I thought of a completely trivial way for #Mastodon to implement all their soft security stuff w/o content leaking when it federates to incompatible servers.
It's such an obvious idea that I can't help but wonder if @Gargron is already doing it...
The idea: Put sensitive content in a non-standard XML element (e.g. <scopedcontent> instead of <content>). Poof, the problem just goes away, until a node is actually malicious.
@JollyOrc @HerraBRE Whether a follower is from a server that doesn't understand privacy, or willfully ignores it, there is no way to tell. I have considered the "using new tag" or even Base64-encoding idea, but I think it just masks the issue. The real solution is that you should be aware who you allow to follow you, if you want your follower-only privacy to be respected.
@Gargron @JollyOrc Hmm. I don't think your real solution is a realistic expectation.
That is a lot of work which is easy for a computer but hard for a human. A prime candidate for automation.
If that's your preference AND you want to help people not make mistakes... then you probably shouldn't show the option at all until they (or The Computer) have reviewed their follower list.
Oh well. At least the ideas are on your radar.
I agree: The system should, where feasible, give people some sort of indication if it detects followers from a "bad" instance that doesn't conform to the standards.
Of course, that cannot solve human malciousness or other PEBCAK issues. And we probably really don't want a codified reputation system...
@JollyOrc Not quite.
If I understand correctly, if you set a post to "followers only" that disables boosting in the UI and prevents the toot from appearing on public timelines.
As I understand it, GNU Social doesn't implement either of those behaviours.
The scoping features require cooperation from the receiving server, much like deletion does.
They've got the content, but implementing the implied social contract is work not all have done - or want to do!