Skip to content

Allow user‐level (and/or post‐level?) opting out of (parts of) AUTHORIZED_FETCH #10

New issue
New issue
Open
Open
Allow user‐level (and/or post‐level?) opting out of (parts of) AUTHORIZED_FETCH#10
Labels
LV.1: ApplicationBackend @ installing and running the applicationLV.4: S2SNetworking @ Server‐to‐server supportLV.4: SecurityNetworking @ SecuritySTATUS: discussThis issue should be discussed before further actions are takenSTATUS: enhancementNew feature or improvements to existingSTATUS: need infoFurther information is requested
@marrus-sh

Description

@marrus-sh
marrus-sh
opened on Sep 12, 2021

A bit contrary to #8, but also helps justify it. There are good reasons not to want AUTHORIZED_FETCH:

  • Embedding of information (e.g. on personal websites) or referring to it (Linked Data).
  • Allowing ActivityPub clients to read resources without needing to direct their request through a server.

The main utility of preventingenforcing AUTHORIZED_FETCH is:

  • Prevent scraping of data.
  • Prevent federation of information to e.g. blocked instances.

Users should be able to decide for themselves what their priorities are in this regard. Under no circumstances should timelines, follower/following information, &cetera be made available without AUTHORIZED_FETCH.

Metadata

Metadata

Assignees

No one assigned

    Labels

    LV.1: ApplicationBackend @ installing and running the applicationLV.4: S2SNetworking @ Server‐to‐server supportLV.4: SecurityNetworking @ SecuritySTATUS: discussThis issue should be discussed before further actions are takenSTATUS: enhancementNew feature or improvements to existingSTATUS: need infoFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions