Mastodon may expose followers-only posts to public.
-
Mastodon may expose followers-only posts to public. Is it a feature or a bug?
For example, this reply is addressed to the
followerscollection (to) and the mentioned user (cc
kopper :colon_three: (@kopper)
@jonny@neuromatch.social still reading so not everything but: > Supporting instances MUST indicate their support of this FEP by including its namespace in the
@context of affected Actor objects. the recent archive.org downtime made all objects with contexts con...
not brain don't work (not-brain.d.on-t.work)
But Mastodon says the reply is "public". Anyone can view it in this thread:
jonny (good kind) (@jonny@neuromatch.social)
@kopper@not-brain.d.on-t.work i was looking for an instance metadata item that was just some list of tokens that was "the list of things that the instance supports," and i could have sworn it existed, but i couldn't find it when i looked. most fedi apps (and even most LD apps) don't actually dereference the URIs in a context and treat them as tokens anyway, but yes failure to resolve terms is a big problem and am not a fan of DNS-based linked data.
neurospace.live (neuromatch.social)
#Iceshrimp also doesn't require authorization, but you need to know the post ID to view it.
@kopper Did you know about this?
UPDATE:
https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crjis now addressed to public; apparently its audience was being modified by the originating instance depending on the delivery target.That is a little odd, and I'd think that is a violation of the implicit addressing conventions...
If
as:Publicis not addressed, it is not public. End of story...Edit: oh, I loaded up the AP resource.
tocontains public, so that's ok. -
Mastodon may expose followers-only posts to public. Is it a feature or a bug?
For example, this reply is addressed to the
followerscollection (to) and the mentioned user (cckopper :colon_three: (@kopper)
@jonny@neuromatch.social still reading so not everything but: > Supporting instances MUST indicate their support of this FEP by including its namespace in the
@context of affected Actor objects. the recent archive.org downtime made all objects with contexts con...
not brain don't work (not-brain.d.on-t.work)
But Mastodon says the reply is "public". Anyone can view it in this thread:
jonny (good kind) (@jonny@neuromatch.social)
@kopper@not-brain.d.on-t.work i was looking for an instance metadata item that was just some list of tokens that was "the list of things that the instance supports," and i could have sworn it existed, but i couldn't find it when i looked. most fedi apps (and even most LD apps) don't actually dereference the URIs in a context and treat them as tokens anyway, but yes failure to resolve terms is a big problem and am not a fan of DNS-based linked data.
neurospace.live (neuromatch.social)
#Iceshrimp also doesn't require authorization, but you need to know the post ID to view it.
@kopper Did you know about this?
UPDATE:
https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crjis now addressed to public; apparently its audience was being modified by the originating instance depending on the delivery target.@silverpill up until a few minutes ago my instance was doing per-instance visibility -
@silverpill up until a few minutes ago my instance was doing per-instance visibility@silverpill (to be clear, this was a patch i had on my own instance and isn't iceshrimp functionality)
-
That is a little odd, and I'd think that is a violation of the implicit addressing conventions...
If
as:Publicis not addressed, it is not public. End of story...Edit: oh, I loaded up the AP resource.
tocontains public, so that's ok.@julian The followers-only reply is also visible from NodeBB:
Alright it's late and i need to go to bed, but here's a draft FEP to do full account migration with posts and whatever other kinda objects you want to bring with you.
@jonny still reading so not everything but:Supporting instances MUST indicate their support of this FEP by including its namespace in the @context of affecte...
⁂ ActivityPub.Space (activitypub.space)
-
@silverpill (to be clear, this was a patch i had on my own instance and isn't iceshrimp functionality)
@kopper What does it mean? You return different objects depending on who signed the request?
-
Mastodon may expose followers-only posts to public. Is it a feature or a bug?
For example, this reply is addressed to the
followerscollection (to) and the mentioned user (cckopper :colon_three: (@kopper)
@jonny@neuromatch.social still reading so not everything but: > Supporting instances MUST indicate their support of this FEP by including its namespace in the
@context of affected Actor objects. the recent archive.org downtime made all objects with contexts con...
not brain don't work (not-brain.d.on-t.work)
But Mastodon says the reply is "public". Anyone can view it in this thread:
jonny (good kind) (@jonny@neuromatch.social)
@kopper@not-brain.d.on-t.work i was looking for an instance metadata item that was just some list of tokens that was "the list of things that the instance supports," and i could have sworn it existed, but i couldn't find it when i looked. most fedi apps (and even most LD apps) don't actually dereference the URIs in a context and treat them as tokens anyway, but yes failure to resolve terms is a big problem and am not a fan of DNS-based linked data.
neurospace.live (neuromatch.social)
#Iceshrimp also doesn't require authorization, but you need to know the post ID to view it.
@kopper Did you know about this?
UPDATE:
https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crjis now addressed to public; apparently its audience was being modified by the originating instance depending on the delivery target.@silverpill It breaks FO, so this is a feature. -
Mastodon may expose followers-only posts to public. Is it a feature or a bug?
For example, this reply is addressed to the
followerscollection (to) and the mentioned user (cckopper :colon_three: (@kopper)
@jonny@neuromatch.social still reading so not everything but: > Supporting instances MUST indicate their support of this FEP by including its namespace in the
@context of affected Actor objects. the recent archive.org downtime made all objects with contexts con...
not brain don't work (not-brain.d.on-t.work)
But Mastodon says the reply is "public". Anyone can view it in this thread:
jonny (good kind) (@jonny@neuromatch.social)
@kopper@not-brain.d.on-t.work i was looking for an instance metadata item that was just some list of tokens that was "the list of things that the instance supports," and i could have sworn it existed, but i couldn't find it when i looked. most fedi apps (and even most LD apps) don't actually dereference the URIs in a context and treat them as tokens anyway, but yes failure to resolve terms is a big problem and am not a fan of DNS-based linked data.
neurospace.live (neuromatch.social)
#Iceshrimp also doesn't require authorization, but you need to know the post ID to view it.
@kopper Did you know about this?
UPDATE:
https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crjis now addressed to public; apparently its audience was being modified by the originating instance depending on the delivery target."Mastodon may expose followers-only posts to public. Is it a feature or a bug?"
I hate to break this to you, but I'm seeing this on a v4.4.3 #Mastodon instance in my /home only because of the #Hashtag #Iceshrimp you've used, which I #Follow
Don't know if this is good news or bad news, or none of the above
cc @kopper
-
That is a little odd, and I'd think that is a violation of the implicit addressing conventions...
If
as:Publicis not addressed, it is not public. End of story...Edit: oh, I loaded up the AP resource.
tocontains public, so that's ok.@julian Well, it's public now. But it wasn't when I posted
-
@julian Well, it's public now. But it wasn't when I posted
@silverpill One thing that has always been different in Mike's software is that only authorized people can see non-public things. It is of little use to have the right address for the image, video, or file (as instead happens and happened in Mastodon Diaspora and others - almost all of them). In the software created by him, you cannot see even if you have an address/id or whatever you like.
-
@silverpill One thing that has always been different in Mike's software is that only authorized people can see non-public things. It is of little use to have the right address for the image, video, or file (as instead happens and happened in Mastodon Diaspora and others - almost all of them). In the software created by him, you cannot see even if you have an address/id or whatever you like.
@elvecio Further investigation showed that this wasn't a Mastodon's fault. There was some weirdness on behalf of the originating instance.
Mastodon server received a post addressed to public and I received a post addressed to followers.
