Brutkey

Julian Fietkau
@julian@fietkau.social

This bureaucracy is necessary for verification of consent, but it is a bit of a pain for software implementers who want to give blanket quoting permissions, like bot authors.

Making your account quotable by Mastodon takes more than a simple declaration: it has to have the ability to respond affirmatively to quote requests, and to confirm or deny the legitimacy of existing quotes.

Generally this means having to at least keep track of everyone who has quoted you.

🧵 3/6

Julian Fietkau
@julian@fietkau.social

While reading FEP-044f, I had an idea for getting around that requirement. It's difficult to explain without getting extremely technical, but I think it could be interesting for platform implementers who want to offer blanket quotability to Mastodon users, but who have shied away from FEP-044f for its state management requirements.

Basically, a quote authorization stamp payload (see https://codeberg.org/fediverse/fep/src/branch/main/fep/044f/fep-044f.md#example-of-quoteauthorization) has to contain the IDs of the quoting post and the quoted post.

🧵 4/6

Julian Fietkau
@julian@fietkau.social

That's why it's not possible to simply reply “ya sure” to every quote verification request. The response has to affirmatively state which quote it is for.

So I thought, instead of keeping a list of prior quotes in a local database, why not embed them in the ID (URI) of the verification stamp? That way the code could simply echo them back out for any future request.

Turns out this works! You can see an example here: https://fietkau.software/daily_rucks/ap/quoteAuth?stamp=2025-11-08;https%3A%2F%2Fexample.com%2Fsome-post

🧵 5/6