ur_faec"a UI to audit your followers" is kind of a stunning non-solution. i do check out my followers but if they can't even tell a post is non-public then lack of malice isn't going to help anything.
i know security in federated stuff is shaky and imperfect and vulnerable to malicious actors, but making it hard for people to respect each other's explicit privacy preferences even if they WANT to is. disappointing?
Joyeuse Noëlle!@ur_faec This may not be what you mean, but you might be interested to know that I ran across a pull request today that changed Direct posts to be more visually distinct from other privacy levels, at least in the default UI. It's just waiting review from an admin (who have been busy vetting 1.3).
@noelle that is nice, but i don't use Direct much. most posts on my personal account are Private, and apparently those will now federate to followers looking like public posts :-/
@ur_faec IF those followers are not on a Mastodon instance. The issue is not that Mastodon is federating improperly but that it's implemented a feature that GNU Social doesn't have and is still trying to keep compatibility, while GNU Social is making no attempt to catch up.
@noelle ahh -- so it's not all federation, just non-masto federation?
ok, that's still somewhat concerning but much less bad.
@ur_faec Yes, exactly. I've tested it; private posts still look and act private on all Mastodon instances.
@noelle i'd prefer it just didn't send that stuff at all to instances that don't implement the privacy features, though i don't know how technically feasible that is. it does seem like a potential forcing issue for a lot of instances in whether mastodon can federate with non...