Allow user‐level (and/or post‐level?) opting out of (parts of) AUTHORIZED_FETCH

marrus-sh commented 2 years ago

A bit contrary to #8, but also helps justify it. There are good reasons not to want AUTHORIZED_FETCH:

Embedding of information (e.g. on personal websites) or referring to it (Linked Data).
Allowing ActivityPub clients to read resources without needing to direct their request through a server.

The main utility of ~~preventing~~enforcing AUTHORIZED_FETCH is:

Prevent scraping of data.
Prevent federation of information to e.g. blocked instances.

Users should be able to decide for themselves what their priorities are in this regard. Under no circumstances should timelines, follower/following information, &cetera be made available without AUTHORIZED_FETCH.

single-right-quote commented 2 years ago

i’m confused: how does preventing AUTHORIZED_FETCH enable the latter two bullet points? i thought those were things AUTHORIZED_FETCH enforces

marrus-sh commented 2 years ago

pardon, i meant enforcing AUTHORIZED_FETCH; preventing unauthorized access

kibicat / mastodon

Allow user‐level (and/or post‐level?) opting out of (parts of) AUTHORIZED_FETCH #10