- cross-posted to:
- fediverse@lemmy.world
- privacyguides@lemmy.one
- cross-posted to:
- fediverse@lemmy.world
- privacyguides@lemmy.one
You must log in or register to comment.
Give it a rest. A fork of Mastodon created a new abstraction for “private posts” and started sending to instances some posts that were marked in a new way as “private,” and now they’re trying to blame Pixelfed for not adopting their homemade standard for what posts their servers are sending out to everyone that they’re not supposed to show, and what ones they are supposed to show. And, Pixelfed fixed it once they became aware of the issue.
It’s fixed in 1.12.5. Why is this not titled “Mastodon instances claim to their users to offer ‘private’ posts but send them out exactly like normal posts, get surprised when software that hasn’t magically adopted their new standard is showing them to people”?
TBH, I doubt instance admins or Mastodon devs are surprised. It’s probably just a handful of people that think software changes should happen on their timetable.
The Fediverse has always had an “interoperability optional” design.
OP and the person who wrote the article seem surprised. The article author got very upset that it happened, as well as being upset that Dansup fixed the problem and pushed out a new version incorporating the fix within a few days, because that let everyone know it was a problem, which apparently he didn’t want to do. Which, of course, he tells a whole story (“I already dreaded what I felt was about to happen.” “clicked follow on my partner’s Mastodon account, and… I could see all of her private posts” “‘Oh no, not again’, I said”) about what a huge deal this whole thing is. But he doesn’t want users to know about it. And he totally dodges the issue I explained, even when going into a really abundant level of detail about how all the protocol works, about how this is a totally a Mastodon-side-created issue and one that their users should absolutely know about if they are being permitted to create “private” posts.
Eagle-eyed readers will notice you changed your narrative from blaming “a fork of Mastodon” to blaming Mastodon itself, while simultaneously praising Dansup for fixing “their” issue with his software.
You’re being nonsensical.
If it’s not his bug to fix, and you genuinely believe this (I don’t think you’re being authentic, but you can prove me wrong): you should be encouraging Dansup to revert his change, not praising him for making it.
Sir, we’ve had complaints from some of the other patrons. Can you just go back to your seat and quiet down?
Okay, so you are disingenuous.
Instead of being even more of a hypocrite by telling others to quiet down, why don’t you delete your copypasta that add nothing to the conversation?
Hey, that’s a really good point. I think I should go back to the ActivityPub spec, look up what is the exact behavior for this kind of thing, go into the Mastodon code, see what it’s doing, in what areas its behavior is mandated by the spec and in what areas they were just doing their own implementation, basically make sure I am fully educated on the issue, and then have Claude write up a full comparative analysis in bullet points, with sources so everyone can verify, to make absolutely sure that it can be clearly seen by anyone who wants to take the time to verify, that I’m right about this.
I’ll get right on that. It sure would be a waste of time if, instead of that, I just kept repeating over and over and over, what my point of view was. That would be a huge waste of time. I definitely won’t do that.
The walls of text you have been spamming seem intentionally designed to convince people you know what you’re talking about, so thank you for admitting you don’t.
Which narrative are you currently pushing: that it was a bug in a Mastodon fork, or that it was a bug in Mastodon?
Or is your opinion simply based on needing to blame anybody but Pixelfed for their fuckup
Your comments are very misleading, and I hope nobody reads them before reading the linked article which pre-debunks several of your claims.
In addition: You can’t simultaneously say the bug was not Pixelfed’s, while praising Pixelfed for fixing it.
Lol
Here’s the relevant section of this quite good explanation of how Mastodon’s privacy settings operate:
Something you may not know about Mastodon’s privacy settings is that they are recommendations, not demands. This means that it is up to each individual server whether or not it chooses to enforce them. For example, you may mark your post with unlisted, which indicates that servers shouldn’t display the post on their global timelines, but servers which don’t implement the unlisted privacy setting still can (and do).
Servers don’t necessarily disregard Mastodon’s privacy settings for malicious reasons. Mastodon’s privacy settings aren’t a part of the original OStatus protocol, and servers which don’t run a recent version of the Mastodon software simply aren’t configured to recognize them. This means that unlisted, private, or even direct posts may end up in places you didn’t expect on one of these servers—like in the public timeline, or a user’s reblogs.
That’s the explanation. You’ve been persistently pretending to fail to understand it, but it’s honestly pretty straightforward and clear. And now you’re following me into new comments threads to try to restart the argument in new places. Great stuff.
Of course it’s a good thing if Pixelfed wants to start to honor these advisory privacy settings, and I can understand why Dansup gave a high priority to the fix starting to honor them. That doesn’t mean that it’s Pixelfed’s “fault” that this happened in the first place. That’s all I was saying.
Maybe you can convince a few people that two contradictory things are true at the same time by spamming enough text, but you’re just obfuscating the truth.
It’s pretty simple.
Mastodon servers should honor privacy settings, they do honor privacy settings, and Pixelfed got caught with its pants down not honoring them.
And then, instead of fixing the problem in a way that even Mastodon has managed to do, they kinda bungled it. And it’s okay for you to admit that.
Anyone assuming anything on the fediverse is anything but public is wrong and hasn’t spent any time thinking about what the fediverse is. That may well be a problem that needs to be addressed, but the fundamental design of the protocol means, at the very least, server admins can see everything the users on their server do. This is a problem on any system that does not use end to end encryption.
Realistically there is only ‘public’ and ‘I didn’t press send’.
They shouldn’t be called private messages but direct messages. They’re not encrypted and can be read by your instance admin.
This article is about the Mastodon equivalent of protected accounts, not private messages.
(Have people actually read this article?)
Bit of a clickbaity headline.
Pixelfed admins should update to v1.12.5 ASAP, but upgrading can be a major hurdle.
So it’s been patched, it’s just not necessarily simple to upgrade.
Post privacy on the fediverse is kind of a disaster, no one should ever rely on that ever. It will keep happening because it’s an easy mistake to make and it puts all the privacy controls onto the receiving instance’s hands, so as a user you can’t do anything about it. Anyone can try their own spin on Fediverse servers and make that mistake easily. If Lemmy could subscribe to users it probably would also be affected by this.
