fsebugoutzone.org:9999

       Post APPfdMOV44OUDuxMsC by datatitian@social.coop
 (DIR) More posts by datatitian@social.coop
 (DIR) Post #APPfdHou4TXk2MGspk by datatitian@social.coop
       2022-11-08T15:39:03Z
       
       0 likes, 0 repeats
       
       There&#39;s a pleroma fork that is offering public, full-text search including posts from other instances. This is bad and has huge potential for abuse (and in my testing it also mis-attributes the content of boosts to the booster instead of the author).They claim to offer opt-out to server admins - I recommend you take the offer. I&#39;m also blocking the instance personally to avoid delivering posts, but its not clear whether they also actively crawl public posts#FediBlockhttps://infosec.exchange/@leakix/109296274969102502
       
 (DIR) Post #APPfdIQ7q5Jjtngbqq by nikodemus@kamu.social
       2022-11-08T16:21:24Z
       
       0 likes, 0 repeats
       
       @datatitian The search is on https://fedsearch.ioIt seems that they respect profile page opt-outs and server level opt-out requests.Searched my posts before asking them to remove kamu.social content, after response to request they were gone.They have a reasonable seeming privacy policy: https://fedsearch.io/privacyBUT I believe most people think &quot;google&quot; when they see that opt-in/out thing on their profile, not purpose built fedi crawler.
       
 (DIR) Post #APPfdIuc0jhhQLwxN2 by nikodemus@kamu.social
       2022-11-08T17:24:05Z
       
       0 likes, 0 repeats
       
       @datatitian fedsearch.io full text indexing is not respecting robots.txthttps://social.tchncs.de/@wortfeld/109297518#fediblock
       
 (DIR) Post #APPfdJQA7QwP0Ci9Y0 by nikodemus@kamu.social
       2022-11-08T17:32:52Z
       
       0 likes, 0 repeats
       
       @datatitian Not certain if they&#39;re actually using ActivityPub to crawl, since blocking fedsearch.io didn&#39;t find anything on kamu.social, but we had definitely been crawled.Their DNS resolves to 65.21.170.7 but since I&#39;m hosting on @mastohost I don&#39;t have access to logs to see where they&#39;ve been crawling from.If anyone can identify their IP, that would be much appreciated.#fediblock
       
 (DIR) Post #APPfdJUPrcLNDOhYB6 by datatitian@social.coop
       2022-11-08T15:50:01Z
       
       0 likes, 0 repeats
       
       For locals, here&#39;s a Loomio proposal for @SocialCoop to make that opt-out request: https://www.loomio.com/d/lgws0pnL/a-server-is-offering-public-full-text-search-of-our-posts
       
 (DIR) Post #APPfdJtaM2TcTSTePQ by r000t@ligma.pro
       2022-11-09T02:19:06Z
       
       3 likes, 0 repeats
       
       @nikodemusThis is super cute to watch, but what are y&#39;all going to do with my scrape engine that 1) changes addresses every few hours and 2) sits on the firehose feeds for *every instance*? Nobody&#39;s found it *yet*. Probably because it&#39;s not politely announcing itself, or running from a fedi instance. It appears as a single client connection, just like any other streaming connection. It&#39;s also only needs *one* instance a given place federates with, in order to work (for most instances, that&#39;s mastodon.social or mstdn.social) All the current campaigns against search engines are doing, is giving vulnerable and marginalized people a false sense of security, and setting them up to get hurt. @datatitian
       
 (DIR) Post #APPfdMOV44OUDuxMsC by datatitian@social.coop
       2022-11-08T16:28:15Z
       
       0 likes, 0 repeats
       
       Corrections: - UI looks like pleroma, but it doesn&#39;t seem to be a full server (nodeinfo is 404)- They do actively crawl instances local timeline stream so you cannot use an instance block to avoid them- Users can also opt-out individually via their search discoverability settinghttps://fedsearch.io/privacy
       
 (DIR) Post #APPfdNyLCIep7MjVNQ by datatitian@social.coop
       2022-11-08T16:43:20Z
       
       0 likes, 0 repeats
       
       - It doesn&#39;t honor the user-level opt out correctly when someone who has not opted-out boosts your post
       
 (DIR) Post #APPfvHZDka6eStW7KS by datatitian@social.coop
       2022-11-09T02:22:20Z
       
       0 likes, 0 repeats
       
       @r000t @nikodemus Gonna save this as the new navy seal copypasta. The concern trolling at the end really sells it
       
 (DIR) Post #APPg7ATLxCKDw7RL0K by r000t@ligma.pro
       2022-11-09T02:24:44Z
       
       2 likes, 0 repeats
       
       @datatitian&quot;If we dogpile everyone who makes a search engine, that will mean nobody can make a surveillance tool behind our backs!&quot; Meanwhile, in the real world, making it perfectly clear that public means public (and not &quot;public except doo-doo heads&quot;) will hopefully remind people to be careful with what they share online. I&#39;m interested in user safety. Y&#39;all are interested in performances. @nikodemus