Modlog visiblity changes?
The modlog has massive fundamental design issues. For example the other day someone’s full name was in there (i.e. doxing) and there was no way to remove it, across all instances, without some weird non-obvious workarounds and admins talking to each other in Matrix rooms.
It’s public, distributed across hundreds of servers, anyone can create a community and write to it, and it’s write-only. This has obvious abuse potential.
Recently [I made a small tweak to the modlog](https://piefed.social/c/piefed_meta/p/2048738/piefed-v1-6-23-is-released) but that doesn't really solve it. Anyone can still make a community on a trusted instance and spam the modlog with whatever.
What if we required a login to view it? That would at least keep the doxing out of Google's index. PieFed has an option to make the modlog private but afaik that makes it visible to admins and mods only. I mean redefine "public" to mean visible to anyone with a login.
This is a little bit better but the problematic content would still still be there. Different instances in different jurisdictions might need to actually remove some content from their server in a more permanent way. If there was a function to remove a row from the log it should leave some trace that it was used, so misuse / overuse can be spotted. Like don't delete the modlog entry, just change it to display "removed for legal reasons" and no other info.
It’s public, distributed across hundreds of servers, anyone can create a community and write to it, and it’s write-only. This has obvious abuse potential.
Recently [I made a small tweak to the modlog](https://piefed.social/c/piefed_meta/p/2048738/piefed-v1-6-23-is-released) but that doesn't really solve it. Anyone can still make a community on a trusted instance and spam the modlog with whatever.
What if we required a login to view it? That would at least keep the doxing out of Google's index. PieFed has an option to make the modlog private but afaik that makes it visible to admins and mods only. I mean redefine "public" to mean visible to anyone with a login.
This is a little bit better but the problematic content would still still be there. Different instances in different jurisdictions might need to actually remove some content from their server in a more permanent way. If there was a function to remove a row from the log it should leave some trace that it was used, so misuse / overuse can be spotted. Like don't delete the modlog entry, just change it to display "removed for legal reasons" and no other info.