You are only browsing one thread in the discussion! All comments are available on the post page.

Return

0xtero ,

Finally someone who has a clue. That was well written and easy to understand. Thank you for all the work you put into that post!

Defederation is about what an instance allows in, not what an instance allows out. Defederation stops you seeing the defederated instance's content, but it does not stop them seeing your instance's content.

As a final, tiny little point of interest - there is a setting called AUTHORIZED_FETCH (Secure mode) which will force the requesting instance to authenticate. This can be used to stop the data from flowing out.

Of course enabling this is somewhat problematic as it tends to break other things. But it's there.

LedgeDrop ,

Thank you for the clarification. I was also confused by that quote (ie: if you can control who’s data your reading… you should be able to control who has access to your data. Of course, this doesn’t include mirroring content and other shady practices, but I don’t think Meta would go down that path to avoid being defederated)

mrbitterness ,
@mrbitterness@kbin.social avatar

On Mastodon at least, neither authorized fetch, nor "disallow unauthenticated API requests" really stops the outflow. it does in an ActivityPub sense, however, I have both flags activated on my instance, but Mastodon has an RSS feed for every account, by just adding .rss to the profile URL, and anyone can pull that without authentication.

The option to turn off .rss feeds for accounts doesn't exist in a standard mastodon install. the Hometown fork of Mastodon has the option to disable it.

So while the flags above will help prevent random discovery/propagation by others on the Fediverse, there are still open doors for accessing the data, at least on Mastodon. I can't really speak for the other projects.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • [email protected]
  • All magazines
    •