I got a suspicious follower on my personal Mastodon instance.
I cannot see information on this account on Mastodon instance. It got a status 403 with a message
“You don’t have permission to view this page.” I haven’t seen a Mastodon account for which I cannot see the at least something from the profile. I can only check that the status of this account is suspended on the moderation interface of my instance.
The profile is suspended. After 30 days, it will be deleted, and the response code will change to 410.
It’s interesting to me that the WebFinger entry is still public and the avatar is still accessible.
I think that instead of returning a message telling me that I have no permission to access that profile, the website should show a message informing people that the account was suspended. Otherwise, many people will not understand why they have no permission. I should create a request in the Mastodon repository for this. I wonder how other software manage the suspended accounts? Is there a protocol for that in ActivityPub?
The account is still active & available: https://mastodon.social/@nataliegwinters
Though federating suspension status correctly is kinda difficult, since you don’t know who’s fetched & cached the actor document, so you don’t really know where to send updates on that actor to.
If that account is still active and available, why can I not see that account from an account I have on that server? Why the message said I am forbidden to see that account?
Your server might have locally blocked it
I understood. This means that mastodon.social blocked the account, but the account is still active and available on the same server. It is a complex status anyway.
or that account blocked you.
I don’t think they would block specifically my account on mastodon.social because I would not be easy to know that I own that account, and also because I see the same message when trying to access the suspicious account without been logged into mastodon.social.
The offending account has now disappeared. But is there not a UI issue here? “You don’t have permission to view this page.” is a bit off-putting when you’re coming from your followers list. Is there a possibility to provide more details in this case? Or in any case: what is the security issue that would require leaving a legitimate use unanswered?
There’s a long standing mastodon issue about this, basically we need to separate “suspended” from “deleted” states. Getting this right is kinda complex.
