Social Inbox


The goal of the Social Inbox is to make it easy for folks to add social interactions to their statically published websites. But sadly, a lot of social interactions on the open internet can be unpleasant when folks get exposed to trolls or bad actors. To ease the amount of damage from drive-by posting, we've added some moderation features to the inbox for Allow Lists and Block Lists.

By default, any incoming Activities will get queued up in your GET /v1/:actor/inbox endpoint which can be looked at and accepted or deleted. However to speed things up you can automate the process with the /v1/:actor/blocklist and /v1/:actor/allowlist endpoints. You can GET / POST / DELETE with newline separated lists of usernames in order to block/allow specific users and instances.

For example, if you trust everyone on you can add @* to your allow list. Similarly if you've had trouble with and don't want to bother seeing any of their inflammatory replies, you can add to your block list. These endpoints streamline personal moderation choices for each user of the Inbox.

On top of the individual moderation techniques we also have instance-wide Allow Lists and Block Lists at /v1/allowlist and /v1/blocklist, which enable administrators of an instance to preemptively block or allow incoming messages from known communities. This can make it easier for communities to work together so that individuals don't have the responsibility of moderating everything themselves if they don't want to. For example, an administrator can choose to allow all traffic by default except for any instances that were specifically blocked by setting @*@* in the allow list.

If you check the source code (opens in a new tab) for moderation logic you'll see that we prioritize the choices of actors over instance admins. When considering incoming traffic, we first check to see if the user is on the actor allow list, then we check if they are on the actor block list. Lastly, we check if they are an admin or if they're in the global block list or global allow list. If an actor is not on any of these lists then they will be added to your inbox queue to be manually processed.

For our deployment scripts, we've also added the option to specify a blocklist in the Mastodon blocklist format (opens in a new tab) when setting up an instance with Ansible. We looked around at some of the options and have settled initially on the Garden Fence blocklist (opens in a new tab) which covers some of the instances that have the most trouble and illegal or hateful content. As with all our moderation features this is opt in and you can choose to use it or bring your own list. We're also looking at other efforts in the space like The Bad Space (opens in a new tab) which has a larger community working on APIs for moderating at scale.