Post · bonfire.cafe

Post

silverpill

@silverpill@mitra.social · 2 months ago

Mastodon may expose followers-only posts to public. Is it a feature or a bug?

For example, this reply is addressed to the followers collection (to) and the mentioned user (cc):

https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crj

But Mastodon says the reply is "public". Anyone can view it in this thread:

https://neuromatch.social/@jonny/115343446216492915

#Iceshrimp also doesn't require authorization, but you need to know the post ID to view it.

@kopper Did you know about this?

UPDATE: https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crj is now addressed to public; apparently its audience was being modified by the originating instance depending on the delivery target.

julian

@julian@activitypub.space replied · 2 months ago

Re: Mastodon may expose followers-only posts to public.

That is a little odd, and I'd think that is a violation of the implicit addressing conventions...

If as:Public is not addressed, it is not public. End of story...

Edit: oh, I loaded up the AP resource. to contains public, so that's ok.

silverpill

@silverpill@mitra.social replied · 2 months ago

@julian Well, it's public now. But it wasn't when I posted :)

elvecio

@elvecio@wizard.casa replied · 2 months ago

@silverpill One thing that has always been different in Mike's software is that only authorized people can see non-public things. It is of little use to have the right address for the image, video, or file (as instead happens and happened in Mastodon Diaspora and others - almost all of them). In the software created by him, you cannot see even if you have an address/id or whatever you like.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.40 no JS en

Automatic federation enabled