Proactive "Best Practices" recommendations for AP implementors

[julianlam]

A best practices section in the first report would go a long way toward curbing problematic material from entering the fediverse. A proactive approach vs. reactive.

1. @renchap from Mastodon suggests a dead-man switch that disabled new user registrations if no admins have logged in after a specified timeout.
2. @julianlam (me!) from NodeBB suggests the use of a post queue to filter out spam waves from any new users with no posts. This is limited to smaller instances, as it requires human effort to scale.

[renchap]

Also do not default to open registrations for new servers, and inform the administrators that open registrations require significant and prompt moderation work

[julianlam]

Most spam centers not around getting their message seen, but rather to create backlinks to other websites.

A blanket noreferrer nofollow ugc value for rel works, but whether this stops spam is suspect (spammers don't tend to care if their spam doesn't work).

Preventing external links might be a natural next step.

[ThisIsMissEm]

@julianlam rel="ugc"? That's a thing?

[ThisIsMissEm]

From #31

Let's come up with some notes on general best practices for Trust & Safety that we can document in the initial report.

Some ideas:

• Recommendation to prefer human moderation, or at least human review of moderation
• Encourage collaborative approaches to moderation: you don't need to just throw a Flag over to another server, you can actively reach out and try to communicate with instances.
• Encourage software implement federation management, i.e., prevent processing activities from certain domains (whilst acknowledging that we won't be tackling federating federation management decisions at this
• Encourage software to implement basic reporting capabilities and general UI recommendations for displaying reports to moderators (i.e., blur / greyscale / don't auto-play media )

[julianlam]

@ThisIsMissEm it is, but how well it's understood by search engines is up for debate. Here's one documentation article that mentions it, but other references are far and few between.

[rscmbbng]

Even though it seems a low bar, I think it is important for such a report to address 'obvious' basic functionality as well. For instance, to make strong recommendations that users that have uploaded media can delete it themselves as well. Or to make strong recommendations that any functionality that is necessary to administrate or moderate an instance can be done from the interface, rather than only the command line. I bring this up because there have been and are live deployments of software that do not implement such basic functionality.

[jmking-iftas]

We have some reporting workflow guidance in https://connect.iftas.org/library/tools-resources/information-for-software-developers-and-designers/, and a forthcoming Moderator Manual has a ton of best practice, anticipate a v1.0 by year end 24.

[ThisIsMissEm]

This is also a fantastic thread from Jerry Bell of Infosec.exchange that highlights a number of trust and safety issues that we repeatedly see across the Fediverse: https://infosec.exchange/@jerry/112887084476486558