

Mastodon really is the internet explorer of the fediverse.
In any case, I don’t think its that bad. I would compare it to an email provider accidentially leaking messages. Still bad, but its not a reason to abandon email as a means of communication.
We should encrypt posts, like diaspora does. Like how we should pgp encrypt emails, but no one will.
also, I just checked myself, a random “private” post I made isn’t accessible over AP if I curl it unauthenticated.
Running curl.exe https://calckey.world/notes/a63slz8j6l -H "Accept: application/activity+json"
returns nothing, but replacing the uri with a public post does show it.
An insecure server’s copy of the post isn’t accessible over AP, only the original post’s link should return anything.
I mean, discoverability is hard, sure, but add a few hashtags and you can get a lot of people to see your posts. also, mentioning a lemmy group as a user posts your post to the community.