Give it a rest. A fork of Mastodon created a new abstraction for “private posts” and started sending to instances some posts that were marked in a new way as “private,” and now they’re trying to blame Pixelfed for not adopting their homemade standard for what posts their servers are sending out to everyone that they’re not supposed to show, and what ones they are supposed to show. And, Pixelfed fixed it once they became aware of the issue.
It’s fixed in 1.12.5. Why is this not titled “Mastodon instances claim to their users to offer ‘private’ posts but send them out exactly like normal posts, get surprised when software that hasn’t magically adopted their new standard is showing them to people”?
Your comments are very misleading, and I hope nobody reads them before reading the linked article which pre-debunks several of your claims.
In addition: You can’t simultaneously say the bug was not Pixelfed’s, while praising Pixelfed for fixing it.
Lol
Here’s the relevant section of this quite good explanation of how Mastodon’s privacy settings operate:
Something you may not know about Mastodon’s privacy settings is that they are recommendations, not demands. This means that it is up to each individual server whether or not it chooses to enforce them. For example, you may mark your post with unlisted, which indicates that servers shouldn’t display the post on their global timelines, but servers which don’t implement the unlisted privacy setting still can (and do).
Servers don’t necessarily disregard Mastodon’s privacy settings for malicious reasons. Mastodon’s privacy settings aren’t a part of the original OStatus protocol, and servers which don’t run a recent version of the Mastodon software simply aren’t configured to recognize them. This means that unlisted, private, or even direct posts may end up in places you didn’t expect on one of these servers—like in the public timeline, or a user’s reblogs.
That’s the explanation. You’ve been persistently pretending to fail to understand it, but it’s honestly pretty straightforward and clear. And now you’re following me into new comments threads to try to restart the argument in new places. Great stuff.
Of course it’s a good thing if Pixelfed wants to start to honor these advisory privacy settings, and I can understand why Dansup gave a high priority to the fix starting to honor them. That doesn’t mean that it’s Pixelfed’s “fault” that this happened in the first place. That’s all I was saying.
Maybe you can convince a few people that two contradictory things are true at the same time by spamming enough text, but you’re just obfuscating the truth.
It’s pretty simple.
Mastodon servers should honor privacy settings, they do honor privacy settings, and Pixelfed got caught with its pants down not honoring them.
And then, instead of fixing the problem in a way that even Mastodon has managed to do, they kinda bungled it. And it’s okay for you to admit that.
Post privacy on the fediverse is kind of a disaster, no one should ever rely on that ever. It will keep happening because it’s an easy mistake to make and it puts all the privacy controls onto the receiving instance’s hands, so as a user you can’t do anything about it. Anyone can try their own spin on Fediverse servers and make that mistake easily. If Lemmy could subscribe to users it probably would also be affected by this.
Anyone assuming anything on the fediverse is anything but public is wrong and hasn’t spent any time thinking about what the fediverse is. That may well be a problem that needs to be addressed, but the fundamental design of the protocol means, at the very least, server admins can see everything the users on their server do. This is a problem on any system that does not use end to end encryption.
Realistically there is only ‘public’ and ‘I didn’t press send’.
