**abgd 🍓** @abgd@tooot.im · 25 avr. 2017, 07:52

**abgd 🍓** @abgd@tooot.im · 25 avr. 2017, 07:52

abgd 🍓 @abgd@tooot.im

25 avr. 2017, 07:52

meta, privacy/exposure Afficher plus

I've been thinking the privacy settings here aren't actually privacy settings (because they're full of holes) but rather *exposure* settings.
I think exposure controls (i.e how many people *will likely* see things) are great, but maybe the features should be renamed to reflect that they control exposure, not privacy (i.e. how many people *can possibly* see things)?

**geekylou 🔮⚧** @geekylou · 2017-04-25T08:27:55Z

geekylou 🔮⚧ @geekylou

meta, privacy/exposure Afficher plus

@abgd I really like this. It's highly misunderstood how privacy works here, for example most people don't know that a rogue server could just grab your atom feed rather than politely notifying you that it's following you as mastodon does.

25 avr. 2017, 08:27 · 4 · 3

**אייל** @eyal@tooot.im · 25 avr. 2017, 08:36

**אייל** @eyal@tooot.im · 25 avr. 2017, 08:36

25 avr. 2017, 08:36

אייל @eyal@tooot.im

meta, privacy/exposure Afficher plus

@geekylou @abgd But that also true to birdsite for example, right? I can download all the 3000 last tweets of a person without even get to their profile.

**geekylou 🔮⚧** @geekylou · 25 avr. 2017, 08:37

**geekylou 🔮⚧** @geekylou · 25 avr. 2017, 08:37

25 avr. 2017, 08:37

geekylou 🔮⚧ @geekylou

meta, privacy/exposure Afficher plus

@eyal @abgd yes the same warning applies.

**abgd 🍓** @abgd@tooot.im · 25 avr. 2017, 08:40

**abgd 🍓** @abgd@tooot.im · 25 avr. 2017, 08:40

25 avr. 2017, 08:40

abgd 🍓 @abgd@tooot.im

meta, privacy/exposure Afficher plus

@geekylou @eyal
I dunno about birdsite. It's just that good #infosec requires clear communication with users, and right now Mastodon is kind of misleading. It has amazing exposure controls but basically zero *privacy*.

**Luka ⛥ P.** @novadeviator · 25 avr. 2017, 10:28

**Luka ⛥ P.** @novadeviator · 25 avr. 2017, 10:28

25 avr. 2017, 10:28

Luka ⛥ P. @novadeviator

meta, privacy/exposure Afficher plus

@geekylou @abgd does that hold true for private posts (aka DM)? i guess intra-instance private posts stays within the instance (probably admin has access and could theoretically read you private posts to a user on the same instance). what is the weakest link for a private post accross two instances? can a third instance see it? or it again depends only on admin of the recepient's server?

**geekylou 🔮⚧** @geekylou · 25 avr. 2017, 10:33

**geekylou 🔮⚧** @geekylou · 25 avr. 2017, 10:33

25 avr. 2017, 10:33

geekylou 🔮⚧ @geekylou

meta, privacy/exposure Afficher plus

@novadeviator @abgd I'm not sure about private posts I suspect they aren't posted on the atom feed. I'll do some experiments to check when I have time.

**geekylou 🔮⚧** @geekylou · 26 avr. 2017, 10:47

**geekylou 🔮⚧** @geekylou · 26 avr. 2017, 10:47

26 avr. 2017, 10:47

geekylou 🔮⚧ @geekylou

meta, privacy/exposure Afficher plus

@abgd @novadeviator thought I'd get back to you on this. So private(direct) posts are only sent to their recipients server and aren't visible on the main atom feed for a user. There is also an atom feed on the private post but that is only visible to the sender if they are logged in.