6

Background:

Mastodon is a federated system, which achieves a social network similar to Twitter.

It works by pushing a status of a user to his followers, which appears at four places:

  • The user's timeline
  • The timeline of their followers
  • The local timeline of the user's instance
  • The public timeline of other instances, which get the status

The last point is the interesting one: An instance sees the status, if at least one of its users follows the user posting the status, so the user's instance pushes the status to the other instances.

This kind of pubsub system works quite fine for posting status, which are received by followers usually a few seconds after publishing, sometimes after some output queue is emptied.

My question is now about pushing a delete-message for a status. The problem there is, that this message MUST reach all instances, which were reached by the original status and from how the system works I have doubts if it can guarantee that the delete-message will always reach all systems.

My question below is about the possible failure cases I can imagine.

How does deleting a toot on mastodon actually work, or does it work reliably at all?

I know, that in theory deleting a toot sends a delete message to other instances, so they delete it. Let's put malicious sites which ignore the request aside, then there are still a few problems.

How are the instances chosen? When I had exactly one follower from Instance X when I posted the toot and he unfollowed me before I deleted it, will his instance still get the delete message?
Or more technically: Does the toot store the list of instances it were sent to at post time, so mastodon knows where to send delete messages to later on?

What about boosts? When the User at X boosted my toot (maybe follower only), can I be sure that I know all instances which got the toot via the boost, or that Instance X will relay my delete message to these instances?

What happens, when instance X has a week downtime when I delete my toot? How long is the delete message queued on instance? Instance X could be abandoned, so my instance cannot wait longer than a certain waiting time.

To me it looks like deleting is (or will in near future when there are more instances and a more complicated web between them) futile, as there are so many possiblities how the delete message may be lost or not sent to the correct instances.

So how does (reliable) deletion work on mastodon and is it that fragile or are there precautions to make sure that it works even in these possibly complicated situations?

allo
  • 1,248

1 Answers1

0

Does the toot store the list of instances it were sent to at post time, so mastodon knows where to send delete messages to later on?

No. Mastodon is one of many implementations of the #ActivityPub protocol. from the current protocol, section server to server, [subsection deletions][1] :

7.4 Delete Activity

The side effect of receiving this is that (assuming the object is owned by the sending actor / server) the server receiving the delete activity SHOULD remove its representation of the object with the same id, and MAY replace that representation with a Tombstone object.

(Note that after an activity has been transmitted from an origin server to a remote server, there is nothing in the ActivityPub protocol that can enforce remote deletion of an object's representation).

As for Mastodon's own implementation the discussion on [this auto-deletion issue comment by one of the main developers][2] indicates that toots by themselves don't or can not store this information, and that this is done on every server on a user account basis.

I think it's safe to say, judging by this [issue thread][3] (about account deletions, which has some relevant information from one of the main developers, ClearlyClaire.)

that

If a server learns about an account (for instance because someone has Announced their posts), but does not receive a Delete, they will keep that copy of the data, and will not delete those publicly-served posts even though the original user has decided to delete their account.

Also, it's pretty clear to me from [this reply][4] and [this reply][5] that this is up to every implementation of the ActivityPub protocol's interpretation. For example, Mastodon may handle things differently, from, say, Hubzilla or Firefish.

To me it looks like deleting is (or will in near future when there are more instances and a more complicated web between them) futile, as there are so many possiblities how the delete message may be lost or not sent to the correct instances.

So how does (reliable) deletion work on mastodon and is it that fragile or are there precautions to make sure that it works even in these possibly complicated situations?

Fragile ? for sure ! futile ? not so sure. I think it's a situation of best-reasonable-effort by the devs but I would not call it entirely futile. In practice (as an admin of both a Mastodon and a Firefish servers) Deletions do work 99% of the time but they can not be guaranteed at the Fediverse level.

From these discussions I [1]: https://www.w3.org/TR/activitypub/#delete-activity-outbox [2]: https://github.com/mastodon/mastodon/pull/16529#issuecomment-895874212 [3]: https://github.com/mastodon/mastodon/issues/23175 [4]: https://github.com/mastodon/mastodon/issues/23175#issuecomment-1405220695 [5]: https://github.com/mastodon/mastodon/issues/23175#issuecomment-1406053832

playmobilmeister
  • 145