I mean, discoverability is hard, sure, but add a few hashtags and you can get a lot of people to see your posts. also, mentioning a lemmy group as a user posts your post to the community.

Mastodon really is the internet explorer of the fediverse.
In any case, I don’t think its that bad. I would compare it to an email provider accidentially leaking messages. Still bad, but its not a reason to abandon email as a means of communication.
We should encrypt posts, like diaspora does. Like how we should pgp encrypt emails, but no one will.

also, I just checked myself, a random “private” post I made isn’t accessible over AP if I curl it unauthenticated. Running curl.exe https://calckey.world/notes/a63slz8j6l -H "Accept: application/activity+json" returns nothing, but replacing the uri with a public post does show it.
An insecure server’s copy of the post isn’t accessible over AP, only the original post’s link should return anything.

Maybe I’m wrong, but shouldn’t posts only be insecure if they’re propagated to the insecure instance? Is any private post visible to people on servers that the poster doesn’t have followers on?
Could I curl the uri of a post thats “private” and get the post’s content?

You cannot use a mastodon app as a lemmy client, but you can view lemmy communities by opening them as if they are profiles. For example, open @fediverse@lemmy.world and it will show up as a user, but it will be the communitiy’s posts.

You can mention it in a post to forward the post to the community as well.

We are tiny in comparison to the rest of the fediverse.

Sharkey’s mastodon api implementation lets you ddos the server.

That would also key in (no pun intended) with the nomadic identity FEPs.

Posts should be encrypted, this is what diaspora does. I agree with this. For emails though, pgp is used by no-one. Also, AP uses tls as well.

I was thinking that encrypted posts could work with multi key encryption (if my understanding of this post is correct https://stackoverflow.com/questions/597188/encryption-decryption-with-multiple-keys ).

The problem (imo) is mastodon being the internet explorer of the fediverse, and refusing to do any encryption.

I wouldn’t consider it a hack, as the protocol was actually made with these posts in mind. Public posts weren’t the focus of activitypub.

I would consider it similar to email, should we abandon it (yes, but not because of this) just because a malicious email server started publishing all the emails it recieved? AP is just email but social media.

I really wish people (normies) could figure our pgp for email.

No, Imagine this

There is @bob@pixelfed.example their is their friend, @joe@mastodon.example. bob also follows @jane@gotosocial.example

If bob makes a private post (ie, followers only), only the instances of people he follows will recieve the post. The instance will see that its supposed to be private, and not show it to everyone.

This may, gotosocial.example, mastodon.example and pixelfed.example have the post, but don’t show it. misskey.example won’t have the post.

Then, if gotosocial.example (hypothetically) had a bug where it ignored posts visibility settings, those posts would be shown, since the post is sent to that server. If misskey.example had a similar bug, nothing would happen as the post wouldn’t have reached that server anyway.

Its like email, an email server can decide to expose everyone’s emails to the public, so don’t add that email to your mailing list or email chain.

private posts are only sent to instances that either your followers or the list of people you want to see the post are on. If they all co-operate, you will be fine.

Its like email, if a server decided that it would expose everyones emails, everyones emails are exposed.

has the FEP system helped?

Like lemmy?

Anyway, there’s nodebb.

There’s other places with lists for those.

ChimeIn is cool.

check https://alexandrite.app/ and https://phtn.app/

There’s also https://vger.app/ for mobile.

lemmy is similar to usenet, in a way.