-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for fediverse:creator
OpenGraph tag
#30398
Conversation
d217a17
to
a35ed53
Compare
This deeply rules. |
Is this |
Mastodon supports both |
This is about more than just Mastodon, though. It's about the underlying standards of HTML (which defines Basically either:
And also consider:
Given that the inspiration for this feature seems to be the Twitter Card Preview markup, I'd be inclined to recommend opting out of RDFa and using the |
The goal here is for this to become widely used, and not only specific to Mastodon. There is nothing specific to Mastodon here, so we do not want to use the We considered using the |
Will this be documented somewhere? |
Either in Mastodon's documentation (
The real "ideal" would be to have this kind of thing defined by a broad consensus or consortium in the same way the OpenGraph Protocol was standardized by Facebook, but failing that, it's okay to have it be specified by Mastodon as a project as long as it's called |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the idea and I like how it looks!
However, shouldn't we worry about this being devoid of verification? One way this could be abused is: write an outrageous piece, and have it claim to be authored by your victim, then share it on the fediverse. Onlookers will see the preview card with a direct link to the victim, who they can easily direct outrage towards. The article can also be shared in good faith by people who are not aware that it was not written by the claimed author.
On the technical side, this looks good, although:
- I agree with @trwnh on the technical aspects of
meta
tagsproperty
VSname
and namespaces, and I also agree with them that if we go with something generic like afediverse
oractivitypub
namespace, we should use the actor ID rather than a webfingeracct
. There is also no real downside to using this for a Mastodon-specific namespace. - this is pretty minor, but I think there's a possible N+1 in
app/controllers/api/v1/conversations_controller.rb
There is a usability issue here. You can not expect a user to know their actor ID. If we want CRMs and other publishing software to implement this, any author should be able to easily add their "profile" in a field, then have the tag appear on their publications. And we can not ask every CRM to support webfinger to get the actor ID either, otherwise this will never be used. |
Thinking more about this I can think of a few ways forward:
That is a good point. I'd be in favor of Mastodon supporting both webfinger acct and ActivityPub actor ID then, with the documentation/specification spelling it out. |
I love this feature addition (and I discussed it with @Gargron in person when it came up as an idea). My own previous experience with Twitter Cards and OpenGraph is useful here. I think @ClearlyClaire has captured the need for more thought on user validation very well. On the choice of tag: OpenGraph wasn't exactly a standard, but it was invented by FB and very widely adopted, so much that in the end, Twitter Cards markup was essentially folded in on top of it (fun fact, if you have a right basic We absolutely did think about how to label this property before coding it (so, landed on Appreciate the various perspectives shared in comments to this PR. One approach may be to test this out in nightlies on mastodon.social and see how things go. |
1ae7751
to
5922bfd
Compare
5922bfd
to
c5e042e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If my understanding is correct, the chosen solution for the impersonation issue has been to bind that feature to the article's publisher being approved for trends by a moderator (/admin/trends/links/publishers
).
If so, I think this reduces the risk, but I'm not sure the two purposes are sufficiently close for moderators to be able to make the right call.
In addition, this approach has a minor issue where the information will only be processed for preview cards created after a provider gets approved.
Apart from that, it looks fine to me.
Follow up question: Could we build an official repo of "approved publishers"? People can PR lists of providers who are known safe, and it would be sync'ed... or more specifically.. we can make a list of publishers who are using the flag correctly. |
I am still really not convinced this is the correct approach to avoid impersonation. I think having the author make a list of domains that are authorized to advertise as authors make more sense, even if it's a little more work for the author itself. Indeed, the author is the probably the best placed person to make the decision, and this would not require every moderator to do duplicate work to make the right call. If the server stores the account reference and whether it was verified as two different pieces of information, the UI could display to the author something like “Are you the author? Add publication.example.com to the sites allowed to advertise authorship” (needs workshopping but you see the idea) or “Not the author? Remove publication.example.com from your allowed list of publications” to nudge the author towards the feature. |
I still think it's a red herring to say that it should be called
This can be solved in several ways:
But again, this is kind of the point I'm getting at -- Mastodon is the one defining what the tag's content-value should be and how it will be used. Whatever you end up going with, it's being specced out by Mastodon. You can't authoritatively constrain the behavior of something that is Aside from that I think the feature does need more thought. The purpose seems clear (Mastodon wants to show the author's account underneath the preview card), but the semantics and mechanics of this are still unclear in a way that can't be said about OpenGraph or Twitter Card. It looks like it only works if you do |
Yes, but we have not defined it yet. We went with the trusted publishers for trends to be able to launch the feature quickly and start having adoption by publishers.
