Comment on Pixelfed leaks private posts from other Fediverse instances
LWD@lemm.ee 1 week agoIt seems
Any “privacy” improvements from random instances are not part of the core code structure
The privacy improvements are from the ActivityPub protocol. The author cites them.
PhilipTheBucket@ponder.cat 1 week ago
They’re really not.
Here’s the relevant docs, and a little summary of how they relate to private posts and Mastodon’s specific implementation of them.
Specs: www.w3.org/TR/activitypub/#delivery
Mastodon code where you can verify that this is how they are handled: github.com/mastodon/mastodon/…/tag_manager.rb (look at the cc() and to() functions)
Overall summary in detail:
ActivityPub Specification
What ActivityPub Explicitly Mandates
Audience Targeting (Section 5.1):
to
,cc
, etc.)Public Posts (Section 7.1.2 and 7.1.3):
sharedInbox
endpointsFiltering (Sections 5.2 and 7.1.2):
Privacy of Non-Addressed Content (Section 7.1 Note on “Silent and private activities”):
What ActivityPub Leaves Undefined
Visibility Levels:
Privacy Enforcement:
Timeline Placement:
Mastodon’s Implementation
Visibility Levels in Mastodon
Mastodon implements four primary visibility levels:
Public
to
: [“www.w3.org/ns/activitystreams#Public”]cc
: [“example.com/users/username/followers”]Unlisted
to
: [“example.com/users/username/followers”]cc
: [“www.w3.org/ns/activitystreams#Public”]Private
to
: [“example.com/users/username/followers”]cc
: [] (empty)Direct
to
: [array of mentioned user URLs]cc
: [] (empty)Key Implementation Details
Visibility Through Addressing:
to
andcc
fields to indicate intended visibilityConvention-Based Visibility:
to
(public) orcc
(unlisted)I also sent a user-targeted explanation of how Mastodon’s privacy settings work, that might be helpful for you to read. You can probably find it in my profile.