Tbh, the whole twitter rate limit thing is interesting from a privacy standpoint.

Pixelfed has limited apis for anon users and required login for certain actions, and now I’m kind of conflicted.

The point of this was not to create a walled garden, but rather to deter mass crawling, this is why we also return empty outbox and follower/following activitypub collections.

Maybe a privacy friendly default with the option to make your public data more accessible via api is a better solution, wdyt?

10
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
Emelia 👸🏻

@dansup opt-in publicity + a privacy healthcheck feature for users would likely be a good idea!

0
1y
João Santos

@dansup you can prevent mass crawling without affecting regular users by setting reasonable rate limits. Twitter's limits are not reasonable and that's the entire problem.

For example, 1 post per second with a burst limit of whatever you need to load the front page is more than enough for humans but painfully slow for crawlers.

0
1y
Alex Qwxlea

@dansup As a new user of Pixelfed, this is what I would expect:
- share photo to mastodon
- mastodon users can subscribe
- share it with my mom using WhatsApp, and she can see replies (but cannot reply herself)
- backup all my stuff
- use another app to login to my account and use it

Not expected:
- third parties can scrape all my images

Openness is fine, but it should be user centric, not just open for openness sake

End of 2c

0
1y
Sean

@dansup apparently the twitter rate limit is because they can’t afford their Google hosting bills.

0
1y
Katherine 🌱

@dansup I think it's a bit of a different situation for Pixelfed too, since Pixelfed deals with more personal photo updates than Twitter's text based statuses :)

0
1y
Samir Al-Battran

@dansup
As a user:
Outbox/follower/following should be available for those on other instances to browse my posts/followers, it's one pain point I have on the Fediverse
For privacy, multiple levels are great

As Fediverse advocate:
I think default should be opt-out, not opt-in

As an engineer:
API access is much better than anonymous access because crawlers would just bombard you and you have no control

As a tool builder:
I think all of above is a good compromise between openness and privacy

0
1y
Gary

@dansup privacy should always be by default, with the settings explained as clearly as possible in the onboarding process, imho.

0
1y
Sean C.

@dansup sounds good to me but at the same time, twitter’s utility grew into public service, so a different case use

0
1y
Ian Douglas Scott

@dansup I would just question whether that's a feasible goal to achieve. Not sure how well it works with Pixelfed currently, but making content publicly available to anyone who wants to view it (even through other federated servers) may just be fundamentally incompatible with any reliable way to prevent scraping.

And promising privacy features that are impossible to actually uphold may be counter-productive. (For instance, how Snapchat's ephemerality has always been possible to circumvent.)

0
1y
Debbie Goldsmith 🏳️‍⚧️🏳️‍🌈

@dansup Mastodon has an opt-in for search engine indexing. That seems reasonable to me.

0
1y
Replies