteers require that the users trust that the administrators have the proper technical and policy controls in place to avoid that.
In the case of mastodon it's probably easier to maintain that trust with smaller instances, but the convenience and user experience of more centralization will probably drive things toward larger ones instead
Please note that I'm *not* talking about trusting your own instance, but post author's instance.
@robryk @melizeche @malwaretech oh ok i gotcha, misread