@JollyOrc Not quite.
If I understand correctly, if you set a post to "followers only" that disables boosting in the UI and prevents the toot from appearing on public timelines.
As I understand it, GNU Social doesn't implement either of those behaviours.
The scoping features require cooperation from the receiving server, much like deletion does.
They've got the content, but implementing the implied social contract is work not all have done - or want to do!
@JollyOrc @HerraBRE Whether a follower is from a server that doesn't understand privacy, or willfully ignores it, there is no way to tell. I have considered the "using new tag" or even Base64-encoding idea, but I think it just masks the issue. The real solution is that you should be aware who you allow to follow you, if you want your follower-only privacy to be respected.
That is a lot of work which is easy for a computer but hard for a human. A prime candidate for automation.
If that's your preference AND you want to help people not make mistakes... then you probably shouldn't show the option at all until they (or The Computer) have reviewed their follower list.
Oh well. At least the ideas are on your radar.
I agree: The system should, where feasible, give people some sort of indication if it detects followers from a "bad" instance that doesn't conform to the standards.
Of course, that cannot solve human malciousness or other PEBCAK issues. And we probably really don't want a codified reputation system...