Not yet
Approval is done locally for each instance, using the trusted publishers system from trends. This will change at some point (see the answer above).
This domain is already allowed for trending on |
Why not use the rel-me method (that is already used for link verification) to auto-enable the feature on a user basis? |
How would this work? |
Mastodon already uses rel-me to verify the links in the "Extra fields" https://joinmastodon.org/verification Mastodon could use the same mechanism to verify if a post references to a valid mastodon account, by checking if the mastodon account links back to the posts domain. For example: If a post from https://php.microformats.io/?url=https%3A%2F%2Fmastodon.social%2F%40pfefferle If you equate This way, you could have a way to verify it on a domain/user level, instead of having to manually check/approve it by the mastodon admins. |
I don't think |
If there was another tag with other links that would have to be put into the bio, some instances have only a limited number of verified fields which already can be a problem. Maybe, there should be separate fields on |
@ClearlyClaire why not? It is about referencing other profiles/sites of the same person and besides of that it is already there and in use. |
Because saying that your profile on another website is you is a very different thing from saying that your employer is you. And as @shaedrich points out, it does not need to take up space in bio fields. |
That is not the case that I had in mind. The case you are referring to, could be perfectly handled by the proposed approval system. These are normally big sites with a lot of different authors, but I am not talking about the Techcrunchs, I am talking about the small sites/blogs, where the publisher normally is also the only author, because these cases are hard to handle by a manually approval process!
For a small site/blog it wouldn't be, because normally it is already there!? |
This PR updates the Preview Card. Apart from a minor background color change, it introduces the new `StatusCardAuthorControl`, which is visible if the author of an article has a Mastodon-account. If the user taps on the account, the given profile will open. This feature will be available in Mastodon >4.3 (See [this PR](mastodon/mastodon#30398), for example). HMI, if you need more information on how to test this etc. Please enjoy these screenshots with some fake data: ![1321](https://github.com/mastodon/mastodon-ios/assets/2580019/cc580c84-6700-4f15-b1b0-b845c21a445e)
* add the fediverse creator of a post to opengraph see: * https://wordpress.org/plugins/opengraph/ * https://codeberg.org/fediverse/fep/src/branch/main/fep/XXXX/fep-XXXX.md * mastodon/mastodon#30398 * remove prefix until it is clearified * Do not add the metadata if it already exists
For future reference: Here’s some prior art in this area: http://microformats.org/wiki/rel-author Eg. Google+ used that and rel-author uses Web Linking (https://datatracker.ietf.org/doc/html/rfc8288) and a-tags / link-tags with link relations to link to the author rather than using meta-tags to link to something. I know this PR is implemented and closed. If there’s interest I can open a new issue for extending support to rel-author. (Typically the algo with rel-author went: rel-author to same site profile page, rel-me from profile page to social account and rel-me back from Edit: One could do: <link rel="author" href="acct:[email protected]"> But since multiple rel-author on a single page means multiple authors one should preferably do rel-author to a same site profile and there so rel-me to all the alternative profiles of that account |
I think this approach could also cover the use case of a's proposal to define <link rel="author" type="application/activity+json" href="https://example.com/@username" /> |
I think, the combination would be quite neat: <link rel="author" type="application/activity+json" href="@[email protected]"> as the
|
I think that would technically mean a relative reference, identical to Also, I'm not sure what exactly a |
@tesaguri Interesting 🤔 Thanks for the hint! 👍🏻 If using |
… rel=author proposals refs: mastodon/mastodon#30398
Has this been documented somewhere, and is there an example of this in action? (A bit obscure going over this thread.) |
You can find more information here: https://blog.joinmastodon.org/2024/07/highlighting-journalism-on-mastodon/ We have not yet published a formal documentation for this feature. |
I'm working on documenting this for the 4.3 release. Here's an example post that shows the UI treatment in the web interface: The page linked in that post has this markup in the
From an API perspective, if you retrieve that status using the API, you will see that it contains a This was also briefly mentioned in the blog. |
I agree with the discussion here and elsewhere that this would be much clearer / better served by using |
… rel=author proposals refs: mastodon/mastodon#30398
… rel=author proposals refs: mastodon/mastodon#30398
A new OpenGraph tag to highlight article writers and website creators on Mastodon. Putting
<meta name="fediverse:creator" content="username@domain" />
on a web page will allow Mastodon to link directly to the fediverse account from the preview card card, like so:This will highlight journalists that actively use Mastodon and help them cultivate an audience on the platform that is independent of their publisher. To prevent potential abuse (malicious websites could "frame" unknowing users by listing them as authors) this feature will only be available to publishers that have been approved for trending by each server's moderation team.
Fixes MAS-246