AkkomaGang/akkoma
AkkomaGang
/
akkoma
12
63
Fork 83
Code Issues 167 Pull Requests 15 Packages Projects 2 Releases 13 Wiki Activity

Possible link preview enhancements #320

New Issue
Open
opened 2022-11-27 23:15:13 +00:00 by luna · 1 comment
luna commented 2022-11-27 23:15:13 +00:00
Contributor
Copy Link

It is a known issue that link previews on the fediverse are weird. They can become DDoS vectors as the network instance count increases, and while a Hug-of-Death is expected if your link is interesting enough (HN frontpage, for example), at the moment it's all automated.

I wouldn't say this is that big of an issue at the moment, but I do want to bring into question what could we do about it.

One proposal I have in my mind is:

  • Extend AS2 vocabulary with Link Preview metadata for each status.
  • Instances would receive it and show on their respective APIs.
  • To prevent malicious attached previews, double-check with the upstream link after a random amount of minutes from the status being received.
    • If it matches, increase some form of trustworthiness score to the instance.
    • If it doesn't, decrease the score accordingly.
  • If an instance's score on their attached previews gets too low, deny their previews from appearing in the API, instead relying on upstream.

There are drawbacks, such as this is an extension and we'd want it to be specified in a way that other AP implementations could take it (which might be hard because there's some 3 different ways you can create previews), which is why I'm proposing to see what comes out (I looked a bit after writing this and it looks like Mastodon could go down the same path with https://github.com/mastodon/mastodon/issues/12738, but the status is unknown on that proposal).

It is a known issue that [link previews on the fediverse are weird](https://jort.link). They can become DDoS vectors as the network instance count increases, and while a Hug-of-Death is expected if your link is interesting enough (HN frontpage, for example), at the moment it's all automated. I wouldn't say this is that big of an issue *at the moment*, but I do want to bring into question what could we do about it. One proposal I have in my mind is: - Extend AS2 vocabulary with Link Preview metadata for each status. - Instances would receive it and show on their respective APIs. - To prevent malicious attached previews, double-check with the upstream link after a random amount of minutes from the status being received. - If it matches, increase some form of trustworthiness score to the instance. - If it doesn't, decrease the score accordingly. - If an instance's score on their attached previews gets too low, deny their previews from appearing in the API, instead relying on upstream. There are drawbacks, such as this is an extension and we'd want it to be specified in a way that other AP implementations could take it (which might be hard because there's some 3 different ways you can create previews), which is why I'm proposing to see what comes out (I looked a bit after writing this and it looks like Mastodon could go down the same path with https://github.com/mastodon/mastodon/issues/12738, but the status is unknown on that proposal).
tnhh commented 2022-11-28 17:29:42 +00:00
Copy Link

This sounds worth exploring. But this would check every link preview so the DDoS would still occur, just over a longer timescale. Perhaps instances with higher trustworthiness could be checked less frequently.

This is probably bigger than just link previews, but one could imagine some sort of distributed reputation scheme, as used to be popular in peer-to-peer networks. See for instance https://web.archive.org/web/20090311041434id_/http://mailman.cs.indiana.edu/~minaxi/pubs/reputation.pdf

Another thought: might it be possible to have an allowlist for the metadata parser rather than a blocklist? I'm thinking of disabling link previews on my instance because I don't want to impose on small websites. But (in my mind at least) it isn't too much of an imposition to allow link previews for large websites.

This sounds worth exploring. But this would check every link preview so the DDoS would still occur, just over a longer timescale. Perhaps instances with higher trustworthiness could be checked less frequently. This is probably bigger than just link previews, but one could imagine some sort of distributed reputation scheme, as used to be popular in peer-to-peer networks. See for instance https://web.archive.org/web/20090311041434id_/http://mailman.cs.indiana.edu/~minaxi/pubs/reputation.pdf Another thought: might it be possible to have an allowlist for the metadata parser rather than a blocklist? I'm thinking of disabling link previews on my instance because I don't want to impose on small websites. But (in my mind at least) it isn't too much of an imposition to allow link previews for large websites.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
develop
stable
translations
backoff-http
bad-uploader-config-warning
docker
user-expiry-backfill
config-db-keys
ensure-scrubbers-loaded
otp26
code-shaking-does-not-go-brr
elixir1.15
circleci
backup-fixes
mod-task
policy
mrf-coolness
frontend-switcher-9000
contentMap
language-on-posts
rabbit
credo-on-pr
unify-http
normalise-markup-by-default
buildx
v3.13.1
v3.13.0
snac-3.12.1.2
v3.12.2
snac-3.12.1.1
v3.12.1
v3.12.0
v3.11.0
v2.6.2
v2.6.1
v2.6.0
v2.5.5
v3.10.4
v3.10.3
v3.10.2
v3.10.1
v3.10.0
v2.5.4
v2.5.3
v3.9.3
v3.9.2
v3.9.1
V3.9.0
2023.05
v3.8.0
v3.7.1
v3.7.0
v3.6.0
v3.5.0
v2.4.5
v3.4.0
v3.3.1
v2.4.4
v3.3.0
v3.2.3
v3.2.2
v3.2.1
stable-202209
v3.2.0
v3.1.0
stable-2022.07
v3.0.0
v0.0.1
v2.5.2-6
v2.5.2-5
v2.5.2-4
v2.5.2-3
v2.5.2-2
v2.5.2-1
v2.5.2
v2.5.1
v2.5.0-8
v2.5.0-7
v2.5.0-6
v2.5.0-5
v2.5.0-4
v2.5.0-3
v2.5.0-2
v2.5.0-1
v2.5.0
v2.4.3
pre-rebase
v2.4.2
v2.4.1
v2.4.0
soapbox-v1.1.1
soapbox-v1.1.0
soapbox-v1.0.0
v2.3.0
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.1.9
v1.1.8
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.91
v1.0.90
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.9.0
Labels
Clear labels   
approved, awaiting change

   
bug

Something is not working

  
configuration

This requires config changes

  
documentation

This is about human-readable docs

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
extremely low priority

   
feature request

Something new?

  
Fix it yourself

Support has been attempted

  
help wanted

Need some help

  
invalid

Something is wrong

  
mastodon_api

   
needs docs

   
needs tests

   
not a bug

   
planned

   
pleroma_api

   
privacy

   
question

More information is needed

  
static_fe

   
triage

   
wontfix

This won't be fixed

No Label
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#320
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?