We are preparing to release federation support and we want your feedback!

Can you think of any safety, privacy or security features that we haven't announced or already support?

We appreciate any ideas/feedback that can make :pixelfed: more safe and secure.

@pixelfed I love the idea of making posts visible only to your mutuals; people you follow who also follow you back. But that's probably not all that compatible with federation support…

I'd love it for Mastodon and all other AP apps, too, tbh. It would be so useful!

Good luck with the federation support release! I'm so looking forward to it. :)

@pixelfed Ooo, cool! :D Thank you! I can't wait to learn more about those!

@pixelfed where's the list of announced/supported features..?

is there a way to actually report images/content for moderation?

is there a way to flag instances to describe allowed content? e.g. this pix is for cats, this one for pets, this is food only and this one you wouldnt want your mother to see?

@rus We don't have a list of features yet, we will be adding a roadmap and change log soon.

Yes, you can currently report content and moderators/admins can delete it, un-list from timelines or add a CW. (demo post to test the report system:

Admins will be able to customize pages like about, terms, register, ect. Users will be able to set muted or blocked terms in captions, alt-text, usernames and instance domains.

@pixelfed Can users moderate their own comments? Nobody likes to be harassed and unfortunately images and videos seem to be a magnet for that. Otherwise, I'm excited!

@sikkdays Interesting idea, this would be possible locally but you can't delete remote replies from other instances.

@pixelfed Hide them locally? Anyway, not a deal breaker for me, but my personal blog is getting nailed with spam comments and due to a http vs https problem I can't delete some. Thus this is fresh on my mind.

@pixelfed Instead of "Followers Only", Lists like @kaniini has been alluding to in Pleroma.

Being able to pick "Followers Only" or a "Here is a list of folks I 'trust'" would be super helpful.

Auto marking as sensitive media and/or CW would be good too. 😉

@ambassador @kaniini We do have this feature planned, its called :pixelfed: Circles!

@pixelfed Let's call me a killjoy, but here is an idea of a security posture: letting fellow developers and infosec folks have a look at your code and software in small and/or testing environments before you organize a much hyped upgrade event and have the same unreviewed code handle pictures and data for thousands of users.

Still unhappy that you are not releasing a single line of the code I guess.

@sheogorath @pixelfed Mostly recent code related to federation, that dansup has been writing and testing for the past few weeks.

@kaiyou @sheogorath @pixelfed


The repo ( clearly states

*** do not use this software until there is a stable release ***

And (thousands? really?) users sign up for the pixelfed **beta** and they know this.

Since when is the developer of an open source project not allowed to test their new code before they release it?

(Really, do not try to impose rules upon ppl who devote their time to making things you can pick up for free.)

/cc @pixelfed

@arjenpdevries @sheogorath @pixelfed Again, I am merely stating what would sound reasonable to me and which I think would improve community adoption, overall security, and maybe quality.

I am not in a position to impose anything but simply to suggest, and state what makes me unhappy when using and/or trying to contribute to the project.

I'm confused.

If the code in question is available, what is
@kaiyou asking to get?

If it isn't, for what then is
@pixelfed asking feedback?

@arjenpdevries @sheogorath

@kaiyou We have released a lot of federation code already, I understand where you are coming from and we will only tag a release after a week or so of bug fixes!

@pixelfed good morning, there is an ETA for the stable version?

@pixelfed thanks, it’s an amazing project, i can’t wait. Keep up the good work 😎😎😎

@pixelfed I know we are in the pre release phase, but it would be very helpful, if the installation manual would explain which tasks have to run regularly e.g. as cron job.

@pixelfed In a more constructive mood:
- parsable application logs exportable to a siem
- fido(2) support for 2fa
- captcha integration (or missed it maybe)
- a contribution-friendly roadmap
- account lockout/deletion/mute by admins


Asking more for OSS in general than Pixelfed specifically: What attributes make a project roadmap more contributor-friendly?

@mkb I would suggest publishing some guidelines and project philosophy. Then, write about the main goals and their priority. Finally, chop it down to issues and tag them to inform contributors about the most urgent ones, or low hanging fruits, or which issue requires what skills.

I first discovered this when trying to contribute to Matrix and traefik, and tried it on a couple of my own projects. Results are really interesting.


- Already possible via monolog. (

- u2f support is planned

- recaptcha on logins and register pages are available (disabled by default.

- Will be updating our projects list more often (

- Account deletion is supported, mutes and lockout are planned.

@pixelfed Thanks for the update. In general I believe you are doing a pretty good job from a security point of view, after reading some of the code and reviewing the authentication bits.

Regarding privacy and freedom, I fear some of the features will reveal themselves harmful, but we will have to let things unravel and observe first.

@pixelfed Maybe this is just me being slow, but I can't find the "block" button

@bgcarlisle You can mute or block a user on timelines and on a post by the dropdown menu.

@bgcarlisle Sorry about that, will investigate and release a bug fix shortly!

@pixelfed Double-checked and yes, the same user is in my "blocked" list and also I see notifications from them, and they appear in my "followers" list

I'm not sure if there is any feature related to this, but I think it would be nice to have tools to moderate spam attacks.
E.g.: what happens if I create a server and start to federate a lot of images with bad content?
If you block this instance on the admin page, are you recomputing the trending topics? They can possible be poisoned and have crazy values like "X sucks"

@jlhertel We are working on tools that would solve this issue. Sentiment analysis on reported content confirmed by a mod/admin could help detect and flag for review, posts that could be potentially abusive or malicious.

@pixelfed Will there be an option to disable animated GIFs? People with seizures, photophobia, migraines, etc. could be triggered by certain GIFs.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!