Possible link preview enhancements #320

New issue

Open

opened 2022-11-27 23:15:13 +00:00 by luna · 1 comment

luna commented 2022-11-27 23:15:13 +00:00

Contributor

Copy link

It is a known issue that link previews on the fediverse are weird. They can become DDoS vectors as the network instance count increases, and while a Hug-of-Death is expected if your link is interesting enough (HN frontpage, for example), at the moment it's all automated.

I wouldn't say this is that big of an issue at the moment, but I do want to bring into question what could we do about it.

One proposal I have in my mind is:

• Extend AS2 vocabulary with Link Preview metadata for each status.
• Instances would receive it and show on their respective APIs.
• To prevent malicious attached previews, double-check with the upstream link after a random amount of minutes from the status being received.
  • If it matches, increase some form of trustworthiness score to the instance.
  • If it doesn't, decrease the score accordingly.
• If an instance's score on their attached previews gets too low, deny their previews from appearing in the API, instead relying on upstream.

There are drawbacks, such as this is an extension and we'd want it to be specified in a way that other AP implementations could take it (which might be hard because there's some 3 different ways you can create previews), which is why I'm proposing to see what comes out (I looked a bit after writing this and it looks like Mastodon could go down the same path with https://github.com/mastodon/mastodon/issues/12738, but the status is unknown on that proposal).

It is a known issue that [link previews on the fediverse are weird](https://jort.link). They can become DDoS vectors as the network instance count increases, and while a Hug-of-Death is expected if your link is interesting enough (HN frontpage, for example), at the moment it's all automated. I wouldn't say this is that big of an issue *at the moment*, but I do want to bring into question what could we do about it. One proposal I have in my mind is: - Extend AS2 vocabulary with Link Preview metadata for each status. - Instances would receive it and show on their respective APIs. - To prevent malicious attached previews, double-check with the upstream link after a random amount of minutes from the status being received. - If it matches, increase some form of trustworthiness score to the instance. - If it doesn't, decrease the score accordingly. - If an instance's score on their attached previews gets too low, deny their previews from appearing in the API, instead relying on upstream. There are drawbacks, such as this is an extension and we'd want it to be specified in a way that other AP implementations could take it (which might be hard because there's some 3 different ways you can create previews), which is why I'm proposing to see what comes out (I looked a bit after writing this and it looks like Mastodon could go down the same path with https://github.com/mastodon/mastodon/issues/12738, but the status is unknown on that proposal).

tnhh commented 2022-11-28 17:29:42 +00:00

Copy link

This sounds worth exploring. But this would check every link preview so the DDoS would still occur, just over a longer timescale. Perhaps instances with higher trustworthiness could be checked less frequently.

This is probably bigger than just link previews, but one could imagine some sort of distributed reputation scheme, as used to be popular in peer-to-peer networks. See for instance https://web.archive.org/web/20090311041434id_/http://mailman.cs.indiana.edu/~minaxi/pubs/reputation.pdf

Another thought: might it be possible to have an allowlist for the metadata parser rather than a blocklist? I'm thinking of disabling link previews on my instance because I don't want to impose on small websites. But (in my mind at least) it isn't too much of an imposition to allow link previews for large websites.

This sounds worth exploring. But this would check every link preview so the DDoS would still occur, just over a longer timescale. Perhaps instances with higher trustworthiness could be checked less frequently. This is probably bigger than just link previews, but one could imagine some sort of distributed reputation scheme, as used to be popular in peer-to-peer networks. See for instance https://web.archive.org/web/20090311041434id_/http://mailman.cs.indiana.edu/~minaxi/pubs/reputation.pdf Another thought: might it be possible to have an allowlist for the metadata parser rather than a blocklist? I'm thinking of disabling link previews on my instance because I don't want to impose on small websites. But (in my mind at least) it isn't too much of an imposition to allow link previews for large websites.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

translations

customizable-docker-db

stable

static-adminfe

bad-uploader-config-warning

docker

user-expiry-backfill

config-db-keys

ensure-scrubbers-loaded

otp26

code-shaking-does-not-go-brr

elixir1.15

circleci

backup-fixes

mod-task

policy

mrf-coolness

frontend-switcher-9000

contentMap

language-on-posts

rabbit

credo-on-pr

unify-http

normalise-markup-by-default

buildx

v3.13.2

v2.6.3

v3.13.1

v3.13.0

snac-3.12.1.2

v3.12.2

snac-3.12.1.1

v3.12.1

v3.12.0

v3.11.0

v2.6.2

v2.6.1

2.6.1

v2.6.0

v2.5.5

v3.10.4

v3.10.3

v3.10.2

v3.10.1

v3.10.0

v2.5.4

v2.5.3

v3.9.3

v3.9.2

v3.9.1

V3.9.0

2023.05

v3.8.0

v3.7.1

v3.7.0

v3.6.0

v3.5.0

v2.4.5

v3.4.0

v3.3.1

v2.4.4

v3.3.0

v3.2.3

v3.2.2

v3.2.1

stable-202209

v3.2.0

v3.1.0

stable-2022.07

v3.0.0

v0.0.1

v2.5.2-6

v2.5.2-5

v2.5.2-4

v2.5.2-3

v2.5.2-2

v2.5.2-1

v2.5.2

v2.5.1

v2.5.0-8

v2.5.0-7

v2.5.0-6

v2.5.0-5

v2.5.0-4

v2.5.0-3

v2.5.0-2

v2.5.0-1

v2.5.0

v2.4.3

pre-rebase

v2.4.2

v2.4.1

v2.4.0

soapbox-v1.1.1

soapbox-v1.1.0

soapbox-v1.0.0

v2.3.0

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.1.9

v1.1.8

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.91

v1.0.90

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.9.0

Labels

Clear labels   

approved, awaiting change

  

bug

Something is not working

  

configuration

This requires config changes

  

documentation

This is about human-readable docs

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

extremely low priority

  

feature request

Something new?

  

Fix it yourself

Support has been attempted

  

help wanted

Need some help

  

invalid

Something is wrong

  

mastodon_api

  

needs docs

  

needs tests

  

not a bug

  

planned

  

pleroma_api

  

privacy

  

question

More information is needed

  

static_fe

  

triage

  

wontfix

This won't be fixed

No labels

approved, awaiting change

bug

configuration

documentation

duplicate

enhancement

extremely low priority

feature request

Fix it yourself

help wanted

invalid

mastodon_api

needs docs

needs tests

not a bug

planned

pleroma_api

privacy

question

static_fe

triage

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#320

No description provided.