irelephant [he/him]🍭

  • 8 Posts
  • 170 Comments
Joined 1 year ago
cake
Cake day: December 14th, 2023

help-circle

  • Mastodon really is the internet explorer of the fediverse.
    In any case, I don’t think its that bad. I would compare it to an email provider accidentially leaking messages. Still bad, but its not a reason to abandon email as a means of communication.
    We should encrypt posts, like diaspora does. Like how we should pgp encrypt emails, but no one will.

    also, I just checked myself, a random “private” post I made isn’t accessible over AP if I curl it unauthenticated. Running curl.exe https://calckey.world/notes/a63slz8j6l -H "Accept: application/activity+json" returns nothing, but replacing the uri with a public post does show it.
    An insecure server’s copy of the post isn’t accessible over AP, only the original post’s link should return anything.










  • No, Imagine this

    There is @bob@pixelfed.example their is their friend, @joe@mastodon.example. bob also follows @jane@gotosocial.example

    If bob makes a private post (ie, followers only), only the instances of people he follows will recieve the post. The instance will see that its supposed to be private, and not show it to everyone.

    This may, gotosocial.example, mastodon.example and pixelfed.example have the post, but don’t show it. misskey.example won’t have the post.

    Then, if gotosocial.example (hypothetically) had a bug where it ignored posts visibility settings, those posts would be shown, since the post is sent to that server. If misskey.example had a similar bug, nothing would happen as the post wouldn’t have reached that server anyway.