Here’s a laundry list of sort with tons of tools we’d like to see

  • Role for approval of applications (to delegate)
  • Site mods (to delegate from admins)
  • Auto-report posts with certain keywords or domains (for easier time curating without reports)
  • Statistics on growth (user, comments, posts, reports)
    • User total
    • MUA
    • User retention
    • Number of comments
    • Number of posts
    • Number of reports open
    • Number of reports resolved
  • Sort reports
    • by resolved/open
    • by local/remote
  • Different ways to resolved a report
    • Suspend account for a limited amount of time rather than just banning
    • Send warning
  • Account mod info
    • Number of ‘strikes’ (global and local) and reports
    • Moderation notes
    • Change email
    • Change password
    • Change role
  • Ability to pin messages in a post
  • Admins should be able to purge
  • Filter modlog to local
  • Better federation tools (applications to communities, limiting)
    • Applications to communities to allow safe spaces to exist (people should not be able to just “walk in” on a safe space - similarly to follow requests in Mastodon in a way)
    • Limiting (Lock our communities down from certain instances but still allow people using our instance to talk to people from those instances)

Obviously considering the moment when this is being made - federation tools are our highest priority.

  •  JoJo   ( @jojo@beehaw.org ) English
    31 year ago

    A few of these are already possible via the API, afaik;

    • Stats
      • User total
      • Number of Active Users (per day, week, month, 6month)
      • Users online
      • Number of; Comments, Posts
      • Number of reports (via iterating reports api)
    • Sort reports;
      • By resolved/open
    • Different ways to resolve a report: (Can be done by client providing quick buttons to perform action next to resolution)
    • Pin messages in a post: This is the ability to “feature” a post, “distinguished” comments are also coming, I saw in the Lemmy commits
    • Admin should be able to purge;
    POST /admin/purge/person PurgePerson
POST /admin/purge/community PurgeCommunity
POST /admin/purge/post PurgePost
POST /admin/purge/comment PurgeComment

    However, imo, notable absences are;

    • The ability to prevent posting until moderator review
    • Auto-reporting or regex matching per community (right now its a side-wide “slur filter” regex)
    • Better tools, like you said, like notes and strikes
    •  Poke   ( @poke@beehaw.org ) English
      41 year ago

      Emails are optional on some instances. Having both options would be nice. On the other hand, allowing admins to change their users’ passwords makes it easier for them to impersonate their users, though that just may be something we accept.

      •  Lionir [he/him]   ( @Lionir@beehaw.org ) OPEnglish
        31 year ago

        Yeah, the issue is people without email but also people with the wrong email. I’ve caught quite a few typos from our email server not being able to send their approval because the email had a typo. I did send them manually and tell them the error they made.

        So, I guess we could just change email but I don’t see quite the difference in terms of abuse with regards to change password if I could simply change someone’s email and get it anyways.

        •  poVoq   ( @poVoq@slrpnk.net ) English
          31 year ago

          People providing a broken email also make the approval hang. it works approving them, but the admin gui hangs with a spinning icon until you do a full page refresh.

      •  towerful   ( @towerful@beehaw.org ) English
        21 year ago

        I understand that emails are optional.
        However, if a user wants to recover their account, then they should provide an email (even just a burner).
        It’s not much, but it would add an extra safe-guard against admin abuse.
        Mod logs could show “mod changed email for user x” without any PII. Which would add some insight into potential admin abuse if this happened excessively or if a user complained about it happening to them.
        I imagine any admin with postgres skills could delete/suppress the modlog entry tho.

        Personally, I wouldn’t trust any website if I contacted them with an “I’ve locked myself out” request, and they replied with a new password.

        TL;dr: Regardless, I don’t actually have any skin in the mod/admin game.
        I can understand that it seems useful.
        I am still of the opinion that it is an outdated way to do account recovery.

        •  Gaywallet (they/it)   ( @Gaywallet@beehaw.org ) English
          11 year ago

          No way to validate it is actually the user if they’re locked out. Your info exists on their server, so they can change your password or email trivially. Anyone could disable/enable these kinds of tools that automatically notify, ultimately you shouldn’t sign up for an instance you don’t trust.