this post was submitted on 17 Feb 2025
276 points (98.6% liked)
Fediverse
30283 readers
997 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is a core issue with ActivityPub, one that I noticed myself when I started working with it. Unless a server is setup to keep a user's private marked posts completely off the ActivityPub feed, they're accessible within it to any script that ignores the opt-out request.
My personal example was setting up wordpress to interact with a Mastodon instance, and suddenly finding private conversations published from Mastodon to my wordpress site that weren't visible to me at all on Mastodon.
Needless to say, that gave me pause about building anything with the protocol until I really understand the access control behind publishing, because even instance owners don't seem to fully grasp it themselves.