No, I did not block my friend Andreas. I (presumably) did something much worse.
During the night from May 23rd to 24th, around 900 followers disappeared from my Mastodon profile. Did I say something that upset 900 people in one night? Unlikely. My assumption was that I was blocked by an instance or that we had been de-federated. The second option was unlikely since the follower count on @firstname.lastname@example.org had not dropped. It was only me.
I turned to an analysis tool at and quickly found out my connection to mastodon.social was severed. The 900 followers from the largest Mastodon instance were missing. Every single connection was missing.
It took me a while to notice that there were no posts from mastodon.social coming in. My assumption was that I had been banned from this instance and that was surely going to be an honest mistake.
A message from Eugen Rochko, developer of Mastodon and admin of the largest Mastodon instance explained that this did not happen on his server but originated from social.heise.de. The only logical conclusion was that I had blocked the mastodon.social domain.
And this led me to the discovery of the Mastodon weapon of mass destruction. If you go to any profile on a remote server, open the context menu, every single option in that menu is reversible. You can mute and unmute, block and unblock the user, you can report him to his instance admin. And then, if you scroll one more entry down to block domain, you drop the bomb. Two things happen:
- You drop every single person from that instance from your followers, with no way to recover.
- Your instance sends a remove request to the other server. That server goes through its database and drops you from the follow list of all your followers on that instance. No recovery option.
Boom. All gone. No more social connections. Irreversibly gone forever.
Works as designed. And the design is broken. I have never seen anything like this before. Not in 40 years of working in IT. It is a f’up on the level of putting “securely wipe this disk” next to “put this file into trash”.
PS: In deutscher Sprache ist die Bombe noch besser versteckt. Verstecken?
5 thoughts on “UX disaster in Mastodon: an innocent weapon of mass destruction”
“Works as designed” indeed. This WMD actually warrants two levels of UX improvements:
– the placing of the “Red Button”
– a _decent_ safety cover (“If you continue, will happen. Are you REALLY sure?”).
(warum muss ich gerade an den Schluss-Satz von “Computer sind doof” denken…?)
Good to know but sorry for your pain.
Maybe I’m still too much of a sysadmin, but I don’t really think individual users should be blocking entire domains to begin with. Mastodon’s federated model reminds me of email in the 1990s, with the exception that the users themselves are expected to manage an allow-list/reject-list. I guess it could be a handy feature, especially if one host was dedicated to . But even in that case, I’d rather give the users a ‘report this domain’ button instead of a ‘block’ button. At the bare minimum, hide that option deeply within an Advanced menu option. So yeah, “working as designed” but not the brightest design to begin with…
heh. rats. I put a *insert bad behavior here* bit in that sentence that just stops mid-thought, but foolishly surrounded it with angle brackets, which are of course stripped out…
You are right, Volker, this blatantly violates several key factors for good usability in ISO 9241.