A poll: are followers-only posts on Mastodon public? (infosec.exchange)
from jdp23@lemmy.blahaj.zone to fediverse@lemmy.ml on 22 Nov 2023 04:08
https://lemmy.blahaj.zone/post/5667677

On Mastodon, Followers-only posts are only visible to your followers – and to admins of any instances your followers on. But if you haven’t turned on “approve followes”, anybody who’s logged in to an instance you haven’t blocked can follow you and get access to your followers-only posts.

In your view, are followers-only posts public?

The linked post is a Mastodon poll, and I’ll also put in replies here so that you can just upvote the ones you agree with!

#fediverse

threaded - newest

jdp23@lemmy.blahaj.zone on 22 Nov 2023 04:08 next collapse

Yes, followers-only posts are public – upvote if you agree!

jdp23@lemmy.blahaj.zone on 22 Nov 2023 04:09 next collapse

No, followers-only posts are not public – upvote if you agree!

jdp23@lemmy.blahaj.zone on 22 Nov 2023 04:09 next collapse

It depends if I’ve turned on “approve followers” – upvote if you agree!

heavyboots@lemmy.ml on 22 Nov 2023 04:35 next collapse

I mean it’s pretty much the same as Twitter? All your posts are public* and anyone can follow you unless you activate the follower approval option. It’s the first thing I did when I created my Mastodon account. (And the first thing I did on Twitter as well.)

  • Actually now I think about it, on Twitter I also made my account private immediately.
deegeese@sopuli.xyz on 22 Nov 2023 04:50 next collapse

Public but not indexed and not in your public profile.

Viewable only by someone with a link to the post or thread.

modulus@lemmy.ml on 22 Nov 2023 06:54 next collapse

On my instance, the following control measures apply:

  • Only public posts are visible through the web interface.
  • Only public posts appear on RSS.
  • Following requires approval.
  • Authorised fetch is required.

So I think I have reason to feel fairly strongly that follower only posts are not public, and even unlisted posts are reasonably restricted.

0x1C3B00DA@kbin.social on 22 Nov 2023 13:15 next collapse

Just a heads up: there's a mastodon specific community at https://lemmy.ml/c/mastodon that would be more appropriate for this post.

CommunityLinkFixer@lemmings.world on 22 Nov 2023 13:16 next collapse

Hi there! Looks like you linked to a Lemmy community using a URL instead of its name, which doesn’t work well for people on different instances. Try fixing it like this: !mastodon@lemmy.ml

jdp23@lemmy.blahaj.zone on 22 Nov 2023 18:46 collapse

Thanks, it’s a good point!

Steve@communick.news on 22 Nov 2023 18:18 next collapse

Anything posted to “Social Media” in any way, I consider public. If you want privacy, you need something that’s directly one to one at least, ideally E2EE.

Die4Ever@programming.dev on 22 Nov 2023 18:34 collapse

couldn’t a malicious instance or fork just ignore who is trying to access the data and show all the toots that have been federated at all? anything that can be retrieved by another instance is public

it’s kinda like when Steam asks for your age when looking at an M rated game