Comment on Pixelfed leaks private posts from other Fediverse instances - fiona fokus

<- View Parent
iltg@sh.itjust.works ⁨1⁩ ⁨week⁩ ago

linking barely relevant threads is a bit annoying

your complaints on “unlisted vs public” are completely unrelated to the issue at hand

your analysis that relates to this pixelfed flaw is just:

Privacy Enforcement:

  • No explicit requirements for how receiving servers should restrict visibility based on audience fields
  • No requirements that servers must hide content from non-addressed users

these aren’t good analyses: content should be private by default, nowhere is stated otherwise. if you feel like this common sense practice is somewhat arbitrary, it’s actually mandated by GDPR and more data protection laws.

if you want to rule lawyer that “acktually spec doesnt EXPLICITLY say that you cant show stuff meant for alice to bob if bob asks” and ignore this web good practice (probably implied by the many privacy remarks in the spec but let’s ignore those) which is actually mandated by governments, feel free to still ignore the incompetence displayed by dansup in implementing something that every other fedi software managed, go for it

even if you were right, even if the spec was really that vague, even if it wasn’t a good practice and requirement, in a federation parties cooperate. pixelfed breaking a common agreement is defederation worthy, and dansup remains either incompetent for implementing badly something easy or toxic for federating ignoring what the federation requires

you’re still not addressing the point, just linking other posts back and forth and moving the goalpost

source
Sort:hotnewtop