@petrescatraian@nutomic I believe “unlisted” on Mastodon is somewhere in between - it’s expected to be publicly visible, but not publicized, i.e. it doesn’t show up in a server’s local or federated timeline. I’m not sure if it shows up when viewing someone’s profile when not logged in.
Not that this would slow down an AP server that wanted to store it, of course!
@petrescatraian@nutomic I think followers-only posts on Mastodon are closest. Make that your default posting mode and require approval for followers and it’s effectively a private profile. (Again, barring malicious ActivityPub servers)
When you mark a message as followers only, your server only sends it to your followers, and only shows it to your followers who are logged in
But if one of your followers is on a malicious (or buggy) server, there’s nothing stopping *that* server from doing something it’s not supposed to with the data.
IIRC it was CloudFlare’s implementation that recently had to fix a bug where followers-only posts were being shown publicly.
@petrescatraian@nutomic That still requires your server to send the message to the buggy or malicious server, so Meta or whoever couldn’t just set up a random server and ask for the posts, they’d have to have a user following you first, or you’d have to mention someone on that server in your post.
@KelsonV I see. So this might actually be a good thing, as they are publicly allowing anyone to use such a server to their own benefit, haha 😁 @nutomic
Right that should help, but most content on Lemmy or Mastodon is completely public.
@nutomic so there are no other similar settings on either Mastodon or Lemmy?
@petrescatraian @nutomic I believe “unlisted” on Mastodon is somewhere in between - it’s expected to be publicly visible, but not publicized, i.e. it doesn’t show up in a server’s local or federated timeline. I’m not sure if it shows up when viewing someone’s profile when not logged in.
Not that this would slow down an AP server that wanted to store it, of course!
There may be settings, but most users go with the default which means public posting.
@petrescatraian @nutomic I think followers-only posts on Mastodon are closest. Make that your default posting mode and require approval for followers and it’s effectively a private profile. (Again, barring malicious ActivityPub servers)
@KelsonV So you’re saying that anything you post can be visible for any AP server, basically?
@nutomic
@petrescatraian @nutomic To some extent.
When you mark a message as followers only, your server only sends it to your followers, and only shows it to your followers who are logged in
But if one of your followers is on a malicious (or buggy) server, there’s nothing stopping *that* server from doing something it’s not supposed to with the data.
IIRC it was CloudFlare’s implementation that recently had to fix a bug where followers-only posts were being shown publicly.
@petrescatraian @nutomic That still requires your server to send the message to the buggy or malicious server, so Meta or whoever couldn’t just set up a random server and ask for the posts, they’d have to have a user following you first, or you’d have to mention someone on that server in your post.
@KelsonV I see. So this might actually be a good thing, as they are publicly allowing anyone to use such a server to their own benefit, haha 😁
@nutomic
@KelsonV That makes sense
@nutomic