Concerns were posted a few days ago, but no POC that used the exact same attack as we saw here. Basically, there were some warnings, and work was underway that would have prevented this, but it was not done fast enough. There is a patch now, that will take a while to roll out, plus a renewed focus on general and related issues.

That's a personal preference though. You don't have a need for a relay. There are more than a few people who want to run their own instance and at least browse all the things without having to subscribe to them. This is a news aggregator at the core after all.

That, is actually kind of fascinating and may be important info for someone doing a follow-up investigation. If that was the bad actor phishing for moderation access, why would they need that, when they already had an admin account? If it was legit, then it's super sus. whoever this app developer was needs to have a little light shone on them.

I didn't mean YOU are being a dick. If SOMEONE creates “alt” accounts for the sole purpose of vote manipulation, they're being a dick. I was using the royal "you," a weird english language thing. You, yourself, are not a dick. We'll you might be, but I don't think so.

I actually wrote it with the flip side of your centralization argument in mind. If a community exists outside of the popular ones a user may never even know of its existence. Having more show up SHOULD be better to prevent centralization no? It requires the users to change their browsing behaviour but at least they don’t have gonsearching offsite.

I think your idea is on the right track when thinking longer term and assuming the worst case in both design and admin behavior. :)

The whole network needs to be split into "active" and "archive." New activity (or at the very least stubs to where new activity is happening) needs to be updated regardless of where it occurs without having to capture anything extra.

So if I’m understanding this right, the bot account you create for this is the one subscribing to every community, so it’s known to the local system, right?

Yes

As long as I’m not mixing up my main account and my bot account, there should be no observable change on my own account?

Correct, I have it functioning this way and it works great.

How is storage affected on this? If the bot account is subscribing to a number of communities across the fediverse, all that remote content is going to take up quite a bit of space, no?

It does and it will continue to grow. This not not something the tool takes care of, not cleaning up anything old or stale. Space management and "unfollow" is on the roadmap! Currently I can only speak for myself and it is EVERYTHING and it is about 0.25 GB / day of database, and 6-10 GB / day of images.

And will 2FA be supported at any point?

Not on the roadmap. I don't know how api calls in general work with 2fa since I have not tested or enabled it on my instance. :( Sorry.

EDIT: Changed database/pictures ratio after double checking actual numbers and not looking at used filesystem. :(

One could argue that there is actually less transparency from an admin than there is from a corporation. An admin has complete control over an instance and zero oversight if they want to be shitty without being caught. Ideally the “hive mind” would weed this out and defederation IS a tool to deal with it, but the control argument can go both ways. In all cases we start by trusting the controller is acting in our best interests and need ways of handling things when trust is broken. Defederation, as the sole tool, might be too heavy handed.

The ol’ “you know not of what you speak,” syndrome. Know-it-all’s with an axe to grind are the minority, but man, are they disruptive.

There has to be a middle ground. Applying to be in communities sounds good but what’s the point of a public forum that isn’t public. At some point if you continually defederate others, don’t you become the defederated one?

You should write something that detects indiscriminate subscribing and automatically defederates with them.

EVERYTHING by default. Also working on "discover only" for searching without the subscribe-to-everything. That said: It's far less than 3GB per day for EVERYTHING I can see, plus: you don't HAVE to keep it forever. Were you doing something that got other than text?