Between #IFTAS and #FSEP and #Fediseer let's also look at another threat model that I think people don't fully appreciate with #blocklists How much do you trust the blocklist source—not its upstreams, but the actual place you get it from—to do what they are telling you it does? How much do you trust the maintainer to not perform a MitM attack? How much do you trust others who have access? If a MitM attack _were_ performed, how would you know about it? How would you catch it? How quickly? 1/