Mastodon may expose followers-only posts to public.
Technical Discussion
12
Posts
7
Posters
1
Views
-
Mastodon may expose followers-only posts to public. Is it a feature or a bug?
For example, this reply is addressed to the
followerscollection (to) and the mentioned user (cc):https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crj
But Mastodon says the reply is "public". Anyone can view it:
https://neuromatch.social/@kopper@not-brain.d.on-t.work/115343438096255204
#Iceshrimp also doesn't require authorization, but you need to know the post ID to view it.
@kopper Did you know about this?
@silverpill up until a few minutes ago my instance was doing per-instance visibility -
@silverpill up until a few minutes ago my instance was doing per-instance visibility@silverpill (to be clear, this was a patch i had on my own instance and isn't iceshrimp functionality)
-
@julian The followers-only reply is also visible from NodeBB:
https://activitypub.space/post/https%3A%2F%2Fnot-brain.d.on-t.work%2Fnotes%2Fadmrkcvj3hfn5crj
-
@silverpill (to be clear, this was a patch i had on my own instance and isn't iceshrimp functionality)
@kopper What does it mean? You return different objects depending on who signed the request?
-
Mastodon may expose followers-only posts to public. Is it a feature or a bug?
For example, this reply is addressed to the
followerscollection (to) and the mentioned user (cc):https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crj
But Mastodon says the reply is "public". Anyone can view it:
https://neuromatch.social/@kopper@not-brain.d.on-t.work/115343438096255204
#Iceshrimp also doesn't require authorization, but you need to know the post ID to view it.
@kopper Did you know about this?
@silverpill It breaks FO, so this is a feature. -
Mastodon may expose followers-only posts to public. Is it a feature or a bug?
For example, this reply is addressed to the
followerscollection (to) and the mentioned user (cc):https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crj
But Mastodon says the reply is "public". Anyone can view it:
https://neuromatch.social/@kopper@not-brain.d.on-t.work/115343438096255204
#Iceshrimp also doesn't require authorization, but you need to know the post ID to view it.
@kopper Did you know about this?
"Mastodon may expose followers-only posts to public. Is it a feature or a bug?"
I hate to break this to you, but I'm seeing this on a v4.4.3 #Mastodon instance in my /home only because of the #Hashtag #Iceshrimp you've used, which I #Follow
Don't know if this is good news or bad news, or none of the above
cc @kopper
-
@julian Well, it's public now. But it wasn't when I posted :)
-
@julian Well, it's public now. But it wasn't when I posted :)
@silverpill One thing that has always been different in Mike's software is that only authorized people can see non-public things. It is of little use to have the right address for the image, video, or file (as instead happens and happened in Mastodon Diaspora and others - almost all of them). In the software created by him, you cannot see even if you have an address/id or whatever you like.
-
Mastodon may expose followers-only posts to public. Is it a feature or a bug?
For example, this reply is addressed to the
followerscollection (to) and the mentioned user (cc):https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crj
But Mastodon says the reply is "public". Anyone can view it:
https://neuromatch.social/@kopper@not-brain.d.on-t.work/115343438096255204
#Iceshrimp also doesn't require authorization, but you need to know the post ID to view it.
@kopper Did you know about this?
@silverpill
For superior control of your content, suggest to use hubzilla -
@silverpill One thing that has always been different in Mike's software is that only authorized people can see non-public things. It is of little use to have the right address for the image, video, or file (as instead happens and happened in Mastodon Diaspora and others - almost all of them). In the software created by him, you cannot see even if you have an address/id or whatever you like.
@elvecio Further investigation showed that this wasn't a Mastodon's fault. There was some weirdness on behalf of the originating instance.
Mastodon server received a post addressed to public and I received a post addressed to followers.
-
System shared this topic on
Gli ultimi otto messaggi ricevuti dalla Federazione
-
reiver@mastodon.social so, are we doing this?
-
fentiger@mastodon.social Flow control is the feature in TCP where the receiving host, in its ACK, can send back information about its remaining buffer space. The sending host can slow down its sending rate to prevent overflowing that buffer. If this works correctly, no error is ever sent.
-
In Activity Streams 2.0, we can represent the result of an activity using the result property. Here, when the actor accepts a Follow activity, the result is that the follower is added to the actor's followers collection.
{ "@context": "https://www.w3.org/ns/activitystreams", "id": "https://social.example/accept/12931", "type": "Accept", "actor": "https://social.example/person/24405", "to": ["as:Public", "https://other.example/person/21356"], "object": { "id": "https://other.example/follow/30360", "type": "Follow", "to": ["as:Public", "https://social.example/person/24405"], "actor": "https://other.example/person/21356", "object": "https://social.example/person/24405" }, "result": { "id": "https://social.example/add/11066", "type": "Add", "actor": "https://social.example/person/24405", "to": ["as:Public", "https://other.example/person/21356"], "object": "https://other.example/person/21356", "target": "https://social.example/person/24405/followers" } }My question is: how can the Add activity refer to the activity that caused it? I don't think we have a standard property for this. My best guess right now is context or maybe instrument, neither of which seems ideal. I think an extension inverse property, like resultOf, might be the best option.
-
I'm looking into federating out deletion of contexts because in NodeBB the concept of a topic is a discrete entity, not tied to the posts contained within. Deleting the top-level post would not alter the topic in any way, except perhaps that the next oldest reply is suddenly promoted to top-level, which is odd.
Conversely, in ActivityPub, there either is no concept of a context (threaded objects only), or merely the suggestion of one as a view (current implementations of resolvable contexts). I'm hoping to move this more towards contexts as discrete entities with their own activities.
-
@julian love to see the reports of cross project colab!
-
@elvecio Further investigation showed that this wasn't a Mastodon's fault. There was some weirdness on behalf of the originating instance.
Mastodon server received a post addressed to public and I received a post addressed to followers.
-
@silverpill
For superior control of your content, suggest to use hubzilla
-
@silverpill One thing that has always been different in Mike's software is that only authorized people can see non-public things. It is of little use to have the right address for the image, video, or file (as instead happens and happened in Mastodon Diaspora and others - almost all of them). In the software created by him, you cannot see even if you have an address/id or whatever you like.
