This tool is intended for Mastodon instance administrators
You can still play around with it even if you aren't a server admin, but don't complain to me that you can't figure out how to import the lists :)
This tool is designed to suggest a blocklist that you may want to configure on your Mastodon instance. The goal is to create a system simpler than scrolling #FediBlock, more proactive than relying entirely on user reports, and more federated than distributing blocklists from a central authority.
To start, enter your instance's domain (no 'https://', no page, just the domain) into the box above the synchronize button on the right side menu, and click "Synchronize". This will make two calls to your server's API to fetch the known peers and the block list. This WILL require that your instance is configured to share this information. This can be configured in your instance settings, under Site Settings, enable 'publish list of discovered servers' and 'enable profile directory'. Also set "show domain blocks" and "show rationale" as "to everyone".
Once you synchronize, any domains you have already blocked will appear under Untrusted Hosts. All other known peers will appear under Known Hosts. Now, you need to find some hosts you trust in the Known Hosts list and move their slider to the right. The slider moves between -100 and 100, and once you select a value it will update in the text box (you can also enter a value into the box directly). This should represent how much you "trust" this server, with -100 meaning you think this server is "evil" and 100 meaning it is to be trusted entirely (at least for the purposes of generating a blocklist). As you set values, these hosts will move to Trusted Hosts or Untrusted Hosts accordingly. I do NOT recommend trying to set a value for every single instance in the list. Search the page for instances that you are already familiar with instead.
Once you have added a few trusted instances, click "Process" from the right side menu. This will fetch the block list from each instance on your trusted list. A host that appears on any of these blocklists will receive a negative trust value equal to the trust value of the hosts that have blocked it, multiplied by the appropriate multiplier values (configured in the side menu), averaged by dividing it by the total number of hosts in the list.
Finally, you can use the "Export for Mastodon" button from the side menu to export a blocklist as a CSV file, which you can then import into your instance using the script provided below. This export will be generated based on the Thresholds values set on the right side menu. Any hosts with a trust value equal to or below the suspend threshold will be suspended; any remaining hosts with a trust value equal to or below the limit thershold will be limited.
Also please be aware that some instances may choose to obfuscate certain URLs from their block list. Please don't do that. This tool cannot work with obfuscated URLs.
The remaining options are mentioned below:
# IMPORT SCRIPT # I realize Mastodon already has an import function, but as far as I can tell, that # does not allow you to include the comments. This script will. # This script assumes the export file is available in the current directory # and named 'mastowot.csv' # This should be your mastodon API token with admin access # (Generate from your admin user's development menu. Requires admin;write permissions) ADMIN_ACCESS_TOKEN="" # And your instance hostname of course MASTODON_HOST="https://" ts="`date +%Y%m%d-%H:%M:%S`" awk -v RS='"\n' \ -v FS="," \ -v authtoken="$ADMIN_ACCESS_TOKEN" \ -v tgthost="$MASTODON_HOST" \ -v timestamp="$ts" \ '{ system("curl -X POST -H \"Authorization: Bearer "authtoken"\" \ -F \"domain="$1"\" -F \"private_comment=Updated by MastoWoT "timestamp"\" \ -F \"public_comment="$2"\" \ "tgthost"/api/v1/admin/domain_blocks"); }' mastowot.csv
TODO: Styling: Color chooser, high contrast mode Maybe make the UI not look like....this. Determine if blocked hosts have/had direct associations, and when? (ie, see if they blocked this person or if they got the block from elsewhere) Explain how this shit works a little better, maybe a video? (Maybe a *good* video...)
[ Ultimately I do think this would make more sense as a shell script run via cron job...but I think this is a better way to display the concept, so that version is part two :) ]
FYI, this site runs entirely on your machine and should not send ANY of your data to my server. This page is made of three files -- mastowot.html, mastowot.js, and mastowot.css. You can download all three and run them from your local system, no server required. You can copy them to your own server to share. They are licensed under the GPL v3, and about 1000 lines of code last I checked if you want to review it.