Home Posts

Removing Mastodon Integration

3 mins

Recently I saw a blog post about Webmentions and user privacy. This got me thinking about the Mastodon integration I did for this blog a while back.

The internet seems to be in the process of reinventing itself. Increasingly, we’re seeing a move towards more decentralized solutions like ActivityPub that shift the control of content (and responsibility) back into the hands of the users. As part of this transition, we are seeing features given more scrutiny in regards to topics like user privacy.

With the move to this decentralized model, many people are looking for ways to reimplement the features they enjoyed on the centralized providers. We’ve become accustomed to near instantaneous feedback when we publish something online. We receive this in the form of likes, reposts and comments. Alas, a humble blog doesn’t come with these features out of the box; enter Webmentions.

Webmentions offers the option of turning a publication into a cross-site conversation. With Webmentions, someone can link to your post and notify you. That notification can then be displayed on your site as a like, repost or comment.

So where does the privacy issue come in? Certainly this seems like an opt-in situation, you have to notify the site that you’ve posted a response after all. Well, what happens if someone else sent the notification on your behalf?

The post and response model that Webmention uses sounds a lot like the model for ActivityPub or any other social media, right? So, it follows that we could make a post on Mastodon, for example, when we update our blog. Since any interaction with that Mastodon post follows the same model, we could treat likes, boosts and comments as Webmentions. You might be sending Webmentions just by intereacting with a Mastodon post.

See the problem? The people interacting with your Mastodon post may not realize that they’re opting in to having their like, boost or comment scraped and shared on a separate site via a Webmention. Even if they do realize it, they may not have any control over editing or deleting the content after it has been scraped.

To be fair, this isn’t a new problem. Anything shared with the internet, public or otherwise, can be reshared with or without the user’s consent. A simple screenshot is all the sophistication needed.

I know that this is an evolving space and I see many people thinking about this right now. Personally, I really like the idea of Webmentions. I like the idea of a connected internet of people. I look forward to see how this all plays out.

When I started this blog, I always wanted to make something that respected the reader’s privacy. That’s why you’ll find no analytics or tracking on this site. Out of an abundance of concern for that privacy, I’ve chosen to remove the Mastodon integration and the post detailing how to do it from the site for now.

I'm a software developer in the games industry by day. By night, I like to tell collaborative stories with my friends through tabletop roleplaying.