Should Fediverse Web apps show remote content to unauthenticated users?
Uncategorized
12
Posts
6
Posters
5
Views
-
-
For example, you point your browser at a.example. You are not logged in.
You navigate to a list of a local user's followers at a.example/user1/followers .
If you click on a profile in that list, it loads a.example/remote/user2@b.example , a profile page for a remote user.
If you click on an image posted by that remote user, it loads a.example/remote/b.example/image/33 , showing the remote image and all comments on it.
If this is not an interesting question to you, feel free to skip it!
-
For example, you point your browser at a.example. You are not logged in.
You navigate to a list of a local user's followers at a.example/user1/followers .
If you click on a profile in that list, it loads a.example/remote/user2@b.example , a profile page for a remote user.
If you click on an image posted by that remote user, it loads a.example/remote/b.example/image/33 , showing the remote image and all comments on it.
If this is not an interesting question to you, feel free to skip it!
@evan I’d say very much yes. It shows the connectivity of fedi rather than implying fragmentation.
-
For example, you point your browser at a.example. You are not logged in.
You navigate to a list of a local user's followers at a.example/user1/followers .
If you click on a profile in that list, it loads a.example/remote/user2@b.example , a profile page for a remote user.
If you click on an image posted by that remote user, it loads a.example/remote/b.example/image/33 , showing the remote image and all comments on it.
If this is not an interesting question to you, feel free to skip it!
@evan I voted yes. As long as everything in the flow honors user2@b.example's visibility settings I think that should be fine (unless I'm missing something important in the premise).
-
@evan I voted yes. As long as everything in the flow honors user2@b.example's visibility settings I think that should be fine (unless I'm missing something important in the premise).
@chillicampari @evan
That was my concern exactly (I voted "yes, but"):
e.g followers-only content shouldn't be public just because a follower's instance has access to it. In a perfect world this would have been end to end encrypted. -
For example, you point your browser at a.example. You are not logged in.
You navigate to a list of a local user's followers at a.example/user1/followers .
If you click on a profile in that list, it loads a.example/remote/user2@b.example , a profile page for a remote user.
If you click on an image posted by that remote user, it loads a.example/remote/b.example/image/33 , showing the remote image and all comments on it.
If this is not an interesting question to you, feel free to skip it!
@evan To be clear, is 'it' in the above always the local browser as opposed to the server a.example (proxy-requesting on the unauthenticated user's behalf).
-
@chillicampari @evan
That was my concern exactly (I voted "yes, but"):
e.g followers-only content shouldn't be public just because a follower's instance has access to it. In a perfect world this would have been end to end encrypted. -
@evan To be clear, is 'it' in the above always the local browser as opposed to the server a.example (proxy-requesting on the unauthenticated user's behalf).
@virtuous_sloth the browser is loading a page on a.example that calls the API at b.example (either server-side or client-side, but much easier server-side) and formats the JSON response as HTML.
-
-
For example, you point your browser at a.example. You are not logged in.
You navigate to a list of a local user's followers at a.example/user1/followers .
If you click on a profile in that list, it loads a.example/remote/user2@b.example , a profile page for a remote user.
If you click on an image posted by that remote user, it loads a.example/remote/b.example/image/33 , showing the remote image and all comments on it.
If this is not an interesting question to you, feel free to skip it!
@evan Yes, depending on privacy settings of course. For public posts, absolutely yes
-
@evan Yes, depending on privacy settings of course. For public posts, absolutely yes
@fabio search and AI spiders?
-
@fabio search and AI spiders?
This post is deleted!
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Elisabetta Gualmini lascia il PD e aderisce ad Azione. Pronto il passaggio a Renew Europe
@news
https://www.eunews.it/2026/02/16/elisabetta-gualmini-lascia-il-pd-e-aderisce-ad-azione-pronto-il-passaggio-a-renew-europe/
Eurodeputata dem dal 2019, Gualmini ha denunciato "una mutazione genetica" del PD, che Elly Schlein avrebbe "riposizionato nella sinistra radicale". La riformista modenese è stata protagonista, nella scorsa legislatura, della battaglia per l'adozione della cosiddetta
-
@tk (water heating was / is integrated with heating water for the radiators, and changing *that* would have required too much work and expense. the quote for an air-water heat pump were, as I said, extortionate, so we added air-air heat pumps, but they are sized to work *together* with the radiators, not instead of them)
(one day we'll have a fully electric house, but it will need to happen through gradual changes)
(and yesterday, since the sun was shining and there was some warm wind, it was a bit too warm to turn on the heating anyway)
-
@Lucaghitti carne levare
-
@stefano Sadly you're not the only one, I never published on Apple stores but lots of developers are frustrated by Apple's lack of feedback on rejected apps.
-
@VanityFairItaly @people-celebrities-VanityFairItaly finita in orfanotrofio?
-
The beta of MastoBlaster has been rejected by Apple's reviewers. I did not receive any explanation, no email, nothing in the interface. It simply says it was rejected.
Most likely it happened because I did not provide login credentials for a user account, meaning I should have created an account in an instance and sent them the login details so they could test the app, but this is just my assumption.
I have now created an account and submitted the credentials with the review request. I will probably have to wait another two days, hoping it does not get rejected again or, if it does, that they at least tell me why.
The frustrating part is not the rejection itself, but the lack of explanation. An Apple developer account is paid, and I believe it would be fair to clearly state the reason for a rejection. We will see. For now, it confirms the same frustration I felt fifteen years ago, when one of my apps was rejected. I will talk about that another time.
-
@Gina mine would definitely be Tired: 100.
-
@francommit per entrare in città nel modo peggiore con cui si possa entrare in una città, ovvero in auto
e poi stiam parlando delle ZTL, non di tutta roma
(e lo so, roma non è come milano dove i mezzi pubblici funzionano, però il modo corretto per entrare in una città sarebbe quello)
