Hackers' Pub

silverpill @silverpill@mitra.social

10/19/2025, 3:15:55 PM

Public

Mastodon may expose followers-only posts to public. Is it a feature or a bug?

For example, this reply is addressed to the followers collection (to) and the mentioned user (cc):

https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crj

But Mastodon says the reply is "public". Anyone can view it in this thread:

https://neuromatch.social/@jonny/115343446216492915

#Iceshrimp also doesn't require authorization, but you need to know the post ID to view it.

@kopperkopper :colon_three: Did you know about this?

UPDATE: https://not-brain.d.on-t.work/notes/admrkcvj3hfn5crj is now addressed to public; apparently its audience was being modified by the originating instance depending on the delivery target.

kopper :colon_three: (@kopper)

@jonny@neuromatch.social still reading so not everything but: > Supporting instances MUST indicate their support of this FEP by including its namespace in the <plain>@context</plain> of affected Actor objects. the recent archive.org downtime made all objects with contexts con...

not-brain.d.on-t.work · not brain don't work

Jupiter Rowland @jupiter_rowland@hub.netzgemeinde.eu

10/19/2025, 6:31:37 PM

Public

@silverpill That's probably because "followers only" is not a Fediverse-wide standard backed by the ActivityPub spec or a FEP, nor does it tie in with any actual permissions systems available in the Fediverse.

As an example for the latter, Hubzilla, (streams) and Forte do not translate Mastodon's "followers only" into "these Fediverse actors are granted permission to view, like/dislike and reply to this message indefinitely, and everyone else isn't".

On top of that, all three assume that the permissions of all elements in a conversation are always the same because that's how they work. So if I post in public, and one of my Mastodon followers comments "followers only", then Hubzilla will treat it as public regardless because if my post is public, and it is, then all comments and replies are public, too.

At least Hubzilla shows a red padlock symbol on each message whose "permissions" don't align with what Hubzilla understands or expects.

CC: @kopper :colon_three:

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Mastodon #Hubzilla #Streams #(streams) #Forte #Permissions #FollowersOnly

Profile - silverpill

mitra.social · Mitra Zero

If you have a fediverse account, you can quote this note from your own instance. Search https://hub.netzgemeinde.eu/item/c7f6f5b9-23f7-41ff-b597-38d14ec31717 on your instance and quote it. (Note that quoting is not supported in Mastodon.)

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`