Skip to content
GitLab
Closed
Issue created by Gidi Kroon@gidi

Feature: ability to hide remote timeline/profiles/posts to unauthenticated visitors

This is a feature request, not a bug.

Currently the :instance, public: false setting seems to do the following things:

  • unauthenticated visitors have no access to the local timeline
  • unauthenticated visitors have no access to the network timeline
  • unauthenticated visitors have no access to local posts. This means that users on other instances can no longer see your user's posts in their original context.
  • unauthenticated visitors have no access to remote posts
  • unauthenticated visitors have no access to local user profiles. This means that users on other instances can no longer follow the links to your user's profiles.
  • unauthenticated visitors have no access to remote user profiles.
  • nodeinfo reports private as true, so fediverse.network hides the server information

With public: true all these things become accessible to unauthenticated visitors. I currently see spiders coming by and indexing all kinds of remote profiles and posts as part of my site. I'd like them to only index local content. These spiders find the urls presumably via the links in the network timeline.

The setting :instance, limit_to_local_content: :unauthenticated (or :all or false) governs the use of the user search box instead, it doesn't stop people from accessing profiles of or posts by remote users.

I'd like to have more control over what is shown to unauthenticated users and spiders. I can think of these levels:

  • unauthenticated visitors see local and remote timelines, profiles and posts
  • unauthenticated visitors see local and network timelines, and local but not remote profiles and posts. The network timeline avoids broken links by linking to the origin sites for remote posts and profiles.
  • unauthenticated visitors see local but not remote timelines, profiles and posts
  • unauthenticated visitors see nothing (except the login, instance panel, about, etc)

Meanwhile authenticated users can see everything.

Basically this is extending the meaning of limit_to_local_content to timelines as well as search, but without disabling the network timeline for authenticated users in case of the :all option. Or extend the possible values for public as true, :local_content_only, :local_only, false for the four levels.

I'd also like to control the private flag in nodeinfo independently.