A server is offering public full-text search of our posts
Will Murphy
Public
Seen by 73
Came across this post announcing a public, full-text, cross-server search feature. I tried their search and found posts from our server. Full-text search is a tool used by targeted harassment campaigns, and it has been purposefully omitted from Mastodon. The post says we can request an opt-out via our admin account
Darren Fri 11 Nov 2022 4:25PM
If Im not confused there wasnt much consideration for post privacy within the activitypub specifications.
As I understand it the limitations to searching only by hashtags was a Mastodon implementation and other activitypub server implementations dont necessarily have the same limitation, some certainly dont.
Theres been work on improving privacy, most notably via the AUTHORIZED_FETCH configuration implemented in Mastodon a few years ago.
https://docs.joinmastodon.org/admin/config/
Unfortunately it has significant impacts with compatibility with other activitypub servers so its off by default.
Over the years theres been a number of cases where its been noticed that activitypub posts have been scraped/indexed - theres the web search engines as has been mentioned, also academics doing research.
Theres also possibly unexpected ways in which posts, including Direct Messages can be handled across the federation
Generally I think its safest for people to consider all posts to be public until theres a robust privacy implementation thats widely adopted by activitypub servers
Although not hugely relevant to us, there is an alternative fediverse protocol called zot that has a major focus on post privacy which is used by Hubzilla, Zap, Streams etc.
@[email protected] · Wed 9 Nov 2022 4:27PM
@Will Murphy regardless of how this goes, can there be a toot about how to opt out of this? Today it's this server, but there will be others.