The only thing instance blocks are good for is keeping known bad instances out of your federated feed and mentions.

They are not a panacea, and they don't deter any motivated attackers, as they don't work against moving targets. They also don't stop nasty people from looking at your account and posts.

Somebody with a few domain names (50$ gets you a lot), docker, and a list of victims could do a lot of damage on here.

And there's nothing you can do about it

I will also just mention that as an admin, I think users should understand that making use of the privacy controls, doing your own blocking, and getting on an instance without open-registrations will have a much greater impact on your safety than anything an instance admin can do for you.

@bugs it strikes me that like a lot of security measures, instance blocks may help some against lazy/low effort ne’er-do-wells and are therefore at least minimally worthwhile - but as you say, won’t be any more of an obstacle to a determined bad actor than a “this building is under surveillance” sign, or a cheap lock, in the physical world. we’ve known for a while now that the only real way forward is graylist or allowlist + algorithmic expansion (such as FOAF) tbh

Sign in to participate in the conversation is a server run by individuals who are friendly to a nihilistic worldview.