#[tantek]I don't think it's right about "only once per instance". plenty of sites (including http://indieweb.org) would be able to handle that just fine
#[tantek]I think what's *actually* happening is people's individual Mastodon native mobile clients are requesting & generating the previews and THAT is the cause of the DDOS
#[aciccarello]there are also lots of people with individual (1 person) instances
#sknebelI mean, indieweb.org is handling being linked on mastodon just fine
#sknebelor did I miss an occurence where it was a problem?
#sknebelbecause people link to our pages regularly
#[aciccarello]I assume http://indieweb.org is cached well so less of a problem for that site. But there were a couple articles this week about the problem for other sites.
#sknebelyeah, see -chat for my opinion on this weeks article ...
#[tantek]to-do << ^ re: [[thundering herd]] / Mastodon in particular: https://gist.github.com/renchap/3ae0df45b7b4534f98a8055d91d52186 (though seems to omit that what may actually be happening is people's individual Mastodon native mobile clients are requesting & generating the previews and THAT (millions of clients) is the cause of the DDOS, not "1000 instances")
#aaronpkeven on the mastodon web app the image is served from the instance, not hotlinked to the original site
#sknebelyeah, hotlinking would be bad, but nothing in the ecosystem is doing it
#sknebel(would be bad both for resource use and for leaking info about users to the site)
#sknebeland the model generally is that your local instance caches things for you and your clients *only* talk to it
#sknebelfor me this is like yeah it'd be nice if they find a good model to mitigate it, but if your site falls over from it any scraper going wild or a bored teenager with a laptop can take your site down too
#sknebeland the mastodon-traffic is easy to identify identical requests, that's pretty much nicest traffic spike you can ask for
#sknebel(and talk about "request amplification factors" are IMHO misplaced because it's actually work to setup to a point where you can make use of that and then the fediverse is just to small to make a dent compared to actual (D)DoS attacks
#[tantek]Yeah that makes more sense, especially from a privacy perspective
#[tantek]That clients would only communicate with your direct account instance by default
#[tantek]And then defer actual access to other sites to clicking on a link that takes you to a browser that already has lots more privacy precautions built in
#sknebelright, and only once youve chosen to interact, not just seeing the preview
#[tantek]What's ironic about that gist is that it's ignoring all the existing properties (in AS2 etc) that are already part of the "activity" that serve the role of "preview data"
#[tantek]So you don't actually need og:description or whatever
#[tantek]But folks are so cargoculting with OGP = link preview that they're not bothering to step back and ask what is they're actually trying to implement for the user
#aaronpkwell the classic debate is whether you want to trust the information from the server where the post is coming from or the actual website that is being linked to
#aaronpkwasn't there an incident a while ago where people were hacking the link preview?
#[tantek]and AS2 has thumbnail or something like it also right?
#sknebelright, the fetching per-instance is the decision to not trust the source to provide accurate previews
#sknebel(source=instance the post containing the link was made on)
#sknebeland I think one of the things discussed has been "ok, but we can include that and other instances can decide whos previews they trust maybe"
#[tantek]That whole "not trust the source" reasoning is dumb because "the source" is what "pushed" the whole activity into your inbox in the first place 🤦♂️
#aaronpkright, this isn't even an #indieweb-dev conversation, it's all about user expectations
#sknebelwhich in centralized systems is based on "I trust the platform to not randomly fake link previews", and on mastodon is then translated to "I trust *my* instance to not fake link previews"
#[KevinMarks]Facebook historically let the poster edit the link previews, and switched to trusting the link's OGP+secret sauce
#sknebel(now you could argue that not faking previews should just merely be a social code a la "if we catch your instance lying about a preview we'll defederate it", but that's also messy so it makes sense to instead have the instances fetch independently)
#[KevinMarks]Isn't this the reason oEmbed was invented in the first place?
#[snarfed]part of the original problem wasn't just the volume of requests, it was the spike of flash traffic, ie that volume in a very short time
#[snarfed]sure we can always say git good, provision your server better, etc...but the fact remains that getting linked from a popular fediverse user still often did hurt linked web sites, and that's a real problem, _especially_ if it stays a problem for years and makes publishers end up saying "don't share links on the fediverse" loudly
#sknebelI dont think anyone is saying that it shouldnt be improved where possible
#sknebelbut as I said in chat, I have a hard time taking this specific publisher seriously with that
#[snarfed]a different angle is, this specific problem doesn't happen with feed readers, centralized social networks, Bluesky, etc. it's a relatively fediverse-specific drawback. which isn't great
#[tantek]ladies & gentlemen & other gentlegenders, this is why we use #indieweb-chat to make wiki edits with < < that include GH issue/PR links. don't be like me, be better