Recent searches
Search options
Opt-in search of the Fediverse was just rolled out. Here it is:
Search has traditionally been very controversial on the Fediverse, but let's see how opt-in works.
Right now, this is a proof-of-concept and very bare bones -- but we'll see if it's embraced by everyone.
See screenshot.
@atomicpoet @fediversenews I'm not sure if this qualifies as "opt-in" when anyone who writes "fuck tootfinder" in their profile is treated as having "opted in"... 
It really needs to be based on *following an account*.
@dalias @atomicpoet @fediversenews You both have to add the keyword to your profile and submit your username to the index.
@sashafox @atomicpoet @fediversenews Anyone can do the latter. Not just "you".
@dalias @atomicpoet @fediversenews You're the only one who can add it to your profile.
@dalias @atomicpoet @fediversenews You should replace one of the o's with a * or a 0 if you want to add the keyword to your profile but not be added.
Since there's something you specifically have to choose to add to your profile in order to opt in, you can just like, choose not to add the exact letters that would do that.
I mean, the only downside is that people wouldn't be able to find it by searching for it: if you used a * or an 0. But that isn't a problem, because that's what you're specifically looking for.
@sashafox @atomicpoet @fediversenews Hijacking words like this is not nice behavior. Isn't one of them just "searchable"?
@dalias @sashafox @atomicpoet @fediversenews
from http://tootfinder.ch/index.php?join=1
"Join the index (step 1)
You need first to manifest your consent in your profile. Place the magic word anywhere in your profile
Join the index (step 2)
Submit us your full username."
even if 'searchable' is in your profile its not going to index you unless you go to the site and type your username into the website. The implementation of consent here is totally fine
@sam @sashafox @atomicpoet @fediversenews "even if 'searchable' is in your profile its not going to index you unless you go to the site and type your username into the website." <- nope, unless any rando who wants to search your posts types in your username.
@dalias @sam @atomicpoet @fediversenews I would guess the advantage of using "searchable" is to have a generic one that other programmers can also use, so you don't have to put a different keyword in for every service you might want to use.
@sashafox @dalias @sam @atomicpoet @fediversenews It’s terrible. If it’s a real word it might be there by accident. If it’s a word shared between different search engines with different policies and you have that magic word, what’s to prevent someone *else* entering your username as permission for a search engine you don’t want to index your posts?
@MetalSamurai @sashafox @dalias @sam @atomicpoet @fediversenews
There are a couple of mitigations for this...
A magic word of 45:£5-+ffguj (non dictionary)
A OTP magic word with an expiry. (Has some DDOS attack surfaces)
Etc. Etc.
I'm sure we should be talking to @jpmens for creative ways to use DNS for validation...
@MetalSamurai @dalias @sam @atomicpoet @fediversenews I think we have different definitions of the term "terrible".
@sashafox @dalias @sam @atomicpoet @fediversenews Their current scheme relies on common dictionary words that might legitimately be present in a bio and then allow any random internet user to opt them in.
Something else, such as choosing to follow a trigger account is more intentional and harder to spoof.
@MetalSamurai @dalias @sam @atomicpoet @fediversenews The advantage of having a generic keyword is that many people could try different ways of indexing, and by sharing a generic keyword a person could easily opt in to all of them.
This seems easily solved with generic keyword that's not already an existing word.
Also, only one of the words would be found in a dictionary. The other word, "tootfinder", is not in the dictionary.
@sashafox @MetalSamurai @dalias @sam @atomicpoet @fediversenews
Having the indexer send a "confirm y/n?" dm back to the account that's been named might work better. (An evil indexer will just go ahead and index w/o permission, and that might be impossible to mitigate.)
@sashafox @dalias @sam @atomicpoet @fediversenews What happens when @MothLover123 “I run the world’s biggest searchable index of moth wings!” is “opted in” by @CreepyStalker456? Do they get a notification?
Much cleaner if @IndexMeNowBaby has to follow @RifleThroughMyToots
@sashafox @dalias @sam @atomicpoet @fediversenews Also there are nearly 10mn Mastodon users (plus probably dozens and dozens of Pleroma/Friendica/Wildebeest users). The odds of @BrassInstrumentCollector987 not having “Known as the Tootfinder General to my friends” in their bio is non zero. This whole scheme is flawed.
@sashafox @dalias @sam @atomicpoet @fediversenews (the same goes for @MyCatTypesForMe not having flurj +£magic in their bio)
@MetalSamurai @sashafox @dalias @sam @atomicpoet @fediversenews
Any keyword/s should be marked as such to ensure innocent use isn't caught.
eg #searchable or %searchable, etc
@AlisonW @sashafox @dalias @sam @atomicpoet @fediversenews This stuff shouldn’t be in the bio AT ALL. It’s repurposing a free text field that’s intended for humans, not bots. If it really has to be on your profile, then one of the Metadata tags could be used to list the search/index engines you’ve opted in to. I still don’t like it.
@AlisonW @sashafox @dalias @sam @atomicpoet @fediversenews A bot account you follow to opt in seems much better. You can block it. Your admin can fediblock it, and run a “safe space” (or maybe a ghost town if search is super popular and everyone wants to opt in).
@MetalSamurai @sashafox @dalias @sam @atomicpoet @fediversenews
I don't disagree! If one is going the tag route though then it's sensible to use a fixed location - the bio - than search through all posts (which are more likely to contain the keyword).